Secure Flash Memory for RED DA and CRA Compliance: Winbond W77Q and W77F
- adammiller961
- 3 days ago
- 4 min read
Why Secure Flash Matters for RED DA and CRA Compliance
The new Radio Equipment Directive Delegated Act (RED DA)Â and the upcoming Cyber Resilience Act (CRA)Â are driving sweeping changes to how embedded systems handle data protection, firmware updates, and device authentication. Under these EU regulations, manufacturers of wireless-enabled and connected devices will soon be required to:
Implement secure boot and firmware integrity verification
Ensure only authorised updates are installed
Prevent unauthorised access to communication services or sensitive data
While much of the focus has been on cryptographic software or secure elements, the often-overlooked vulnerability is the external SPI flash memory where code and sensitive assets are stored.
Winbond’s W77Q and W77F series, part of the TrustME® secure memory platform, address this gap with drop-in compatible secure flash memory. These devices provide hardware-level protection with CC EAL5+ certified security, root-of-trust integration, and robust mechanisms to detect, resist, and recover from attacks.
Ineltek supports both the W77Q (substantial security) and W77F (high security) series enabling engineers to adopt RED DA and CRA-ready memory designs without re-architecting the main MCU or SoC.
Features of Winbond W77Q and W77F Addressing the Challenge
The W77Q and W77F secure flash families from Winbond are engineered to mitigate common attack surfaces in embedded systems, particularly those involving unauthorised access to external memory. They build on Winbond’s proven SPI NOR flash platform, adding security features without requiring host-side cryptographic redesign.
W77Q – Substantial Security for Connected Devices
Designed for smart meters, home automation, automotive ECUs, and industrial controllers, the W77QÂ provides substantial protection aligned with IEC 62443 and RED DA principles:
Hardware Root-of-Trust for secure boot and firmware validation
End-to-End Secure SPI Channel protects in-transit data between MCU and flash
Attack Detection and Recovery mechanisms to trigger rollbacks or block execution
Resilient OTA Support with version control and signature verification
Drop-in SPI NOR Flash Replacement for 8-pin SOIC and WSON footprints
EAL5+ certified secure storage for keys, credentials, and critical data
This makes the W77Q ideal for designs that require enhanced but cost-sensitive cybersecurity integration.
W77F - High Security for Critical Infrastructure
The W77F targets systems that need the highest assurance levels including eID, V2X modules, Android Strongbox applications, and smart access systems. It builds upon the W77Q’s capabilities by adding:
Advanced asset protection with tamper resistance
Higher cryptographic isolation for credential storage
Stronger compliance profile for use in national ID, secure mobile, or automotive security domains
Where the RED DA demands secure firmware update paths and the CRA expects built-in resilience and secure data lifecycle management, the W77Q and W77F offer a direct hardware route to compliance.
Both series simplify adoption by maintaining SPI command compatibility and pinout with standard NOR flash making them an easy upgrade for existing designs preparing for the new legal requirements.
Secure Flash Memory Specifications – Winbond W77Q and W77F
Feature | W77Q Series | W77F Series |
Target Security Level | Substantial | High |
Recommended Applications | Smart Home, Industrial, Automotive | eID, Car Key, Strongbox, V2X |
Security Certification | CC EAL5+ | CC EAL5+ |
Hardware Root-of-Trust | Yes | Yes |
Secure Boot and Firmware Validation | Yes | Yes |
Secure SPI Channel | Encrypted and authenticated SPI | Encrypted and authenticated SPI |
Resilience Features | Rollback, OTA version control | Advanced tamper protection |
Drop-in NOR Flash Replacement | Yes (SOIC8, WSON8) | Yes (same footprints) |
Typical Density Range | 16 Mb to 128 Mb | 64 Mb to 128 Mb |
OTA Firmware Update Support | Supported with signature checks | Supported with signature checks |
Host MCU Requirements | No changes to SPI protocol | No changes to SPI protocol |
Supply Voltage | 3.0 V (typical) | 3.0 V (typical) |
These specifications make the W77Q a practical choice for general-purpose secure memory upgrades, while the W77F suits applications with elevated security and regulatory requirements, such as national ID or secure mobile applications.
Use Cases and Industry Applications
The regulatory landscape across Europe and beyond is making secure flash an essential component for embedded systems, not just a high-end feature. Winbond’s W77Q and W77F are being adopted across a growing number of sectors where RED DA and CRA compliance is either required or anticipated.
Smart Meters and Grid Infrastructure
Smart meters are specifically targeted under the RED Delegated Act due to their wireless interfaces and remote update functions. The W77Q enables secure firmware storage, protects update authenticity, and helps grid device vendors meet both resilience and secure communication provisions — all without redesigning their SPI-based memory interface.
Industrial Controllers and IoT Edge Devices
From factory automation to building controls, many IEC 62443-compliant systems now require integrity-checked boot sequences and resistance to memory-based attacks. W77Q's secure SPI channel and rollback protections ensure edge nodes cannot be tampered with or rolled back to vulnerable firmware states, making them ideal for CRA-governed products.
Automotive ECUs and Connected Mobility
The W77Q is suitable for non-critical ECUs requiring OTA updates or secure data logs. For applications with higher security expectations — such as telematics control units or digital keys — the W77F provides added cryptographic protection and tamper detection aligned with automotive-grade cybersecurity frameworks.
eID, Smart Access and Secure Mobile
The W77F is designed for high-assurance identity systems, supporting secure element-style features without changing the system architecture. It is suitable for use cases such as e-passports, smart door locks, or Android Strongbox storage extensions.
Complementary Secure Elements
For engineers evaluating broader secure storage strategies, the W77 series may be used alongside or as a lighter-weight alternative to full secure elements. For completeness, Ineltek also supports SEALSQ’s VaultIC292, a certified secure element suitable for PSTI, RED DA and CRA mandates. Read more.
Conclusion – Prepare for RED DA and CRA with Secure Flash Memory
With cybersecurity legislation now influencing hardware design, embedded engineers must think beyond the host processor when securing their systems. The upcoming RED Delegated Act and Cyber Resilience Act are clear about protecting update processes, enforcing integrity checks, and embedding resilience into connected devices.
Winbond’s W77Q and W77F series offer a practical route to compliance — without changing your SPI interface or re-architecting your memory layout. These secure flash devices bring root-of-trust, rollback protection, secure SPI channels, and EAL5+ certified storage directly into the flash layer.
Whether you're updating a smart meter, launching an industrial IoT controller, or securing an automotive ECU, these drop-in secure memories deliver trusted performance with minimal integration effort.
To discuss your project or get access to datasheets and samples, contact Ineltek today.