- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One of our client who is using CYW43907 based board, wishes to keep their firmware and
boot-loader in serial flash safe by placing them in encrypted. For this, we are planning to
use SECURE_BOOT and SECURE_SFLASH options. We have referred Application Note
AN214842. Finally we also need to use OTA2 also in secure mode.
Are these options widely used and proven already ?
Are we going to get enough support and information on this, if we get stuck ?
We are getting these doubts as we try to build 43xxx_Wi-Fi/tools/secureboot/aec_cbc_128 and
hmac_sha256 commands, they are not getting built with the makefile given.
Also when we use both SECURE_BOOT=1 and SECURE_SFLASH=1 options, simple scan application
itself failing.
In the above scenario, we wish to get some feed back on how easy or how safe to use these options.
How much info/help/support are we going to get?
Thanks,
Srini Karasala
- Labels:
-
ispn:36623:1:0
-
l1:3966:1:0
-
l2:6066:1:0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Srini,
I belive the scan application is failing. Are you not able to download or after download, you are not seeing any UART logs ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Riya,
Initially we are trying to test SECURE_BOOT and SECURE_SFLASH options
in SDK-6.0 version. But the following folder is missing, so we
could not able to build application with SECURE_SFLASH option.
SDK-6.2/43xxx_Wi-Fi/WICED/platform/MCU/BCM4390x/common/B1/rom_offload
By the way, we are using CYW943907WAE3 kit.
So we have copied rom_offload/ folder present in 6.2 to SDK-6.0.
After copying this, we could able to build snip.scan application with
SECURE_SFLASH option (alone, no SECURE_BOOT). It is running fine on 6.0.
But when we tried same application on SDK-6.2 with SECURE_SFLASH option,
it is not booting. No output is coming on to serial console. In 6.0
we could able to see scan results appearing continuously. We used
the following command on both 6.0 and 6.2. It works on 6.0 but not
on 6.2.
./make snip.scan-CYW943907WAE3 SECURE_SFLASH=1 download run
Note that we are not giving any keys. So default keys will have all zeros.
So it is working for us. We are able to see that filesystem, APP0 and
DCT are getting signed, encrypted and loaded.
Our client is using homekit application. So we need SECURE options
to work on SDK-6.2.
We also tried with CYW943907AEVAL1F board. Result is same, SECURE_SFLASH
option works on 6.0 but not on 6.2.
Thanks,
Srini
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
SECURE_SFALSH in WICED 6.2 is is not working. We have created an internal ticket for the same. I will update the thread when the fix is available.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are there any updates on this issue? We have a product that we are ready to take to market but are hesitant without the ability to secure the flash.