Serge,

   We don't recommend accessing the CRYTPOACC peripherals directly, it's better to use mbed TLS. mbedtls_ctr_drbg_random() is a good way to get random data and it uses the TRNG.

 

Steve

Hi Tomas,

      If you're just getting started on your project, it would be much easier to work SimlicityStudio version 5. That version of our IDE provides a graphical configuration tool for mbed TLS where you can simply enable the parts of the library that you need. If you do need to work with the older SDK(s), then you can just add the files from SimplicityStudio\v4\developer\sdks\gecko_sdk_suite\v2.7\util\third_party\mbedtls\sl_crypto\src\cryptoacc

I didn't make a working example for the BG22 in that article because the configuration tool was almost ready at the time.

 

Steve

Hi,

    This module runs ZentriOS which does not include any of the TCP/IP stacks mentioned in AMNESIA:33. An official security advisory will be published shortly. We suggest that everyone subscribes to security advisories to be sure to get all the latest information. We have a video here, https://www.silabs.com/security, which shows you how to do that.

 

Steve

Hi Jeff,

    I was able to reproduce this behaviour as you describe. Please try updating the SE firmware to v1.2.6. That's what fixed the issue for me.

Steve

Hi Jeff,

    I can look into this. Can you share a code snippet, or indicate how bytes of data you request so that I can try to reproduce it? It would also help to know if you're on the latest Gecko SDK.

 

Steve

Just a reminder to everyone that you should sign up to get security notifications. This will ensure that you have all the latest information about the latest security vulnerabilities and whether Silicon Labs products are affected or not. We have a video on the following page that shows you how  https://www.silabs.com/security

Hi All,

   Silicon Labs will issue an official advisory about this as soon as it's ready. In the meantime, my suggestion is that you use the security features in our stack to avoid the problems described in that report. The main threat is that a device forms a bond and encrypts/authenticates the connection but on subsequent connections encryption/authentication is not used which allows some attacking device to claim it is a device that was previously bonded. You can avoid this problem by making sure that your GATT characteristics have the authenticated read/write properties. Making those characteristics authenticated will cause the stack to raise the security level of the connection. You could also use the 'only allow bonded connections' flag in the security manager configuration once you have bonded with any client that you need to.

 

Steve

ncp-host is a template project to create a host on an EFR32. The functionality is limited, similar to that of soc-empty.

Hi,

   I just tried the NCP throughput tester on an MG13 and it works just fine for me. I suggest that you check your COM port settings.

To reiterate, I really don't think that this is the best way for you to implement what you asked for at the beginning of this thread. If you want to do a serial communication channel, we have the SPP over BLE article for that.

Steve

Hi,

   no, you do not have to call that API. If you don't have any specific timing/duty cycle requirements you can just let the stack use the defaults 10ms window/interval.

https://docs.silabs.com/bluetooth/latest/le-gap#cmd_le_gap_set_discovery_timing

Steve