Data Sheet
Table Of Contents
- General Description
- Key Features
- Applications
- Device Family
- Contents
- 1. References
- 2. Block Diagram
- 3. Terminal Configuration and Functions
- 4. Specifications
- 5. Detailed Description
- 6. Applications, Implementation, and Layout
- 7. Mechanical Specifications
- 8. Ordering Information
- 9. Revision History
- 10. Regulatory
info@bdecomm.com
BDE Technology Inc.
BDE-WF3235
BDE Dual-Band WiFi MCU Module
Datasheet
Datasheet
57 / 77
• SL_SEC_MASK_TLS_RSA_WITH_AES_128_GCM_SHA256
• SL_SEC_MASK_TLS_RSA_WITH_AES_256_GCM_SHA384
• SL_SEC_MASK_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
• SL_SEC_MASK_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
• SL_SEC_MASK_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• SL_SEC_MASK_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• SL_SEC_MASK_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• SL_SEC_MASK_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• SL_SEC_MASK_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
• SL_SEC_MASK_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
• SL_SEC_MASK_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
– Server authentication
– Client authentication
– Domain name verification
– Runtime socket upgrade to secure socket – STARTTLS
• Secure HTTP server (HTTPS)
• Trusted root-certificate catalog – Verifies that the CA used by the application is trusted and known secure
content delivery
• TI root-of-trust public key – Hardware-based mechanism that allows authenticating TI as the genuine origin
of a given content using asymmetric keys
• Secure content delivery – Allows encrypted file transfer to the system using asymmetric keys created by
the device
Code and Data Security:
• Network passwords and certificates are encrypted and signed
• Cloning protection – Application and data files are encrypted by a unique key per device
• Access control – Access to application and data files only by using a token provided in file creation time. If
an unauthorized access is detected, a tamper protection lockdown mechanism takes effect
• Encrypted and authenticated file system
• Secured boot – Authentication of the application image on every boot
• Code and data encryption – User application and data files are encrypted in sFlash
• Code and data authentication – User Application and data files are authenticated with a public key
certificate
• Offloaded crypto library for asymmetric keys, including the ability to create key-pair, sign and verify data
buffer
• Recovery mechanism
Device Security:
• Separate execution environments – Application processor and network processor run on separate Arm
cores
• Initial secure programming – Allows for keeping the content confidential on the production line
• Debug security
– JTAG lock
– Debug ports lock
• True random number generator
Figure 5-2 shows the high-level structure of the CC3235S/CC3235SF device that is contained within the BDE-
WF3235 module. The application image, user data, and network information files (passwords, certificates) are
encrypted using a device-specific key.