PEmicro Blog

Flash Secure/Unsecure Support for Silicon Labs Gecko Devices with Time-Sensitive AAPs

by Mika Ichiki-Welches on Mar 25, 2019

PEmicro considers the privacy of its customers' intellectual property to be of utmost importance. Silicon Labs' 32-bit devices feature an Authentication Access Port (AAP) as part of their security features, and for some of these devices, a debugger may have a limited time to access this port when communicating with an unsecured device. With that in mind, recent PROG software (v6.94) and Cyclone firmware (v10.04) releases now provide support to secure, unsecure, and mass-erase Silicon Labs devices with these debug time-sensitivities, which can help users keep their valuable data safe.

What is Secure/Unsecure, and Why is it Important?

PEmicro's PROG software and Cyclone Stand Alone Programmer allow the user to issue a Secure Device command in order to keep their flash memory inaccessible to anybody who uses their device in the future. If this device is ever unsecured, the flash memory is erased completely. Therefore, the processor is re-programmable but the previous program is no longer available to be read out or tampered with.

Securing Silicon Labs Devices with an AAP Window

Silicon Labs' 32-bit "Gecko" MCUs have a section of flash memory called "lock bits" which is used to enable debug access and secure specific areas of the flash memory. The lock bits are not erasable with a typical flash memory erase protocol; the Authentication Access Port (AAP), which can only be accessed via the debug interface, must perform a Device Erase operation in order to erase the entire flash memory, including these lock bits, and reset the device.

AAP communication to core processor on the EFM32G (courtesy of Silicon Labs). For some Gecko devices, the debugger only has a short window of time to access the AAP if the device is already unsecured (e.g. if the user wants to perform a mass erase on an unsecured device). If the Device Erase procedure is performed during this window, all of flash will be erased.

AAP window for unlocked devices (courtesy of Silicon Labs)

To assist customers who are working with these devices, PEmicro has added support to the Erase Module and Unsecure Device commands in PROG software release v6.94 and Cyclone firmware release v10.04 so that Silicon Labs devices with time-sensitive AAPs can be secured, unsecured, and mass-erased. This impacts the following Silicon Labs devices:

Happy Gecko (Cortex-M0+)
Zero Gecko (Cortex-M0+)
Gecko (Cortex-M3)
Giant Gecko (Cortex-M3)
Tiny Gecko (Cortex-M3)
Leopard Gecko (Cortex-M4)
Wonder Gecko (Cortex-M4)

Tags related to this Blog Post

Cyclone     Cyclone FX     Multilink     Multilink FX     Prog ACMP     ARM     Silicon Labs     Miscellaneous