Secure Serial Flash Memory Augments Secure Boot

Oct. 28, 2024

Offering firmware integrity protection among other features, Winbond’s secure serial flash memory facilitates secure boot.

William G. Wong

Related To: Electronic Design

What you’ll learn:

How secure serial flash memory works.
Features provided by a secure serial flash memory.

Secure serial flash memory devices like Winbond’s TrustME W77 series support a range of security features to a host processor, such as verified over-the-air (OTA) updates to secure boot. They’re well-suited for system-on-chip (SoC) devices that utilize SPI serial memories for program storage. I talked with Jun Kawaguchi, Marketing Executive at Winbond, about the specifics of secure serial flash storage (watch the video above).

Secure Functionality Using Serial Flash Memories

Secure commands with a secure serial flash memory device enable secure functionality; otherwise, it operates like a conventional serial flash storage device. The device acts as a secure, hardware root-of-trust (RoT) with secure key provisioning and storage (Fig. 1).

1. A secure serial flash memory can provide a secure root-of-trust (RoT) to an SoC.

The device builds on this functionality to provide other services such as secure code and data storage, as well as an authenticated watchdog timer and a secure and unique device ID that’s critical for cloud/edge security (Fig. 2).

2. End-to-end security can be implemented using a secure serial flash memory device that stores keys and authenticates information independent of the host.

Winbond’s devices offer fast secure boot and firmware integrity protection support by authenticating the contents of memory using its secure keys. On-chip data hash is used for fast code authentication and provides secure OTA firmware updates by checking the update via local keys. The secure code update with rollback protection feature works by checking any updates and not using them if they can’t be authenticated. The prior version is retained in that case.

The chip interface integrates local and remote secure-channel support as well as on-chip encryption and authentication. The replay-protected monotonic counter (RPMC) is designed to prevent rollback attacks. In addition, the secure serial flash chips provide cryptographically secured write protection.

Winbond’s device meet security certifications including Common Criteria EAL 2+, SESIP Level 2 (with IEC 62443, NIST 8259A, WP.29 ready), ISO 21434, and FIPS 140-3 CMVP. They’re also designed to comply with ISO 26262 ASIL-C safety qualification.

About the Author

William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form.

Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below.

You can visit my social media via these links:

I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.

I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence.