Firmware Fallback with Anti-Rollback#

Anti-Rollback feature in the SiWG917 ensures that only firmware with a valid or higher version number than the currently installed one can be executed. This protects the device from being downgraded to older, potentially vulnerable firmware versions, maintaining system integrity and security.

Once the NWP firmware is verified to be working as expected, sl_si91x_burn_nwp_security_version() API can be used to burn the NWP security version to the One Time Programmable (OTP) memory. While switching firmware slots, the SiWG917 bootloader ensures firmware slot switching happens only if the new firmware has higher security version than the data burned in OTP memory.

Note: Security version burned in OTP can only be increased.