Overview
Description
Topics
The Trusted Secure IP Driver for RX Family V.1.23 has been released (Revised Secure Bootloader Project related to Configuration and added Performance Information for Demo Project).
This product enables secure updating of flash ROM embedded in MCUs and in preventing illicit firmware being booted up (secure booting). This driver controls AES, AES-GCM, AES-CMAC encryption and decryption and the generation of random numbers through high-speed hardware calculation by the Trusted Secure IP modules. As a result, this driver can help you to protect "Internet-of-Things" (IoT) embedded devices from viral infections and eavesdropping. Trusted Secure IP includes a full-function version "TSIP" and limited function version "TSIP-Lite". For information on Renesas IoT security solutions, please refer to Renesas IoT Security.
Components
- Trusted Secure IP Driver main body
- Trusted Secure IP Driver manual
- Sample code demonstrating application of the Trusted Secure IP Driver
- Sample code for confirming the way user keys are written
- Sample code for confirming the secure updating of firmware from USB memory or UART (In the case to use this sample code, please contact us).
- Sample code for confirming the way to use AES Cryptography
- Sample code for confirming the way to implement TLS
Features
- Cryptographic functions which provide advanced security can be embedded in mass-produced products at low cost
- High-speed execution of the AES, a world standard cryptographic algorithm
- Support for AES-GCM, which is frequently included in the required specifications of smart meters
- Functions for safely updating firmware
- Easily combined with other device drivers for RX, RE MCUs or RZ MPUs
- Learn More
Release Information
| Target Device Note1 | Product Name | Version/Release | Providing Method |
|---|---|---|---|
| RX23W RX231 RX26T RX65N, RX651 RX66N RX66T RX671 RX72M RX72N RX72T | Trusted Secure IP Driver for RX Family | Latest Ver.: V1.23 Release 00 Released: Oct. 15, 2025 | Download: RX family TSIP(Trusted Secure IP) Module Firmware Integration Technology Rev.1.23 - Sample Code (ZIP) |
| RE01 | Trusted Secure IP Driver for RE Family (Source code version) | Latest Ver.: V.1.01 Release 00 Released: Jul. 20, 2020 | Please contact Renesas sales division. |
| Trusted Secure IP Driver for RE Family (Binary version) | Latest Ver.: V.1.01 Release 00 Released: Nov. 6, 2020 | Please contact Renesas sales division. | |
| RZ/A2M | Trusted Secure IP Driver for RZ Family RZ/A2M Group | Latest Ver.: V3.00 Released: Jun. 30, 2020 | Contact us |
Note
- Some MCUs in the listed groups do not include a TSIP module. Refer to the User's Manual: Hardware for the given group to check the type names of the MCUs that have a TSIP module.
Target Devices
Design & Development
News & Blog Posts
Blog Post Sep 11, 2023 |
Blog Post Jun 1, 2023 |
Blog Post Apr 18, 2023 |
Blog Post Mar 28, 2023 |
Blog Post Mar 11, 2022 |
Additional Details
Functions
| Function | Algorithm (mode/method) | TSIP-Lite | TSIP | ||
|---|---|---|---|---|---|
| RX23W, RX231, RX26T, RX66T, RX72T, RE01 | RX65N, RX651, RX66N, RX671, RX72M, RX72N | RZ/A2M | |||
| Public-Key Cryptography | Signature generation and verification | RSA (RSASSA-PKCS1-v1_5) | — | lens (3072/4096 bit is only for signature verification) | lens |
| RSASSA-PSS | — | lens | — | ||
| RSA (DSA) | — | — | — | ||
| ECC (ECDSA) | — | lens | — | ||
| Encrypt/Decrypt | RSA (RSAES-PKCS1-v1_5) | — | lens (3072/4096 bit is only for encrypt) | lens | |
| Key pair generation | RSA 1024/2048 bit | — | lens | lens (2048 bit only) | |
| ECC P-192/224/256/384 | — | lens | — | ||
| Symmetric-Key Cryptography | AES-128/256 bit (ECB/CBC/GCM/CCM) | lens | lens | lens | |
| AES-128/256 bit (CTR) | lens | lens | — | ||
| Triple-DES 56/56x2/56x3 bit (ECB/CBC) | — | lens | — | ||
| ARC4 2048 bit | — | lens | — | ||
| Message authentication | AES-128/256 bit (CMAC) | lens | lens | lens | |
| Hash function | SHA-1, SHA-224, SHA-256 | — | lens (SHA-1, SHA-256) | lens (SHA-224, SHA-256) | |
| MD5 | — | lens | — | ||
| Random number generation | — | lens | lens | lens | |
| Key management function | AES 128/256 bit | lens | lens | lens | |
| RSA 1024/2048 bit | — | lens | lens (2048 bit only) | ||
| ECC P-192/224/256/384 | — | lens | — | ||
| Triple-DES 56/56x2/56x3 bit | — | lens | — | ||
| ARC4 2048 bit | — | lens | — | ||
| Key update function | AES 128/256 bit | lens | lens | In Development | |
| RSA 1024/2048 bit | — | lens (3072/4096 bit is only for public key) | In Development | ||
| ECC P-192/224/256/384 | — | lens | — | ||
| Triple-DES 56/56x2/56x3 bit | — | lens | — | ||
| ARC4 2048 bit | — | lens | — | ||
| SSL/TLS cooperation function | TLS1.2 compliant Supporting cipher suites: TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | — | lens | lens (TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256 only) | |
| TLS1.3 compliant Supporting cipher suites: TLS_AES_128_GCM_SHA256 TLS_AES_128_CCM_SHA256 | — | lens | — | ||
| Key agreement | ECDH 512 bit, DH 2048 bit | — | lens | — | |
| Key Wrap | AES 128 bit/256 bit | lens | lens | — | |
| Secure booting | — | lens | lens | lens | |
| Secure updating of firmware | — | lens | lens | In Development | |
lens Available | — Unavailable
Maximum key length for each algorithm.
- - AES: 256 bit
- - RSA: 4096 bit
- - DES: 56 bit
- - Triple-DES: 168 bit
- - ARC4: 2048 bit
- - DH: 2048 bit
- - ECDH: 512 bit
- - ECDSA: 256 bit
- - DSA 2048 bit / ECDSA 512 bit (Cryptographic algorithm for authentication): Not supported
Operating Environment
| MCU | RX Family | RE Family | RZ Family | |
|---|---|---|---|---|
| IDE | IAR Embedded Workbench for ARM version 8.32.1 or later | e2 studio V.7 or later | e2 studio V.7.6.0 | |
| C Compiler | C/C++ Compiler Package for RX Family V3.03.00 or later | IAR C/C++ Compiler for ARM version 8.32.1 or later | GCC ARM Embedded Version 6.3.1.20170620 | GCC ARM Embedded Toolchain (6-2017-q2) |
| Debugger |
| Segger J-Link | Segger J-Link | |
| Evaluation board |
|
(Please contact Renesas sales division.) | RZ/A2M Evaluation Board Kit (Contact us about details) | |
Purpose
- Cryptographic communications among CPUs in equipment at sites or within equipment
- Secure updating of firmware for embedded devices in general
Obtaining the product
We will provide the product to customers who will be adopting or plan to adopt a Renesas microcontroller. Please contact your local Renesas Electronics sales office or distributor.
Support
Support Communities
- RX140 TSIP driver
Hello, I am going to use secure key installation, encryption function for RX140. So I need r_tsip_rx driver, as I understood. These three files are included in the folder FITModules: r_tsip_rx_v1.18.I.xml r_tsip_rx_v1.18.I.zip r_tsip_rx_v1 ...
Jun 11, 2024 - RX140 AES sample code
Hello, I have got AES driver, and I am looking for a sample code. Is there any sample code ? Thank you
Aug 21, 2024 - Where to find documentation and examples for the Synergy Crypto-Framework?
Hi Gyis, I'm searching for days for a documentation of the Synergy crypto-framework and for some examples for it.I only found some code snippets not really explaining the usage of this framework and not reusable.Are there official documentations if this framework and might someone provide code ...
Jul 28, 2021
Knowledge Base
- Amazon FreeRTOS and Trusted Secure IP on an RX65N
... the Trusted Secure IP driver, the application note at the following link should be helpful. https://www.renesas.com/software-tool/trusted-secure-ip-driver-> Trusted Secure IP driver (binary version) for RX-family products-> In the case of Rev.1.13-> \r20an0548xx0113-lib-rx-tsip ...
Feb 22, 2024 - RX Family: Authentication of Encrypted User Image via TSIP & TSIP-Lite
... subsequent execution done post device deployment, even for encrypted firmware. RX MCU family provides robust on-chip authentication mechanisms via Trusted Secure IP (TSIP) and TSIP-Lite to tackle these security threats. Question How is authentication of encrypted user image achieved for integrity verification and tamper detection via TSIP/ ...
Nov 6, 2025 - Some Basic Tips (FAQs) for Using NetX Secure
... verification, the Client checks the trusted and remote certificates to find an issuer for the current certificate (more about that later). *The following API stores trusted certificates in the Client’s trusted store: nx_secure_tls_trusted_certificate_add(NX_SECURE_TLS_SESSION *tls_session, NX_SECURE_X509_CERT *trusted ...
Support Communities
