• State TI Thinks Resolved
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 541 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3220SF-LAUNCHXL: Over-The-Air Upgrade of CC3220SF Service Pack - Rollback option

Vaishnavi Kumbargeri
Prodigy 70 points
Part Number: CC3220SF-LAUNCHXL
Other Parts Discussed in Thread: UNIFLASH

Hi Support,

I'm trying to do a OTA upgrade of the service pack by writing the .ucf file using host driver APIs. I wanted to know if there is an option to rollback, in case of any failure/invalid file. How to achieve this?

  • 0
    TI__Guru 63006 points

    The UCF doesn't have fail-safe support. When updating with UCF the Flash is erased before the new content is written.

    The recommended way is to use UCF (programming image) at the factory only.

    The OTA will then ne used update specific file(s) (such as the NWP service pack, the MCU Image, the certificate catalog or user files).

    To ease the work, Uniflash/CCS can be used to create an OTA TAR image that will include the files that needs to be replaced with metadata.

    The OTA library (in the SDK) processes the TAR file as it is received.

    The device has fail-safe protection for a specific file or for the entire OTA bundle that enables to revert if anything goes wrong during the OTA sequence. Oonce the new image runs the code must and commit the update (after the content is tested and found ok) - or else an auto-reversion will be done upon the next reset.

    This mechanism also include an optional digital signature that will verify the authenticity of the entire OTA content.

    See more details in <sdk>\docs\simplelink_mcu_sdk\Over_The_Air_Update_Guide.html or https://www.ti.com/lit/pdf/swra510.

    Also check about the secure file system in the programmer's guide.

  • 0 in reply to Kobi Leibovitch
    Prodigy 70 points

    Thanks for your reply, Kobi.

    I'm already using AWS FreeRTOS OTA Agent and due to memory constraints, I won't be able integrate TI OTA library into my code. Also, AWS FreeRTOS doesn't support Bundle OTA upgrade (processing of OTA TAR image). Hence that option is not feasible for me. Instead, is there any option to enable rollback/fail-safe option or any other method to save the .ucf file, so that I will be able to ensure device will not get bricked, if an invalid file comes in.

    Also, if I should test invalid file scenario, I need to edit the .ucf file and generate respective .ucf.signed.bin file. How to generate this signature file?

  • 0 in reply to Vaishnavi Kumbargeri
    Guru 80425 points

    Hi,

    As Kobi said, you cannot not use UCF (API sl_FsProgramming()) file for OTA update. This API will work, but because is not fail-safe usage them at CC32xx device s terrible idea.

    If you don't wan to use TI OTA system, you can update files at filesystem manually by sl_Fs APIs. But you will technically replicate what is TI OTA code doing. At files level you can rollback via API sl_FsCtl (SL_FS_CTL_ROLLBACK..).

    Jan

  • 0 in reply to Jan D
    Prodigy 70 points

    Hi Jan,

    I'm trying to do the service pack update of UCF using APIs sl_FsOpen, sl_FsWrite() and sl_FsClose(), and not using  sl_FsProgramming(), which is the existing code.

    I will try using sl_FsCtl (SL_FS_CTL_ROLLBACK..). Thanks.

    Please answer this question also

    Vaishnavi Kumbargeri said:
    Also, if I should test invalid file scenario, I need to edit the .ucf file and generate respective .ucf.signed.bin file. How to generate this signature file?
  • 0 in reply to Vaishnavi Kumbargeri
    Guru 80425 points

    Hi,

    If service pack file was originally created as fail-safe, usage of sl_FsWrite() is safe.

    Your test does not make sense. You cannot generate valid signature for ServicePack. This can do Texas Instruments only when is issuing Service Pack. Because you don't have private key which is used for signing of ServicePack. This is a essential of security mechanism, that not allow compromise firmware at NWP.

    Jan