• State Resolved
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 457 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3220SF: OTA Signature Verification fails

Snr93
Intellectual 460 points
Part Number: CC3220SF

Hi Team,

On downloading the Tar file which has a valid signature, parsong the file via OtaArchive_Process function leads to signature failure error -12291.

 Any hints on what could be wrong ?

  1. Thanks,
  • 0
    TI__Guru 63006 points

    Have you installed the latest SP? (there was a related bug that was fixed with a service pack fix).

    Did you programm (to the device flash) the certificate that is required for the verification? it is defined by OTA_CERTIFICATE_NAME (in ota_archive.c) and by default is "dummy_ota_vendor_cert.der" (which works if you just program the dummy certificate available in the SDK). If you are using a you own self-signed certificate for the verification, you should update the OTA_CERTIFICATE_NAME and rebuild the ota library (and then your app). Or you can call you certificate "dummy_ota_vendor_cert.der" when you program it to the device flash.

  • 0 in reply to Kobi Leibovitch
    Intellectual 460 points

    Hi Kobi,

    Thank you. Adding dummy_ota_vendor_cert.der solved the first error. However, in the function verifySignature, 

    Status = sl_NetUtilCmd(SL_NETUTIL_CRYPTO_CMD_VERIFY_MSG, (_u8 *)&verAttrib, sizeof(SlNetUtilCryptoCmdVerifyAttrib_t), verifyBuf, SHA256_DIGEST_SIZE + SigFileSize, (_u8 *)&verifyResult, &resultLen); returns -12298 (SL_ERROR_NETUTIL_CRYPTO_GENERAL). I did not find a description of this error. What could this be ?

    BR,

  • +1 in reply to Snr93
    TI__Guru 63006 points

    for the verification to work, you'll need to send all the bytes of the tar file to the OtaArchive_process(). Make sure you are not skipping any byte or sending any duplication.

    This assumes that the certificate (dummy_ota_vendor_cert.der) corresponds to the private key (dummy_ota_vendor_key.der) used for signing the image and comply with the limitations as defined in OTA guide (secp256r1 elliptic curve private key - see <SDK-RROT>/docs/simplelink_mcu_sdk/Over_The_Air_Update_Guide.html). Please use the dummy_ota_vendor.. key and cert from the SDK before testing your own self-signed key-pair.  

  • 0 in reply to Kobi Leibovitch
    Intellectual 460 points

    Hi Kobi,

    Thanks for the hint, I was indeed missing some bytes - but it is strange that I get a generic error. I would have expected a more specific error Slight smile

  • 0 in reply to Snr93
    TI__Guru 63006 points

    I'm not sure the utility can identify the issue and send you a specific error - basically missing bytes will just cause the signature verification to fail.

    does it work now?

  • 0 in reply to Kobi Leibovitch
    Intellectual 460 points

    yep - it works.