ManualsPro SILICON LABS SILICON LABS HD680 IoT Security 2TB External Hard Drive User Guide

SILICON LABS HD680 IoT Security 2TB External Hard Drive User Guide

June 15, 2024
SILICON LABS

SILICON LABS HD680 IoT Security 2TB External Hard Drive

Product Information

Specifications

  • Secure Engine: Hardware Secure Engine (HSE) or Virtual Secure Engine (VSE)
  • Secure Vault Levels
    • Secure Vault Base (SVB)
    • Secure Vault Mid (SVM)
    • Secure Vault High (SVH)
  • Supported Devices
    • MCU: EFM32JG1, EFM32PG1, EFM32JG12, EFM32PG12, EFM32GG11, EFM32GG12, EFM32TG11 EFM32PG22, EFM32PG23A, EFM32PG23B
    • Wireless SoC: EFR32xG1, EFR32xG12, EFR32xG13, EFR32xG14, EFR32xG22, EFR32xG21A, EFR32xG23A, EFR32xG24A, EFR32xG21B, EFR32xG23B, EFR32xG24B

Product Usage Instructions

  1. Using IoT Security Features
     Silicon Labs offers a range of security features depending on the part you are using and your application and production needs.

  2. Getting Started with Silicon Labs IoT Security Features on Series 2 Devices

  3. On Series 1 devices, the security features are implemented by the TRNG (if available) and CRYPTO peripherals.

  4. On Series 2 devices, the security features are implemented by the Secure Engine and CRYPTOACC (if available). The Secure Engine may be hardware-based or virtual (software-based).

  5. Additional security features are provided by Secure Vault. Three levels of Secure Vault feature support are available, depending on the part and SE implementation.

Abbreviations:

  • HSE – Hardware Secure Engine
  • VSE – Virtual Secure Engine
  • SE – Secure Engine (either HSE or VSE)

Security Level SE Support:

Security Level SE Support
Secure Vault Base (SVB) N/A
Secure Vault Mid (SVM) VSE (VSE-SVM)
Secure Vault High (SVH) HSE (HSE-SVH)

Secure Vault Features

Secure Vault Mid:

  • Secure Boot : Process where the initial boot phase is executed from an immutable memory (such as ROM) and where code is authenticated before being authorized for execution.
  • Secure Debug access control : The ability to lock access to the debug ports for operational security, and to securely unlock them when access is required by an authorized entity.

Secure Vault High:

  • Secure Key Storage: Protects cryptographic keys by wrapping or encrypting the keys using a root key known only to the HSE-SVH.
  • Anti-Tamper protection: A configurable module to protect the device against tamper attacks.
  • Device authentication: Functionality that uses a secure device identity certificate along with digital signatures to verify the source or target of device communications.

FAQ

  • Q: What security features does Silicon Labs offer?
    A: Silicon Labs offers a range of security features depending on the part you are using and your application and production needs.

  • Q: What devices are supported by Silicon Labs IoT Security Features?
    A: Silicon Labs IoT Security Features are supported on MCU devices such as EFM32JG1, EFM32PG1, EFM32JG12, EFM32PG12, EFM32GG11, EFM32GG12, EFM32TG11, EFM32PG22, EFM32PG23A, EFM32PG23B, and Wireless SoC devices such as EFR32xG1, EFR32xG12, EFR32xG13, EFR32xG14, EFR32xG22, EFR32xG21A, EFR32xG23A, EFR32xG24A, EFR32xG21B, EFR32xG23B, EFR32xG24B.

IoT Security

  • Using IoT Security Features Getting Started
  • IoT Security Fundamentals PDF Developer’s Guide

Overview

  • Series 2 Secure Debug PDF
  • Series 2 TrustZone PDF
  • Production Programming of Series 2 Devices PDF
  • Anti-Tamper Protection Configuration and Use PDF
  • Authenticating Silicon Labs Devices using Device Certificates PDF Secure Key Storage PDF
  • Programming Series 2 Devices Using the DCI and SWD PDF Integrating Crypto Functionality with PSA Crypto vs. Mbed TLS PDF Protocol-Specific Information

Using IoT Security Features

Using Silicon Labs IoT Security Features

  • Silicon Labs offers a range of security features depending on the part you are using and your application and production needs.
  • The content on these pages is intended for those who want to implement security features as part of your IoT device management. If you are looking for an introduction to Silicon
  • Labs Security features and to security issues that confront those implementing IoT systems, see the Silabs.com Security page.
  • For details about this release: Links to release notes are available on the silabs.com Gecko SDK page as part of the Gecko Platform release notes.
  • For background on security issues in general: IoT Security Fundamentals explains some security basics.
  • To get started with implementing security: See the Getting Started page for help determining what features you want to implement based on the series 2 part you are working with.
  • Series 2 devices are the preferred choice for secure system implementation.
  • If you are already in development: See the Developer’s Guide for details. Security APIs are documented in the Gecko Platform API Reference.

Using IoT Security Features
For detailed information about implementing some security features with specific protocols: See the protocol-specific pages. An extensive body of other protocol-specific content can be accessed through the docs.silabs.com homepage.

Getting Started

Getting Started with Silicon Labs IoT Security Features on Series 2 Devices

  • Protecting IoT devices against security threats is central to a quality product. Silicon Labs offers several security options to help developers build secure devices, secure application software, and secure paths of communication to manage those devices. Silicon Labs’ security offerings were significantly enhanced by the introduction of the Series 2 products that included a Secure Engine. The Secure Engine is a tamper-resistant component used to securely store sensitive data and keys, and to execute cryptographic functions and secure services.
  • On Series 1 devices, the security features are implemented by the TRNG (if available) and CRYPTO peripherals.
  • On Series 2 devices, the security features are implemented by the Secure Engine and CRYPTOACC (if available). The Secure Engine may be hardware-based or virtual (software-based). Here the following abbreviations are used:
    • HSE – Hardware Secure Engine
    • VSE – Virtual Secure Engine
    • SE – Secure Engine (either HSE or VSE)
  • Additional security features are provided by Secure Vault. Three levels of Secure Vault feature support are available, depending on the part and SE implementation, as reflected in the following table:

Security Level (1)|

SE Support

|

MCU

|

Wireless SoC (2)

---|---|---|---
Secure Vault Base (SVB)| N/A| EFM32JG1, EFM32PG1, EFM32JG12, EFM32PG12, EFM32GG11, EFM32GG12, EFM32TG11| EFR32xG1, EFR32xG12, EFR32xG13, EFR32xG14
Secure Vault Mid (SVM)| VSE (VSE- SVM)| EFM32PG22| EFR32xG22
”| HSE (HSE- SVM)| EFM32PG23A| EFR32xG21A, EFR32xG23A, EFR32xG24A
Secure Vault High (SVH)| HSE only (HSE-SVH)| EFM32PG23B| EFR32xG21B, EFR32xG23B, EFR32xG24B

Note:

  1. The features of different Secure Vault levels can be found in https://www.silabs.com/security  .
  2.  The x is a letter B, F, M, or Z.

Secure Vault Mid consists of two core security functions:

  • Secure Boot: Process where the initial boot phase is executed from an immutable memory (such as ROM) and where code is authenticated before being authorized for execution.
  • Secure Debug access control: The ability to lock access to the debug ports for operational security, and to securely unlock them when access is required by an authorized entity.

Secure Vault High offers additional security options:

  • Secure Key Storage: Protects cryptographic keys by “wrapping” or encrypting the keys using a root key known only to the HSE-SVH.
  • Anti-Tamper protection: A configurable module to protect the device against tamper attacks.

Getting Started

  • Device authentication: Functionality that uses a secure device identity certificate along with digital signatures to verify the source or target of device communications.
  • A Secure Engine Manager and other tools allow users to configure and control their devices both in-house during testing and manufacturing, and after the device is in the field.
    Silicon Labs strongly recommends installing the latest SE firmware on Series 2 devices to support the required security features. The latest SE firmware image (.seu and .hex) and release notes can be found in these Windows folders of the GSDK.

**C:\Users\

\SimplicityStudio\SDKs\gecko_sdk\util\se_release\public**
  • If you have not already installed the GSDK, instructions for doing so with Simplicity Studio are available in the Getting Started section of the Simplicity Studio 5 User’s Guide.
  • Refer to AN1222: Production Programming of Series 2 Devices for guidance on the SE firmware upgrade procedure. The latest SE firmware shipped with Series 2 devices and modules (if available) at the time of this writing are listed in the following table:

MCU Series 2 and Wireless SoC Series 2| SE| Shipped SE Firmware Version (Device and Module)
---|---|---
EFR32xG21A| HSE-SVM| 1.2.13
EFM32PG23A| HSE-SVM| 2.1.7
EFR32xG23A| HSE-SVM| 2.1.2 (Rev B), 2.1.7 (Rev C)
EFR32xG24A| HSE-SVM| 2.1.7
EFR32xG21B| HSE-SVH| 1.2.13
EFM32PG23B| HSE-SVH| 2.1.7
EFR32xG23B| HSE-SVH| 2.1.2 (Rev B), 2.1.7 (Rev C)
EFR32xG24B| HSE-SVH| 2.1.7
EFM32PG22 and EFR32xG22| VSE-SVM| 1.2.12

In support of these products Silicon Labs offers whitepapers, webinars, and documentation. The following table summarizes the key security documents:

Document Summary Applicability
AN1190: Series 2 Secure Debug How to lock and unlock Series 2 debug access,
including background information about the Secure Engine Series 2
AN1218: Series 2 Secure Boot with RTSL Describes the secure boot process on

Series 2 devices using Secure Engine. For information on bootloading with Silicon Labs products, see UG266/UG489| Series 2
AN1247: Anti-Tamper Protection Configuration and Use| How to program, provision, and configure the anti-tamper module| Series 2 with SVH
AN1268: Authenticating Silicon Labs Devices using Device Certificates| How to authenticate a device using secure device certificates and signatures, at any time during the life of the product| Series 2 with SVH
AN1271: Secure Key Storage| How to securely “wrap” keys so they can be stored in non- volatile storage| Series 2 with SVH
AN1222: Production Programming of Series 2 Devices| How to program, provision, and configure security information using Secure Engine during device production| Series 2
AN1303: Programming Series 2 Devices Using the Debug Challenge Interface (DCI) and Serial Wire Debug (SWD)| How to provision and configure Series 2 devices through the DCI and how to program their internal flash memory through the SWD| Series 2
AN1311: Integrating Crypto Functionality Using PSA Crypto Compared to Mbed TLS| How to integrate crypto functionality into applications using Silicon Labs implementation of PSA Crypto compared to Mbed TLS| Series 1 and

Series 2

Overview

Silicon Labs IoT Security Developer’s Guide
 The IoT Security Developer’s Guide offers detailed information on how to implement each of the device security features. This content is applicable to any protocol that supports the feature described. Additional protocol-specific information for Bluetooth, Bluetooth Mesh, OpenThread, and Zigbee is available in the protocol-specific section.

  • Series 2 Secure Debug (PDF) – Describes how to lock and unlock the debug access of EFR32 Gecko Series 2 devices. Many aspects of the debug access, including the secure debug unlock are described. The Debug Challenge Interface (DCI) and Secure Engine (SE) Mailbox Interface for locking and unlocking debug access are also included.
  • Series 2 TrustZone (PDF) – Covers the basics of ARMv8-M TrustZone, describes how TrustZone is implemented on Series 2 devices, and provides application examples.
  • Production Programming of Series 2 Devices (PDF) – Provides details on programming, provisioning, and configuring Series 2 devices in production environments. Covers Secure
  • Engine Subsystem of Series 2 devices, which runs easily upgradeable Secure Engine (SE) or Virtual Secure Engine (VSE) firmware.
  • Anti-Tamper Protection Configuration and Use (PDF) – Shows how to program, provision, and configure the anti-tamper module on EFR32 Series 2 devices with Secure Vault.
  • Authenticating Silicon Labs Devices using Device Certificates (PDF) – Describes how to authenticate an EFR32 Series 2 device with Secure Vault, using secure device certificates and signatures.
  • Secure Key Storage (PDF) – Explains how to securely “wrap” keys in EFR32 Series 2 devices with Secure Vault, so they can be stored in non-volatile storage.
  • Programming Series 2 Devices Using the Debug Challenge Interface (DCI) and Serial Wire Debug (SWD) (PDF) – Describes how to provision and configure Series 2 devices through the DCI and SWD.
  • Integrating Crypto Functionality Using PSA Crypto Compared to Mbed TLS (PDF) – Describes how to integrate crypto functionality into applications using PSA Crypto compared to Mbed TLS.

Protocol-Specific Information

Protocol-Specific Security References
 The pages in this section offer protocol-specific information. For general content applicable to any protocol that supports the feature, see the main development section.

  • Bluetooth
    • Bluetooth Low Energy Application Security Design Considerations in SDK v3.x and Higher (PDF) – Provides details on designing Bluetooth Low Energy applications with security and privacy in mind.
    • Certificate-Based Bluetooth Authentication and Pairing (PDF) – Describes the theoretical background of certificate-based authentication and pairing, and demonstrates the usage of the related sample applications that can be found in Silicon Labs’ Bluetooth SDK.
  • Bluetooth Mesh
    • Bluetooth Mesh Certificate-Based Provisioning (PDF) – Describes how certificates are used to establish the authenticity of devices wishing to join a mesh network.
  • OpenThread
    • Using Silicon Labs Secure Vault Features with OpenThread (PDF) – Describes how Secure Vault features are leveraged in OpenThread applications. Focuses on specific PSA features and emphasizes how these are integrated into the OpenThread stack.
  • Zigbee
    • Zigbee Security (PDF) – Introduces some basic security concepts, including network layer security, trust centers, and application support layer security features. It then discusses the types of standard security protocols available in EmberZNet PRO. Coding requirements for implementing security are reviewed in summary. Finally, information on implementing Zigbee Smart Energy security is provided.
  • Protocol-Specific Information
    • Copyright © 2023 Silicon Laboratories. All rights reserved.

References

Read User Manual Online (PDF format)

Loading......

Download This Manual (PDF format)

Download this manual  >>

SILICON LABS User Manuals

SILICON LABS OpenThread SDK Gecko SDK Suite User Manual
SILICON LABS
SILICON LABS 32-bit MCU SDK 6.5.0.0 GA Gecko SDK Suite Instruction Manual
SILICON LABS
SILICON LABS Wi-SUN SDK Wireless Smart Ubiquitous Network User Guide
SILICON LABS
SILICON LABS SDK 7.4.1.0 GA Zigbee Protocol Stack Software User Guide
SILICON LABS
BRD4001A Z-Wave 700 ZGM130S Long Range Radio Board Radio Board Starter Kit Silicon Labs User Guide
SILICON LABS
SILICON LABS Si47XX Evaluation Board User Guide
SILICON LABS
Silicon Labs Bluetooth Chipset Selector User Guide
SILICON LABS
SILICON LABS EmberZNet SDK Gecko Software Development Kit User Guide
SILICON LABS
SILICON LABS 6.1.1.0 Bluetooth Mesh SDK Owner’s Manual
SILICON LABS
SILICON LABS Zigbee EmberZNet SDK Software User Guide
SILICON LABS
SILICON LABS QSG183 Blue Gecko Bluetooth SoC Wireless Starter Kit User Guide
SILICON LABS
SILICON LABS SRN14930 Z-Wave Long Range SDK User Guide
SILICON LABS
SILICON LABS Bluetooth Mesh SDK 6.1.0.0 GA Chip Instruction Manual
SILICON LABS
SILICON LABS Si-MB4002A Wireless Pro Kit Mainboard User Guide
SILICON LABS
SILICON LABS UG255 EFM32HG Gecko Starter Kit User Guide
SILICON LABS
SILICON LABS UG575 SiWx917 NCP Manufacturing Utility User Guide
SILICON LABS
SILICON LABS 5.0.3.0 GA Bluetooth Mesh SDK User Guide
SILICON LABS
SILICON LABS 3.6.3.0 GA Proprietary Flex SDK User Guide
SILICON LABS
SILICON LABS Bluetooth LE SDK 5.0.0.0 GA Bluetooth Low Energy (LE) Software Instructions
SILICON LABS
SILICON LABS AN1299 Bluetooth Mesh Lighting Demo User Guide
SILICON LABS

Related Manuals

Nature Power 80082 Solar Powered Smartphone Charger User Manual
Nature POWER
MaxMate SS2D35178MX Oval Nerf Bar Side Steps Installation Guide
MaxMate
P.C. Richard & Son GDR50A1C Generations Dehumidifier User Manual
P.C. Richard & Son
DK2 POWER OPS227 27 Ton Log Splitter User Manual
DK2 POWER
Anybus 5S21 E300 Communication Module Instruction Manual
Anybus
ASHCROFT A-Series Miniature Watertight Pressure Switches Installation Guide
ASHCROFT
ROMOSS RS300 Portable Power Station User Manual
ROMOSS
Connecting your Tomato Firmware Router
Nextiva
U-BOAT Black Swan Watch Instruction Manual
U-BOAT
RS PRO 1107-UT Differential Manometer With 2 Pressure Port Instruction Manual
RS PRO
ATMOSPHERES AIKO Bar Chair Instructions
ATMOSPHERES
ZUBR MF2-40 Red Overvoltage Protection For Professionals Instruction Manual
ZUBR
Clutch Operated Roller Shades Installation Guide
Roller Shades
PATLITE SZ-010 Circular Bracket Instruction Manual
PATLITE
Huawei DME IQ Intelligent Cloud O&M Platform User Guide
Huawei
MIBOXER FUT106 6W GU10 RGB+CCT LED Spotlight Instruction Manual
MiBOXER
resistex 749203 Plafoled Sleek Design LED Wall Ceiling Light Instruction Manual
resistex
MONUMENT GRILLS 56045 Liquid Propane Gas Grill Griddle Instruction Manual
MONUMENT GRILLS
OttLite 2702705 LED Lamp with Wireless Charging User Manual
OttLite
CONCEPT TE3040 Toaster Stainless Steel User Manual
concept
EXTECH MM750W Wireless Datalogging CAT IV True RMS Multimeter User Manual
EXTECH
HTP ELV055C2X055N Everlast Elevate Residential Electric Water Heaters User Manual
HTP
PHILIPS Hue Smart Bulb Starter Kit Installation Guide
Philips
NEFF T26BB59N0 Built-In Gas Hob User Manual
Neff
HIKOKI G 10SF5 Disc Grinder Instruction Manual
HiKOKI
EINSTEINTM 400 RC HL Lumen Rechargeable Headlamp Instruction Manual
EINSTEINTM
etac H20 B110 L185 Comfort Wedge Wheelchair Instruction Manual
Etac
EDIMAX EdiSmart Android APP User Guide
EDIMAX
cardo Freecom 2X Headset User Guide
cardo
DOOGEE V MAX Rugged Smartphone User Manual
DOOGEE
Contact Us   Privacy Policy   6.331ms