Space, meet open security! π
We are excited to share that @SpaceComputerIO is integrating Tropic Squareβs TROPIC01 secure element into their Space Fabric architecture. This marks the first deployment of an auditable hardware root of trust in a space environment. π«
"When you are building systems for orbit, absolute cryptographic trust is foundational. We're proud to see TROPIC01 selected for this mission. For our team, it's a strong sign that our architecture is earning trust in the toughest environment,β said Pavel Polach, our Head of Product.
π Check out the blog with the SpaceComputer team to find out more about the payload integration, dual secure elements, on-orbit cryptographic identity and how this architecture eliminates the pre-launch supply chain attack surface:
https://t.co/Y6jDODiMU4
Quick snapshot πΈ
Working on a CRA plug-and-play package with TROPIC01. The goal is simple - to help you comply with the CRA as fast as possible.
If that interests you, stay tuned. π
Also, check out our Discord if you want to connect with our engineers and community: https://t.co/MqkIZMbYYN
What happens when you subject a secure element to voltage (VFI), electromagnetic (EMFI), and laser fault injection (LFI) attacks? π₯
Hardware security sensors are a critical line of defense, but true resilience means assuming they aren't bulletproof.
To put the TROPIC01 to the ultimate test, we partnered with the @CosicBe research group at @KU_Leuven for an independent evaluation. Transparency is how we move the industry forward, so we are sharing their evaluation report.
TL;DR:
π‘The Results: Evaluation confirmed two vulnerabilities. While our hardware sensors were effective in many scenarios, these findings highlighted the need for a stronger defense-in-depth strategy.
π‘οΈThe Action: We have already addressed these findings with a firmware update for current silicon, and we implemented ROM bootloader hardening for our next revision.
Huge thanks to the COSIC team, especially @LennertWo and Benedikt Gierlichs, for their rigorous testing and exceptional partnership. During their research, they also independently discovered the vulnerability reported by Ledger Donjon, providing us with the crucial insights needed to evaluate the findings we disclosed earlier this month.
Building truly secure hardware is a collaborative journey. We are incredibly grateful to the researchers who push our limits. πͺ
π Read the full security report here https://t.co/jRS1rQTgJL
#TropicSquare #SecurityReport
After three days at @BTCPrague chatting with developers, hardware enthusiasts, security experts, and founders, it was incredible to see so much alignment around the core belief that drives us: a device is only as trustworthy as the silicon inside it. π‘οΈ
Thank you to everyone who stopped by. We loved diving deep into why security can't just be a static certification you buy, but must be a continuous process of rigorous testing and transparency.
Building a genuinely secure foundation for electronic devices starts at the silicon level. Letβs keep pushing for transparent, auditable hardware that anyone can trust. πͺπ
#BTCPrague2026 #TropicSquare #HardwareSecurity #TROPIC01#OpenSource
@Schnuartz@gunzaj12 Wow, this looks like a perfect match!
Do you want to prevent brute force attacks on user PIN or data? This is how we do it with TROPIC01 pin verification engine (we call it Mac And Destroy):
https://t.co/6nxK9EqPUI
And do not miss our Discord server! https://t.co/ngTWqXH5rn π·
π libtropic 4.0.0 is officially live!
If you are integrating the auditable TROPIC01 secure element into your embedded systems, this release brings major upgrades for security engineers, researchers, and HW devs. ππ οΈ
Here is what you need to know about the latest SDK update:
β Hardened Firmware Updates: We've overhauled the lt_do_mutable_fw_update() function. Check out the updated application notes and examples to see the new recommended workflow for handling Maintenance Mode and minimizing your attack surface.
β Smarter ECDSA Integration: The lt_ecc_ecdsa_sign API now accepts a 32-byte hash (e.g., SHA-256) instead of raw data, making it much easier to plug into your existing crypto schemes.
β Robust L2 Comms: Internal Layer 2 communication has been refactored! The new lt_l2_transfer function seamlessly handles sends, receives, and automatic retry mechanisms for CRC errors.
β More Hardware Support: Added official support and examples for the STM32U5 family (Nucleo U545RE-Q).
Dive into the full changelog on GitHub for the complete list of fixes, updates, and maintenance cleanups. https://t.co/2wU3LhrP23
π‘ Pro-tip: Feed the changelog to your favorite LLM to generate a quick migration script!
Weβd love to hear how your migration goesβdrop your feedback in the comments or reach out to our team. Happy hacking!
#TropicSquare #TROPIC01 #HardwareSecurity #EmbeddedSystems #Cybersecurity #RISCV #Cryptography #InfoSec #libtropic
π’ @BTCPrague starts tomorrow β and weβll be at booth 23.
If you're building hardware wallets, designing secure hardware, or you just care about where open source security is heading, let's have a chat π€.
At Tropic Square, we believe hardware wallets need auditable security, not security-by-obscurity. Because the question is simple: can you really trust what you can't verify? With CRA raising the bar for hardware security across the segment, this conversation matters even more.
#CRA #BTC #BTC2026 #Prague #FutureProofSecurity #OpenSourceHardware #TropicSquare #TrustedHardware #embedded #TROPIC01 #cybersecurity #secureelement #security #hardware #opensource #HardwareSecurity #OpenHardware
@P3b7_@DonjonLedger Thank you, Charles. The thorough testing by @DonjonLedger was trully valuable for us. We believe open collaboration between engineers is the only way to build truly secure hardware. Big shout out to @DonjonLedger for their excellent partnership on this.
We built TROPIC01 to find its limits.
Today we're publishing a Security Advisory on a hardware vulnerability discovered during an independent audit by the Ledger Donjon team - alongside the deeper findings our engineers made as a result.
What was found:
ποΈ During their audit, Ledger Donjon successfully executed a Laser Fault Injection attack bypassing firmware boot signature under lab conditions - but essential hardware security withstood it.
ποΈ Building on that discovery, our team found that more complex combined attack paths can potentially breach the hardware boundary and expose all confidential data.
Worth knowing:
ποΈ This is not a remote exploit and there is no evidence of real-world exploitation.
ποΈ Mitigation measures for this attack vector are available for deployment.
True hardware security is built on transparency and auditability. So we don't just tolerate scrutiny, we invite it. This disclosure is that principle in practice.
A huge thanks to @DonjonLedger team for their exceptional technical expertise, professionalism and dedication to coordinated disclosure.
π Read our full announcement: https://t.co/nrLt3aQRU6
π¬ Link to technical deep-dive: https://t.co/IxoXdMRUlC
TROPIC01 is in the list of Secure Elements and TPMs supported by WolfSSL - alongside Infineon, NXP, STMicro, and other industry heavyweights. π
@wolfSSL is one of the most widely used embedded TLS libraries out there, trusted across automotive, IoT, aerospace, and beyond.
For a chip built on the principle that security shouldn't be a black box, that's the kind of list you want to be on. Transparent, open-architecture secure elements are becoming a serious option for engineers who care about where their cryptographic operations happen - not just that they happen. :raised_hands:
Thanks to the wolfSSL team for the collaboration.
π Full list of supported keystores and secure elements in the link below.
https://t.co/mD2fZVjyv6
#FutureProofSecurity #OpenSourceHardware #TropicSquare #TrustedHardware #embedded #TROPIC01 #cybersecurity #secureelement #security #hardware #opensource #HardwareSecurity #OpenHardware