This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC31XXEMUBOOST: Programming a CC3120

Part Number: CC31XXEMUBOOST
Other Parts Discussed in Thread: CC3120, CC3235SF, CC3235S, CC3135, UNIFLASH, CC3120BOOST

Hello (again)

I am trying to get some clarity of several things about the CC3120.

Regarding swru455, section 4.3, it shows countries US, EU, JP, then says  "The CC3135, CC3235S, and CC3235SF support a wider set...  The full list of supported countries could be found in Appendix C"  Is that list for the CC3120?   Or only for CC3135/CC3235   (meaning the CC3120 only supports 3 country codes)?

When a new CC3120 is installed with a new empty FLASH memory, what happens? Clearly the file system cannot be "rolled back", per section 3.2.6 of swra509b since the flash is empty.

For example... when we are putting in perhaps 10,000 NWPs as an option in a production of 50,000 devices, and this is being done on the other side of the planet, how will the NWP RAM get initially programmed?  According to doc swra509, section 3.2 the cloning protection would prevent a block of flash RAMs from all being programmed if the file system is encrypted and tied to a key that is unique to each device.

Do we tell the manufacturer to Install each on a EMUBOOST board?  (not likely)   Or we have to embed the UCF into our firmware to instruct it to load the NWP if it's empty?  How would the host know the NWP has a blank RAM?

On the file system:

Per swra509 section 3.2.3 and forward, the "secure-and-authenticate" flag is the signature?  So the file must be signed by something that can chain up the CA list.  If a file is attempted to be stored SL_FS_CREATE_SECURE, and without SL_FS_CREATE_NOSIGNATURE, then which is the root CA that it must be signed with?

And does table 10 in section 3.2.9 of swra509b  "Secure-and-Authenticate file" mean a file which is "signed"?

These are a start to determining the effort of adding this NWP as an option to a product.

  • Hi,

    The 3 regions supported by CC3120 are good enough (i.e for device that only support the 2.4G band). The regulatory domains dictate some limitations on supported channels and max TX power. These 3 regions represent all the options available for the 2.4G band. When adding 5G (CC3x35) - there is much more variance that is defined per country.

    The NWP code is based in ROM which enables some (bootloader) functionalities. However for operational mode you will need to install a service pack (which is a set of patches).

    The cloning protection doesn't refer to production line but to a later stage of the device life cycle when the file system is already in place. It prevents from file system of being cloned between devices (so you can't detach the flash from one device and attach it to another for reading the content). In production you can prepare a "Gang Image" that will be programmed to all the flashes before they are installed with the CC3120 or you can use the UART interface to write the code to the flash after the device is attached to the flash. 

    When using SL_FS_CREATE_SECURE with SL_FS_CREATE_NOSIGNATURE - the file doesn't require any certificate. This means that the file will be encrypted (using the device specific key - that prevents the cloning) and a token will be used to grant access to the file. The file will not be authenticated.

    "Secure-and-Authenticate file" (SL_FS_CREATE_SECURE without SL_FS_CREATE_NOSIGNATURE) refer to a file that is secured (as stated above) and authenticated (this will require a signature and certificate chain to verify it).

     

    Br,

    Kobi

  • Thanks...

    But you guys all talk like we should know the internals of the device, and yet none of that detail is published...

    Kobi Leibovitch said:

    The 3 regions supported by CC3120 are good enough (i.e for device that only support the 2.4G band). The regulatory domains dictate some limitations on supported channels and max TX power. These 3 regions represent all the options available for the 2.4G band. When adding 5G (CC3x35) - there is much more variance that is defined per country.

    So the unit will NOT recognize "MT" as in:

    _u8 Str[] = "MT";
    sl_WlanSet(SL_WLAN_CFG_GENERAL_PARAM_ID, SL_WLAN_GENERAL_PARAM_OPT_COUNTRY_CODE, 2, Str);

    So if a device is sold to Malta, I am supposed to tell the end user to just set it to "Japan" because they use the same channels as Malta? 

    Kobi Leibovitch said:

    In production you can prepare a "Gang Image" that will be programmed to all the flashes before they are installed with the CC3120 or you can use the UART interface to write the code to the flash after the device is attached to the flash. 

    And what is a "gang image" ?  I can flash a "service pack" directly to a memory chip?  Or I flash the UCF file that is dependent on being created by Uniflash to every memory chip?

    Otherwise I can use the UART to update the firmware (UCF file install, as I do now to a CC3120BOOST unit) when the manufacturer assembled product that contains a CC3120 module, connected to a completely blank flash?   

    So with that design, the "service pack" would be embedded in the host MCU firmware.  How does the host MCU know that the NWP has never been initialized?  Or the host MCU is just supposed to push the NWP firmware into the device every time it powers up?

    Kobi Leibovitch said:

    When using SL_FS_CREATE_SECURE with SL_FS_CREATE_NOSIGNATURE - the file doesn't require any certificate. This means that the file will be encrypted (using the device specific key - that prevents the cloning) and a token will be used to grant access to the file. The file will not be authenticated.

    And, as my post said, without the SL_FS_CREATE_NOSIGNATURE, the file does require a signature.  Chaining to what CA?  Last time I looked there were over 100 CA's...  The signature has to validate against the "certstore.lst"?  Does the "certstore.lst" contain all of them?

  • The CC3120 will not recognize the "MT" code. You should use "EU" as Malta is in the ETSI (Europe) region.

    Gang image is a created by uniflash - both bin and intel-hex format are supported.

    Any flash programmer can be used to program the flash using the gang image.

    and yes, the alternatives of the gang image, is to use the UCF for host programming (i.e. through the sl_FsProgram by the MCU over the operational host interface, typically SPI) or use the SLI image for UART programming (from PC using the uniflash).

    The host programming can be done using a designated MCU firmware for production only. Before the image is programmed, the device will boot in programmer mode, and will not support most of the operational commands. There are many way to detect this mode, for example trying to read a file that should be located on the programmed file system. The programming should happen only once. 

    The image that is written to the file system during the production programming will be extracted by the CC3120 boot loader that will create the initial file system. The original image will not be used any more unless factory reset is used.

    The certcatalog...lst contains 100 of the most popular root CA. The complete list is available in a readme file within the "tools\cc32xx_tools\certificate-catalog". You should select a certificate from this list. The catalog gets updated from time to time.

    Br,

    Kobi