Tropic Square TROPIC01 is an auditable, open architecture, tamper-proof RISC-V based secure element (SE) designed to interface with microcontrollers in products such as hardware wallets, authentication solutions, biometric wallets, medical devices, and other IoT solutions.
There are plenty of secure elements on the market, but their design is usually closed-source, so the design can’t be easily verified by third parties and flaws may remain hidden even when discovered. With its open designs, potentially flaws in the TROPIC01 can easily be found, disclosed, and fixed by the community, and such verifiable design improved trust in the security of the solution.
TOPIC01 secure element specifications:
- CPU core – RISC-V IBEX Controller Core with secure firmware updates and customizable FW upon request
- Memory
- OTP to store x.509 certificate and keys
- Flash to store general purpose and PIN verification data
- Memory address scrambling
- On-the-fly encryption
- Error correction code protection
- Communication Interface
- SPI application control
- Encrypted channel with forward secrecy
- Security
- Tamper Resistance
- Voltage glitch detector
- Temperature detector
- Electromagnetic pulse detector
- Laser detector
- Active shield
- Cryptographic Accelerators
- Elliptic curve cryptography
- Ed25519 EdDSA signing, P-256 ECDSA signing
- Diffie-Hellman X25519 key exchange
- Keccak based PIN authentication engine
- SHA256 and SHA512
- AES256-GCM
- ISAP
- Entropy Source
- Physically Unclonable Function (PUF)
- True Random Number Generator (TRNG)
- Tamper Resistance
Tropic Square provides a SDK and software driver for the external host to communicate with TROPIC01. You’ll find resources on the company’s GitHub account with firmware, STM32 example, and information about (upcoming) evaluation boards, but I could not find the chip design unless I missed it.
Four boards will be available for evaluation:
- An STM32-based USB dongle
- A Mikroe Click board (no photos or details yet) for insertion into MikroBus socket
- The RPi shield TS1501 Raspberry Pi HAT that takes the Mikroe Click board above
- The Arduino shield TS14 Arduino UNO R3 shield, also with a MikroBus socket
Although it’s not obvious from its name, Tropic Square is a European company based in Prague, Czech Republic, so if you are a European manufacturer and have trust issues with US or Chinese secure elements, this could be an option.
Last month, I just wrote about the Nuvoton OpenTitan open-source security chip developed in collaboration with Google for ChromeBooks and datacenters last month, so I asked the company how the two solutions differed, and they address two different markets:
OpenTitan is a reference design that Nuvoton based its secure microcontroller designs on. Their chip is a general-purpose root of trust. Nuvoton’s Open Titan chip is aimed at server-class devices like data centers, enterprise servers, and networking equipment.
TROPIC01 on the other hand, is a focused security coprocessor, specifically a cryptographic co-processor that integrates with a microcontroller. The TROPIC01 chip focuses on secure transactions and communication. The target application is towards endpoint devices such as hardware wallets, authentication solutions, biometric wallets, DePIN market, and traditional IoT solutions.
Tropic Square also told us the TROPIC01 is currently available. More details may be found on the product page where you can also ask/order samples of the open RISC-V secure element.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
