CC3220SF: IC security concern, Network Processor operation mode

YOUNG LIN

Part Number: CC3220SF

Hi,

Sorry for consulting frequently these days on the forum, I need some information related the CC3220SF network processor NPU to continue the new design risk assessment:

Is it possible for the Network Processor (NPU) firmware to be updated?
Does the NPU leverage Secure Boot with TI’s CA Certificates?
Does the NPU store the private key used for TLS-Mutual Authentication? We use the private key generate by the AWS IoT platform the device communication

If you need any more information to answer these questions, please let me know.

Regards,

Yong

over 6 years ago

0 Kobi Leibovitch over 6 years ago

TI__Guru 63006 points

Hi Yong,

1. The NWP firmware is stored in ROM. We use service pack (SP) for patching and updating the ROM code.

2. Not sure, what you meant by this question. TI private key is used to sign the TI generated files which are the NWP SP and the certificate catalog, those are verified against a certificate in the ROM. Other secure files are verified (as part of the secure boot) against CA certificates that are included in the certificate catalog. please refer to http://www.ti.com/lit/an/swra509b/swra509b.pdf and http://www.ti.com/lit/ug/swpu332a/swpu332a.pdf for more details on our security methods and the certificate handling.

3. The CC3220SF contains a unique identity (unique device ID, unique key pair) which you can use to connect to cloud servers. If you get the private key certificate from the cloud server (e.g. AWS) you can store them as secure files on the device for use in TLS. See http://dev.ti.com/tirex/explore/node?node=AJV5YxMn7AtjFVmEbSYN6A__qqLx9Mm__LATEST for more information about the methods to provision the device to AWS.

Br,

Kobi

Wi-Fi

Wi-Fi forum

CC3220SF: IC security concern, Network Processor operation mode