Winbond Electronics Corporation’s TrustME W77Q Secure Flash has obtained Security Evaluation Scheme for IoT Platforms (SESIP) Level 2 with Physical Attacker Resistance Certification. This is the first certification using GlobalPlatform SESIP Profile for Secure External Memories and NIST 8259A (IoT device cybersecurity capability core baseline). The certification also claims compliance with IEC 62443 (security for industrial automation and control systems). With this industry-recognized security certification, TrustME W77Q Secure Flash can simultaneously satisfy emerging cybersecurity demands in IoT applications, according to Winbond.
The W77Q family has also been certified with the Common Criteria EAL2+, Functional safety ISO26262 ASIL-C level and FIPS 140-3 CAVP.
W77Q Secure Flash comes in densities of 16Mb, 32Mb, 64Mb and 128Mb; it operates at a frequency of 66MHz in Double Transfer Rate mode and 133MHz in Single Transfer Rate mode. It features a standard single/dual/quad/QPI serial peripheral interface (SPI) and industry-standard packages and pin-outs to facilitate their uses as a drop-in replacement for non-secure SPI NOR Flash devices. W77Q Secure Flash can retain data for over 20 years and perform 100,000 Program/Erase cycles with a wide operating temperature range of -40°C to 105°C.
Complementary to the host chip, W77Q Secure Flash provides the security features of secure boot code storage and authentication, secure firmware update, remote attestation for building platform Root of Trust and firmware resiliency. The below functions enable security features such as protection, detection, and recovery:
- Data confidentiality
- Data and command authentication
- Code integrity protection
- Replay protection
- Cryptographically secured write protection
- Secure code update with rollback protection
- DICE-like attestation mechanism
- Authenticated Watchdog Timer with an optional hardware reset output
- Secure firmware over-the-air update via an end-to-end secure channel between an update authority (a.k.a. OTA server) and the W77Q even when the host processor or SoC has been compromised.