TIDUE59A May   2018  – September 2020

 

  1.   Description
  2.   Resources
  3.   Features
  4.   Applications
  5. 1System Description
    1. 1.1 Key System Specifications
  6. 2System Overview
    1. 2.1 Block Diagram
    2. 2.2 Design Considerations
    3. 2.3 Highlighted Products
      1. 2.3.1 CC3220
      2. 2.3.2 CC2640R2F
      3. 2.3.3 DRV8837
    4. 2.4 System Design Theory
      1. 2.4.1 CC3220S to CC2640R2F Interface
      2. 2.4.2 CC3220S to DRV8837 Interface
      3. 2.4.3 Software Architecture
      4. 2.4.4 Network Connection Management
      5. 2.4.5 Provisioning
        1. 2.4.5.1 AP Provisioning and SmartConfig™
        2. 2.4.5.2 Wi-Fi Provisioning Over BLE
      6. 2.4.6 Sending and Receiving Messages Through Cloud
        1. 2.4.6.1 Message Queue Telemetry Transport Protocol
        2. 2.4.6.2 MQTT Client Implementation
      7. 2.4.7 Over-the-Air Updates
        1. 2.4.7.1 HyperText Transfer Protocol
      8. 2.4.8 Security Enablers
        1. 2.4.8.1 Secure Boot
        2. 2.4.8.2 Secure Sockets
          1. 2.4.8.2.1 Hardware Accelerators
          2. 2.4.8.2.2 Simple Network Time Protocol
        3. 2.4.8.3 File System Security
          1. 2.4.8.3.1 Failsafe Files and Bundle Protection
      9. 2.4.9 Low-Power Consumption
  7. 3Hardware, Software, Testing Requirements, and Test Results
    1. 3.1 Required Hardware and Software
      1. 3.1.1 Hardware
        1. 3.1.1.1 CC3220S LaunchPad™ Development Kit
        2. 3.1.1.2 CC2640R2F LaunchPad™ Development Kit
        3. 3.1.1.3 Sensor BoosterPack™ Connections (BMI160)
        4. 3.1.1.4 DRV8837EVM Modifications and Connections
        5. 3.1.1.5 Assembling EVMs
      2. 3.1.2 Software
        1. 3.1.2.1 Getting Started With Software
          1. 3.1.2.1.1 Build simple_np Application and Flash CC2640R2F
          2. 3.1.2.1.2 Use Premade UniFlash ImageCreator Project
          3. 3.1.2.1.3 Importing Project Source Files Into CCS
        2. 3.1.2.2 User Files
        3. 3.1.2.3 Run Wi-Fi® Doorlock Demo
          1. 3.1.2.3.1 Connect CC3220 to Network
          2. 3.1.2.3.2 Networking Functions
            1. 3.1.2.3.2.1 Get Current Date and Time (SNTP)
            2. 3.1.2.3.2.2 Send and Receive Messages (MQTT)
            3. 3.1.2.3.2.3 Perform Software Update Using Dropbox (OTA Update)
    2. 3.2 Testing and Results
      1. 3.2.1 Pass or Fail Tests
      2. 3.2.2 Power Measurements
      3. 3.2.3 Test Setup
        1. 3.2.3.1 CC3220S
        2. 3.2.3.2 CC2640R2F
        3. 3.2.3.3 DRV8837
      4. 3.2.4 Test Results
      5. 3.2.5 Battery Life Estimate
  8. 4Design Files
  9. 5Software Files
  10. 6Related Documentation
    1. 6.1 Trademarks
  11. 7Terminology
  12. 8About the Author
  13. 9Revision History

2.4.8.3 File System Security

SimpleLink Wi-Fi CC3x20 devices require an externally-attached, nonvolatile memory (NVM) in the form of a serial flash (SFLASH) device. Data stored on the SFLASH is organized in a file system, which can be accessed by the application MCU through an API built into the SimpleLink Wi-Fi host driver. The CC3220S includes multiple, built-in, file-system security enablers to help developers protect information stored on the file system. Some of the key file-system security enablers demonstrated in the TIDC-01005 include the following:

  • Encryption – Files are stored and encrypted using a standard, AES-128 encryption
  • Cloning protection – The entire file system content is readable only by the device instance which first booted the image, because the image is encrypted with a device-unique key.
  • Access control – File access may be restricted to the rightful owner, per access type
  • Integrity verification – The integrity of the file system structure is verified to check whether the file system was manipulated.
  • Recovery mechanism – The file system can be restored to the initial programmed configuration.

Certain system files are considered special, and have security enablers applied by default. For example, the service pack and the trusted root-certificate catalog are system files that must be created as secure signed files on all devices. For the CC3220S, the runtime binary must also be created as a secure-signed file. In addition to these special files, the private key used by the internal HTTPS server must be configured as a secure file when running the application. By default, the private key is a secure file with no signature verification and public write access in the provided UniFlash ImageCreator bundle for the TIDC-01005.

For more information on the file-system security enablers supported by the CC3220S, see the CC3120, CC3220 Wi-Fi Solution Built-In Security Features application report and the CC3120, CC3220 Network Processor Programmer's Guide.