Updating SSL Seed in code

Currently to support webrequests to https site I had to use MFDeploy to update the SSL seed. Everything works great if you do that when initially setting up the ChipworkX. Howerver I have been working on adding an automatic/in-field update to my program. This is very easy with the GHI tools. Everything is fine if I deploy just an application update (using SystemUpdate.ApplicationUpdate). However if I do a complete update (for cases when the GHI firmware needs to be updated as well), the SSL seed gets wiped out and I have to connect my PC to it, run MFDeploy and then update the SSL seed (then everything is ok again). Unfortunately this defeats the purpose of doing the complete update in the field where I won’t be able to connect my PC to the device and run MFDeploy. Is there a way for me to update the SSL seed during the systemupdate operation or when the device boots up for the first time after the update?

When you load the new files, do not load config. I think this will solve this for you.

I tried not loading config and that created other problems. It wouldn’t take an ip address and I couldn’t even set the network information with MFDeploy. It said write failed and the screen on the ChipworkX said Sig Fail.

So I reloaded everything again with CONFIG this time and it all worked. I did however have to update the SSL seed again with MFDeploy.

Any other thoughts?

We run into the same issue. Is there any way to update the SSL SEED during or after the In Field Update? The device, containing the EMX board, cannot be accessed over USB when installed at the customers.
Currently we can only update the application at our customers, blocking future updates of the managed boot loader and the NEMF.

Leaving out the CONFIG.HEX causes that the application does not start at all. Is the SSL SEED part of the CONFIG?

Yes it is in config.

We are planning to improve this in 4.2 that should be complete this year.


Thanks for the reply.

Once 4.2 is out, we would be able to do a ‘CompletUpdate’, including a setting in the CONFIG that takes care of the SSL SEED (meaning that we do not have to call in all the devices once 4.2 is available)? Or do we have to set the SSL SEED for a final time once 4.2 is rolled out to our customers?


That is the goal but since it is not done yet we can’t promise.

Sure, but being able to handle the SSL SEED like this is already something to look forward to. Will make things a lot easier!