System Security Solution
Overview
Realtek has always placed security at the core of its products. By integrating multiple advanced security features, our solution effectively defends against both physical and remote attacks, establishing a trusted foundation from chip to cloud for customer products — enabling the creation of truly trustworthy IoT devices.
Key Technologies:
title_hide
Secure Boot Based on asymmetric encryption and digital signature verification, validates public key hash and firmware signature to ensure only authenticated firmware executes.
OTF Decryption (Encrypted Firmware XIP Execution) Supports internal/external Flash; hardware-accelerated real-time decryption during CPU execution — with near-zero performance impact.
TrustZone Secure Firmware Loading Protection TrustZone firmware is decrypted and loaded into secure RAM by the hardware crypto engine — protected end-to-end against leakage and tampering.
Asymmetric Cryptography Engine Hardware-accelerated support for multiple signature algorithms, including RSA-SSA, ECDSA, and EdDSA.
TrustZone & Secure Environment Isolation Built on Arm TrustZone architecture with dedicated hardware access control, enabling strong isolation of secure memory regions and peripherals.
OTP Secure Storage Once locked, key regions are accessible only by the secure engine — tamper-resistant, read-protected, with isolated secure zones and CRC verification.
True Random Number Generator (TRNG) Generates cryptographically secure random numbers from physical entropy sources, NIST-certified for randomness — delivering true unpredictability to the system.
HUK Key Derivation Mechanism Hardware-Unique Key (HUK) is physically isolated and non-exportable, securely deriving application-specific keys.
Advantages
title_hide
Core Security Features
Secure Boot: Tamper-proof and rollback-resistant — establishes a hardware-rooted chain of trust from the very first instruction.
TrustZone: Hardware-isolated secure world to protect critical assets — immune to snooping and tampering.
Firmware Encryption/Decryption Engine: Each firmware encrypted with unique key, OTF (On-The-Fly) hardware decryption, Supports unique key per device, preventing injection and cloning.
Hardware Security Capabilities
Symmetric/Asymmetric Crypto Engines: Multi-algorithm hardware acceleration — zero performance loss, uncompromised security.
True Random Number Generator (TRNG): Truly random, resistant to prediction attacks.
OTP Secure Storage: Critical keys are unreadable and immutable — physically protected against extraction.
HUK & Key Derivation Mechanism: Root key (HUK) is globally unique, unreadable, and unclonable.
Debug & Lifecycle Protection
SWD Debug Interface Protection: Supports authorized access and permanent disable — eliminates physical debug attacks.
Chip Lifecycle Management: Enables granular control across stages — development, production, RMA and decommissioning.
Industry Standards Compliance
Realtek’s IoT chips fully support mainstream security certification standards. Currently, the RTL8721Dx series has achieved PSA Certified Level 2 certification, while multiple products—including RTL8720E, RTL8726E, RTL8713E, and RTL8730E—have obtained PSA Certified Level 1 certification. Although RTL8721F has not yet completed the PSA certification process, internal assessments indicate it is capable of meeting requirements from Level 1 up to Level 3, demonstrating particularly strong resilience against hardware-based attacks.
The integrated TRNG module has passed the NIST STS 2.1.2 randomness test, and the cryptographic engine has received NIST CAVP validation. Realtek is also actively pursuing FIPS 140-3 compliance. Additionally, Realtek provides RED (EN 18031) compliance support to help customers efficiently meet market access requirements.