PUFef Introduction

PUFrt-based secure storage supports XIP 

PUFef (former PUFflash) is an embedded Flash that has been integrated with a hardware root of trust (HRoT) PUFrt. For systems with an existing embedded NVM solution, replacing it with PUFef is a seamless way to add in the security of a RoT, while simultaneously upgrading the protections of the eFlash.  


With real-time encryption/decryption based on the unique randomness built into each on-board PUF, PUFef supports execution in place (XIP) while offering secure data-at-rest protection for sensitive code and data.


An optional error correction code (ECC) can be implemented with the embedded Flash as well, further guaranteeing data stability over the lifetime of the system.


A standard APB slave control module allows for easy drop-in integration of PUFef for systems that already support ARM’s peripheral bus protocol. By unifying both PUFrt and Flash under the APB, system integrators can work with a familiar interface to execute the various RoT and embedded Flash functions of PUFef.



PUFef is an integrated, secure embedded Flash solution built from adding an embedded Flash to PUFrt:

  • PFTC: APB interface, unifying the eFlash and PUFrt control interfaces
    AXI interface for direct, burst access to eFlash array

  • PUFkeyst: Mass production OTP with built-in instant hardware encryption  

  • PUFuid: Four sets of hardware fingerprint with the ability to act as a unique private key, UID, or root key 

  • PUFtrng: A high-quality true random number generator 

  • eFlash: Embedded NVM, protected using PUF-derived entropy

  • Comprehensive anti-tamper circuitry and countermeasures


In addition to all of the RoT applications supported by PUFrt, PUFef adds the following: 

  • Boot code storage and OTA updates

  • General code storage with XIP capability and data-at-rest protection

Block Diagram


Tech Spec

PUFef Spec.png