• State TI Thinks Resolved
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 653 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3220SF-LAUNCHXL: Encrypting an image

kevin swain
Prodigy 220 points
Part Number: CC3220SF-LAUNCHXL
Other Parts Discussed in Thread: UNIFLASH

Hi,

I am trying to create an encrypted image using the CLI.  I am referencing section 6.7.1 of swru469d.pdf .  How I understand this is I should be able to encrypt an SLI image with a key and then activate the image when I boot. Is this correct?

I used the command below to encrypt my image: 

dslite.bat --mode cc32xx tools sign --file  file.sli --priv key --out_file encrytped.sli

But I wasn't able to write the encrypted image to flash using  "dslite.bat --mode cc32xx image program" ( I can write the original SLI image) .  I got "tarfile.ReadError: file could not be opened successfully" error.

If I was able to write the file. I was planning on using the command "tools activate --key KEY_FILENAME" to get the image to boot.

Is this possible?  MY overall goal is to encrypt all my gang images and then activate them at a later time.

Thanks

Kevin

  • 0
    Prodigy 220 points
    OK,

    Going back over what I was doing I realized that I shouldn't be using the sign command. I think I should be passing a key filename to the program command.
    So now I run "dslite.bat --mode cc32xx image program --file file --key Key_filename --port Serial_port". Where key_filname is the bin file that was used in the example from uniflash guide SWRU469A section "5.12 Creating an Encrypted Image".
    But when I run this command I get an error "fs_programming error: ret: -10275, ex_err: 3904 - FS_PROGRAMMING_ILLEGAL_FILE".

    What do I need to do in order to encrypt my image so I can activate (command: tools activate --key KEY_FILENAME --port Serial) my image in the factory. Is this possible?

    Thanks
    Kevin
  • 0 in reply to kevin swain
    TI__Mastermind 30760 points
    Hi Kevin,

    Thanks for the update. The key parameter in the image program command is for when you actually have the encrypted image AND the key and need to program it to a device, then use the key to activate.

    In order to generate the encrypted image in the first place, you need to use the UniFlash Image Creator GUI. To do this, set the "Use Encryption Key" option and the key file on the General Settings page in the Image Creator project as shown in section 6.7.1 of the Image Creator guide:
    http://www.ti.com/lit/swru469

    Then select the "Burn" option to get to the Generate Image page. Select "Create Image" and then "Save Image" to save the encrypted .sli file.

    To program the encrypted file to a device, you use the "dslite.bat --mode cc32xx image program...." command with the key parameter like above.

    If you are programming multiple boards, make sure they are in production mode and the .sli file is a production image.

    Best,
    Ben M
  • 0 in reply to Benjamin Moore
    Prodigy 220 points

    Ben,

    Thanks for your response.  I followed your steps and I was able to create an encrypted image and then I issues the activate command which said it activated the image but I have a few questions.

    1. When I program the encrypted image to a device should it boot if I don't issue an activate command?  Because when I programmed the encrypted image it did boot after I reset my board.  My thought would be that I would need to issue an activate command in order for my image to boot if it was encrypted.  It was a production image that I encrypted.  Does my board need to be setup a certain way for this to work?  Here is a screenshot of my setup:

    2. Is there a CLI command to encrypt a image?  I am creating large numbers of unique bin files and I need a CLI command so I am able to stream line the image creation process.

    Thanks,

    Kevin

  • 0 in reply to kevin swain
    TI__Mastermind 30760 points
    Hi Kevin,

    1) The program command that I mentioned does both - it programs the image and uses the key file to activate the image. Did you program it in a different way?

    2) No, I don't believe this is supported at the moment. I can double check.

    Can you describe why you are trying to create unique images for each device?

    Best,
    Ben M
  • 0 in reply to Benjamin Moore
    Prodigy 220 points

    Ben,

    Thanks, ok.  I thought I had to activate after I programmed my part.

    our product requires unique information for each individual device we manufacture.  So we will be sending large number of gang images to an outside vendor that will program the flash parts after which the program parts will be sent to a factory for final assembly.  We would like to encrypt the image and activate the image in the factory when it powers on for the first time.   We are trying to prevent a case where the flash parts get placed on a device that we don't control.

    The large number of images I have to create make it impractical to use the GUI interface.  I can generate the bin files, no problem.  Just curious about encrypting them. 

    Thanks

    Kevin

  • 0 in reply to kevin swain
    TI__Mastermind 30760 points
    Hi Kevin,

    This is not currently supported by the command line.
    What type of unique information do you need in each image? Are you trying to add unique certificates or IDs? Something else?

    Best Regards,
    Ben M