• State Resolved
  • Locked Locked
  • Replies 11 replies
  • Subscribers 41 subscribers
  • Views 481 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3235S: How to ensure root CA programming successfully

Janet Shen
Expert 7795 points
Part Number: CC3235S
Other Parts Discussed in Thread: UNIFLASH,

Dear Champs,

I tried to build up https project and added root CA for testing.

On UniFlash 6.1.0, how do I ensure root CA programming successfully? I can't find any option on UniFlash to list file system.

So that, I always met "Error! code = -456, Description = httpTask: connect failed".

And see errors.h, #define SL_ERROR_BSD_ESECBADCAFILE                                      (-456L) /* error secure level bad CA file */

I guess I do not program root CA successfully.

Could you kindly give me any suggestions?

Thanks a lot.

  • 0
    TI__Mastermind 40965 points

    Hi Janet,

    If your CC3235 device is in development mode, then you can use Uniflash to list the current files on the device. Simply click on the "Online User FIles" button like so:

    That being said, error -456 typically indicates that the root CA cert file provided is corrupted or not formatted correctly. Please take a look at my posts here for how to identify and get the root CA cert off of your PC:

    https://e2e.ti.com/support/wireless-connectivity/wifi/f/968/p/673247/2478357#2478357

    https://e2e.ti.com/support/wireless-connectivity/wifi/f/968/p/686966/2531683#2531683

    Regards,

    Michael

  • 0 in reply to Michael Reymond
    TI__Expert 7795 points

    Dear Michael,

    Thanks a lot. I used "Online User Files" to see the filed I programmed. 

    If I want to erase all external SPI Flash on CC3235S Launchpad, where is "Format" button? 

    Thanks a lot.

  • 0 in reply to Janet Shen
    Guru 73205 points

    Hi Janet,

    There is no format button for CC3220/CC3230/CC3235 devices. sFlash is formatted automatically after programming image by Uniflash (or Gang programming). If you want to clean content of sFlash you can program blank image.

    Jan

  • 0 in reply to Jan D
    TI__Expert 7795 points

    Dear Jan,

    Understood, how do I generate black image? Just create a 0byte .bin file? 

    I found many unknown file (like many CA files) when using "Online User Files" to see sFlash, so that I try to clean all the content of sFlash. 

    But I am not sure which steps is correct. 

    Do you have any suggestions for the process of changing to a new image with a new CA? 

    Thanks a lot.

  • 0 in reply to Janet Shen
    Guru 73205 points

    Hi Janet,

    By blank image I mean programming image without /sys/mcuimg.bin or /sys/mcuflashimg.bin file.

    By each programming by Uniflash is content of sFlash erased. Files which you see by "file browser" at Uniflash are created at runtime or during programming of your image. You can expect at sFlash some files which are created by NWP like a PHY calibration files (/tmp/phy.cal), configuration files (files *.cfg and *.ini at /sys/), etc.

    I am not sure what issue do you have with CA file. CA file(s) is normal files and there is nothing special about them. Name of CA file is used at your code by socket option API when you set parameters for SSL/TLS connection.

    Jan

  • 0 in reply to Jan D
    TI__Mastermind 40965 points

    Hi Janet,

    As Jan mentioned, the CC32xx serial flash is erased every time you program with Uniflash. This is automatic and there is no extra needed to ensure a clean serial flash.

    In order to have a cut-down set of files on the serial flash, I suggest you create a new Uniflash project, then add just the MCU Img, then the servicepack. Then, go to the advanced -> files view and add only the desired root CA.

    If you're having trouble with that step, please let me know what root CA you're trying to use and/or which server you're trying to connect with HTTPS and I can provide you a Uniflash project with the correct root CA setup to be flashed to the device.

    Regards,
    Michael

  • 0 in reply to Michael Reymond
    TI__Expert 7795 points

    Dear Michael & Jan,

    Thanks for your suggestion.

    We tried your suggestions today and found below case.

    1. Failed: New Project --> Add MCU img and servicepack on Development Mode - Simple  View --> connect --> Advanced/File/User Files: add CA file --> Burn

    --> Program Image: 99% failed.  (I will paste the print screen later)

    2. Success: New Project --> Add MCU img and servicepack on Development Mode - Simple  View --> connect --> Online User Files: add CA file --> Burn.

    So that, is any problems on "Advanced/File/User Files"? Could I add CA file directly? 

    If you have any suggestions or reminders, please feel free to let me know.

    Thanks a lot.

  • 0 in reply to Janet Shen
    Guru 73205 points

    Hi Janet,

    In advanced mode you need to manually insert code signing certificates for your MCU image (certificates from playground directory in SDK). If you not do this, your programming will fail. Because this is a multi step procedure which could cause some level of confusion, from this reason simple mode was implemented into Uniflash. At this mode is code signing certificate added automagically by Uniflash.

    Jan

  • 0 in reply to Jan D
    TI__Expert 7795 points

    Dear Jan,

    Yes, I think that is my problems, "code signing certificates for MCU image". But I am not sure which steps is correct.

    So that, does it mean I could not remove the default "dummy-root-ca-cert" file in  Advanced/File/User Files?

    Or could you kindly share your experience for the right programming process of add new file? 

    Many thanks for your suggestions.

  • 0 in reply to Janet Shen
    Guru 73205 points

    Hi Janet,

    No. You cannot remove file "dummy-root-ca-cert". This file is used as CA for code signing at development mode.

    I think easiest procedure is insert MCU binary and ServicePack at simple mode. This will insert code signing certificates from TI playground automatically. After that you can switch into advanced mode and insert your other files into filesystem.

    Another option can be to set all in advanced mode. Some information you find here, but there is not described exact step-by step procedure. Some information you find at swru469 as well. At some older version was described required steps, but it seems this guide was changed.

    If you want to save your time during development, my recommendation is to use Uniflash CLI for a routine programming. E.g.:

    // add new file into project
dslite.bat --mode cc32xx project add_file --name WiFi-dev --file myfile.txt --fs_path myfile.txt --overwrite
// update MCU binary
dslite.bat --mode cc32xx project add_file --name WiFi-dev --file wifi-device-binary.bin --mcu --priv certificate\dummy-development\dummy-root-ca-cert-key --cert dummy-root-ca-cert --overwrite
// program via COM3
dslite.bat --mode cc32xx project program --name WiFi-dev --port COM3 --dev

    If you want to do automatic restart via on board XDS-110 when Uniflash CLI is used, please search for power_on_com.py file at e2e forum.

    Jan

  • 0 in reply to Jan D
    TI__Expert 7795 points

    Dear Jan,

    Many thanks for your suggestion.

    I tested this method yesterday and found it actually my problem's root.

    And I will test CLI later.

    Thanks a lot.