Manufacturing Procedure – With Security#

The following steps show the manufacturing procedure to enable security configurations.

For devices with no in-package flash, ensure the flash mode is selected (Flash Mode Selection – No In-Package Flash OPN) before proceeding with the following steps for common flash or dual flash mode.

Note: This section contains two manufacturing sequence of steps for both Common Flash Mode and Dual Flash Mode. Depending on the user's configuration, only one of these sections needs to be followed

Common Flash Mode#

The following sequence needs to be followed to enable security configurations in common flash mode during manufacturing.

Step Description Command (Syntax)
1 Backup – IPMU Calibration data commander manufacturing read <efuseipmu|taipmu> --out <filename.bin> -d <OPN Number> [--pinset n]
  • efuseipmu – No In-package flash OPN
  • taipmu – In-package flash OPN
2 MBR Provisioning commander manufacturing provision --mbr <filename.bin|default> -d <OPN Number> [--skipload] [--pinset n]
3 Security Key Programming Refer to section Security Key Programming .
4 MBR Programming to Enable Security Configurations Refer to section MBR Programming to Enable Security Configurations .
5 Boot Configurations Update in eFuse (Optional) Refer to the section Boot Configurations Update – eFuse .
6 RF (Frequency and Gain Offset) Calibration Refer to section RF Calibration for calibration steps.
7 Enable Security Configurations in NWP and M4 Firmware Images Refer to section Enable Security Configurations in NWP and M4 Firmware Images .
8 Load NWP and M4 Firmware Images commander rps load <filename.rps> -d <OPN Number>

Note: If you want to load a combined image (NWP + M4) instead of individual NWP and M4 images, refer to the section Combined Image (NWP + M4) for combined image related information.

9 Debug Lock (Optional, but Recommended) Refer to the section Debug Lock .

Note: The security configurations of firmware images must match the security configurations on the device, that is MIC, signature and encrypted XiP. A mismatch can lead to firmware execution failure.

Dual Flash Mode#

To configure devices with an in-package flash to dual flash mode, user must set the dual flash bits in the TA MBR (refer to dual_flash.json file).

Note:

  • For dual flash mode and no in-package flash devices - you must mention the [--pinset n] in the manufacturing commands.

  • Following are the Flash pinset for the SiWG917.

Flash Pinset no

GPIO set

0

GPIO 0 to 5

2

GPIO 46 to 51

3

GPIO 52 to 57

The following sequence needs to be followed to enable security configurations in dual flash mode during manufacturing.

Step Description Command (Syntax)
1 Backup – IPMU Calibration data commander manufacturing read <efuseipmu|taipmu> --out <filename.bin> -d <OPN Number> [--pinset n]
  • efuseipmu – No In-package flash OPN
  • taipmu – In-package flash OPN
2 Write NWP MBR with dual flash bits enabled
  1. commander manufacturing write tambr -data <filename.bin> -d <OPN Number> [--skipload] [--pinset n]
  2. commander manufacturing write tambr --data dual_flash.json -d <OPN Number> [--skipload] [--pinset n]
3 Write M4 MBR commander manufacturing write m4mbrdf --data <filename.bin|filename.json> -d <OPN Number> [--skipload] [--pinset n]
4 Write IPMU calibration data to M4

Read IPMU
(taipmu – In-package flash OPN, efuseipmu – No In-package flash OPN)

  1. commander manufacturing read <taipmu|efuseipmu> --out <filename.bin>

  2. Write M4 IPMU

    commander manufacturing write <m4ipmucf|m4ipmudf> data <filename.bin> [--skipload] [--pinset n]
5 Security Key Programming Refer to section Security Key Programming .
6 MBR Programming to Enable Security Configurations Refer to section MBR Programming to Enable Security Configurations .
7 Boot Configurations Update in eFuse (Optional) Refer to the section Boot Configurations Update – eFuse .
8 RF (Frequency and Gain Offset) Calibration Refer to section RF Calibration for calibration steps.
9 Enable Security Configurations in NWP and M4 Firmware Images Refer to section Enable Security Configurations in NWP and M4 Firmware Images .
10 Load NWP and M4 Firmware Images commander rps load <filename.rps> -d <OPN Number>

Note: If you want to load a combined image (NWP + M4) instead of individual NWP and M4 images, refer to the section Combined Image (NWP + M4) for combined image related information.

11 Debug Lock ( Optional, but Recommended ) Refer to the section Debug Lock .

Note: The security configurations of firmware images should align with the security configurations on the device, such as MIC, signature, and encrypted XiP. A discrepancy may result in a failure of firmware execution.

Security Key Programming#

This part of manufacturing includes generation of static keys, and Physically Unclonable Function (PUF) derived intrinsic keys. This section includes instructions to provision the keys into flash. While programming the static keys, the keys are saved in wrapped format in the flash. There are multiple keys that are generated inside and outside of device. Refer to Secure Key Management and Protection section for information on keys generated by Simplicity Commander and PUF derived intrinsic keys.

Following is the procedure for provision keys.

  1. Activation code generation only for PUF

  2. Power cycle the device to boot again after step 1

  3. Generate static keys using simplicity commander

  4. Provisioning static keys

Activation Code Generation for PUF#

This command is used to generate an activation code from the PUF module present in SiWG917 device. Once generated, the firmware writes this activation code into NWP flash. The activation code is used as a seed to initialize the PUF.

Syntax:

commander manufacturing init --mbr <filename.bin|default> -d <full opn> [--skipload] [--pinset n]

Return Code:

Power Cycle the Device#

You must power cycle the device after the activation code generation and flash completion to successfully initialize the PUF and store the PUF derived intrinsic keys. This is a mandatory step.

Generate Static Keys from Simplicity Commander#

These keys are generated by simplicity commander. The key generation will produce a json file containing the Static Keys. For asymmetric keys, both public and private keys are written to the JSON file.

Syntax:

commander util genkeyconfig --outfile <keys.json> -d <full opn>

Return Code:

Provisioning Static Keys#

This step performs the actual provisioning of the static keys. This command instructs the initialized PUF to derive intrinsic keys and store them in NWP flash as a key code.

Syntax:

commander manufacturing provision --keys <keys.json> -d <full opn> [--skipload] [--pinset n]

Note: The keys.json file contains the static keys (that is, TA OTA key, M4 OTA key, TA public key, M4 public key and attestation key).

MBR Programming to Enable Security Configurations#

By default, SiWG917 devices do not have security features enabled. The MBR and eFuse configurations of the device have all security features set to the disabled state. This means the PUF is not enabled, the activation code for the PUF is not programmed, and neither keys nor key descriptors are programmed.

Programmable Fields in MBR#

The following table lists the relevant features in the MBR that can be programmed. The MBR fields are present in two structures: efuse_data and mbr within the MBR.

Feature Structure MBR Field
To enable TA MIC and encryption efuse_data ta_secure_boot_enable = 1;
To enable M4 MIC and encryption efuse_data m4_secure_boot_enable = 1;
To enable TA signature efuse_data ta_digital_signature_validation = 1;
To enable M4 signature efuse_data m4_digital_signature_validation = 1;
To enable TA inline encryption efuse_data ta_encrypt_firmware = 1; (1 for CTR, 2 for XTS mode)
To enable M4 inline encryption efuse_data m4_encrypt_firmware = 1;
To select M4 firmware encryption mode efuse_data m4_fw_encryption_mode = 1; (1 for CTR, 2 for XTS mode)
Start address of the sector where the PUF activation code must be saved mbr puf_activation_code_addr = 0x2000;

Notes:

  • The security fields in the MBR, the PUF activation code, key descriptors, and the keys must be programmed in the device to enable security configurations.

  • These features can also be configured in eFuse, but doing so is irreversible.

  • For other boot configurations that can be configured in the MBR, refer to the section Possible Boot Configurations.

Security Levels#

There are three different security levels available. These levels are defined to make security configurations easier for users. These levels are not security configurations by themselves; they are groupings of available security features.

  1. Security Level 1 – Low Security Level

  2. Security Level 2 – Partial Security Level

  3. Security Level 3 – Full Security Level

Security Level 1 (Low Security)#

If you want to configure only Message Integrity Check (MIC) while enabling secure boot, this level should be considered. This security level enables the bootloader to perform MIC verification of the firmware image during firmware loading and firmware update.

In this configuration:

  • Firmware update is faster compared to other security levels

  • Boot-up time is faster

  • Firmware execution is faster

This configuration is selected using the following fields.

efuse_data": {
   "ta_secure_boot_enable": 1,
   "m4_secure_boot_enable": 1
}

Security Level 2 (Partial Security)#

If you want to add firmware signature verification along with MIC while enabling secure boot, this level should be considered. This security level enables the bootloader to perform MIC calculation and signature validation during firmware loading and firmware update.

In this configuration:

  • Firmware update is slower than Security Level 1

  • Boot-up time is slower than Security Level 1

  • Firmware execution speed is the same as Security Level 1

This configuration is selected using the following fields:

"efuse_data": {
 "ta_secure_boot_enable": 1,
 "ta_digital_signature_validation": 1,
 "m4_secure_boot_enable": 1,
 "m4_digital_signature_validation": 1
}

Security Level 3 (Full Security)#

If you want to enable secure boot with MIC, signature verification, and inline encryption, this level should be considered. This security level enables the bootloader to perform MIC calculation, signature validation, and decryption of the firmware image during firmware loading and updates. It also enables encrypted execute-in-place (XiP) when the firmware is stored in flash.

In this configuration:

  • Firmware update process is slow

  • Boot-up time is high

  • Firmware execution is slower compared to Security Levels 1 and 2

This configuration is selected using the appropriate MBR security fields.

"efuse_data": {
   "ta_secure_boot_enable": 1,
    "ta_digital_signature_validation": 1,
    "ta_encrypt_firmware": 1, // 1 for CTR, 2 for XTS mode
    "m4_encrypt_firmware": 1,
    "m4_fw_encryption_mode": 1, // 1 for CTR, 2 for XTS mode
    "m4_secure_boot_enable": 1,
    "m4_digital_signature_validation": 1
}

Example JSON File with Security Parameters of MBR#

The following example shows the structure and available fields.

Create a JSON file using the preceding fields and configure it according to your security requirements by referring to the Security Levels section. The following section refers to this JSON file as updated-mbr-fields.json.

{
 "puf_activation_code_addr": 8192,
  "efuse_data": {
    "m4_digital_signature_validation": 1,
    "m4_encrypt_firmware": 1,
    "m4_fw_encryption_mode": 1,
    "m4_secure_boot_enable": 1,
    "ta_digital_signature_validation": 1,
    "ta_encrypt_firmware": 1,
    "ta_secure_boot_enable": 1
  },
}

Programming MBR with Security Parameters#

The security configurations enabled based on the selected security level must be placed in a .json file. Refer to the example JSON file in the section Example JSON File with Security Parameters of MBR.

Use the following command to update the MBR with the desired security configurations. Once this command is issued, it updates the existing MBR using the parameters in updated-mbr-fields.json.

Syntax:

commander manufacturing provision --mbr <filename.bin|default> --data <updated-mbrfields.json> -d <full opn> [--skipload] [--pinset n]

Example:

commander manufacturing provision --mbr ta_mbr_SiWG917M111MGTBA.bin --data updated-mbrfields.json -d SiWG917M111MGTBA

  • The updated-mbr-fields.json file provided should be updated by the user with desired security levels as mentioned in Security Levels section.

Enable Security Configurations in NWP and M4 Firmware Images#

When the security configurations are enabled, the device expects the NWP and the M4 firmware image files also to have the same configurations enabled. If you try to flash the mismatched security configurations, the bootloader returns an error.

The keys generated in the section Generate Static Keys from Simplicity Commander are used here to secure NWP and M4 images

Secure NWP Image#

The following command is to secure the NWP firmware image.

Syntax:

commander rps convert <filename.rps> --taapp <original non-encrypted TA rps> --mic <keys.json> --encrypt <keys.json> --sign <keys.json>

Secure M4 Image#

The following command is to secure the M4 firmware image.

Syntax:

commander rps convert <filename.rps> --app <original non-encrypted M4 rps> --mic <keys.json> --encrypt <keys.json> --sign <keys.json>

Example: SiWG917M111MGTBA (Common Flash Mode)#

The manufacturing procedure with security configurations for SiWG917M111MGTBA in Common flash mode is as follows:

  1. Backup – IPMU Calibration

    • commander manufacturing read taipmu --out filename.bin -d SiWG917M111MGTBA

  2. MBR Provisioning

    • commander manufacturing provision --mbr default -d SiWG917M111MGTBA

  3. Security Key Programming

    • Activation Code Generation for PUF (PUF Initialization)

      commander manufacturing init --mbr ta_mbr_SiWG917M111MGTBA.bin -d SiWG917M111MGTBA

    • Power cycle the device

    • Generate Keys with Simplicity Commander

      commander util genkeyconfig --outfile commanderkeys.json -d SiWG917M111MGTBA

    • Provision Static Keys

      commander manufacturing provision --keys commanderkeys.json -d SiWG917M111MGTBA

  4. MBR Programming to Enable Security Configurations

    • Security Level 3 enabled in the updated_mbr_fields.json file

    commander manufacturing provision --mbr ta_mbr_SiWG917M111MGTBA.bin --data updated_mbr_fields.json -d SiWG917M111MGTBA

  5. RF Calibration

  6. Convert NWP and M4 images to match Security Level 3

    • Security - NWP Image:

    commander rps convert secured_SiWG917-B.2.12.2.1.0.9.rps --taapp SiWG917-B.2.12.2.1.0.9.rps --mic commanderkeys.json --encrypt commanderkeys.json --sign commanderkeys.json

    • Security - M4 Image:

    commander rps convert secured_si91x_hello_world.rps --app si91x_hello_world.rps --mic commanderkeys.json --encrypt commanderkeys.json --sign commanderkeys.json

  7. Flash NWP and M4 Images

    • TA Image:

    commander rps load secured_SiWG917-B.2.12.2.1.0.9.rps -d SiWG917M111MGTBA

    • M4 Image:

    commander rps load secured_si91x_hello_world.rps -d SiWG917M111MGTBA

Note: If you want to update the boot configurations in eFuse refer to the section Boot Configurations Update – eFuse and for debug lock refer to the section Debug Lock.

Disable Security#

The disabling of security does not erase the PUF activation code or erase keys, only re-writes the MBR. If the security configurations are programmed in eFuse, you cannot disable the security.

The following command is to disable the security.

Syntax:

commander manufacturing provision --mbr default -d <full opn> [--skipload] [--pinset n]

Note: If you want to enable security again, you need to give only one command, refer to the section Programming MBR with Security Parameters.