TROPIC01 Hardware Abstraction Layer for AVP
Secure element SDK for Agent Vault Protocol hardware implementations
avp-tropic is the TROPIC01 Hardware Abstraction Layer (HAL) for the AVP ecosystem. It provides the low-level SDK for communicating with TROPIC01 secure elements, which power the hardware security backends in AVP implementations like NexusClaw.
This library is based on Tropic Square's libtropic, adapted and extended for AVP protocol integration.
+------------------+ +------------------+ +------------------+
| AI Agent | | AVP Client | | avp-tropic |
| (LangChain, | --> | (avp-py, | --> | (This library) |
| CrewAI, etc.) | | avp-rs, etc.) | | |
+------------------+ +------------------+ +--------+---------+
|
| SPI
v
+------------------+
| TROPIC01 |
| Secure Element |
+------------------+
avp-tropic handles:
- SPI communication with TROPIC01 chips
- Secure session establishment (L2 encrypted channel)
- Key storage and retrieval commands
- Cryptographic operations (sign, verify, encrypt)
- Attestation and device authentication
| Project | Description |
|---|---|
| NexusClaw | Production USB hardware security key using avp-tropic |
| avp-hardware | Reference hardware designs and firmware |
| AVP Specification | Protocol specification for hardware extensions |
| Board | MCU | Status |
|---|---|---|
| Secure Tropic Click | Various (click board) | Supported |
| STM32U5 Discovery + Tropic Click | STM32U585 | Supported |
| Custom NexusClaw PCB | STM32U535 | In Development |
| Element | Features | Status |
|---|---|---|
| TROPIC01 | 128 slots, ECC P-256/Ed25519, AES-256-GCM, SHA-3, TRNG | Supported |
- Hardware Abstraction Layer — Platform-independent HAL for host MCUs
- Crypto Abstraction Layer — Pluggable cryptographic backends
- Secure Sessions — Encrypted L2 communication with TROPIC01
- Multi-Platform — STM32, nRF, ESP32, Linux, and more
For the library to function correctly with TROPIC01, component versions must be compatible:
| avp-tropic | Application FW | SPECT FW | Bootloader FW | Status |
|---|---|---|---|---|
| 3.1.0 | 1.0.0-2.0.0 | 1.0.0 | 2.0.1 | Current |
| 3.0.0 | 1.0.0-2.0.0 | 1.0.0 | 2.0.1 | Supported |
| 2.0.1 | 1.0.0-1.0.1 | 1.0.0 | 2.0.1 | Supported |
Warning: Using mismatched versions may result in unpredictable behavior. Always use compatible versions.
avp-tropic/
├── avp/ # AVP protocol layer (added for AVP integration)
├── cal/ # Crypto Abstraction Layer implementations
├── hal/ # Hardware Abstraction Layer implementations
│ └── stm32/ # STM32 HAL
├── include/ # Public API headers
├── src/ # Core library source
├── examples/ # Example projects
│ └── stm32/ # STM32 examples
├── tests/ # Functional tests
├── docs/ # Documentation
└── vendor/ # Third-party dependencies
# ARM toolchain
apt install gcc-arm-none-eabi
# CMake
apt install cmakemkdir build && cd build
cmake ..
makecd examples/stm32/stm32u5_tropic_click
makeSee the examples README for detailed instructions.
To use avp-tropic in an AVP hardware implementation:
#include "avp_tropic.h"
// Initialize TROPIC01 interface
lt_handle_t handle;
lt_init(&handle);
// Open secure session
lt_open_session(&handle, pairing_key);
// Store an AVP secret
lt_slot_write(&handle, slot_id, secret_data, secret_len);
// Retrieve an AVP secret
lt_slot_read(&handle, slot_id, buffer, &buffer_len);
// Sign data (key never leaves chip)
lt_ecc_sign(&handle, key_slot, hash, signature);- API Reference — Original libtropic documentation
- AVP Hardware Spec — AVP hardware extension specification
- TROPIC01 Datasheet — Secure element documentation
We welcome contributions! Areas where help is needed:
- HAL ports — New microcontroller platforms
- Testing — Integration tests with different hardware
- Documentation — Tutorials and examples
See CONTRIBUTING.md for guidelines.
This project is licensed under Apache 2.0. See LICENSE for details.
Original libtropic code is from Tropic Square, used under their open-source license.
AVP Specification · NexusClaw · AVP Hardware
Part of the Agent Vault Protocol ecosystem