• State TI Thinks Resolved
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 936 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

RTOS/CC3220SF-LAUNCHXL: Closing file in ota_archive giving security alert

Dwitam Ghosh
Prodigy 110 points
Part Number: CC3220SF-LAUNCHXL
Other Parts Discussed in Thread: UNIFLASH

Tool/software: TI-RTOS

After downloading the Ota mcu_flashimage.bin it throws an error-- "OtaArchive_RunParseTar: !!!!!! SECURITY ALERT !!!!! on pCloseFile, Status=-10289" and then "OTA_run: SECURITY ALERT OtaArchive_RunParse, Status=-20199"....how to solve this issue..need help.

OtaArchive_RunParseTar: Write size 1440 
to file /sys/mcuflashimg.bin 
total 107477.

OtaArchive_RunParseTar: Write size 1440 
to file /sys/mcuflashimg.bin 
total 108917.

OtaArchive_RunParseTar: Write size 1440 
to file /sys/mcuflashimg.bin 
total 110357.

OtaArchive_RunParseTar: Write size 1440 
to file /sys/mcuflashimg.bin 
total 111797.

otarunstep:::OTA_RUN_STATUS_CONTINUE-----------------------------------------------------------------------------------

OtaArchive_RunParseTar: Write size 1440 
to file /sys/mcuflashimg.bin 
total 113237.

OtaArchive_RunParseTar: Write size 1223 
to file /sys/mcuflashimg.bin 
total 114460.


 Hash verification succeeded.

    Total archive file bytes 122652.



OtaArchive_RunParseTar: !!!!!! SECURITY ALERT !!!!! on pCloseFile, Status=-10289



OTA_run: SECURITY ALERT OtaArchive_RunParse, Status=-20199



OtaRunStep: FATAL ERROR from Ota_run -21004 !!!!!!!!!!!!!!!!!!!!!!!!!!!

  • 0
    TI__Guru 63006 points

    Hi Dwitam,

    Looks like the signature of the MCU image doesn't comply with the certificate you've assigned.

    Please make sure that you use the certificate and the private key of the same pair.

    Assuming it is our dummy "Playground", you should use for example: "dummy-root-ca-cert" with "dummy-root-ca-cert-key" or "dummy-trusted-cert" with "dummy-trusted-cert-key" (the latter will require that you will have the entire cert chain on the file system, i.e.: "dummy-trusted-cert", "dummy-trusted-ca-cert" and "dummy-root-ca-cert").

    Br,

    Kobi

  • 0 in reply to Kobi Leibovitch
    Prodigy 110 points

    No, actually, when I run the Cloud_ota_example only, it runs successfully.But when I integrate it with another code without changing a single piece of line, it throws this type of error. Can you explain how Sl_fsclose throw this type of error and when a file close throws negative return status??

    The main thing is that same code is running in cloud_ota in the different workplace and it runs successfully.

  • 0 in reply to Dwitam Ghosh
    TI__Guru 63006 points

    Hi Dwitam,

    As I mentioned before the reason for the failure is that the signature cannot be verified (against the given certificate).

    Please double check that the certificate you use (are you updating the certificate as part of the OTA image?) corresponds to the private key that was used when you signed the file (using the Uniflash tool).

    Note that the certificate and signature can be seen in the JSON-formatted "/1/ota.cmd" within the image tar file.

    Br,

    Kobi