CC3220SF: Porting a custom upgrade-over-WiFi procedure from CC3200

Thanks.  I am not using the OTA API, I'm using the FS API, trying to replace the file with simple FS operations. Can that be done?

Hi,

Logic of binary file update (/sys/mcuflashimg.bin) is much more complex than at older CC3200. It is requred multiple steps including restarting and committing at exact order. How do this properly is illustrated at OTA examples. Additional information you find here.

Jan

Is it possible to remove the security feature of this file altogether?

Thanks again.

i am banging my head against this procedure.

Currently sl_FsCtl() is returning SL_ERROR_FS_INVALID_MAGIC_NUM      - what does that mean?!

Where can I find such example code for replacing the img bin file programmatically, using FS APIs?

There was also an issue closing the img file after writing to it. I received some error of not-closed-properly, after FsClose() returned no error.

It seems related to the signature. Where can I get that from? I don't see this is entered during ImageCreator burning.

Thanks!

Hi,

It seems you have some issue with your filesystem already because magic number error is returned. UnfortunatelyI am not familiar with this issue. Please wait for answer form TI side.

Information about signature when you closing secured file you find here.

Jan

Hi Moshe,

As Jan mentioned, the INVALID_MEGIC_NUM error indicate some corruption on the flash. I don't know what causes this (typically this relates to issues on the flash SPI lines). 

The recommended way for OTA, is to overwrite the MCU image (without deleting the old image).

When you set the "public write" flag , you enable the application to overwrite the content (this is the default for an MCU image and it seems to be set according to your Uniflash screenshot).

The fail-safe feature should also be used (looks like you've unset this) to protect the device in case of installing erroneous/non-functional image. If the new image will fail to start, a reset can be used to revert to the last working image (if you follow the OTA example - you'll see how to enable watchdog that will reset the device automatically). If you verify the new image, you should commit the MCU image, so it become an operational (you should also reset the watchdog if it was used).

Of course you can use the FS commands to create your custom OTA from scratch, but i would advise that at least you check the logic of the "ota_archive.c" (within the OTA library) as a reference for the new image installation. In addition to the mentioned features, it also demonstrates how to authenticate the OTA content (using digital signature). It extracts the content from a tar file that can be generated (and signed) by the Uniflash.

Br,

Kobi

Where can i find the TI playground's private key. I would like to use it to sign my img bin file and use it during FsClose().

Thanks

Hi,

Private key for dummy-root-ca-cert you find at dummy-root-ca-cert-key ( \simplelink_cc32xx_sdk_3_30_01_02\tools\cc32xx_tools\certificate-playground\ ).

Jan

When I use openssl.exe, as advised in the fs.h file, I get the following error:

C:\Program Files\OpenSSL-Win64\bin>openssl dgst -binary -sha1 -sign dummy-root-ca-cert-key -out tmp.hex C:\tmp.txt
unable to load key file
28092:error:0909006C:PEM routines:get_name:no start line:crypto\pem\pem_lib.c:745:Expecting: ANY PRIVATE KEY

(When running this with my own private key, produced by openssl previously, it works. But when I tried using my own keys for the img bin upgrade it fails on FsClose with SL_ERROR_FS_ROOT_CA_IS_UNKOWN.)

Hi,

I think that your openssl command expects PEM certificate but dummy-root-ca-cert-key is in DER format.

Jan

i managed to convert to PEM with openssl, but still the same error when creating a digest (signature) Expecting: ANY PRIVATE KEY

Hi,

According this thread it looks that you not have still proper PEM file.

Update: OK, I tried this at my side and I see similar error. I am not sure what is going on. Please wait for idea from other users.

Jan