This product enables secure updating of flash ROM embedded in MCUs and in preventing illicit firmware being booted up (secure booting). This driver controls AES, AES-GCM, AES-CMAC encryption and decryption and the generation of random numbers through high-speed hardware calculation by the Trusted Secure IP modules. As a result, this driver can help you to protect "Internet-of-Things" (IoT) embedded devices from viral infections and eavesdropping. Trusted Secure IP includes a full-function version "TSIP" and limited function version "TSIP-Lite".

Topics

The Trusted Secure IP Driver for RE Family V.1.01 has been released. Support for RE01_256KB Group started.
The Trusted Secure IP Driver for RX Family V.1.11 has been released. Support for AES Key Wrap function on TSIP-Lite started.

Features

  • Cryptographic functions which provide advanced security can be embedded in mass-produced products at low cost
  • High-speed execution of the AES, a world standard cryptographic algorithm
  • Support for AES-GCM, which is frequently included in the required specifications of smart meters
  • Functions for safely updating firmware
  • Easily combined with other device drivers for RX, RE MCUs or RZ MPUs
  • Learn More

Release Information

Target Device Note1 Product Name Version/Release Providing Method
RX23W
RX231
RX65N, RX651
RX66N
RX66T
RX72M
RX72N
RX72T
Trusted Secure IP Driver for RX Family (Source code version) Note2 Latest Ver.: V1.11 Release 00
Released: Oct. 20, 2020
Contact us
Trusted Secure IP Driver for RX Family (Binary version) Note2 Latest Ver.: V1.09 Release 00
Released: Jul. 10, 2020
Download: RX Family TSIP (Trusted Secure IP) Module Firmware Integration Technology Application Notes (ZIP | English, 日本語)
RE01 Trusted Secure IP Driver for RE Family Latest Ver.: V.1.01 Release 00
Released: Jul. 20, 2020
Contact us
RZ/A2M Trusted Secure IP Driver for RZ Family RZ/A2M Group Latest Ver.: V3.00
Released: Jun. 30, 2020
Contact us

Note

  1. Some MCUs in the listed groups do not include a TSIP module. Refer to the User's Manual: Hardware for the given group to check the type names of the MCUs that have a TSIP module.
  2. Please use the binary version when considering the prototype. In this case, please download.
    Please use the source code version when considering the mass production. In this case, please contact us. Users cannot change cryptographic functions.

Operating Environment

Documentation & Downloads

Components

  • Trusted Secure IP Driver main body
  • Trusted Secure IP Driver manual
  • Sample code demonstrating application of the Trusted Secure IP Driver
    1. Sample code for confirming the way user keys are written
    2. Sample code for confirming the secure updating of firmware from USB memory or UART.

Functions

Function Algorithm (mode/method) TSIP-Lite TSIP
RX23W, RX231, RX66T, RX72T,
RE01
RX65N, RX651, RX66N,RX72M, RX72N RZ/A2M
Public-Key Cryptography Signature generation and verification RSA (RSASSA-PKCS1-v1_5) lens lens
RSA (DSA)
ECC (ECDSA) lens
Encrypt/Decrypt RSA (RSAES-PKCS1-v1_5) lens lens
Key pair generation RSA 1024/2048 bit lens lens
(2048 bit only)
ECC P-192/224/256/384 lens
Symmetric-Key Cryptography AES-128/256 bit (ECB/CBC/GCM/CCM) lens lens lens
Triple-DES 56/56x2/56x3 bit (ECB/CBC) lens
ARC4 2048 bit lens
Message authentication AES-128/256 bit (CMAC) lens lens lens
Hash function SHA-1, SHA-224, SHA-256 lens
(SHA-1, SHA-256)
lens
(SHA-224, SHA-256)
MD5 lens
Random number generation lens lens lens
Key management function AES 128/256 bit lens lens lens
RSA 1024/2048 bit lens lens
(2048 bit only)
ECC P-192/224/256/384 lens
Triple-DES 56/56x2/56x3 bit lens
ARC4 2048 bit lens
Key update function AES 128/256 bit lens lens In Development
RSA 1024/2048 bit lens In Development
ECC P-192/224/256/384 lens
Triple-DES 56/56x2/56x3 bit lens
ARC4 2048 bit lens
SSL/TLS cooperation function TLS1.2 compliant
Supporting cipher suites:
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
lens lens
(TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256 only)
Key agreement ECDH 512 bit, DH 2048 bit lens
Key Wrap AES 128 bit/256 bit lens lens
Secure booting lens lens lens
Secure updating of firmware lens lens In Development

lens Available | — Unavailable

Maximum key length for each algorithm.

  • - AES: 256 bit
  • - RSA: 2048 bit
  • - DES: 56 bit
  • - Triple-DES: 168 bit
  • - ARC4: 2048 bit
  • - DH: 2048 bit
  • - ECDH: 512 bit
  • - ECDSA: 256 bit
  • - DSA 2048 bit / ECDSA 512 bit (Cryptographic algorithm for authentication): Not supported

Operating Environment

MCU RX Family RE Family RZ Family
IDE
  • CS+ V8.02.00 or later
  • e2 studio 2020-07
  • IAR Embedded Workbench for Renesas RX 4.14.01 later
IAR Embedded Workbench for ARM version 8.32.1 or later e2 studio V.7 or later e2 studio V.7.6.0
C Compiler C/C++ Compiler Package for RX Family V3.02.00 or later IAR C/C++ Compiler for ARM version 8.32.1 or later GCC ARM Embedded Version 6.3.1.20170620 GCC ARM Embedded Toolchain (6-2017-q2)
Debugger
  • IAR I-jet
  • Segger JLink
Segger JLink Segger JLink
Evaluation board RZ/A2M Evaluation Board Kit
(Contact us about details)
Evaluation board (optional) Note Wireless LAN expansion board package for RSK (includes Wireless LAN module (eWBC))(Part Number: RTK0ZZZZZZP00000BR)

Note: This board is required to check the operation of sample code for checking the secure updating of firmware via wireless LAN.

Purpose

  • Cryptographic communications among CPUs in equipment at sites or within equipment
  • Secure updating of firmware for embedded devices in general

Obtaining the product

We will provide the product to customers who will be adopting or plan to adopt a Renesas microcontroller. Please contact your local Renesas Electronics sales office or distributor.