How to use "SECUREDCT"

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
AkNu_2072836
Level 3
Level 3
First like received Welcome!

Hello

I'm trying "snip/dct_read_write" now.

I understand that in DCT data (likely SSID, passphrase, privacy key, and so on) is stored without being encrypted.

I want store DCT data more secure.

I found "PLATFORM_SECUREDCT_ENABLED".

Can I store DCT data that is encrypted with this define?

If so, please tell me how to do it.

0 Likes
1 Solution
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

Hello:

      PLATFORM_SECUREDCT_ENABLED, will enable sflash_dct_read_secure and sflash_dct_write_secure ,  and read process will add decrypt and verify function,  write process will add encrypt function with aes128_key .   I think you can enable it for a try, thanks.

For how to do ,please set the define to 1.

View solution in original post

0 Likes
8 Replies
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

Hello:

      PLATFORM_SECUREDCT_ENABLED, will enable sflash_dct_read_secure and sflash_dct_write_secure ,  and read process will add decrypt and verify function,  write process will add encrypt function with aes128_key .   I think you can enable it for a try, thanks.

For how to do ,please set the define to 1.

0 Likes

Hello

Thanks for reply.

I tried only build (set the define to 1).

By the way,  when set the define to 1, snip/dct_read_write use "sflash_dct_read/write_secure".

WICED device's log (or variables) is decrypted.

Can I check that the data is encrypted in a simple way?

0 Likes

hello:

if you want to check the difference of the security data,  kindly check the function process like below pic:

to see the data difference between raw and after encrypted.

pastedImage_0.png

Hello

Thanks for reply.

I'll check it.

Please tell me a little more.

1)

I set the define to 1, and I printed "PLATFORM_SECUREDCT_ENABLED" value in dct_read_write.c .

But, printed value is 0.

43xxx_Wi-Fi/WICED/platform/MCU/wiced_dct_common.h

---------

#ifndef PLATFORM_SECUREDCT_ENABLED

#define PLATFORM_SECUREDCT_ENABLED 1

#endif

---------

Is "set the define to 1" this OK?

2)

I checked source code in WICED,  "secure read/write" is write/read external flash only.

Where is "default" dct area in WICED with CYW43907.

If I want use "secure read/write" with WICED and CYW43907,

do I need other setting?

0 Likes

hello:

SECURE_SFLASH needs to be defined in your mk file also.

Where is "default" dct area in WICED with CYW43907,  for this question I think you need to add some prints to get the address.

there has some settings in OTA2 , but may have difference with normal running app.

Hello

I found other community post.

On using SECURE_BOOT and SECURE_SFLASH options

My use case is SECURE_SFLASH enable only.

So, I'll try SECURE_SFLASH with below document.

https://www.cypress.com/documentation/application-notes/an214842-cyw4390x-otp-programming-and-using-...

But, In other community post, PriyaM_16 said below,

--------------------------------

SECURE_SFALSH in WICED 6.2 is is not working.

We have created an internal ticket for the same. I will update the thread when the fix is available.

--------------------------------

I'm using WICED 6.2.1, how about now status.

Can I use SECURE_SFLASH in WICED 6.2.1?

0 Likes

Sorry for the late,  I am in an urgent case.  For 6.2.1.2 please have a try also,  if you find problems,  need your help to report to us.

I will find time to confirm if it is implemented in recent release, thanks.

Hello

I'l try in WICED 6.2.1.

If I face a trouble, I'll create new post.

Thanks.

0 Likes