Hello all,
the documentation swpu332 section 1.2 Certificate Chain states the following for the CC32XX:
CC32XX:
The TI catalog (as well as the service pack) is signed using a TI private key and is verified
by the public key inside the ROM code when the catalog is installed. The SimpleLink
ROM
code only verifies the authenticity of the certificate. The application must verify the end-entity
information as it appears in the vendor certificate (such as company and domain info).
I am confused about the last sentence.
Regarding to the TI forum entry https://e2e.ti.com/support/wireless-connectivity/wi-fi-group/wifi/f/wi-fi-forum/1053509/cc3220moda-get-connection-certificate-details I can't access detailed certificte information such as company and domain info from the certificate.
Below are two scenarios where in my opinion the application has no way to verify the end-entity information as it appears in the vendor certificate.
TLS connection
The check is done by the TI connection function(s) using the security settings configured by the application and the given certificate chain, based on a Root CA which is included in the TI Trusted Root Catalog, that in turn is activated.
I only can set the security attributes and evaluate the return code.
Code Signing - Power Up
At power up the TI ROM bootloader controls the boot process and checks the signing of the mcu image file.
The application can't do anything special here.
What can I do to fulfill the mentioned condition : The application must verify the end-entity
information as it appears in the vendor certificate (such as company and domain info) ?
Best regards,
Roman
