This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CCS/LAUNCHXL-CC1352P: CCS/LAUNCHXL-CC1352P

Part Number: LAUNCHXL-CC1352P
Other Parts Discussed in Thread: UNIFLASH

Tool/software: Code Composer Studio

Hi everyone,

I am using  Launchpad CC1352P-2 for a project. We are trying to use secure boot feature for this device. And we are trying to change the private key for this purpose.

A) At first i try default keys;

1 - Compile bim_offchip, load to the device.

2 - Compile project_zero and load to the device.

The device works perfect. When i reset it, it succesfully starts project zero. SUCCESS

B) Then i try changing keys;

1 - I used oad image tool to generate new key pairs following the steps

2 - It generated me the following 

Private key: b'98212a2393c4c8ccea30e182d5b29677967ba12c5d6f6ab3eba6ec1201944df1'
Public Key b'7d6a0a7564e766140b55642457fe018eaa90c87d5779a1ce1425366975102d375bbdbcc2dc3716dd65563170483efc63e3a90f7f51819e22f893aace328c5e2d'
Public key X: b' 7d 6a 0a 75 64 e7 66 14 0b 55 64 24 57 fe 01 8e aa 90 c8 7d 57 79 a1 ce 14 25 36 69 75 10 2d 37 '
Public key Y : b' 5b bd bc c2 dc 37 16 dd 65 56 31 70 48 3e fc 63 e3 a9 0f 7f 51 81 9e 22 f8 93 aa ce 32 8c 5e 2d '
Public key X in reversed format : b'372d107569362514cea179577dc890aa8e01fe572464550b1466e764750a6a7d'
Public key Y in reversed format: b'2d5e8c32ceaa93f8229e81517f0fa9e363fc3e4870315665dd1637dcc2bcbd5b'
Signer Info: bc ea a9 78 e7 50 fe 18

3 - I opened the bim_offchip firmware and write the public key X, public key Y in like below;

.version = SECURE_SIGN_TYPE,
.len = SECURE_CERT_LENGTH,
.options = SECURE_CERT_OPTIONS,
.signerInfo = { 0xbc, 0xea, 0xa9, 0x78, 0xe7, 0x50, 0xfe, 0x18},
.certPayload.eccKey.pubKeyX = {0x7d,0x6a,0x0a,0x75,0x64,0xe7,0x66,0x14,0x0b,0x55,0x64,0x24,0x57,0xfe,0x01,0x8e,0xaa,0x90,0xc8,0x7d,0x57,0x79,0xa1,0xce,0x14,0x25,0x36,0x69,0x75,0x10,0x2d,0x37},
.certPayload.eccKey.pubKeyY = {0x5b,0xbd,0xbc,0xc2,0xdc,0x37,0x16,0xdd,0x65,0x56,0x31,0x70,0x48,0x3e,0xfc,0x63,0xe3,0xa9,0x0f,0x7f,0x51,0x81,0x9e,0x22,0xf8,0x93,0xaa,0xce,0x32,0x8c,0x5e,0x2d}

4 - Compiled the code, load to the device.

5 -Afterwards compiled project_zero code with the new key pair(checked the file location is correct) and load to the device.

6 - Without reset device works OK, but after a reset the device just stops working. I cant see it on simplelink starter. FAIL

7 - Afterwards i tried reversing the public key as below; 

.version = SECURE_SIGN_TYPE,
.len = SECURE_CERT_LENGTH,
.options = SECURE_CERT_OPTIONS,
.signerInfo = { 0xbc, 0xea, 0xa9, 0x78, 0xe7, 0x50, 0xfe, 0x18},
.certPayload.eccKey.pubKeyX = {0x37,0x2d,0x10,0x75,0x69,0x36,0x25,0x14,0xce,0xa1,0x79,0x57,0x7d,0xc8,0x90,0xaa,0x8e,0x01,0xfe,0x57,0x24,0x64,0x55,0x0b,0x14,0x66,0xe7,0x64,0x75,0x0a,0x6a,0x7d},
.certPayload.eccKey.pubKeyY = {0x2d,0x5e,0x8c,0x32,0xce,0xaa,0x93,0xf8,0x22,0x9e,0x81,0x51,0x7f,0x0f,0xa9,0xe3,0x63,0xfc,0x3e,0x48,0x70,0x31,0x56,0x65,0xdd,0x16,0x37,0xdc,0xc2,0xbc,0xbd,0x5b}

But this did not work either. 

Now my question is:

1 - Which format is right? If none, how should i set pubKeyX, pubKeyY, signer info?

2 - If any of the above format is right, why does not project_zero work after a reset button push?

Thank you for your support.

  • Hi,

    1. The non-reversed format should be the correct format you need to provide to the BIM.
    2. Are you running project-zero from the IDE, or are you flashing the BIM and application from Uniflash? If you are debugging project zero from the IDE, you are bypassing the BIM on application launch, hence why you application will load the first time, but not after you reset the device.

      Additionally, perhaps are you updating the private key file when the OAD image is created? You can update the project post-build step from:

      CCS: Right click on project in solution explorer -> Properties -> Build -> Steps -> Post-build steps
      IAR: You can modify the file at "<SDK_DIR>\tools\ble5stack\oad\oad_postbuild.bat"

      There should be the '-k' argument passed to the OAD image tool. You can verify the tool is using the correct private key path when signing the OAD image.

    Regards,
    Michael