This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

[FAQ] SIMPLELINK-CC32XX-SDK: Important Notice for Customers Using Dropbox for OTA Updates

Part Number: SIMPLELINK-CC32XX-SDK

The TI SimpleLink Wi-Fi SDK provides example code for the use of Dropbox or GITHUB to perform Over the Air (OTA) updates.  However, TI cannot guarantee the operation of these 3rd party services for long term use.  Recent changes by Dropbox have highlighted that connection issues may occur when using the OTA library from the SDK to connect to the Dropbox server.  Details of the specific Dropbox circumstances are provided below.

It is important to note that Dropbox has confirmed an August 2021 timeframe for permanently updating their server certificate handling.  Customers needing future OTA compatibility with the Dropbox service will need to update the SimpleLink Wi-Fi OTA library by using SDK 5.10 and update the Dropbox root CA certificates before August. The planned release timeframe for SDK 5.10 is the end of 1Q 2021.   Please see update in below post.

Dropbox Details:

The OTA update procedure involves connecting to 2 servers:

- The Dropbox OTA (CDN) server for authenticating and granting permission to access folders where the image is located

- The Dropbox file server itself to load the image

Historically, Dropbox used the same root of trust for the 2 servers, which allowed customers to set only one root CA to verify and enable the connection with the OTA library.

Last week Dropbox updated the certificate handling to require unique certificates per server. This caused connection failures as described above.  When notified of the issues this caused, Dropbox willingly agreed to revert back to the original certificate handling until August 2021 to allow an adjustment period for manufacturers.  The OTA library modifications planned for SDK 5.10 will enable support for connecting to a CDN server and a file server when they use different root CAs.  Customers should update their initial programming image and devices in the field to use the new OTA library and updated Dropbox root CA certificates to ensure future OTA functionality. Please see update in below post.

  • Thanks for the update, Travis!

  • Important Update: An alternate solution has been identified for continuing to support connections to the Dropbox servers with the SimpleLink OTA library in SDK v5.10. In SDK v5.10, the OTA library still expects the application to use a single file containing the remote server certificates. To enable the device to work properly when the CDN server and file server use different root CAs, the file loaded on the device should be a PEM formatted file that includes both of the root CA certificates.

     

    During the Dropbox transition, the two certificates that are expected to be needed by the device are the Digicert High Assurance EV Root CA and DigiCert Global Root CA. The attached PEM file combines these two root CAs.

     

    Customers must update the devices they have in the field and being manufactured to use this file as the OTA_SERVER_ROOT_CA_CERT to help ensure compatibility with the service moving forward. Please make sure the attached file is programmed to the file system’s root and the following is defied in “otauser.h” (this definition should be used to rebuild the OTA library and the application):

    #define OTA_SERVER_ROOT_CA_CERT         "RootCACerts.pem"

     

    The 2nd quarter SDK release (v5.20) will include the originally planned update to the OTA library along with additional changes to help maintain compatibility with the Dropbox service.

    RootCACerts.pem