What is Secure/Unsecure, and Why is it Important?

PEmicro's PROG software and Cyclone Stand Alone Programmer allow the user to issue a Secure Device command in order to keep their flash memory inaccessible to anybody who uses their device in the future. If this device is ever unsecured, the flash memory is erased completely. Therefore, the processor is re-programmable but the previous program is no longer available to be read out or tampered with.

Securing Silicon Labs Devices with an AAP Window

Silicon Labs' 32-bit "Gecko" MCUs have a section of flash memory called "lock bits" which is used to enable debug access and secure specific areas of the flash memory. The lock bits are not erasable with a typical flash memory erase protocol; the Authentication Access Port (AAP), which can only be accessed via the debug interface, must perform a Device Erase operation in order to erase the entire flash memory, including these lock bits, and reset the device.

AAP communication to core processor on the EFM32G (courtesy of Silicon Labs). For some Gecko devices, the debugger only has a short window of time to access the AAP if the device is already unsecured (e.g. if the user wants to perform a mass erase on an unsecured device). If the Device Erase procedure is performed during this window, all of the flash will be erased.

AAP window for unlocked devices (courtesy of Silicon Labs)

To assist customers who are working with these devices, PEmicro has added support to the Erase Module and Unsecure Device commands in PROG software release v6.94 and Cyclone firmware release v10.04 so that Silicon Labs devices with time-sensitive AAPs can be secured, unsecured, and mass-erased. This impacts the following Silicon Labs devices:

Happy Gecko (Cortex-M0+)
Zero Gecko (Cortex-M0+) 
Gecko (Cortex-M3) 
Giant Gecko (Cortex-M3) 
Tiny Gecko (Cortex-M3) 
Leopard Gecko (Cortex-M4) 
Wonder Gecko (Cortex-M4)