Device Certificate Options#

The HSE-SVH devices are each programmed with a device certificate during IC production. The device certificate is signed with a Public Device Key, using a Private Batch Key that can be validated against a Silicon Labs certificate chain Verification for Certificates and Certificate Chain Verification. The device private key never leaves the Secure Key Storage on the chip. Customers can create their own device certificates during their production.

Three device certificate options (standard, modified, and external) are provided to meet different requirements. Silicon Labs provides Custom Part Manufacturing Service (CPMS) to program custom certificates on your chips at the Silicon Labs factories. For more information about CPMS, see UG519: Custom Part Manufacturing Service User's Guide.

Standard Device Certificate#

  • Comes standard with HSE-SVH devices.

  • Cryptographically proves the device is an authentic Silicon Labs device.

  • Does not protect against overproduction or counterfeit products that are built with authentic Silicon Labs devices.

  • Signed to a Silicon Labs Certificate Authority (CA).

  • The device can prove that it possesses the private key associated with the public key in its certificate by signing the response to a given challenge (Remote Authentication Process and Certificate Chain Verification and Remote Authentication).

Standard Device CertificateStandard Device Certificate

Modified Device Certificate#

  • Available as a customization service on HSE-SVH devices (OEM custom part number).

  • Cryptographically proves the device is an authentic Silicon Labs device that was produced for a specific OEM.

  • Protects against overproduction by Contract Manufacturer (CM).

  • Device Certificate X.509 fields can be specified, with restrictions.

  • Signed to a Silicon Labs Certificate Authority (CA).

Modified Device CertificateModified Device Certificate

External Device Certificate#

  • Available as a customization service on HSE-SVH devices (OEM custom part number).

  • Cryptographically proves the device is an authentic Silicon Labs device that was produced for a specific OEM.

  • Protects against overproduction by Contract Manufacturer (CM).

  • Factory Certificate is custom for each OEM.

  • Device Certificate and Factory Certificate X.509 fields can be specified, with restrictions.

  • Signed to a OEM Certificate Authority (CA).

  • Root Certificate Authority is OEM-specified and is optional.

  • Electronic delivery of all batch and device certificates signed under this OEM factory certificate is supported.

External Device CertificateExternal Device Certificate