Security Alerts
131
SWRU455A – February 2017 – Revised March 2017
Copyright © 2017, Texas Instruments Incorporated
File System
8.14 Security Alerts
The SimpleLink Wi-Fi device provides a software tamper detection procedure with a security-alert counter.
This procedure detects an integrity violation of file system data, the content of a secure-authenticate file,
and system files. This procedure also detects unauthorized operations, such as trying to read a secure file
with an invalid token.
When detecting data tampering, the device data-tampering procedure increases the system security-alert
counter, and when the system reaches the security-alert (configured) threshold, the device is locked. In
addition, the host receives a lock asynchronous event
(SL_ERROR_DEVICE_LOCKED_SECURITY_ALERT), and each call from the host to a file system
interface results in SL_ERROR_FS_FILE_SYSTEM_IS_LOCKED or SL_RET_CODE_DEV_LOCKED.
A locked device has a limited access; to recover from a locked device (if the reason is a security alert), the
device can reprogram or recover using the restore to factory method. The security-alert counter is a
persistent counter, and can be set to zero only by the programming or recovery functions.
The default security alerts threshold is set by the UniFlash Image Creator. The host can retrieve the
current number of security alerts and the defined threshold using the function
sl_FsCtl(SL_FS_CTL_GET_STORAGE_INFO..). This function is also enabled when the device is locked.
There are two kinds of security alerts:
•
Explicit Alerts – Critical: the device is locked immediately regardless the alert counters. Explicit alerts
are created when detecting the following tamper events:
–
File system data integrity violation
–
System configuration files integrity violation
•
Implicit Alerts – The device is locked when the alert counter crosses the alerts threshold. Implicit alerts
are created when detecting the following tamper events:
–
Trying to make an operation on a secure file without a valid token
–
Detecting an integrity violation when a secure-authenticate file is opened for read
–
Setting an invalid signature or invalid certificate when changing a secure-authenticate file
8.15 Design Consideration
8.15.1 Choosing SFLASH Type
Choosing the correct SFLASH for the application is an important step. The section describes the factors to
consider when choosing the SFLASH. A list of recommended SFLASH types is published on the
In general, SFLASH types are varied in the following factors:
•
The operating voltage: the Wi-Fi subsystem operating voltage should never be dropped to a level lower
than the SFLASH-required operating voltage. See the TI wiki for further explanation regarding the
required design.
•
Power removal: all systems using serial flash are vulnerable to the effects of sudden power removal.
The TI wiki describes how to minimize the potential for serial flash corruption due to power removal.
•
Access time: the time for erases, reads, and writes is different among types of SFLASH. Faster
SFLASH results in faster access of the SimpleLink Wi-Fi device to the file system.
•
SFLASH write endurance: a typical serial flash ensures a data endurance of 100K write cycles per
sector, and 20 years data retention.
•
Size of the SFLASH: the SimpleLink Wi-Fi device supports SFLASH up to 16MB.
8.15.2 Software Design Consideration
Writing to the system with SFLASH requires consideration in the software design to maximize the
SFLASH capabilities and expand the SFLASH life-time.
The following is a list of design recommendations:
