• State
  • Locked Locked
  • Replies 4 replies
  • Subscribers 40 subscribers
  • Views 539 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3220SF: Boot procedure, Secure boot and Encryption.

Harish kumar1
Prodigy 190 points
Part Number: CC3220SF
Other Parts Discussed in Thread: UNIFLASH

We are using CC3220SF for one of our product developments, I have some questions on boot procedure, secure boot and encryption. questions are marked in green color .please answer them as early as possible.

 

First, I will start with flashing. My intention is to generate the signature and file encryption using the Uniflash tool.

 

What does the Uniflash tool load on to the serial flash? Does it also store the binary file signature on to the serial flash?

When the binary image along with the 20 bytes Hash is programmed on to the serial flash why one more hash is required, why does the bootloader compute it and store it in the "/sys/mcuflashimghash.bin"?

What is the use of the 20 bytes hash which is already programmed along with the binary file in serial flash when integrity is checked with the new HASH SHA-1?.

 

 I am referring to the document below 

 http://www.ti.com/lit/ug/swru465/swru465.pdf

 “Bootloader computes and store the SHA-1 hash of the on serial flash in a file "/sys/mcuflashimghash.bin"”

 

The below statement from the same document is confusing it directly says first 20-bytes hash serves as identifier for detecting a new image on serial flash.

 The first 20-byte hash part of the serial flash file /sys/mcuflashimg.bin is neither copied nor takes part in SHA-1 generation by the bootloader. It serves as an identifier for detecting a new image on serial flash. A mismatch with the previously stored hash triggers an update cycle, and the transfer process is repeated.

 

Now coming to the secure boot

 

According to my understand verification of the signature and decryption of binary while booting is called secure boot.

When does the signature verified while programming or on every boot? the below statement says “Secured files are authenticated only when they are written to the file system” if the signature is not verified at every boot how can you say the system supports secure boot ?

 “A valid code signing certificate is mandatory when using the Secure SimpleLink™ Wi-Fi® devices (CC3X20S/SF). Secured files are authenticated only when they are written to the file system. The sl_FsClose call (when writing a secured and signed file) should include the path to the certificate and the file signature as a binary ‘C’ array. After processing the sl_FsClose, the signature is verified. If the verification fails, the file is not flashed.”

 

How about encryption when it is decrypted? while transferring to the on-chip flash?. How does the boot loader know the key to decrypt it when I am using the vendor key?

 

According to my understanding from below statement on every boot the device will verify the HASH by calculating the HASH of the on-chip binary and compare it with the HASH stored in the serial flash. Is mu understanding correct or it will calculate the serial flash HASH on every boot and compare it with hash stored in the "/sys/mcuflashimghash.bin" file?

 “The CC3220SF bootloader, on every exit from power-on or hibernate, checks the integrity of the exiting (and marked-valid) user application image binary on on-chip flash against the auto-generated SHA-1 of the image on serial flash, saved during the program and update phase of the on-chip flash. In case of a mismatch, the on-chip flash is mass erased to protect the user application binary.”

thanks, 

Harish 

  • 0
    TI__Mastermind 40965 points

    Hi Harish,

    Uniflash will run a series of commands on the CC32xx to build and unpack the device filesystem on the external serial flash. As part of this process, the file table is built, and the files provided through Uniflash such as your application binary, the servicepack, other files such as certs are flashed. The files which are flagged as secured will be encrypted by the CC32xx, and a hash of the file will be computed and signed. Each file signature will be stored in the file table so that the CC32xx can determine file integrity and authenticity as needed.

    The 20 byte hash appended to the application binary is a special step unique to the CC32xxSF variants, where the program code is copied to internal flash from external flash. The internal flash contents are hashed and compared by the bootloader against that 20 byte hash to ensure that its contents match the signed binary on the external flash.

    The secure boot comes in where the file integrity of the binary is checked at every boot. So if the external flash contents have been corrupted or deliberately modified, the file signature will no longer match the contents on the flash. The bootloader will fail to boot the device image and return a security warning error. If too many security errors are accumulated, the device will lock itself so that brute force attacks cannot be performed.

    The encryption of each file transferred through uniflash is actually handled through unique AES keys per file. As each encrypted file is loaded into memory, they are decrypted on the fly by the CC32xx AES hardware crypto modules. The unique AES keys are generated by the device on file creation, and stored in the file table. The file table itself is also encrypted and authenticated much like any other encrypted file, except that the encryption keys are derived from a unique 256bit hardware secret unique to each CC32xx device. As such, each file table will be encrypted and authenticated with a unique set of keys per device, preventing attacks where you simply transfer the full contents of serial flash to another CC32xx for decryption.

    Let me know if you need more clarification on the secure boot implementation of the CC32xx or have further questions on the security enablers of the device.

    Regards,

    Michael

  • 0 in reply to Michael Reymond
    Prodigy 190 points

    Hi Michael, 

    Thanks for the quick response. somehow after referring through the documents I am confused. I request you to answer to my questions mentioned below that may clear my confusion. I request you to answer point by point marked in green color 

    Uniflash will run a series of commands on the CC32xx to build and unpack the device filesystem on the external serial flash. As part of this process, the file table is built, and the files provided through Uniflash such as your application binary, the servicepack, other files such as certs are flashed. The files which are flagged as secured will be encrypted by the CC32xx, and a hash of the file will be computed and signed. Each file signature will be stored in the file table so that the CC32xx can determine file integrity and authenticity as needed.

     

    From the above statement I understand that there is a file table associated with each flash and it also contains the signature and associated keys for decryption. Is my understanding correct?

    The file will be first encrypted then hash will be computed, and the resultant Hash is signed? Is my understanding correct.

     

    The 20 byte hash appended to the application binary is a special step unique to the CC32xxSF variants, where the program code is copied to internal flash from external flash. The internal flash contents are hashed and compared by the bootloader against that 20 byte hash to ensure that its contents match the signed binary on the external flash.

     

    Ok, I understand these 20 bytes appended to the binary is used while copying the binary from external flash to internal flash to check the integrity. But before that to detect any changes in the external flash the SHA-1 Hash is used which was stored in "/sys/mcuflashimghash.bin". Is my understanding correct? please refer to the Figure 21-13 from the below document.

     

    http://www.ti.com/lit/ug/swru465/swru465.pdf

     

    The secure boot comes in where the file integrity of the binary is checked at every boot. So if the external flash contents have been corrupted or deliberately modified, the file signature will no longer match the contents on the flash. The bootloader will fail to boot the device image and return a security warning error. If too many security errors are accumulated, the device will lock itself so that brute force attacks cannot be performed.

     

    From this I can understand that, signature of the binary is checked when there is a change detected on the external flash binary by comparing the SHA-1 hash. Is my understanding correct? On every boot the signature is not verified.

    The signature is calculated after encryption or before?

    Does Uniflash verify the signature when it is flashed, or the bootloader when the image is flashed using the Uniflash tool.

     

    The encryption of each file transferred through uniflash is actually handled through unique AES keys per file. As each encrypted file is loaded into memory, they are decrypted on the fly by the CC32xx AES hardware crypto modules. The unique AES keys are generated by the device on file creation, and stored in the file table. The file table itself is also encrypted and authenticated much like any other encrypted file, except that the encryption keys are derived from a unique 256bit hardware secret unique to each CC32xx device. As such, each file table will be encrypted and authenticated with a unique set of keys per device, preventing attacks where you simply transfer the full contents of serial flash to another CC32xx for decryption.

     

    I understand when a “Secure” option is selected in a file properties in Uniflash the files are encrypted, and what happens when we select option “Vendor” and give the File Token ? . Is this file token is the encryption/decryption KEY ? And the same is added in the file table?

     The boot loader will read the decryption key from file table and decrypt the binary file ?

      

    OTA

    We are using AWS OTA agent, what happens when the ota is downloaded? will it replace the file after signature verification and then reboot? 

    it will be helpful if you can explain the procedure of OTA how this secure boot work 

     

    Thanks,

    Harish

  • 0 in reply to Harish kumar1
    TI__Mastermind 40965 points

    Hi Harish,

    My responses inline:

    From the above statement I understand that there is a file table associated with each flash and it also contains the signature and associated keys for decryption. Is my understanding correct?

    Yes

    The file will be first encrypted then hash will be computed, and the resultant Hash is signed? Is my understanding correct.

    The file is hashed and signed, then encrypted.

    Ok, I understand these 20 bytes appended to the binary is used while copying the binary from external flash to internal flash to check the integrity. But before that to detect any changes in the external flash the SHA-1 Hash is used which was stored in "/sys/mcuflashimghash.bin". Is my understanding correct? please refer to the Figure 21-13 from the below document.

     

    http://www.ti.com/lit/ug/swru465/swru465.pdf

    That is correct

     

    From this I can understand that, signature of the binary is checked when there is a change detected on the external flash binary by comparing the SHA-1 hash. Is my understanding correct? On every boot the signature is not verified.

    The signature is checked every boot. The bootloader will check the contents of the internal flash on every boot, to ensure that it matches the recorded hash. The hash saved on the serial flash is encrypted and signed itself, so effectively the internal flash will be checked against this signature on every boot.

    The signature is calculated after encryption or before?

    The SHA-1 hash is calculated before encryption, as the contents of the internal flash are not encrypted.

    Does Uniflash verify the signature when it is flashed, or the bootloader when the image is flashed using the Uniflash tool.

     The bootloader performs all file encryption and signing. Uniflash only sends the UART bootloader commands and file data for the bootloader to work with. If you were to provide the incorrect file signature for a file, the bootloader is what returns the file write error for Uniflash to display.

    I understand when a “Secure” option is selected in a file properties in Uniflash the files are encrypted, and what happens when we select option “Vendor” and give the File Token ? . Is this file token is the encryption/decryption KEY ? And the same is added in the file table?

    The file token is not the encryption key of the file. It is an access key that allows you to control read/write/delete file accesses. Setting this to "Vendor" allows you to provide a known token so that your application can use the sl_Fs*() filesystem APIs to access your file. Without setting that flag, only the NWP will have access to those files.

     The boot loader will read the decryption key from file table and decrypt the binary file ?


    Yes, the bootloader and the NWP core in general will be able to access the file table with the decryption keys for all files stored on as 'secure' on the filesystem.

      

    OTA

    We are using AWS OTA agent, what happens when the ota is downloaded? will it replace the file after signature verification and then reboot? 

    I am not familiar with the AWS OTA method, but effectively what should happen assuming that the OTA works is that it will download the mcuflashimg.bin file, overwrite the old file with the newly downloaded copy. Then, on the next boot, the bootloader will see that the mcuflashimg.bin has changed, update the hash accordingly, and download the new mcuflashimg contents to the internal flash. From an application code perspective, there isn't anything that needs to be done other than download and overwrite the mcuflashimg. The bootloader will take care of the rest.

    Regards,

    Michael

  • 0 in reply to Michael Reymond
    Prodigy 190 points

    Hi Michael,

     

    Thanks for the answers and quick response. I really appreciate it, most of my questions are cleared. I have some more questions on this can you answer the below.

     

    Question 1:

     The signature is checked every boot. The bootloader will check the contents of the internal flash on every boot, to ensure that it matches the recorded hash. The hash saved on the serial flash is encrypted and signed itself, so effectively the internal flash will be checked against this signature on every boot.

    From the above statement the Hash you are referring is SHA -1 Hash calculated automatically when the image is transferred from the serial flash to on-chip flash. the same hash is also used to check any changes in the serial flash binary. Does the 20 bytes hash(appended to the binary) is included when the SHA -1 Hash is calculated from the external serial flash?

    If yes, then the image on on-chip flash does not contain the 20 bytes hash? Then how will the Hash Mach happen?

      

    Question 2:

     According to my understanding the bootloader will check for any new image on the serial flash, this is detected using SHA-1 Hash which was stored in "/sys/mcuflashimghash.bin". any change in the content of the serial flash the Hash will mismatch. That indicates either a new image or tamper attempt. In case of tamper attempt the On-Chip flash is mass erased. If it detects the new image it will copy the image to On-Chip flash

    Now the question is how does boot loader differentiate between tamper attempt and new code, does it verify the signature before copying to the on-chip flash? After copying to on-chip flash it will verify the 20 bytes hash but before copying any checks are performed?. after copying the 20 bytes does not match the internal flash binary is already over written.

    what if the 20 bytes Hash is also tampered to match ?

     

    Question 3:

    How the encryption and the signature will be handed during OTA? If I replace a secure binary flashed using Uniflash through and then call boot loader, how will boot loader will do encryption and update the file table?

     

    Thanks,

    Harish