Other Parts Discussed in Thread: UNIFLASH, CC3120
The CA/B Forum has mandated that the minimum Code Signing Key size increase to 3072 bits as of 06/01/2021. The CC3220SF boot ROM only supports 2048 bits.
Can you provide some guidance for how to use the CC3220SF under these circumstances? An FAQ and an appnote would be helpful. I have been searching the forum and have found these links:
1. This forum post says to just find another code signing certificate provider.
Can TI suggest a provider? Or become a provider for it's customers?
Vendor |
Notes |
comodosslstore.com |
3072 bits only |
3072 bits only |
|
digicert.com |
3072 bits only |
Thawte |
Now DigiCert |
Symantec |
Now DigiCert |
globalsign.com |
Waiting for response |
2. This post mentions creating a private catalog: https://e2e.ti.com/support/wireless-connectivity/wi-fi-group/wifi/f/wi-fi-forum/1045696/cc3235modsf-code-signing-certificate?tisearch=e2e-sitesearch&keymatch=code%25252520signing%25252520key
using Vendor Device Authentication With SimpleLink WiFi® Devices
I need some time to digest this information. Will it support public encrypted sites? The Playground catalog does not. My current understanding is that the catalog needs to be signed by the CC3220 or CC3235 private key (which is why they have different catalogs).
3. This post says that it doesn't matter for my product because an expired Code Signing Cert is fine since the device doesn't know the current time when it's booting. The expiration date is ignored.
That would be an issue for new customers and might raise questions in security audits.
Thank you,
Mark