Silicon Labs IoT Security Production Guide#

Securing an IoT device is a highly complicated and costly process. You must generate public and private keys for secure boot and secure debug, sign code with a private key, store all the private keys in an HSM, place the public keys for secure boot and secure debug in one-time-programmable (OTP) memory, flip OTP bits for secure boot and secure debug, and flash the encrypted code and identity certificates within the hardware.

CPMS streamlines the programming part of this process for you. Even the most advanced security features, certificates, and identities can be programmed in a secure, fast, and cost-efficient way at the Silicon Labs factories. This section provides details on CPMS, in addition to Public Key Infrastructure (PKI) Recommendations.

• Custom Part Manufacturing Service: Explains the process for ordering custom Series 2 parts through the CPMS, including details on security settings and use cases for configuring a device for an untrusted manufacturing environment and importing custom wrapped keys.

• PKI Recommendations: Outlines the recommended establishment, management, and security of PKI for business partners and customers of Silicon Labs.