SiWx917 Security Features#
Protecting IoT devices against security threats is central to a quality product. Silicon Labs offers several security options on the SiWx917 to help developers build secure devices, secure application software, and secure paths of communication to manage those devices.
The SiWx917 consists of the following core security functions:
Secure Boot: Process where the initial boot phase is executed from an immutable memory (such as ROM) and where code is authenticated before being authorized for execution.
Encrypted XiP: Process that adds confidentiality when instructions are executed in place from off-die or off-chip storage.
Debug Lock: Used to lock devices to prevent unauthorized memory access for operational security, and can be unlocked when access is required.
User Assistance#
The following table summarizes the key security documents:
Document | Summary |
|---|---|
AN1431: SiWx917 SoC Firmware Update Application Note | Describes how to perform SoC firmware updates |
AN1416: SiWG917 SoC Memory Map Application Note | Describes the SiWG917 SoC Memory Map |
AN1439: SiWx917 Hardware Debugging Guidelines | Guidelines for debugging hardware related issues with SiWx917 |
AN1428: SiWx917 Debug Lock | Describes how to lock and unlock SiWx917 debug access ports |
AN1442: SiWx917 SoC Secure Boot with Anti-Rollback Protection | Describes the secure boot and anti-rollback protection processes on SiWx917 |
UG162: Simplicity Commander Reference Guide | Describes commands available in Simplicity Commander for provisioning eFuses for secure boot and anti-rollback protection |
UG574: SiWx917 SoC Manufacturing Utility User Guide | Describes steps for provisioning SiWx917 hardware for production |
Key Reference#
Signature and debug token validation requires the use of the following cryptographic keys:
Key identifier | Description | Key Type | Key Size (bits) | Storage | Lifetime |
|---|---|---|---|---|---|
NWP public key (1,2) | Validates NWP firmware, NWP Debug token | Asymmetric, ECC | 256 | Flash | Permanent |
M4 public key (1,2) | Validates M4 firmware, M4 Debug Token | Asymmetric, ECC | 256 | Flash | Updatable |
Notes:
Private keys must be kept secure and should be stored as securely as possible.
These keys are wrapped for tamper resistance.
eFuse Reference#
Signature validation and debug lock features in the SiWx917 are programmable security features set in eFuses. During development, these options should be set using the Master Boot Record (MBR). The MBR is stored in flash and contains information like clock frequencies, offsets of structures like eFuse copy, SPI configurations, External Flash details, etc. There are separate MBRs for NWP and M4 at the beginning of their respective flash regions. Any SiWx917 IC that is shipped out of the factory will have a default MBR. Using the OPN of a particular device, the user can update the MBR. For more information on manipulating the MBR, consult UG574: SiWx917 SoC Manufacturing Utility User Guide.
Once development is done, these eFuse options should be set using the eFuses in NWP OTP memory. This securely stores eFuse settings to ensure security features cannot be disabled after production. The examples in this document provide information on programming the MBR for development and programming OTP in production.
The eFuse settings relevant to signature validation and debug locking are summarized in the following table:
eFuse Name | Description | Requirement for Debug Lock |
|---|---|---|
m4_digital_signature_validation | Enables authentication of M4 firmware before executing | Required |
ta_digital_signature_validation | Enables authentication of NWP firmware before executing | Required |
disable_m4_jtag | Locks the JTAG port of the M4 core | Required |
disable_ta_jtag | Locks the JTAG port of the NWP core | Required |
disable_m4_access_frm_tass_sec | Enables Secure Zone | Optional |