Image
Makoto Endo
Makoto Endo
Principal Product Marketing Specialist
Published: November 24, 2023

The Security Renesas Solution Starter Kit (RL78/F24 Security RSSK) for RL78/F23, F24 introduced in Part 2 of the September 2022 Blog “First Security Solution for the 16-bit RL78 Automotive MCU Makes Its Debut!” has been completed. It will be officially released in 1Q of 2024.

RL78/F24 Security RSSK can perform security functions such as encryption/decryption, secure boot, key registration, random number generation, and challenge and response (C&R) using only the built-in software (Hello world) and GUI tool operations. Users with a signed NDA can use it to develop security functions, and users without NDA unsigned can use it to study security. In addition to the security dedicated board, a USB cable and CD-ROM (containing GUI tools, manuals, etc.) are included in the package. Users can get started right away once installing the GUI tools onto your computer, connecting the board to computer with the USB cable.

Figure 1 shows the RL78/F24 Security RSSK board layout. It is equipped with Debugger I/F (E2/E2-lite connection), Communication I/F (CAN/CAN FD I/F, LIN I/F) and USB (Micro B) - serial I/F (serial communication, power supply). The initial setting is debugger connection disabled. By passing NDA authentication, you can connect to a debugger and write and debug user programs. C&R is used for NDA authentication (see Figure 2). EEPROM is used for reprogramming demonstration.

Image
Figure 1 RL78/F24 Security RSSK Board Layout
Figure 1 RL78/F24 Security RSSK Board Layout
Image
Figure 2 NDA authentication flow
Figure 2 NDA authentication flow

Table 1 shows the main functional differences between NDA signed/unsigned. In addition, if NDA unsigned users conclude NDA after purchasing RL78/F24 Security RSSK, there is no need to repurchase RL78/F24 Security RSSK again. By passing NDA authentication, Functional restrictions can be removed.

Table 1 Main functional differences depending on whether NDA is concluded or not
FunctionNDA signed usersNDA unsigned users
Hardware
Board
Security dedicated board with RL78/F24 written with sample key and software (Hello world)Security dedicated board with RL78/F24 written with sample key and software (Hello world)
Software
GUI tool
(CD-ROM included)
  • Hello World project set
  • BOOT_LOADER_SETTING_TOOL
  • KEY_SETTING_TOOL
  • CandR_GUI_TOOL_for_TEST
  • Hello World project set
  • BOOT_LOADER_SETTING_TOOL
  • KEY_SETTING_TOOL
    (All of the above cannot be used)
  • CandR_GUI_TOOL_for_TEST
SETUP procedureNDA authentication with C&R, debugger connection can be enabled with authentication PASS
 
Only connect PC and USB
*Debugger cannot be connected
Encryption/DecryptionPossiblePossible
Key registrationPossibleImpossible
*Only registered keys for samples can be used.
CMAC creation/verificationPossiblePossible
Secure Boot by HWPossibleImpossible
Secure Boot by SWPossiblePossible
*Only PASS/FAIL can be confirmed
Random number generationPossiblePossible
Initialize key storagePossibleImpossible
C&R experiencePossiblePossible

Figure 3 shows the command execution launched by NDA unsigned users through serial communication using a terminal emulator (Tera Team is used in the figure). It is possible to select the displayed items 1 to 19 to execute security functions. By passing NDA authentication, all items will be displayed for NDA-signed users.

Image
Figure 3 Command execution for NDA unsigned users
Figure 3 Command execution for NDA unsigned users
Image
Figure 4 Encryption in ECB mode
Figure 4 Encryption in ECB mode

Following are GUI tools included on the CD-ROM.

  • BOOT_LOADER_SETTING_TOOL
    This tool can only be used by NDA-signed users. It is possible to generate MAC for Secure Boot (hardware) and create rfp-cli communication commands for RFP (Renesas Flash Programmer). The created communication command can be written to Code Flash of RL78/F24 via the debugger.

    Image
    Figure 5 BOOT_LOADER_SETTING_TOOL
    Figure 5 BOOT_LOADER_SETTING_TOOL
  • KEY_SETTING_TOOL
    This tool can only be used by NDA-signed users. It consists of 4 tabs: [M1-M5 [SHE standard]], [M1-M5 [SHE extended]], [Key storage information] and [Get ID]. At startup, only [Get ID] is active, NDA authentication is performed when GET ID is executed, and all tabs are active if the user has signed the NDA.
    Figure 6 shows [M1-M5 [SHE standard]]. When you fill in the necessary items, select them, and execute, SHE standard M1 to M5 data and the key used for data generation will be displayed. There is no need to perform complex and difficult calculations.

    Image
    Figure 6 KEY_SETTING_TOOL (128bit key registration data generation)
    Figure 6 KEY_SETTING_TOOL (128bit key registration data generation)


    Figure 7 shows the key information stored in Key storage. KEY_ID/KEY_NAME, key length, counter, key flag, key validity, and Key storage active block (A or B) are displayed.

    Image
    Figure 7 KEY_SETTING_TOOL (key storage information)
    Figure 7 KEY_SETTING_TOOL (key storage information)
  • C&R_TOOL
    It is possible to generate challenge data, response data, and verify response data. Figure 8 shows the response data generation. Select Response Generation, enter the necessary items, and then execute (RUN) to display the response data in the RESPONSE column. There is no need to perform complex and difficult operations such as KDF (key derivation function) or CMAC operations.
     

    Image
    Figure 8 C&R_TOOL (Response data generation)
    Figure 8 C&R_TOOL (Response data generation)


    Figure 9 shows the response data verification. Select Response Verification, enter the necessary items, and then execute (RUN) to display the results in a pop-up.
     

    Image
    Figure 9 C&R_TOOL (Response data verification)
    Figure 9 C&R_TOOL (Response data verification)

Solutions provided by this RSSK can be adapted to a variety of needs, such as those who want to efficiently develop security software in a short period of time without spending man-hours, those who want to automate difficult calculations, those who simply want to use security functions, and those who want to study security functions. Please take advantage of it.

Finally, Table 2 shows the security software provided free of charge. Although there is no guarantee or support, the source code is provided.

Table 2 Security software
ItemDescriptionRelease
Official versionSite
AESEA Sample
Security Driver*
Software for encryption/decryption, secure boot, CMAC generation, and verification based on AES encryption algorithmAvailable
(ver.1.21)
Security dedicated website
(Secure Portal)
SHA-256/384/512Software library for calculating hash values Output 256/384/512bit message digestAvailable
(ver.1.00)
Secure Portal
Products web page
RSA-2048/3072Software library for signature generation and verification of RSASSA-PKCS1-V1.5 with key length of 2048/3072 bitAvailable
(ver.1.01)
Secure Portal
Products web page
ECDSA*Software library for signature verification using elliptic curve digital signature algorithmDec-23Secure Portal

* NDA signed users only

If you are interested, please contact your local distributor or Renesas sales representative.

Share this news on