• State Resolved
  • Locked Locked
  • Replies 4 replies
  • Subscribers 40 subscribers
  • Views 334 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

CC3220: Recovery from security alert / device locked

CC3220SF: INCREASE SECURITY ALERT THRESHOLD

YOUNG LIN
Intellectual 395 points
Part Number: CC3220SF
Other Parts Discussed in Thread: UNIFLASH

Hi 

During the last OTA update test I'm doing, the security alerts counter has been increased some times because I have tried to update the MCU image with incorrect master file token. There is a threshold/limit for the security alert (default max. 15) , so the device can be blocked after some incorrect updates.

I'm reading the CC3220SF Built-In Security Features PDF file (swra509, http://www.ti.com/lit/swra509), it mentions in the page 20 (tamper detection):

The security alert threshold can be configured during image creation (using the image creator tool).

But I have checked several times the UNIFLASH tool and I haven't found any parameter related with security alert threshold, can you explain where in UNIFLASH I can configure this parameter?

Thanks and regards,

  • 0
    TI__Mastermind 38980 points

    Hi Yong Zha,

    I'm checking if we have this feature implemented with the tools team. I will give you an update by the end of the week.

    Why are you interested in changing this default? What would you like to change it to?

    Best regards,

    Sarah

  • 0 in reply to Sarah P
    Intellectual 395 points

    Hi Sarah,

    The security alert is a concern for me because we have different version of the HW/FW devices in market/field, if some times the OTA update is performed with an incorrect MCU image or incorrect file token, the security alert will be triggered and there is a possibility to block the device in field defintively. So I'd like to see if there is any option to increase this threshold or remove it definitively.

    Regards,

  • 0 in reply to YOUNG LIN
    Intellectual 395 points

    Hi Sarah,

    Can you send me an update about this consult? Related with the security alert threshold: if it can be adjusted in the UNIFLASH project?

    Thanks and regards,

  • 0 in reply to YOUNG LIN
    TI__Mastermind 38980 points

    Hi Yong Zha,

    This feature is not included in ImageCreator, so we will update the documentation that suggests this.

    As for the security alert threshold, this is implemented to protect the device from tampering in the field. If you are updating the image in the field with OTA, you should not be concerned about locking the device. The device will not lock if you accidentally load a bad MCU image (this is what the rollback mechanism in the OTA library is for). You can also choose to sign all of your OTA images with the same private key to avoid using a wrong one, or do not sign it at all if you do not want to secure the OTA image. This is a design choice for your application.

    Best regards,

    Sarah