Espressif Systems, a leading provider of IoT connectivity solutions, is proud to announce that its ESP32-C6 microcontroller has achieved  PSA Certified Level 2 (PSA-L2)  security certification. This milestone makes the ESP32-C6 the  first RISC-V-based product  to attain this level of security certification, underscoring Espressif’s commitment to delivering robust, secure, and reliable IoT solutions. 

The  PSA Certified program, developed in collaboration with industry leaders, provides a framework for confirming the security of IoT devices. Achieving PSA Level 2 certification signifies that the ESP32-C6’s PSA Root of Trust (PSA-RoT) has undergone laboratory evaluation, demonstrating its resilience against scalable software attacks. This certification validates that the ESP32-C6 meets industry-recognized IoT security standards, ensuring robust protection for connected devices. 

First RISC-V-Based SoC to Attain PSA-L2 

The ESP32-C6, powered by a RISC-V processor, integrates Wi-Fi 6, Bluetooth 5 (LE), and IEEE 802.15.4 (Thread/Zigbee) connectivity. Its PSA-L2 certification raises the security standards for open RISC-V architectures, demonstrating its robustness in safeguarding IoT applications. This achievement enhances RISC-V's credibility in security-sensitive applications and showcases Espressif’s leadership in adopting cutting-edge technologies. 

"Achieving PSA-L2 certification for the ESP32-C6 underscores our unwavering commitment to providing affordable security, making advanced protection more accessible to developers and businesses alike," said Teo Swee Ann, Founder and CEO of Espressif Systems. "With evolving global regulations, our platform is designed to help customers navigate these requirements while delivering secure, reliable, and future-proof products." 

Advanced Security Features in ESP32-C6

The PSA Level 2 certification validates that ESP32-C6 meets stringent security requirements, including resistance to software attacks and protection of critical assets. The ESP32-C6 is equipped with a range of advanced security features, such as: 

• Physical Memory Protection (PMP) and Access Permission Management (APM): The PMP and the APM in the ESP32-C6 enforce hardware-based access control, ensuring secure memory isolation and privilege separation. 

• Digital Signature Peripheral: Enables secure cryptographic operations by generating digital signatures in hardware, ensuring that private keys remain protected and never exposed to software, thereby preventing unauthorized firmware modifications and tampering 

• Secure Boot: Ensures that only authenticated firmware can be executed, preventing unauthorized code modifications. 

• Flash Encryption: Protects stored data from unauthorized access by encrypting the contents of external flash memory. 

• Hardware Cryptographic Accelerators: Provides optimized support for AES, SHA, RSA, and ECC, ensuring efficient and secure data processing. 

• Secure JTAG Mode: Enables authorized debugging of devices without compromising device security or exposing sensitive assets.
  

ESP-TEE Framework

As a PSA Level 2 certified device, the ESP32-C6 adheres to the Security Model defined by PSA Certified. At the core of this Security Model is the ESP-TEE, which is anchored in immutable hardware and functions as the Platform Root of Trust. ESP-TEE provides hardware-enforced isolation, ensuring that trusted applications run in a protected environment, shielded from potential threats in the non-secure domain. This enhances security for critical operations such as cryptographic key management, secure boot verification, and firmware updates, making ESP32-C6 an ideal choice for security-sensitive IoT deployments.

Aligning with Global Security Regulations 

With growing concerns over IoT security, governments and regulatory bodies worldwide are implementing stricter security standards. PSA certification aligns with upcoming regulations, including the European Union’s Cyber Resilience Act (CRA), the U.S. Cybersecurity Improvement Act, the EU Radio Equipment Directive (RED), The UK Product Security and Telecommunications Infrastructure (PSTI), etc. By proactively meeting these requirements, Espressif enables its partners and developers to build future-proof IoT solutions that comply with evolving security mandates. 

Building on the security foundation established by the ESP32-C3 and ESP32-S3, which previously attained PSA Certified status, ESP32-C6 continues Espressif’s drive to provide secure and scalable solutions for IoT developers. By incorporating a Trusted Execution Environment (TEE) and other advanced security mechanisms, ESP32-C6 ensures a robust and flexible platform for security-critical applications in smart home devices, industrial automation, and connected healthcare.  If you are interested in knowing more about ESP32-C6, don’t hesitate to contact Espressif’s customer support team.