This thread has been locked.
If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.
Hi team!
I got a few CC3230S with locked file system.
I have checked these SOCs with Uniflash:
1) Some SOCs has security alert(15 from 15) and cannot boot.
2) Other SOCs also cannot boot but security alert is 0.
I believe, that I have similar problem https://e2e.ti.com/support/wireless-connectivity/wi-fi-group/wifi/f/wi-fi-forum/1286865/cc3235modsf-what-are-the-reasons-for-the-explicit-security-alerts/4880531#4880531
I have checked SPI bus between CC3230 and SPI flash and there is some communication after power on, but this communication happens during several seconds and no boot our APP.
It is possible to know the reason in runtime or in Uniflash why file system locked without security alerts?
Hi,
Unfortunately it is not possible to know the reason. There are few reasons that can get the alert to increase (for example, when creating a file but the signature is wrong, reading a file and the SHA in the file system is corrupted, when providing a bad token to access a secured file, etc).
NWP log may help here.
Regards,
Shlomi
Hi!
Unfortunately NWP logs are disabled in these SOCs(NWP's UART pins used for another functionality).
Do we have ability to check NWP logs in runtime without NWP's UART reading?
unfortunately no. This is the only way.
it is impossible to know what caused it in the first place.
Hi,
NWP log can be mapped to more I/O pins than pin 62. Do you have occupied all these pins? If not, nothing should prevent you capture NWP log.
Jan
Unfortunately all pins above are used to another role.
In my case device cannot boot up my app.
Does NWP pin setting enabled by default in bootloader stage(when CC3230 tries to read SPI flash)?
no, it needs to be configured from application layer after it starts executing.
ok, thanks.
I have question related to security alert counter.
I observed, that counter was increased from 10 to 11, is there any possibility to get some debug information to define why this happens?(ex: file, key or another debug information)
not without NWP log that runs and records in parallel in real time.
are you communicating directly with the file system via sl_Fsxxx() APIs?
are you communicating directly with the file system via sl_Fsxxx() APIs?
yes, I use this API.
I don't believe it can be very useful as it does not include any information on the error cases.
And this is not exposed to the application although it exists in NWP.
Anyway, you can add it as part of the sl_FsCtl (use opcode SL_OPCODE_NVMEM_NVMEMFILESYSTEMCONTROLCOMMAND).
You will need to edit the following and add the missing command in yellow:
typedef enum
{
SL_FS_CTL_RESTORE = 0, /* restores the factory default */
SL_FS_CTL_ROLLBACK = 1,
SL_FS_CTL_COMMIT = 2,
SL_FS_CTL_RENAME = 3,
SL_FS_CTL_GET_FILES_COUNTERS_REQUEST = 4,
SL_FS_CTL_GET_STORAGE_INFO = 5,
SL_FS_CTL_BUNDLE_ROLLBACK = 6,
SL_FS_CTL_BUNDLE_COMMIT = 7
}SlFsCtl_e;
Then, simply call it like the SL_FS_CTL_GET_STORAGE_INFO is called. For example:
sl_FsCtl(( SlFsCtl_e)SL_FS_CTL_GET_STORAGE_INFO, 0, NULL,
NULL,
0,
(uint8_t *)&SlFsControlGetStorageInfoResponse,
sizeof(SlFsControlGetStorageInfoResponse_t),
NULL);
BTW, SL_FS_CTL_GET_STORAGE_INFO is tracking the alerts so you may use it to see when the counter is increased and nail what could cause it.
Shlomi
Hi!
Thanks, I will try the code changes.
Currently I use SL_FS_CTL_GET_STORAGE_INFO to get security counter, but reasons why this happens not clear for me
(example: - I get counter from 10 to 11, then I will check some status of NWP, NWP says - file example.txt was damaged due flash corruption)
and how do you handle this file in the file system? what operations do you apply? is this file secured?
I have several files(secured, unsecured). I used read/write, etc
I get NumOfAlerts and NumOfAlertsThreshold(security alert counter) from FS.
My task is to decrease this counter or to avoid increment this counter(to avoid lock of file system). Could you please advise methods without NWP logs how to do this?
there is no way to decrease it if it has already been increased.
This is a security mechanism and what you need is to understand what trigger this counter to increase.
one way which you do not have is to capture NWP log.
another way is to do some operations as you do usually (calling file system APIs), fetch counters and try to correlate what operation causes this counter to increase.
Hi!
Thanks.
I tried to read counter with SL_FS_CTL_GET_FILES_COUNTERS_REQUEST command.
I got after power following result: cnt: 165 165 165 165 165 165
After second retry I got: cnt: 5 165 196 0 217 165
I have wrote several values to file and I have checked again:
cnt: 5 165 196 0 217 165. (No changes with previous counter's values)
Could you please advise, this functionality(SL_FS_CTL_GET_FILES_COUNTERS_REQUEST) on NWP works correctly or there are some issues?
Here is my code:
SlFsControlGetCountersResponse_t response_1; sl_FsCtl((SlFsCtl_e)SL_FS_CTL_GET_FILES_COUNTERS_REQUEST, 0, NULL, NULL, 0, (_u8 *)&response_1, sizeof(response_1), NULL); print_uart("cnt: %u %u %u %u %u %u", response_1.ClosedFilesCnt, response_1.ClosedFilesCntWithValidFailSafeImage, response_1.OpenedForWriteCnt, response_1.OpenedForWriteCntWithValidFailSafeImage, response_1.OpeneForReadCnt, response_1.OpeneForReadCntWithValidFailSafeImage);
it may be that this functionality is not mature and this is why it was kept closed (or at least not published).
will take a look on Sunday but if these are the numbers, I would not rely on this mechanism.
Hi, just checked it. This opcode is currently not implemented so please ignore it.
Could you please advise, what is the best method to know, that security counter was increased? Currently I use only SL_FS_CTL_GET_STORAGE_INFO to get security counter.
yes, the NumOfAlerts inside SL_FS_CTL_GET_STORAGE_INFO reflects the right number.
what I suggest to "debug" is to read this number on a specific cadence while you are doing other file system operations and detect when this number is increased. Then, we may be able to understand the root cause.
I saw, that we have error code
I am not sure this error goes all the way to the host.
The best would be to probe the error counter as I stated.