silabs.com | Building a more connected world. Copyright © 2021 by Silicon Laboratories Rev. 0.2
AN1329: Using Silicon Labs Secure Vault
Features with OpenThread
This application note describes how the secure vault features are
leveraged in OpenThread applications. It focuses on specific PSA
features and emphasizes how these are integrated into the
OpenThread stack.
This document focuses on the updates to secure key storage and crypto modules of
OpenThread to leverage Vault features.
KEY POINTS
• Features of Secure Vault devices.
• Key Management in OpenThread
• Crypto Modules in OpenThread
• Integration of PSA in OpenThread
AN1329: Using Silicon Labs Secure Vault Features with OpenThread
Introduction
silabs.com | Building a more connected world. Rev. 0.2 | 2
1 Introduction
Google’s OpenThread is an open-source implementation of Thread. Google has released OpenThread to make the networking technol-
ogy used in Google Nest products more broadly available to developers, in order to accelerate the development of products for the
connected home and commercial buildings.
With a narrow platform abstraction layer and a small memory footprint, OpenThread is highly portable. It supports both system-on-chip
(SoC) and network co-processor (NCP) designs. OpenThread implements all features defined in the Thread 1.1.1 Specification. This
specification defines an IPv6-based reliable, secure, and low-power wireless device-to-device communication protocol for home and
commercial building applications.
Silicon Labs has enhanced OpenThread to work with Silicon Labs hardware. This source code is available on GitHub and also as a
software development kit (SDK) installed with Simplicity Studio 5 (SSv5). The SDK includes a fully tested snapshot of the GitHub source
code. It supports a broader range of hardware than does the GitHub version, and includes documentation and example applications not
available on GitHub.
Some EFR32 Series 2 products offer additional security options through Secure Vault. Secure Vault is a dedicated security CPU that
isolates cryptographic functions and data from the host processor core. Devices with Secure Vault (High) offer the following security
features:
• Secure Key Storage: Protects cryptographic keys by “wrapping” or encrypting the keys using a root key known only to the Secure
Vault.
• Anti-Tamper protection: A configurable module to protect the device against tamper attacks.
• Device authentication: Functionality that uses a secure device identity certificate along with digital signatures to verify the source or
target of device communications.
This guide describes how OpenThread applications leverage Secure Vault features using PSA Crypto APIs.