Hola,
Many months ago it was decided that using the TI provided factory default would not work for an application I am working on. The reason being that we load security and calibration related files that must never change on each unit coming off the production line.
So, we have implemented a custom factory default process. As one might expect, the sflash stores an encrypted file that holds all relevant information and files required to perform a factory default. This all works fine right now and we have no issues with the process working currently.
However, we will have issues in the future when the root CA in the TI certificate catalog expires years from now and now the factory default image can no longer be used. There are two possible solutions to this:
- Make sure that we always force an update of the factory default file at the same time as an update of the TI certificate catalog occurs. We'd also need to make sure that on the back end that an old factory default image is never pushed to the device.
- We force the TI certificate catalog to downgrade to a version that has the root CA that is the root of trust for the code signing cert used to sign the mcuflashimg.bin file.
From what I currently know, there is no way to downgrade the TI certificate catalog. This is true, correct? if so, we are forced to go with option 1.
Also, I believe the only way that the TI-base factory default can work is by loading the TI cert catalog that existed at time of factory default image creation. To my knowledge, the only way to do this is to wipe SPI flash, which would make sense as I know all user files are wiped out on factory default (which is why we cannot use it). So, I imagine in this case the cert catalog is not 'downgraded' in the traditional sense, it is loaded into a file system that does not have the cert catalog before the file open/create operation is performed inside the NWP. Is this correct? If not, what am I missing and/or not understanding?
Cheers,
Trevor