Building an IoT device was easy in the past: developing code, flashing it on a chip, and manufacturing. Today, security is the ultimate challenge for IoT device makers. Your IoT device faces severe security threats throughout its entire supply chain, starting at the beginning of the outsourced manufacturing process.
Nine things IoT device makers can do with Custom Part Manufacturing Service (CPMS)
New IoT Challenges
Outsourced manufacturing imposes various security risks at your IoT products – cloning, overproduction, and counterfeiting. Unencrypted software is subject to IP theft, and tampering is a threat throughout the supply chain.
“Zero Trust” Security Paradigm
No IoT device is trusted to pair with other devices or join an ecosystem such as AWS, Matter, and Wi-SUN any longer without a unique identity and secure authentication. Soon unauthenticated IoT devices cannot generate revenue!
Regulation and Legislation
US and European authorities are responding to the increasing security threat with laws mandating IoT companies implement better security. Soon IoT devices must only run authenticated code. Only secure interfaces and ports are allowed. Secure software OTA update and a unique device ID become mandatory.
What is CPMS?
Custom Part Manufacturing Service (CPMS) allows you to customize Silicon Labs hardware – wireless SoCs, modules, MCUs – at the factory. The CPMS self-service web portal guides you through the customization process and its various customizable features and settings. You can place orders for customized test and production units to our factories securely via the CPMS portal.
Unlike traditional flash programming, CPMS is a secure provisioning service that enables you to customize your chips with several highly advanced features – these can include: secure boot, secure debug, encrypted OTA, public, private and secret keys, secure identity certificates, and more.
The custom features, identities and certificates are injected on the hardware securely, quickly, and cost-efficiently at the world’s safest place, the Silicon Labs factories.
Securing an IoT device is a highly complicated and costly process - you must generate public and private keys for secure boot and secure debug, sign code with a private key, store all the private keys in an HSM, place the public keys for secure boot and secure debug in one-time-programmable (OTP) memory, flip OTP bits for secure boot and secure debug, and flash the encrypted code and identity certificates within the hardware.
CPMS streamlines the programming part of this process for you. Even the most advanced security features, certificates, and identities can be programmed in a secure, fast, and cost-efficient way at the Silicon Labs factories.
Protect your revenue and brand by safeguarding products against cloning, overproduction, and counterfeiting in the contract manufacturing phase. With CPMS, you can inject a unique, secure identity on your chips at the Silicon Labs factories. Unique identities allow you to track shipments and prevent overproduction and over-pricing.
Protect Software IP
Safeguard your competitive advantage via pre-flashing a secure bootloader on your Silicon Labs chips to lock them at our factory. Now you can send encrypted images to any contract manufacturer, trusted or not, while keeping your software Intellectual Property (IP) safe. Get more flexibility as to which contract manufacturer to use – reducing sourcing costs, and increasing production capacity.
Accelerate revenue generation by enabling your devices with custom certificates, successfully authenticating them to join the most popular IoT ecosystems such as AWS, Matter, and Wi-SUN. CPMS injects appropriate certifications (custom certificate chains) on-chip securely during manufacturing.
Unique Part Number
Program your chips with a unique part number to track shipments to avoid overproduction and over-pricing. With the custom part numbers, you can know exactly how many parts your contract manufacturers order from Silicon Labs.
Inject custom public and private keys and other custom secret keys on the chips during manufacturing – safeguard your products right from the beginning of their lifecycle.
Pre-flash a secure bootloader of your choice on the chips to encrypt your software Intellectual Property (IP) during contract manufacturing. Safeguard your competitive edge in the market.
Set up the right tamper detection features on your hardware in manufacturing. CPMS helps to navigate the countless alternative settings to protect your products against the most sophisticated tampering attacks.
Configure the debug port to one of the three possible states securely before the chips leave the factory. 1. Standard 2. Secure Lock (can be unlocked with a secure debug token)
3. Permanent Lock
Pre-flash your application software already in Silicon Labs chip manufacturing securely, and cost-efficiently without delaying your time to market at third parties.
Customize markings on the hardware to hide the exact technology used in your products to hide competitive advantages.
Program custom certificates on your chips at the Silicon Labs factories. Custom certificates can be used to authenticate (attestation) your devices with IoT cloud services, ecosystems (AWS, Matter, Wi-SUN) and smartphone applications.