Product Summary
Security threats and regulatory demands for the ever-growing Internet of Things (IoT) are increasing. In recent years, there are various threats such as interception and spoofing through security holes, and attacks on vulnerable parts from applied signals such as voltage and frequency.
Silicon Labs is working to strengthen the security of its existing products, and has introduced various measures. In the 2nd generation wireless MCU with ARM-Cortex M33 as the core, we have implemented a secure element in addition to the Trust Zone, and have a lineup of high-end devices such as “Secure Vault”, which is further strengthened with dual cores. We help our customers develop secure, upgradable IoT products that meet the challenges of the future.
Product features
- Prevent execution with malicious code: Secure Boot with RTSL
- Secure Debug with Lock/Unlock
- Key management and storage: Secure Key Management, Secure Key Storage
- Advanced Tamper Protection: Anti-Tamper, DPA Countermeasures
Below is an overview of the product features.
1. Prevent malicious code execution: Secure Boot with RTLS
A typical secure boot uses a public key stored within the device to verify code signed by a paired private key. Silicon Labs extends to Secure Boot with Root of Trust and Secure Loader. The boot process begins with the ROM inside the Secure Element, which is the origin of trust, and first verifies the bootloader code, then each code in turn performs higher-level verifications. In other words, by establishing a chain of trust up to the code of the top-level application, the integrity of the entire system is achieved.
2. Secure Debug with Lock/Unlock
Debug ports can be vulnerable, so it's best to lock them in the market. In general, the internal code is erased when unlocking, so it is impossible to acquire the log saved during operation. We have implemented a feature that allows you to securely unlock the debug port by generating a token that is temporarily valid and unique by signing it with your private key. This makes it possible to read the internal code including the acquired log even after the release, and it can be used for analysis after market shipment.
3. Key management and storage: Secure Key Management, Secure Key Storage
Once the attacker knows how to extract the key from the device, he can attack that device to read the internal code, and then try to do the same on other devices. Therefore, how to store the key safely is important. A PUF key, which is a non-duplicatable key using the physical randomness of each device, is generated in the secure element, and the PUF key is used to encrypt the held key in the secure element. Encrypted keys can be stored in flash memory outside the secure element, but key decryption and key operation are performed within the secure element.
4. Advanced anti-tampering measures: Anti-Tamper, DPA Countermeasures
It has been confirmed by other companies that it is possible to access the device and obtain data and keys through fault attacks that induce malfunctions due to applied voltage fluctuations, etc., and side-channel attacks from state observation during encryption processing. In addition to detecting physical access as tamper resistance, it is possible to set up processing that should be executed immediately, such as raising an interrupt or deleting a key, depending on the detection details. It also has countermeasures against differential power analysis (DPA), which analyzes the power of cryptographic processing, by masking internal processing and randomizing timing.
Correspondence table of product lineup and security functions
product |
Series 1 - xG1x |
Series 2 - xG22 |
Series 2 - xG21A |
Series 2 - xG21B |
Security function |
Basic |
+Root of Trust |
+Secure Element |
Secure Vault |
True Random Number Generator |
〇 |
〇 |
〇 |
〇 |
Crypto Engine |
ー |
〇 |
〇 |
〇 |
Secure boot |
ー |
〇 |
〇 |
〇 |
Secure Boot with RTSL |
ー |
〇 |
〇 |
〇 |
ARM® TrustZone® |
ー |
〇 |
〇 |
〇 |
Secure Debug with Lock/Unlock |
ー |
〇 |
〇 |
〇 |
DPA Countermeasures |
ー |
ー |
〇 |
〇 |
Anti-Tamper |
ー |
ー |
ー |
〇 |
Secure Attestation |
ー |
ー |
ー |
〇 |
Secure Key Management |
ー |
ー |
ー |
〇 |
Advanced Crypto |
ー |
ー |
ー |
〇 |
Availability of evaluation boards on Macnica-Mouser |
ー |
*The evaluation board can also be purchased at Macnica-Mouser, so if you are in a hurry, please consider purchasing from Macnica-Mouser.
Related Links
Target application
- IoT edge devices in general
- industrial equipment
Inquiry / Quotation
If you have any questions about this product or would like a quote, please contact us using the form below.