Winbond TrustME W77Q Secure Flash obtains SESIP Level 2 Certification

1 min read

Winbond Electronics, a supplier of memory solutions, has announced that its TrustME W77Q Secure Flash had obtained Security Evaluation Scheme for IoT Platforms (SESIP) Level 2 with Physical Attacker Resistance Certification.

This is the first certification using GlobalPlatform SESIP Profile for Secure External Memories and NIST 8259A (IoT device cybersecurity capability core baseline). The certification also claims compliance with IEC 62443 (security for industrial automation and control systems). With this security certification, TrustME W77Q Secure Flash can simultaneously meet emerging cybersecurity demands in IoT applications.

The W77Q family has also been certified with the Common Criteria EAL2+, Functional safety ISO26262 ASIL-C level and FIPS 140-3 CAVP.

W77Q Secure Flash comes in densities of 16Mb, 32Mb, 64Mb and 128Mb and operates at a frequency of 66MHz in Double Transfer Rate mode and 133MHz in Single Transfer Rate mode. It features a standard single/dual/quad/QPI serial peripheral interface (SPI) and industry-standard packages and pin-outs to facilitate their uses as a drop-in replacement for non-secure SPI NOR Flash devices.

W77Q Secure Flash can retain data for over 20 years and perform 100,000 Program/Erase cycles with a wide operating temperature range of -40°C to 105°C.

Complementary to the host chip, W77Q Secure Flash provides the security features of secure boot code storage and authentication, secure firmware update, remote attestation for building platform Root of Trust and firmware resiliency.

The functions listed below enable security features such as protection, detection, and recovery:

  • Data confidentiality
  • Data and command authentication
  • Code integrity protection
  • Replay protection
  • Cryptographically secured write protection
  • Secure code update with rollback protection
  • DICE-like attestation mechanism
  • Authenticated Watchdog Timer with an optional hardware reset output

Secure firmware over-the-air update via an end-to-end secure channel between an update authority (a.k.a. OTA server) and the W77Q even when the host processor or SoC has been compromised.

"We would like to congratulate GlobalPlatform Full Member Winbond for achieving SESIP Level 2 certification," said Ana Tavares Lattibeaudiere, Executive Director of GlobalPlatform. "SESIP is helping IoT product manufacturers, like Winbond, comply with specific security requirements and regulations. Because the methodology is mappable to other evaluation methodologies and compliant with many standards and regulations, it reduces the complexity, cost and time-to-market for IoT stakeholders as we all work to bring greater trust to the IoT ecosystem."