search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Security & Monitoring


Reducing fi rmware vulnerabilities through hardware-enforced resilience


By Winbond F


irmware is the foundational software layer that enables hardware to initialise, operate, and communicate with other systems. Its integrity is essential to system stability and security in embedded designs and connected platforms. Yet fi rmware remains a common target for cyberattacks – particularly because it typically runs with elevated privileges and lacks the runtime protections in higher software layers. Compromise at this level can have serious consequences, including persistent malware, data breaches, and unbootable devices. Recovery is often costly and time-consuming, particularly in applications where systems must remain operational around the clock.


The U.S. National Institute of Standards and Technology (NIST) has defined a set of best practices under SP 800-193 to improve the resilience of platform firmware. These guidelines focus on three key objectives: preventing unauthorised modifications, detecting signs of tampering or corruption, and enabling reliable recovery to a known good state. While the principles are well established, applying them in real-world systems often introduces technical and logistical challenges – particularly when redesigning hardware, adding secure components, or rewriting firmware is impractical.


Compliance with NIST SP 800-193 The W77Q architecture aligns closely with the principles outlined in NIST SP 800-193. Firmware protection is achieved through hardware-enforced authentication, restricting modifi cation to signed and authorised images. Detection mechanisms are built into the memory device, enabling secure hash comparisons to identify corruption at runtime. For recovery, the device stores a fallback fi rmware image in a secure memory region and leverages watchdog mechanisms to trigger failover automatically.


These functions operate at the memory level and require no external security controller, significantly simplifying adoption and compliance with industry requirements for platform firmware security.


www.cieonline.co.uk


Integration and time-to-market advantages


One of the W77Q’s key strengths is that it can be adopted with minimal disruption to the existing hardware design. It uses the JEDEC-standard Serial NOR Flash pin-out, making it a drop-in replacement for standard fl ash devices. This compatibility eliminates the need for PCB rework or additional board space, allowing design teams to implement advanced fi rmware security features without modifying their core architecture. Security enablement can also be phased. Systems can initially deploy the W77Q as conventional NOR Flash and activate its security features via fi rmware updates. This provides fl exibility during prototyping and fi eld deployment, reducing development bottlenecks and allowing security features to be introduced progressively.


Winbond provides pre-validated software development kits (SDKs), royalty-free security libraries, and example reference implementations to assist with integration. These tools allow design teams to easily implement cryptographic functions such as secure boot, fi rmware signing, and rollback protection, reducing engineering effort and accelerating certifi cation processes. In-fi eld fi rmware updates are supported via secure OTA mechanisms, ensuring devices can be patched against emerging threats without requiring physical access or servicing.


Applications across market segments


W77Q’s architecture lends itself to a wide range of security-critical applications. In the automotive sector, it supports compliance with ISO 26262 and ISO 21434, providing functional safety and cybersecurity capabilities for control units and infotainment systems. In industrial automation, W77Q ensures continuity for systems requiring minimal downtime and secure remote updates, such as programmable logic controllers and edge gateways. Consumer electronics, including wearables and smart home devices, benefi t from secure boot and authenticated update mechanisms without compromising on power consumption or footprint.


Design effi ciency and future-proof security


The W77Q series offers several design advantages over traditional security architectures. Embedding PFR functionality into the memory device eliminates the need for additional security chips, reducing overall component count and BOM cost. This is especially important in cost- sensitive applications such as mass-market IoT devices.


Power consumption is another consideration. Unlike solutions that rely on external processors for cryptographic tasks, W77Q executes these functions within its


low-power controller. This makes it well- suited for battery-operated devices where energy effi ciency is essential. The scalable series supports memory densities from 16Mb to 1Gb and offers voltage options suitable for various platforms. It also anticipates future requirements with built-in support for post-quantum cryptography (PQC). With algorithms such as Leighton-Micali Signatures (LMS) already implemented, W77Q is ready to meet the security demands of systems operating in a future quantum-computing environment.


Conclusion Platform fi rmware resilience is essential in today’s interconnected systems, and achieving it shouldn’t come at the expense of cost, complexity, or time to market. Winbond’s TrustME W77Q Secure Flash offers a streamlined and highly effective alternative to traditional PFR implementations. By embedding security directly into NOR Flash, it delivers robust protection, reliable detection, and autonomous recovery—fully aligned with NIST SP 800-193.


Its compatibility with existing designs, support for staged security deployment, and readiness for post-quantum threats make it a practical and forward-looking solution for secure embedded systems.


www.winbond.com Components in Electronics March 2026 19


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44