XITCORP SSD Controllers: RISC-V Architecture and SM2/SM3/SM4 National Cryptography
How XITCORP pairs RISC-V multi-core controllers with hardware SM2/SM3/SM4 national cryptography, AES-256, and TCG Opal 2.0 across its SATA III and PCIe NVMe SSD controller lines.
Last updated: July 2026
XITCORP SSD Controllers: RISC-V Architecture and SM2/SM3/SM4 National Cryptography
In 2023, XITCORP (芯盛智能, XITC) shipped what the company describes as the world's first PCIe 4.0 SSD controller built on a RISC-V architecture, fabricated at 12nm on a domestic SMIC process node. That single data point captures why this Shenzhen-founded, 2018-established storage-silicon designer matters to global hardware engineers and procurement teams right now: it proves that a non-ARM, non-licensed core can hit mainstream NVMe performance while meeting China's toughest data-security certification bar. The same engineering choice — building the controller core in-house on RISC-V rather than licensing ARM IP — also runs through XITCORP's SATA III line, and it pairs with hardware SM2/SM3/SM4 national cryptography plus AES-256 and TCG Opal 2.0 across the PCIe family. This guide breaks down XITCORP's controller architecture, its cryptography implementation, and how the SATA III and PCIe NVMe product lines compare for real designs.
Who Is XITCORP and Why RISC-V Matters
From Founding to First-in-World Silicon
XITCORP was founded in 2018 as a fabless storage-controller design house focused entirely on SSD silicon rather than a broad general-purpose ASIC portfolio. That narrow focus paid off quickly: instead of licensing an existing ARM Cortex-R or Cortex-M core the way most SSD controller vendors do, XITCORP built its controller lineup around custom RISC-V multi-core CPUs from the ground up. The company's flagship achievement — the first 12nm PCIe 4.0 SSD controller on a RISC-V architecture, fabricated on a domestic (SMIC) process — arrived at a moment when advanced-node foundry access for Chinese fabless firms was tightening, which makes hitting 12nm domestically a meaningful supply-chain milestone rather than just a marketing line. It also signals a maturity point for RISC-V in storage: a core architecture that a few years ago was mostly confined to microcontrollers and embedded peripherals is now running the full flash translation layer, wear-leveling, and cryptographic pipeline of an enterprise-class NVMe controller.
Why RISC-V Instead of ARM or Proprietary Cores
RISC-V is an open, royalty-free instruction set architecture, which removes licensing dependency on any single foreign IP vendor — a direct hedge against the export-control uncertainty that has touched other categories of Chinese semiconductor design in recent years. For an SSD controller specifically, RISC-V's modular extension model lets XITCORP tune each core for the workload it actually runs: lightweight 32-bit control-plane logic on the entry SATA III line, and multi-core RISC-V clusters handling flash translation layer (FTL) management, NAND channel scheduling, garbage collection, and cryptographic offload on the higher-throughput SATA and PCIe NVMe parts. Because the instruction set is open, XITCORP can also iterate core designs across product generations without renegotiating a licensing agreement every time it needs a wider pipeline or an additional execution unit. The result is a controller architecture where the instruction set, the fabrication node, and the security certification are all sourced and verified within a domestically controlled supply chain — the practical meaning behind "国产自主可控" (domestic autonomous and controllable) that XITCORP markets its silicon under.
What a SSD Controller Actually Does
Every SSD controller, regardless of vendor, sits between the host interface (SATA or PCIe) and the raw NAND flash die, translating logical block addresses into physical NAND pages, managing wear leveling across program/erase cycles, running ECC to correct bit errors as NAND geometries shrink, and scheduling parallel reads and writes across multiple NAND channels. On XITCORP's silicon, the RISC-V multi-core CPU is the engine that runs all of this in firmware, while dedicated hardware blocks handle ECC, NAND channel I/O, and — critically for this article — cryptographic operations that would otherwise bottleneck a software-only implementation. Firmware in this design manages the logic; the hardware blocks are what make each function fast enough not to throttle the interface's rated bandwidth.
Inside the XITCORP Controller Portfolio
XITCORP splits its lineup into two clear families: a SATA III (6Gb/s) line built around cost-efficient client and NAS storage, and a PCIe NVMe line aimed at higher-throughput client and enterprise workloads.
SATA III Line: XT6110, XT6120, XT6121, XT6160
The SATA III family covers XT6110, XT6120, XT6121, and XT6160. XT6110 pairs a 32-bit MCU with support for 2D SLC/MLC/TLC and 3D TLC/QLC NAND up to 8TB, delivering 560/520 MB/s sequential read/write — solid numbers for a mainstream SATA client drive that also needs backward compatibility with older 2D NAND fabs still in production. XT6120 moves to a RISC-V multi-core CPU at the same 8TB ceiling and the same 560/520 MB/s sequential figures, effectively swapping in the newer core architecture without changing the addressable capacity class — a useful drop-in upgrade path for designs already qualified around the XT6110's electrical and mechanical footprint. XT6160 is the capacity-tier part of the family: still a RISC-V multi-core design, but qualified up to 16TB of 3D TLC/QLC NAND with a modest sequential bump to 565/530 MB/s — the controller XITCORP positions for high-capacity SATA SSDs and NAS-class drives where density matters more than raw throughput.
PCIe NVMe Line: XT8111 (Gen3), XT8210/XT8211 (Gen4)
The PCIe NVMe line starts with XT8111, a PCIe 3.0 x4 NVMe 1.4 controller with a RISC-V multi-core CPU, supporting 3D TLC/QLC NAND up to 4TB at 3,500/3,500 MB/s sequential — a client-class Gen3 part aimed at replacing SATA in mainstream laptops and desktops where a single free PCIe lane is available but full Gen4 bandwidth is not required. Above it sit XT8210 and XT8211, XITCORP's PCIe 4.0 x4 NVMe 1.4 enterprise controllers. XT8210 runs a RISC-V multi-core CPU against 3D TLC/QLC NAND up to 16TB, hitting roughly 7/6 GB/s sequential read/write — enterprise-grade throughput squarely competitive with mainstream Gen4 enterprise controllers from established vendors. This is also the controller family behind XITCORP's "world's first 12nm PCIe 4.0 on RISC-V" claim, and the one carrying the full commercial cryptography Level-2 certification discussed below.
Comparing the Lineup at a Glance
| Model | Interface | CPU Core | Max NAND Capacity | Sequential R/W | Target Segment |
|---|---|---|---|---|---|
| XT6110 | SATA III 6Gb/s | 32-bit MCU | 8TB | 560/520 MB/s | Client SATA |
| XT6120 | SATA III 6Gb/s | RISC-V multi-core | 8TB | 560/520 MB/s | Client SATA |
| XT6160 | SATA III 6Gb/s | RISC-V multi-core | 16TB | 565/530 MB/s | High-capacity SATA / NAS |
| XT8111 | PCIe 3.0 x4 NVMe 1.4 | RISC-V multi-core | 4TB | 3,500/3,500 MB/s | Client NVMe |
| XT8210 | PCIe 4.0 x4 NVMe 1.4 | RISC-V multi-core | 16TB | 7,000/6,000 MB/s | Enterprise NVMe |
XITCORP also validates these controllers in finished drives rather than shipping silicon alone. The SS6000SE, for instance, is an enterprise SATA 3.0 SSD built on the XT6160 controller paired with YMTC TLC NAND, shipping in 2.5-inch form up to 7.68TB or M.2 2280 up to 960GB at 560/520 MB/s. That reference drive is a useful checkpoint for engineers: it shows the XT6160 controller running at rated speed against a specific, qualified NAND partner rather than a theoretical datasheet maximum, and it gives procurement teams a bill-of-materials-ready product to benchmark against before committing to a custom design.
Hardware-Level National Cryptography: SM2/SM3/SM4 plus AES-256
What SM2, SM3, and SM4 Actually Do
SM2, SM3, and SM4 are China's national cryptography (国密, Guomi) algorithm standards, published and administered by the State Cryptography Administration. SM2 is an elliptic-curve public-key algorithm used for digital signatures and key exchange, functionally comparable in role to ECDSA/ECDH. SM3 is a cryptographic hash function, filling the role SHA-256 plays in international deployments. SM4 is a 128-bit symmetric block cipher, the national-standard analog of AES-128.
| National Standard | Function | International Analog |
|---|---|---|
| SM2 | Elliptic-curve digital signature and key exchange | ECDSA / ECDH |
| SM3 | Cryptographic hash function | SHA-256 |
| SM4 | 128-bit symmetric block cipher | AES-128 |
XITCORP implements all three directly in controller hardware rather than in firmware, which matters for two reasons: hardware crypto blocks run at line rate without stealing CPU cycles from the flash translation layer, and hardware key handling is far harder to tamper with than a software routine that could be patched or bypassed. For a drive doing 7 GB/s of sequential throughput, encrypting and decrypting every block in firmware alone would be a real bottleneck; dedicated silicon is what keeps the rated PCIe 4.0 bandwidth intact while every sector is protected.
AES-256, TCG Opal 2.0, and Dual Certification
XITCORP's controllers do not replace international standards with national ones — they run both. Alongside hardware SM2/SM3/SM4, the PCIe NVMe controllers also implement AES-256 encryption and support the TCG Opal 2.0 self-encrypting drive specification, the same standard enterprise IT already audits against for pre-boot authentication and range-based, hardware-enforced at-rest data protection. On top of that, XITCORP's PCIe controllers meet China's commercial cryptography Level-2 (商用密码检测二级) requirement and carry dual certification from both the National Cryptography Administration and the China Information Security Assessment Center (CCRC). For a procurement team building systems destined for Chinese government, finance, or critical-infrastructure tenders, that dual sign-off is frequently a hard gate in the bid requirements — not a nice-to-have feature line on a datasheet. For teams building for international markets, the same silicon's AES-256/Opal 2.0 support means the drive still clears the self-encrypting-drive checklist that enterprise IT procurement already expects.
Domestic Autonomous and Controllable Storage Silicon
Why "国产自主可控" Is More Than a Slogan
"国产自主可控" — domestic, autonomous, and controllable — describes a supply chain where the instruction set (RISC-V, open and unlicensed), the fabrication (SMIC, a domestic foundry), and the cryptographic certification (National Cryptography Administration plus CCRC) are all sourced or verified inside China's own industrial and regulatory chain. That combination reduces exposure to any single foreign chokepoint — IP licensing, foundry access, or cryptography export controls — all at once, rather than trading one dependency for another. For OEMs building storage products for the domestic market, it also simplifies compliance: a controller that is already dual-certified for commercial cryptography Level-2 removes an entire round of third-party crypto audit from the product certification timeline, which can otherwise add months to a government or financial-sector tender cycle.
Where These Controllers Fit in Real Designs
In practice, engineering teams reach for XITCORP silicon in three scenarios: government and financial-sector storage where commercial cryptography certification is contractually required, enterprise and NAS drives where SM2/SM3/SM4 plus AES-256/Opal 2.0 gives customers a choice of encryption regime depending on the deployment region, and general client SSD designs where a domestically fabricated, RISC-V-based controller reduces exposure to foreign-IP supply risk. The SATA III line (XT6110/XT6120/XT6121/XT6160) covers the first two use cases at commodity price points suitable for high-volume NAS and desktop refreshes, while the PCIe NVMe line (XT8111, XT8210/XT8211) targets the throughput-sensitive enterprise server and prosumer workstation segment.
Choosing Between XITCORP SATA and NVMe Controllers for Your Design
Matching Controller to Capacity and Interface Needs
Start with the interface your platform already exposes. If the design targets a legacy SATA backplane, NAS chassis, or a cost-sensitive client SSD refresh, the SATA III line is the natural fit — XT6110 and XT6120 cover the mainstream 8TB tier, while XT6160 (and its validated SS6000SE reference drive) extends to 16TB for archival and NAS-class capacity needs. If the platform has a free PCIe lane and the workload needs sustained multi-gigabyte throughput — video editing arrays, database caching tiers, or enterprise boot drives — XT8111 covers Gen3 client designs up to 4TB, and XT8210 covers Gen4 enterprise designs up to 16TB with the full commercial cryptography Level-2 certification.
Deployment and Management Considerations
TCG Opal 2.0 self-encrypting drives are only as useful as the management stack that unlocks and provisions them, so confirm early whether the target platform already runs Opal-aware management software or whether IT will need to add one. Drives built on the SM2/SM3/SM4 side of the same silicon typically pair with China-market key-management tooling rather than the Opal ecosystem, so a design that needs to serve both a domestic tender and an export SKU from the same controller family should scope firmware/key-management integration for both paths early, not as an afterthought once hardware is locked. Because the cryptographic engine lives in hardware, switching between an SM4 configuration and an AES-256/Opal configuration is typically a firmware and provisioning decision rather than a silicon respin, which shortens the path to serving two markets from one controller design.
Sourcing and Verification Considerations
Because these are relatively specialized parts compared to mainstream ARM-based controllers from established vendors, engineers should confirm datasheet revision, firmware compatibility, and NAND pairing before locking a bill of materials — the same due diligence any second-source or emerging-vendor component deserves. It is also worth confirming which cryptography certification level a given batch actually carries, since commercial cryptography Level-2 sign-off is tied to a specific controller revision and firmware build, not the part number alone. On FindMyChip, each XITCORP part page carries verified specifications sourced from 200+ authorized distributors, so engineers can cross-check capacity, interface, and cryptography feature claims before committing. FindMyChip curates the complete XITCORP controller and drive lineup, including reference designs like the SS6000SE, in its dedicated XITCORP storage hub collection.
FAQ
Q: What makes XITCORP's PCIe 4.0 controller the "world's first" on RISC-V? A: XITCORP combined a RISC-V multi-core CPU architecture with PCIe 4.0 x4 NVMe 1.4 support and fabricated the design at 12nm on SMIC's domestic process node. No other announced SSD controller had paired a RISC-V core with PCIe 4.0 NVMe performance at that process node before, making it a first for both the architecture choice and the domestic fabrication path simultaneously.
Q: Do SM2/SM3/SM4 replace AES-256 on these controllers? A: No. XITCORP's PCIe NVMe controllers implement SM2/SM3/SM4 and AES-256 with TCG Opal 2.0 side by side in hardware. The dual implementation lets one controller serve both a China-market deployment requiring national cryptography certification and an international deployment expecting AES-256/Opal 2.0 self-encrypting drive compliance, without needing two separate silicon designs.
Q: What does "commercial cryptography Level-2" certification actually require? A: It's a two-tier assessment administered jointly by the National Cryptography Administration and the China Information Security Assessment Center, covering both the correctness of the cryptographic algorithm implementation and the security of key management and physical protection inside the controller. XITCORP's PCIe controllers carry dual certification from both bodies, which is frequently a mandatory bid requirement for government, financial, and critical-infrastructure storage procurement in China.
Q: How do I decide between the SATA III and PCIe NVMe lines for a new design? A: Match the interface to your platform first — SATA III (XT6110/XT6120/XT6121/XT6160) for legacy backplanes, NAS chassis, or cost-sensitive refreshes, and PCIe NVMe (XT8111 for Gen3, XT8210/XT8211 for Gen4) where the platform has a free PCIe lane and needs multi-gigabyte throughput. Within each line, pick by capacity ceiling: 8TB for the mainstream tier, 16TB for the high-capacity SATA or enterprise NVMe tier.
Q: Where can I verify part specifications or request a quote for XITCORP controllers? A: FindMyChip's XITCORP storage hub collection curates the full controller and drive lineup with distributor-verified specifications. Search individual part numbers directly at FindMyChip search, or submit a quote request to compare pricing and lead time across FindMyChip's network of 200+ verified distributors before committing to a bill of materials.
Sourcing domestically fabricated, RISC-V-based storage silicon with dual-certified national cryptography does not have to mean navigating unfamiliar distribution channels alone. FindMyChip verifies XITCORP part specifications through a 5-point authentication process and connects engineering and procurement teams directly with authorized distributors for competitive China pricing and 24-hour quote response — start with a search for the exact controller your design needs, or submit a quote request for the full XT61/XT81 series at once.
