• State Resolved
  • Locked Locked
  • Replies 8 replies
  • Answers 3 answers
  • Subscribers 40 subscribers
  • Views 752 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

CC3220MODA: Issue with Uniflash Documentation 5.1

CC3220MODA: Struggling with UniFlash Documents, SWRU496, Section 6.7.1 Creating an Encrypted Image

Forrest Erickson
Genius 4125 points
Part Number: CC3220MODA
Other Parts Discussed in Thread: UNIFLASH, CC3220SF

I am confused by section 6.7.1 of the document SWRU496e.pdf.

Should not this document be telling us to use either the private key or the public key (I am still trying to figure this out) of a PKI key set which we make with something like OpenSSL key generation?


Also could the reference to AES-CTR encryption be one or any of the ciphers beginning with "-aes" returned from the OpenSSL "enc -ciphers" command which I provide here?

If so, should not this document on UniFlash be very specific about the allowed cipher types for keys use with UniFlash and the CC3220SF?

As I say I am struggling with this document and have more questions but this is a start.

  • 0
    TI__Mastermind 22935 points

    Hi Lee,

    To encrypt an image you just provide a 16byte key like the section says. Our tools will handle the encryption for you. PKI is not relevant here as AES is a symmetric crypto algorithm meaning there is no public/private key pair there is simply a key that is used to both encrypt and decrypt. 

    Jesu

  • 0 in reply to Jesu
    Genius 4125 points

    Hello again Jesu,

    Regarding AES is symmetric, thanks that is something I have missed and so I have been making an incorrect mental model (another incorrect model). 

    So is it the case that the MCU Img is to be encrypted with a secret symmetric key?

    Then where in Uniflash do I provide this key?  In simple view when I Browse and choose a .bin file I am not asked for a key.

    In advanced view properties for the mcuflahsingimg.bin I see a place for a key.

    Which as you can see I have for the dummy files which I think I read were PKI asymmetric type keys.  I was before very uncertain about the process of key and catalog creation and management. Now I am uncertain about the requirements of the keys.

    Anyway I will again resume reading in SWRU496e.pdf with this new insight.

    If there is an optimum order in which to read one or more of the TI documents on the creation of key files and signing of Firmware I would benefit from an outline.

  • 0 in reply to Forrest Erickson
    Genius 4125 points

    I asked, "...where in Uniflash do I provide this key?  In simple view when I Browse and choose a .bin file I am not asked for a key."

    Perhaps my question has another error.  Does Uniflash make a key with which I never have to be concerned?

  • 0 in reply to Forrest Erickson
    TI__Mastermind 22935 points

    Hi Lee,

    You are already doing the best way to learn which is read our documents, play with our tools and products and ask questions. I want to point out, section 6.7.1 is referring to encrypting a gang image, not the MCU image. When programming the MCU image you always have to provide private key like shown in the image above to encrypt it and a public key as a user file to so that device can decrypt it. By default the dummy root ca cert key is used and this is why we say you have to add the dummy root ca cert to the file system which contains the public key.

    There is no key option in the simple view so you won't have to specify every time. Once you specify once in the advance view I believe it will default to that every time for that given Uniflash project.

    Jesu

  • 0 in reply to Jesu
    TI__Mastermind 22935 points

    Hi Lee,

    Responding to your question below from this e2e:

    Is the Key Source File Name above the check box for "Use Encryption Key" in the General > Settings dialog the same private key I would use in the Files > User Files dialog?

    Like I mentioned before this option is for encrypting a gang image. Gang images compress your entire application and user files into a single file. As a developer you can choose to encrypt this image to protect your IP if deemed necessary. Remember that this option uses AES which is a symmetric cryptographic algorithm meaning public and private keys are not relevant here. In other words, the key you provide in this option to encrypt is the same key you would use to decrypt the image. Because of this, it does not make sense to have this key in user files because there is no real use for it there. To be able to access it you will have to decrypt the gang image first which requires the key in the first place.

    Jesu

  • 0 in reply to Jesu
    Genius 4125 points

    Jesu,

    Regarding, "...section 6.7.1 is referring to encrypting a gang image, not the MCU image."

    That helps. It is a distinction I had not noticed.

    It is taking me many passes through the documentation to work out my misunderstandings.

  • 0 in reply to Jesu
    Genius 4125 points

    Regarding, "...Because of this, it does not make sense to have this key in user files because there is no real use for it there. To be able to access it you will have to decrypt the gang image first which requires the key in the first place."

    Got it.

    FYI we will be loading firmware into our product in our own factory across the wall from me so we have no concern about encrypting the ?project? image information.

    Thanks,

  • 0 in reply to Forrest Erickson
    Genius 4125 points

    I have read this all over again and think I can mark this thread as resolved. The important take away for me is that symmetric keys are used to protect the gang programing image file.

    And again today I am starting at the first page of SWRU469 and re reading.