• State Resolved
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 859 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

CC3220: (SF): Writing to flash at runtime

CC3220: (SF): file encryption on the external flash

Lan Luo
Prodigy 30 points
Part Number: CC3220


Hi,

I already know that individual files on the SFlash can be encrypted via secure file system. System files and file system metadata are encrypted by a device-unique key. But I am not sure whether the whole flash is encrypted .

Is there whole flash encryption on the external serial flash?

I am also wondering if we can directly access the external flash content bypassing the API.

Thanks,

Lan

  • 0
    TI__Guru 63006 points
    Hi Lan,

    The entire flash is not encrypted, but the FAT (File Allocation Table) is encrypted, meaning you basically can't access the file system. Every attempt to change the file system will be identified and will lock the device.
    The flash can be accessed by external programmer tool, but it is only useful for installing the production gang image.
    After the the first boot, when the programming image is unpacked and replaced by the encrypted and proprietary file system - the only valid access is through the SL API.
    Saying that, if you read the entire flash content - you'll be able to read the content of non-secure files.

    Br,
    Kobi
  • 0 in reply to Kobi Leibovitch
    Prodigy 30 points
    Hi Kobi,

    Thanks for your reply.

    Regards,
    Lan
  • 0 in reply to Kobi Leibovitch
    Prodigy 30 points
    Hi Kobi,

    I find there is a device unique key used for host image and FAT encryption, and there is a device unique ECC key pair in the secure key storage with index 0. I feel confused about them. The secure file system describes that secure files are encrypted using AES-128-CTR, so I suppose the key used for image encryption is also AES128; The secure key storage mentions that the device-unique key-pair is a single 256-bit unique key embedded in hardware.

    I guess there are two device unique key: a 128-bit AES key and a 256-bit ECC key pair. Is that correct or they are actually the same object?

    Thanks,
    Lan Luo
  • 0 in reply to Lan Luo
    TI__Guru 63006 points
    Hi Lan Luo,

    Those are 2 separated (unique) keys.

    Br,
    Kobi