• State TI Thinks Resolved
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 218 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3220SF: Information on "Use Encryption Key " in Settings of General in Uniflash

Harish kumar1
Prodigy 190 points
Part Number: CC3220SF
Other Parts Discussed in Thread: UNIFLASH,

Hi, 

Wanted to understand what is the use of the "Use Encryption Key " in General Settings in Uniflash. I have gone through the details in swra509c (section 4.2.1.1) and in swru455 (section 8.12). every where it is said that it is used for gang programing with external programmer. it is observed that when we select this option entire Flash Image (the full image also contains the service pack, certificate catalog and user files) is encrypted. 

please find my questions below and i request you to answer to the points.

  1. in our system we use only uniflash to flash/program the devices, if we select this option "Use Encryption Key " does it provide any extra security by encrypting the whole flash content (full image ) in CC3220SF device ? 
  2. we use the option secured with vendor token while flashing, that is only file encryption. now by using this option "Use Encryption Key " whole image is encrypted which is sitting in the external flash and decrypted when we access it with the key what we have given through uniflash?

also let me know from the below statements from swra509c (section 4.2.1.1)

"It is possible to encrypt this image to make it confidential from the third party handling the gang programming. In this case, the key is provided during image creation and the output image is encrypted with this key. In production, upon image detection, the device awaits activation from the OEM by providing the key for decrypting the image over the UART lines. Once the image is authenticated, deflation may commence"

i understand once the above statement the encrypted, image is transferred through the 3rd party tool the bootloader will expect the key to be transferred through UART then it will activate the image or boot. does the bootloader store the key and perform this operation every time ? or is it one time process ? 

thanks, 

harish 

  • 0
    TI__Guru 63006 points

    Hi harish,

    Please refer to section 6.7 (and 6.20) in the Uniflash/Image Creator guide (https://www.ti.com/lit/pdf/swru469).

    The programing image is stored in flash until it extracted by the bootloader to form the file system. If the file is encrypted, the extraction would be possible only with the key. Once the image is extracted, this key is no longer relevant and the encryption of secure files is done using the device key (your vendor token will control the access the files - they are not used for encrypting them).

    If you are using a 3rd party for programing the flashes during production, you may use the "image encryption" feature to protect against theft of IP (e.g. overbuilding). 

    This will add an extra step in the production after the images are flashed to the devices (and the devices are assembled). In this stage, a trusted person will need to provide the key with special command to activate the images.

    Br,

    Kobi