CC3220SF - Encrypted OTA firmware update

Hi, Currently I am using TICC3220SF along with AWS-FreeRTOS.

I was able to access the TI-Crypto API’s and tried AES-Encryption and decryption over the sample string of data and its working fine.

Planning to update Encrypted OTA Firmware to AWS Cloud and Decrypt the device side using OTA example code.

What are the steps I should follow to achieve the above scenario? In which phase OTA example code(device side) I should decrypt the firmware can someone please suggest it to me.


Does this page help? I think you have to select the encryption algorithm expected by the TI bootloader when signing the image.

Hi Richard,

Thanks for your response. As per TI_Response currently CC3220SF Bootloader doesn’t support Decryption options. So the application has to decrypt and process to the bootloader.

So, As from TI suggestion before Flashing Application need to decrypt the image. Please help me out from OTA example where I can enable TI Crypto API’s to decrypt the OTA- received MCU image.



Were you able to implement the decryption using TI’s APIs on the device? The best place to that will be from OTA Pal implementation for TI CC3220SF when the file received is complete and after signature is verified. So decrypting the image and replacing mcuflashimg.bin with it. The device will then reboot and bootloader will see a change in the mcuflashimg.bin and update the firmware.

Please let me know if you have any more questions.