This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3220SF: Load and Execute binary generated by Energia using Uniflash

Part Number: CC3220SF
Other Parts Discussed in Thread: UNIFLASH, ENERGIA, CC3200,

Hi 
My application binary is generated in Energia, and I tried to load it using Uniflash. I learned from previous discussion that this was a known bug. Has this bug been fixed? 
If not, it seems like I need to follow the steps described here. However, I ran in the this error message. "Operation failed: fs_programming error: ret: -10372, ex_err: 2633 - FS_WRONG_CERTIFICATE_FILE_NAME"
Just want to check if I misunderstood any steps. Thanks in advance in shedding some light! 

My User Files Organization is shown below. By the way, is it necessary to burn the service pack before flashing application? My application doesn't use functions from the service pack. Previously, when I worked with CC3200, I used Uniflash to flash my application binary generated by Energia as /sys/mcuimg.bin, and I didn't need to burn the service pack. 


1. Select "Select MCU Image" from the Action drop down menu and click on browse to choose boot-energia.bin in the zipped folder. Configuration is shown below

2. Click "Add File" next to "sys" folder and select my application binary generated in Energia (in this case, the Blink example) and name it energia.bin. Configuration is shown below
  

  • Hi,

    I don't use Energia personally, and from this reason I don't know  whether compatibility issue of CC3220SF chip with Energia was solved. If you need, you can ask at Energia forum.

    If issue was not solved, you can use one of this ways:

    • use my bootlodar (as linked at your question above)
    • use trick described by Michael at this thread

    How to use Uniflash in advanced mode you find at swru469. In brief:

    1. Create new Uniflash project for CC3220SF in development mode
    2. In Simple mode of Uniflash use GUI to upload my bootloader file into mcuflashimg.bin
    3. Switch into advanced mode. Upload your energia.bin into root directory (not into /sys/) as is stated at your screenshot
    4. Save, create and programimage

    (step 2. is important. In case you will use simple mode, your dummy-root-cert and key will be inserted automatically)

    Jan

  • Hi Dennis,

    For Energia related questions, please use the Energia forum (http://forum.43oh.com/forum/125-energia-tivaccc3xxx/).

    Br,

    Kobi

  • Hi Jan,
    Got it. Since my application was developed in Energia when I used CC3200, I think it would be faster to port it to CC3220SF if Energia environment is supported...

    Thanks for the summarizing the steps. I am able to successfully program the device. However, I am not able to run the application. I see the following error message. I put 'energia.bin' under the root directory, but it looks like the bootloader still has trouble locating the file...


    [NETAPP EVENT] IP Acquired: IP=10.123.45.1 , Gateway=10.123.45.1
    Unable to open file 'energia.bin' (code=-10365). Halt!

    By the way, from the debug message, does it mean bootloader would turn on WiFi automatically?

    Thanks,
    Dennis

  • Hi Dennis,

    It looks that you have old version of my bootloader and from this reason you see [NETAPP EVENT] event. But this should not be a big deal and reason of your issue.

    That bootloader works by very simple way. It enables NWP by sl_Start() after that it reads content of 'energia.bin' file and copy it into RAM. After that it jumps to entry-point and stars execution of your code. In case you have already stored connection profiles NWP will start wifi connection when you call sl_Start() and from this reason you see this event. In newer version I removed this messages from asynchronous handlers.

    Now back to your error. You see error -10365 which means SL_ERROR_FS_INVALID_TOKEN_SECURITY_ALERT. I am not sure, why you see this error. Maybe you set file 'energia.bin' as secured file. That bootloder does not expect secured files.

    Jan

  • Hi Jan,
    Yeah, 'energia.bin' was set as a secured file. After unchecked the option, it worked fine.

    Is this the newer version of bootloader?

    So if I don't want to enable NWP right at start up, I can comment out line 134 - 137 and 160 - 163 in bootloader.c and compile using either CCS or Energia?
    May I also know what would be the steps to create bootloader to work with secured 'energia.bin'? 

    Thanks,
    Dennis

  • Hi Dennis,

    Yes, I think this is latest version. You can compile this code via CCS and use it as you want.

    No. You cannot comment that code. Without this code (started NWP) you will not be able to read content file and load it into RAM. And without loading code into RAM you will not be able execute it. Filesystem API is handled by NWP itself.

    Jan

  • Hi Jan,
    Thanks a lot for the prompt reply as always! So sl_Start starts NWP, but doesn't enable WiFi, right? Or there is no additional control to turn on/off WiFi once NWP starts.

    May I also know what would be the steps to create bootloader that can work with secured 'energia.bin'? 

    Thanks,
    Dennis

  • Hi Dennis,

    In case you have stored connection profile and setup connection policy, in this case sl_Start() enable Wifi (starts connection to preset WLAN) already. If you want to disable WLAN after sl_Start() you need to disable auto connect and fast connect connection policy. Connection policy can be controlled by sl_ API sl_WlanPolicySet(SL_WLAN_POLICY_CONNECTION,...).

    You will need to create 'energia.bin' as secured file with pre-set vendor token. And this token you will hardcode into bootloader code. This will allow relatively good level of safety of your code.

    BTW ... similar thing is possible with the CC3200 device as well. Only difference will be that you will need encrypt / decrypt your Energia binary by yourself. And you will need physically secure JTAG pins at your device (e.g. some kind of potting) to not be able attacker connect to JTAG/SWD.

    Jan

  • Hi Jan,
    Thanks for sharing the lead on sl_WlanPolicySet command. Energia has higher level WiFi APIs. Anyway, I will be learning more about the CC3220 commands.

    Regarding secured 'energia.bin', does it mean I can only secure it with a pre-set vendor certificate? Or it is possible to use certificate from CA? Is there an example I can refer to for both approaches? 

    Thanks,
    Dennis

  • Hi Dennis,

    I think you don't understand what I want to say. There are two aspects of CC3220 safety which are partially independent:

    • safe boot of your firmware (your binary)
    • security at filesystem level

    Secured boot is about that ROM bootloader allows to execute code which is trustworthy only. This is done via chain of trust to certificate from CA or to your vendor certificate (at OTP part of sFlash). That means ROM bootloader is able to validate that firmware binary was signed by your private key. This is done by public key (=certificate from CA or vendor certificate).

    At your case is this binary firmware "my bootloader" and ROM bootloader verify trustworthy of them. ROM bootloader does not know that there is additional code (Energia code) which is loaded by by "my bootloader". From this reason ROM bootloader can't check trustworthy of your code. This is up to you and you need implement this into by bootloader code. You can use vendor tokens or certificate for validating. Implementation is up to you, and you can choice way as you want. Because is under control of code of "my bootloader" which you can change.

    Security at filesystem level is described at this article. By this security you can limit access to files (read only, write only, etc.). All is described at that article.

    (During Christmas holidays - up to 6th January may to be my response time longer. Also I will not be able provide you such detail answers as before because I spend much time answering question only for you and this is not sustainable.)

    Jan

  • Hi Jan,
    Sorry to keep bugging you for my inexperience with this device. Nevertheless, thanks for your patience baring with all my questions and your detail explanations is greatly appreciated as always!
    I think I have better understanding now. Certificate from CA or vendor certificate is for secured boot. If I want to secure Energia binary, I will need to implement security at file system level. I will study the link you sent to learn more about it

    Merry Xmas,
    Dennis