FAQs

TROPIC01 (TRuly OPen Integrated Circuits) is an open architecture secure element that serves as a foundational security component for embedded systems, providing a hardware Root of Trust to ensure security.

Within its secure perimeter, it enables cryptographic key management, digital identity, and secure data storage for critical applications.

Tropic Square owns the chip design and is able to provide the documentation and source-code for auditability– without the need of signing an NDA. We also provide development kits and chip samples for evaluation and security testing. We encourage developers to:

• Validate and pentest TROPIC01
• Prototype secure embedded systems with TROPIC01 
• Share feedback and testing result with us
  ‍

Note: Publication and sharing of the design and implementation details have no adverse effect on the system's security. We however, do not disclose critical design details like the position of laser or EM (electromagnetic field) detectors. 

Yes, apply through our evaluation registration page.

Reach out directly to sales@tropicsquare.com and let us know your use case.

• Any application where user or machine authentication is required
• Any application that requires a device to securely store encryption keys, and/or performing digital signing or signature validation operations
• Securing communication within an embedded system or between an embedded system and another device or application
• Root of Trust applications where you need to guarantee and attest the systems properties at run time (i.e. secure boot, secure firmware update)
• Applications ranging from IoT and hardware crypto wallets to Web3, digital identity and any industry prioritizing hardware security

‍

The open elements are*: 

• The digital logic that processes the user’s data
• The whole data path from the interface (The CPU to the hardware cryptographic accelerators and encryption engine)
• SDK software
• Embedded firmware (planned to be open, practicalities still in discussion)

‍

The closed aspects (the remaining parts):

• The infrastructure and technology required to produce the chip 
• The standard cells, power supplies, and blocks required for security that don't exist as open source IP blocks like TRNG, PUF, flash and OTP memory

‍

*Our SDK has been published on github and can be found here.

‍

The TROPIC01 embedded firmware, digital logic, and chip resources have not yet been published on github. That is a work in progress. Engineers, open-source developers, pen-testers, and anyone else interested in access to these components should contact Tropic Square at support@tropicsquare.com

‍

Yes, our solution is designed for customization and can be deployed as a white labeled product (ie. a chip with no Tropic Square logo, customized for specific third party needs).

‍

There are three types of customization offered:

‍

1. Application firmware running in the on chip RISC-V core (i.e. user API and commands that are processed by TROPIC01).
   
   • We can make the same silicon products look like different chips or support different commands, while executing the same HW under the hood. 
   • Helps with tight integration of user applications (ex. multiple atomic commands can be executed as one command, which offers more off-loading of the host controller).
   • This modification does not include HW modifications or mask set updates.  

‍

2. The Boot ROM code customization
   
   • Requires modification of Boot content at mask level. It is a relatively cost-friendly modification so perfectly feasible.

‍

3. HW customization that would require ASIC design modifications
   
   • Full customization is possible (ex. adding new features like different cryptographic algorithms).
   • This investment could reach millions of dollars depending on the scope of the changes, but it would still be a significant saving compared to designing a new chip, as the TROPIC01 platform is mostly reused. Porting to different technologies also falls into this category. We would be happy to support our customers in this direction.
     ‍

Customers can also implement their own application layer solutions by using (and if necessary, modifying) the SDK running on the MCU and communicating to the TROPIC01 chip.

‍

Yes, we are open to collaboration to improve the chip’s security. Of course, each contribution would still need to go through a review and be screened for validity. It will be necessary to sign a CLA (Contribution License Agreement), which is standard industry practice.

Our chips do not contain backdoors or hidden features, and we prove that by opening up our design for independent evaluation. It is more complicated and harder to prove that no backdoor or hidden features are inserted during manufacturing, but Tropic Square is continually working to prevent this in all areas of production and supply chain. 

‍

There are standard prevention techniques already available in the supply chain. With auditability and transparency at the foundation of our solution, we minimize the risk of production line backdoor insertion.

We publish only the information that is needed to remain transparent without compromising the integrity of our design. 

‍

The information from the functional description and implementation found online would not be sufficient for a silicon replication. You would not be able to download the files found online and send it to the foundry.

‍

There are also other barriers including capital requirements (the cost to access foundry IP and other third party IP), access to the full chip design, IP and production ecosystem. If somebody wants to leverage our design, we strongly recommend they reach out to us so we can work together on a more cost effective solution.

‍

We are happy to partner to enable companies leveraging our work to create more open and auditable implementations. It is our goal to transform the chip industry as a whole to make transparency a standard.

We perform our own internal tests, but also outsource the post production chip testing and security evaluation to independent laboratories.

‍

Security evaluation can also be performed by any independent third party laboratories and white hat hackers. Here are the published security evaluations currently available:

• Contentwise SDK evaluation

Quantum computing threats are out of scope for the threat model of TROPIC01’s currently implemented algorithms. However, the firmware update feature can support quantum resistant schemes like hash based signatures. We are planning a future version of our chip with full support for PQC algorithms.

TROPIC01 is manufactured at United Microelectronics Corporation (UMC), a Taiwanese semiconductor foundry.

We are licensing IP cores for analog and mixed signal designs including power supplies, TRNG, PUF, and memories. The TROPIC01 physical chip implementation (known as the place and route steps to create GDS2) is carried out by external partners, as is the manufacturing.