Other Parts Discussed in Thread: CC3235SF, CC3220S, CC3235S
Tool/software:
Hello,
I have some concerns regarding the security of my device, specifically related to the continued use of SHA1. If possible, I would prefer to avoid using SHA1 in our signing process.
I have read the TI guide on OTP and certificate catalog generation, and currently, we follow the default procedure using the -fmt BINARY_SHA1 option with our vendor_key.pem.
Although I understand that the signature is created using RSA to encrypt the hash, I believe the concern about SHA1 remains valid. Therefore, I would like to ask:
Is it possible to use -fmt BINARY_SHA2 on the CC3220SF device?
If SHA2 is supported, do both the OTP and the certificate catalog need to be signed using the same -fmt option?
My concern comes from the following line in the documentation:
“For the CC3220S and CC3220SF, the certificate catalog must be signed in SHA1 format. For the CC3235S and CC3235SF, the certificate catalog must be signed in SHA2 format.”
Thank you in advance for your support.
Best regards,
Samuel Simões
