• State Resolved
  • Locked Locked
  • Replies 17 replies
  • Subscribers 41 subscribers
  • Views 598 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3235MODS: Programming the module via SPI

Brahim Salh
Intellectual 290 points
Part Number: CC3235MODS
Other Parts Discussed in Thread: UNIFLASH, SYSCONFIG

Hi TI,

I created a project on CCS IDE, I run my code on TI-Launchpad without any issue. Now, I want to flash my code to a module in an external PCB. 

The CC3235MODS in this a PCB is in production mode.

The UART (pins 46 and 47) is not connected, so I cannot switch from production to development mode using Uniflash. I also cannot use JTAG since the CC3235MODS is not in devlopment mode.

The only option left tu use is SPI, I am using FLASH_SPI_* pins with an external SPI adapter (Cheetah SPI HOST Adapter), I flash the hex file into 4 MB SPI Flash but it doesn't work.

I created the hex file using Uniflash ( mycode.bin + service_pack.bin).

Do you think the issue can come from the MAC address, Uniflash gets the MAC address of the module that is in Launchpad board which is not the same as the one in my PCB.

Best regards,

Brahim

  • 0
    Guru 80055 points

    Hi Brahim,

    Are you able program LaunchPad at production mode that means with proper code signing certificate? If so, there is no reason for issue at your hardware (you need to full erase of SPI flash and you need to use SOP mode 0-0-0 for image unpacking).

    Jan

  • 0 in reply to Jan D
    Intellectual 290 points

    Hi Jan,

    I have flashed the launchpad in Production mode without any problem.

    When I flash my PCB's module with Cheetah SPI, the SOP[2:0] = 010 or 100 as mentionned in the launchpad user's guide.

    In CCS, it alwayse asks for the MAC address as well as in Uniflash. Since I don't have the MAC address of my module, I don't know if the bootloader compare the address that's in hex file and the real before starting programming.

    I don't see any other reason why the code is not working on my module.

    Best regards,

    Brahim

  • 0 in reply to Brahim Salh
    Guru 80055 points

    Hi,

    After programming of SPI flash you need to use SOP mod 0-0-0 for Unpacking image. What Trusted Root-Certificate Catalog do you use? You should not use playground catalogue from SDK.

    Jan

  • 0 in reply to Jan D
    Intellectual 290 points

    Hi Jan,

    I'm using SOP[2:0]=100 during the programming and I'm switching to 0-0-0 after the programming process, before unreseting the module.

    About "Trusted Root-Certificate Catalog", I don't have any idea about that, where can I change that ? in Uniflash or CCS ?

    Brahim

  • 0 in reply to Brahim Salh
    TI__Mastermind 31810 points

    Hi,

    Please read section 7.4 of the NWP users guide:

    https://www.ti.com/lit/swru455 

    Before programming flash, are you clearing it?

  • 0 in reply to Sabeeh Khan1
    TI__Mastermind 31810 points

    I would also recommend reading through this guide for other details regarding production line programming: 

    https://www.ti.com/lit/an/swra568 

  • 0 in reply to Sabeeh Khan1
    Intellectual 290 points

    Hi,

    Yes, I do a "full erase" before flashing the SPI flash.

    I still don't understand why do I need that "Trusted Root-Certificate Catalog", my application is just toggling an LED. If it is required is any case, where can I find this file provided by TI?

    Could you also please confirm to me that the MAC address is required  in both production and development mode ?

    Best regards,

    Brahim

  • +1 in reply to Brahim Salh
    Guru 80055 points

    Hi Brahim,

    MAC address inside programming image is required at development mode only.

    Image at production mode should to be signed by real code signing certificate instead playground certificate. You have two options:

    • you can contact certification authority to obtain code signing certificate (buy code signing certificate). But you may to have issue to obtain compatible code signing certificate with CC3235.
    • you can create own certificate with own certificate catalogue. But certificate catalogue need to be programmed into OTP part of SPI flash. Programming of own certificate catalogue is possible via UART by the Uniflash only.

    This thread may to be useful for you as well.

    Jan

  • 0 in reply to Jan D
    Intellectual 290 points
    Jan D said:
    Programming of own certificate catalogue is possible via UART by the Uniflash only

    Since I have only the SPI on my custom PCB this means I can never use my own certificate if I create one.

    Jan D said:
    But certificate catalogue need to be programmed into OTP part of SPI flash.

    Could you please elaborate that a bit more?

    The thread you have linked to your answer is very helpful.

    I have 20 PCBs to be programmed, I'm still trying to avoid to send them to the trash.

    I checked my config in Uniflash, I was using "certcatalogPlayGround.lst" which make sense that my application doesn't start.

    Please let me know if you any other options, I will be grateful if you could schedule a very short webex call for this.

    Best regards,

    Brahim

  • +1 in reply to Brahim Salh
    Guru 80055 points

    Hi Brahim,

    Programming of own certificate catalogue is described here. But without available UART this is not option for you.

    I am not 100% sure if it's not possible create functional image in production mode with playground catalogue. But expected way is to use code signing certificate from one of CA available at certificate catalogue (see SDK file \tools\cc32xx_tools\readme.html). You should contact CA and buy proper code signing certificate. But I think you will struggle to obtain compatible code signing certificate (proper signature algorithm and signature length). Details about type of code signing certificate you will find at certificates handling guide. For example I use code signing certificate obtained from Digicert. But you will not be able to buy same certificate any-more. Similar may to be with other CA. But you will need check this by yourself.

    I think you have options:

    • you can try to contact CA from list at SDK and ask for compatible code signing certificate (I am slightly sceptic whether you will be successful)
    • try to use some old code signing certificate. Maybe your company have some old compatible code signing certificate (it is not important if it's expired)
    • redesign your hardware and add capability for UART programming

    No. I am not positive for a webex call. I am not a TI employee and from this reason I don't do such things.

    Jan

  • 0 in reply to Jan D
    Intellectual 290 points
    Jan D said:
    Image at production mode should to be signed by real code signing certificate instead playground certificate.

    Hi Jan,

    With Launchpad board, I used playground certificate to flash my Image at production mode and it worked well. Why doesn't it do the same thing with my custom PCB ? it doesn't make sense that it works with launchpad.

    Best regards

  • 0 in reply to Brahim Salh
    Guru 80055 points

    Hi,

    Usage of code signing certificate at production image instead playground certificate is expected from the security reasons.

    Jan

  • 0 in reply to Jan D
    Intellectual 290 points

    Hi,

    I am not using a secure Image, so there no reason that it works on launchpad but not on my PCB with the same certificate.

    Brahim

  • 0 in reply to Brahim Salh
    Guru 80055 points

    Hi Brahim,

    No. By security reason I mean that playground certificate should not be used as root of trust. It should be used certificate catalogue (see certificate handling guide).

    Was you able program LaunchPad by SPI programmer at production mode or not? I don't mean using UART by Uniflash of Sysconfig image creator.

    Jan

  • 0 in reply to Jan D
    Intellectual 290 points

    Hi Jan,

    Jan D said:
    Was you able program LaunchPad by SPI programmer at production mode or not?

    Yes, I did it successfully.

    I build the project for production mode, then I created the hex with Uniflash and then I flashed it directly to the internal flash using SPI adapter (cheetah from totalphase) connected to J14 of launchpad (SOP =0-0-0). After the flashing process, it takes a few seconds to unpack the image and then it works well.

    That's why I am asking it worked with launchpad with playground certificate at production mode and not on my PCB.

    Brahim

  • 0 in reply to Brahim Salh
    Guru 80055 points

    Hi Brahim,

    It should work at your production hardware by exact same way. If not, it is likely that you have something wrong at your hardware. I am not able say what it could be. Maybe you can ask TI for review of your hardware here.

    Jan

  • 0 in reply to Jan D
    Intellectual 290 points

    OKay, I will do that.

    Thank you  Slight smile

    Brahim