Centralized Zigbee networks contain a trust center - this Coordinator device authenticates devices during joining, rejoining, and key establishment activities.
The crucial nature of the trust center renders it difficult to repair or replace in the field. To complete that procedure, there needs to be a mechanism to capture all relevant network and security data, store it, and then use that data to restore the existing network and replace the trust center with a new device that emulates its properties and functionality.
Relevant network and security data points include:
If the trust center uses a set of individual link keys in a link key table instead of hashed link keys, then it is also necessary to back up the link key table - the sample code currently does not include this functionality.
There are several methods by which the network can be preserved and restored. This set of sample applications and instructions for three different configurations and use cases.
One very straightforward approach for storing all of the data on a trust center node and restoring it is to collect the entire flash memory of the trust center, store this data in a hex file, and then flash the replacement device with the all of the data from the original node.
This method does not require additional code in the application and can be executed with a few commands. However, this also requires use of an identical radio in the replacement module, the use of a debugger onsite with the physical chip, and it continues to preserve any possible corruption within the existing device firmware.
For a host/NCP trust center configuration, backing up the trust center requires saving all of the relevant network and security parameters of the existing network configuration using the host application, switching out the physical hardware for the co-processor, and then restoring the original network.
This method requires adding additional code to the host application, but it should work with any arbitrary NCP configuration. To find more detailed instructions, specifications, and code refer to the KBA on Host/NCP Trust Center Replacement.
For a SoC trust center configuration, backing up the trust center requires saving all relevant network and security parameters off-chip in some separate location, replacing the trust center hardware, and then manually entering the backup parameters and restoring the trust center accordingly.
This method requires adding additional code to the existing SoC application. To find more detailed instructions for the SoC setup refer to the KBA on SoC Trust Center Replacement.