How to Implement Secure Flash Memory for RED DA & CRA Compliance: Winbond W77Q and W77F

Introduction – What Is Secure Flash Memory and Why Does It Matter for RED DA and CRA Compliance?

The new Radio Equipment Directive Delegated Act (RED DA) and the upcoming Cyber Resilience Act (CRA) are driving sweeping changes to how embedded systems handle data protection, firmware updates, and device authentication. Under these EU regulations, manufacturers of wireless-enabled and connected devices will soon be required to:

• Implement secure boot and firmware integrity verification

• Ensure only authorised updates are installed

• Prevent unauthorised access to communication services or sensitive data

While much of the focus has been on cryptographic software or secure elements, the often-overlooked vulnerability is the external SPI flash memory where code and sensitive assets are stored.

Winbond’s W77Q and W77F series, part of the TrustME® secure memory platform, address this gap with drop-in compatible secure flash memory. These devices provide hardware-level protection with CC EAL5+ certified security, root-of-trust integration, and robust mechanisms to detect, resist, and recover from attacks.

Ineltek supports both the W77Q (substantial security) and W77F (high security) series enabling engineers to adopt RED DA and CRA-ready memory designs without re-architecting the main MCU or SoC.

Features of Winbond W77Q and W77F Addressing the Challenge

The W77Q and W77F secure flash families from Winbond are engineered to mitigate common attack surfaces in embedded systems, particularly those involving unauthorised access to external memory. They build on Winbond’s proven SPI NOR flash platform, adding security features without requiring host-side cryptographic redesign.

W77Q – Substantial Security for Connected Devices

Built on W77Q capabilities, plus:

• Advanced tamper resistance for physical attack mitigation

• Cryptographic isolation for high-value credential storage

• Stronger compliance profile for eID, V2X, Android Strongbox and automotive security

• Same SPI command set and pin-out for seamless upgrade

This makes the W77Q ideal for designs that require enhanced but cost-sensitive cybersecurity integration.

W77F - High Security for Critical Infrastructure

The W77F targets systems that need the highest assurance levels including eID, V2X modules, Android Strongbox applications, and smart access systems. It builds upon the W77Q’s capabilities by adding:

• Advanced asset protection with tamper resistance

• Higher cryptographic isolation for credential storage

• Stronger compliance profile for use in national ID, secure mobile, or automotive security domains

Where the RED DA demands secure firmware update paths and the CRA expects built-in resilience and secure data lifecycle management, the W77Q and W77F offer a direct hardware route to compliance.

Both series simplify adoption by maintaining SPI command compatibility and pinout with standard NOR flash making them an easy upgrade for existing designs preparing for the new legal requirements.

Secure Flash Memory Specifications – Winbond W77Q and W77F

These specifications make the W77Q a practical choice for general-purpose secure memory upgrades, while the W77F suits applications with elevated security and regulatory requirements, such as national ID or secure mobile applications.

Use Cases and Industry Applications

The regulatory landscape across Europe and beyond is making secure flash an essential component for embedded systems, not just a high-end feature. Winbond’s W77Q and W77F are being adopted across a growing number of sectors where RED DA and CRA compliance is either required or anticipated.

Smart Meters and Grid Infrastructure

Smart meters are specifically targeted under the RED Delegated Act due to their wireless interfaces and remote update functions. The W77Q enables secure firmware storage, protects update authenticity, and helps grid device vendors meet both resilience and secure communication provisions — all without redesigning their SPI-based memory interface.

Industrial Controllers and IoT Edge Devices

From factory automation to building controls, many IEC 62443-compliant systems now require integrity-checked boot sequences and resistance to memory-based attacks. W77Q's secure SPI channel and rollback protections ensure edge nodes cannot be tampered with or rolled back to vulnerable firmware states, making them ideal for CRA-governed products.

Automotive ECUs and Connected Mobility

The W77Q is suitable for non-critical ECUs requiring OTA updates or secure data logs. For applications with higher security expectations — such as telematics control units or digital keys — the W77F provides added cryptographic protection and tamper detection aligned with automotive-grade cybersecurity frameworks.

eID, Smart Access and Secure Mobile

The W77F is designed for high-assurance identity systems, supporting secure element-style features without changing the system architecture. It is suitable for use cases such as e-passports, smart door locks, or Android Strongbox storage extensions.

Complementary Secure Elements

For engineers evaluating broader secure storage strategies, the W77 series may be used alongside or as a lighter-weight alternative to full secure elements. For completeness, Ineltek also supports SEALSQ’s VaultIC292, a certified secure element suitable for PSTI, RED DA and CRA mandates. Read more.

Conclusion – Prepare for RED DA and CRA with Secure Flash Memory

With cybersecurity legislation now influencing hardware design, embedded engineers must think beyond the host processor when securing their systems. The upcoming RED Delegated Act and Cyber Resilience Act are clear about protecting update processes, enforcing integrity checks, and embedding resilience into connected devices.

Winbond’s W77Q and W77F series offer a practical route to compliance — without changing your SPI interface or re-architecting your memory layout. These secure flash devices bring root-of-trust, rollback protection, secure SPI channels, and EAL5+ certified storage directly into the flash layer.

Whether you're updating a smart meter, launching an industrial IoT controller, or securing an automotive ECU, these drop-in secure memories deliver trusted performance with minimal integration effort.

To discuss your project or get access to datasheets and samples, contact Ineltek today.

FAQs - Secure Flash Memory for Red DA & CRA Compliance