Write a File
114
SWRU455A – February 2017 – Revised March 2017
Copyright © 2017, Texas Instruments Incorporated
File System
–
SL_FS_CREATE_VENDOR_TOKEN: Relevant only for secure files. This flag changes the default
behavior of the file tokens creation: with this flag, the file master tokens are set by the host.
–
SL_FS_CREATE_PUBLIC_WRITE: Relevant only for secure files. This flag changes the default
behavior of the file tokens creation: with this flag, the file can be written without a token, but for a
read operation a token is required.
–
SL_FS_CREATE_PUBLIC_READ: Relevant only for secure files. This flag changes the default
behavior of the file tokens creation; with this flag, the file can be read without a token, but for a
write operation a token is required.
•
Flags: The following flags are not creation flags, and can be set when creating or opening an existing
file for write.
–
SL_FS_WRITE_BUNDLE_FILE: Used for the bundle commit feature; for new files, the FAILSAFE
flag is not a precondition for this flag.
–
SL_FS_WRITE_ENCRYPTED: Used for secure content download.
If the application creates a file once, it can then be created by the Image Creator tool with the default
content. The application can then update the file when required.
8.4.3.1
Secure File Creation Notes
When creating a secure file, the file resides encrypted on the SFLASH, and any access to the secure file
requires a token. The default behavior is that the open for create function returns the master token of the
file, the token is kept by the host application, and is then used for the file operation (read/write/delete).
To prevent a situation in which the host application was powered off before the received token is kept, use
one of the following methods:
•
Create the file with the SL_FS_CREATE_VENDOR_TOKEN flag and set the required token; in this
way, the token is kept in the host application code.
•
Create the file with the SL_FS_CREATE_PUBLIC_WRITE and SL_FS_CREATE_PUBLIC_READ
flags; in this way, the secure file can be write/read without a token. To delete the file, a token is
required, so this method is ideal for a file which is created once and never deleted.
•
Combine both methods mentioned in the previous bullets; create a secure file with the vendor and
public write and public read flags. In this case, no token is required for read and write, and deleting the
file requires the vendor token.
8.4.3.2
Forced Creation Flags
For security reasons, some of the system files must be created with specific flag.
lists the files
and their required creation flags.
Table 8-3. Creation Flags
Filename
CC3120, CC3220S,
CC3220SF
CC3220R
Remark
/sys/servicepack.ucf
/sys/certstore.lst
Secure signed by TI
+ public write
+ Fail-safe
Secure signed by
TI
Those files are delivered by TI.
The service pack contains fixes to the
device code; the trusted root-certificate
catalog contains the root CAs supported by
TI and a revoked certificate list.
TI might deliver a new version for those files
when required.
TI highly recommends designing the host to
support future updates of these files.
/sys/mcuimg.bin
//CC3220R/CC3220S
/sys/mcuflashimg.bin
//CC3220SF
Secure signed
Not secure
The file contains the host program.
/sys/cert/private.key
/sys/cert/client.der
/sys/cert/ca.der
Secure
Secure, blocked for
read
The files contain the key and certificate for
SSL connection.