LAUNCHCC3220MODASF: CC3235MODASF successor for CC3220MODASF

Roman Jordan

Part Number: LAUNCHCC3220MODASF
Other Parts Discussed in Thread: CC3220MOD

Hello,

a customer of mine would like to upgrade his existing CC3220MODASF-based environment.

Because nowadays only RSA384 / 3072 bit based certificates are available, he wanted to use such certificates for signing the MCU image.
I read in the forum that there are problems with 3072 bit passwords in combination with the CC32xx.

Does the CC3235 also have this limitation?

Perhaps there also a different solution without using the CC3235 at all.

The important points for are:
* 3072-bit RSA keys for signing the firmware image (RSA)
* hardware compatibility, as much as possible
* Software compatibility as much as possible

Best regards and many thanks,
Roman

over 1 year ago

0 Sabeeh Khan1 over 1 year ago

TI__Mastermind 20180 points

Hey Roman,

Regarding your question on RSA, I'll need to get back to you on that. On the modules however, the sizes of the cc3220mod and cc3235mod are different, so keep that in mind. Also, there should be minimal difference in the crypto engine, but they do require different software builds as the NWP firmware is not the same.

0 Roman Jordan over 1 year ago in reply to Sabeeh Khan1

Expert 1780 points

Hello Sabeeh,

thanks for your answer.

I found some posts here in the forum that suggest that the cc3235mod is also limited to RSA 256 - 2048 Bit for the password of the certificates, right?

Beste regards and many thanks,
Roman

0 Roman Jordan over 1 year ago in reply to Sabeeh Khan1

Expert 1780 points

Sabeeh Khan1 said:
Regarding your question on RSA, I'll need to get back to you on that.

Hello Sabeeh,

do you have new information about the RSA and the CC3235?

Best regards,
Roman

0 Sabeeh Khan1 over 1 year ago in reply to Roman Jordan

TI__Mastermind 20180 points

Hi Roman,

Here is what we support. This table is taken from Table 7-3 in our NWP guide.

0 Roman Jordan over 1 year ago in reply to Sabeeh Khan1

Expert 1780 points

Hello Sabeeh,

many thanks for your answer.

I assume that the marked table entry is valid for verifying the signature of the firmware, at least at production time, right?

This in turn means that the CC3235 has the same RSA256 limitation for production line programming as the CC3220 as stated in SimpleLink Wi-Fi® Certificates Handling section 1.5.1. Code Signing Certificates.

To overcome the problem with the nowadays used key lengths of at least 3072 bit you have to do the same things as suggested in the TI forum entry CC3220SF: Minimum Key Size for Code Signing Certificates Increase to 3072 Bits.

I am right?

In short words: The CC3235 does not bring any advantages/changes with regard to the maximum key length of 256 bytes for code sining certificates for signing the firmware at production line.

I am right?

May thanks and best regards,
Roman

0 Sabeeh Khan1 over 1 year ago in reply to Roman Jordan

TI__Mastermind 20180 points

Hi Roman,

Yes, that is correct. The limitations are the same.

0 Roman Jordan over 1 year ago in reply to Sabeeh Khan1

Expert 1780 points

Hi Sabeeh,

thank you very much.

Best regasrds,
Roman

Wi-Fi

Wi-Fi forum

LAUNCHCC3220MODASF: CC3235MODASF successor for CC3220MODASF