Tuesday, September 1, 2015

Peeking Inside the BGM111 Bluetooth Module

In August Silicon Labs released the BGM111, a Bluetooth Smart (BLE) module that might be powering the next generation of IoT devices in customers' hands and on hackers' workbenches.

I was curious about the module so I grabbed the datasheet. It's behind a registration wall on the Silicon Labs site, but strangely a direct link turns up on the first page of a Google search.

The datasheet is fairly pedestrian. It appears to be running a custom Bluetooth stack on a Cortex-M4, the most powerful CPU core I've seen in a Bluetooth SoC to date. Developers have a few different options for running code. It is possible to use a custom API over a UART and run application code on an external MCU (similar to the BLE112 and Nordic nRF8001). It is also possible to upload code written in BGScript, a custom scripting language, and run it directly on the device (again like the BLE112).


Not much else really caught my eye in the datasheet. JTAG is exposed on the header, so it may be possible to dump the code running onboard and reverse engineer that. However once I reached regulatory section at the end of the datasheet, I noticed this odd statement:


This piqued my interest. What strange chip could be inside? I know of no existing Bluetooth chips on the market with an M4 core. The product web site has a rendered image of the module without the RF cage blocking the chip, but I hadn't heard of Blue Gecko nor seen the logo.


A quick bit of googling indicated that this is a new line of chips produced by Silicon Labs loaded with the EFM32 core. There is plenty of documentation about the CPU core, but no documentation about any wireless SoCs.

Curiosity got the better of me and I picked one up from DigiKey (not cheap at $10/unit). The RF cage came up easily enough after cooking it in an IR oven for a few minutes, though a hot air gun would have also done the trick.


Curiously the label EFR32 turned up very few results in a web search. A little snooping around the Silicon Labs site exposes the story.

In 2013 Silicon Labs acquired Energy Micro, a fabless semiconductor company working on low power wireless chips. At the time Energy Micro was hard at work on their EFR4 Draco line, aimed at the super low power market.

After the acquisition, it appears Silicon Labs renamed the EFR4 to EFR32. They have focused their entire marketing effort on the BGM111 module and have not even released the EFR32 to distributors. The sole reference I have found to the chip in official documentation is in the Blue Gecko Bluetooth Smart Module Wireless Starter Kit User's Guide.

This is an interesting development, the first new Bluetooth silicon to enter the market in quite a while. I'm interested to see where this module ends up, and I'm even more interested in the stack running on the device. If you come across a BGM111 in any end-user products, let me know!