Overview

Topics

The Trusted Secure IP Driver for RX Family V.1.21 has been released (Added support for TLS 1.2 server function).

This product enables secure updating of flash ROM embedded in MCUs and in preventing illicit firmware being booted up (secure booting). This driver controls AES, AES-GCM, AES-CMAC encryption and decryption and the generation of random numbers through high-speed hardware calculation by the Trusted Secure IP modules. As a result, this driver can help you to protect "Internet-of-Things" (IoT) embedded devices from viral infections and eavesdropping. Trusted Secure IP includes a full-function version "TSIP" and limited function version "TSIP-Lite".

Components

  • Trusted Secure IP Driver main body
  • Trusted Secure IP Driver manual
  • Sample code demonstrating application of the Trusted Secure IP Driver
    1. Sample code for confirming the way user keys are written
    2. Sample code for confirming the secure updating of firmware from USB memory or UART (In the case to use this sample code, please contact us).
    3. Sample code for confirming the way to use AES Cryptography
    4. Sample code for confirming the way to implement TLS
  • Cryptographic functions which provide advanced security can be embedded in mass-produced products at low cost
  • High-speed execution of the AES, a world standard cryptographic algorithm
  • Support for AES-GCM, which is frequently included in the required specifications of smart meters
  • Functions for safely updating firmware
  • Easily combined with other device drivers for RX, RE MCUs or RZ MPUs
  • Learn More
Target Device Note1Product NameVersion/ReleaseProviding Method
RX23W
RX231
RX26T
RX65N, RX651
RX66N
RX66T
RX671
RX72M
RX72N
RX72T		Trusted Secure IP Driver for RX FamilyLatest Ver.: V1.21 Release 00
Released: Jun. 28, 2024		Download: RX family TSIP(Trusted Secure IP) Module Firmware Integration Technology Rev.1.21 - Sample Code (ZIP)
RE01Trusted Secure IP Driver for RE Family (Source code version)Latest Ver.: V.1.01 Release 00
Released: Jul. 20, 2020		Please contact Renesas sales division.
Trusted Secure IP Driver for RE Family (Binary version)Latest Ver.: V.1.01 Release 00
Released: Nov. 6, 2020		Please contact Renesas sales division.
RZ/A2MTrusted Secure IP Driver for RZ Family RZ/A2M GroupLatest Ver.: V3.00
Released: Jun. 30, 2020		Contact us

Note

  1. Some MCUs in the listed groups do not include a TSIP module. Refer to the User's Manual: Hardware for the given group to check the type names of the MCUs that have a TSIP module.

Documentation
Type Title Date
Application Note
RX family Implementing TLS Using TSIP Driver Rev.1.03
PDF 978 KB 日本語
Application Note
RX family TSIP(Trusted Secure IP) Module Firmware Integration Technology Rev.1.21
PDF 7.53 MB 日本語
Related Files:
Application Note
RX Family OTA Update in FreeRTOS by Implementing TLS Communication Using the TSIP Driver
PDF 5.72 MB 日本語
Application Note
RX Family TLS Implementation Example Using TSIP Driver (Azure RTOS) Rev.2.00
PDF 3.80 MB 日本語
Related Files:
Tool News - Note
[Notes]RX Family Note when using Secure Boot and Firmware Update demo project in TSIP Module Firmware Integration Technology package
PDF 139 KB 日本語
Application Note
RX family How to use AES Cryptography with TSIP Rev.1.02
PDF 1.41 MB 日本語
6 items

Design & Development

Additional Details

Functions

FunctionAlgorithm (mode/method)TSIP-LiteTSIP
RX23W, RX231, RX26T, RX66T, RX72T,
RE01		RX65N, RX651, RX66N, RX671, RX72M, RX72NRZ/A2M
Public-Key CryptographySignature generation and verificationRSA (RSASSA-PKCS1-v1_5)lens
(3072/4096 bit is only for signature verification)		lens
RSASSA-PSSlens
RSA (DSA)
ECC (ECDSA)lens
Encrypt/DecryptRSA (RSAES-PKCS1-v1_5)lens
(3072/4096 bit is only for encrypt)		lens
Key pair generationRSA 1024/2048 bitlenslens
(2048 bit only)
ECC P-192/224/256/384lens
Symmetric-Key CryptographyAES-128/256 bit (ECB/CBC/GCM/CCM)lenslenslens
AES-128/256 bit (CTR)lenslens
Triple-DES 56/56x2/56x3 bit (ECB/CBC)lens
ARC4 2048 bitlens
Message authenticationAES-128/256 bit (CMAC)lenslenslens
Hash functionSHA-1, SHA-224, SHA-256lens
(SHA-1, SHA-256)		lens
(SHA-224, SHA-256)
MD5lens
Random number generationlenslenslens
Key management functionAES 128/256 bitlenslenslens
RSA 1024/2048 bitlenslens
(2048 bit only)
ECC P-192/224/256/384lens
Triple-DES 56/56x2/56x3 bitlens
ARC4 2048 bitlens
Key update functionAES 128/256 bitlenslensIn Development
RSA 1024/2048 bitlens
(3072/4096 bit is only for public key)		In Development
ECC P-192/224/256/384lens
Triple-DES 56/56x2/56x3 bitlens
ARC4 2048 bitlens
SSL/TLS cooperation functionTLS1.2 compliant
Supporting cipher suites:
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256		lenslens
(TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256 only)
TLS1.3 compliant
Supporting cipher suites:
TLS_AES_128_GCM_SHA256
TLS_AES_128_CCM_SHA256		lens
Key agreementECDH 512 bit, DH 2048 bitlens
Key WrapAES 128 bit/256 bitlenslens
Secure bootinglenslenslens
Secure updating of firmwarelenslensIn Development

lens Available | — Unavailable

Maximum key length for each algorithm.

  • - AES: 256 bit
  • - RSA: 4096 bit
  • - DES: 56 bit
  • - Triple-DES: 168 bit
  • - ARC4: 2048 bit
  • - DH: 2048 bit
  • - ECDH: 512 bit
  • - ECDSA: 256 bit
  • - DSA 2048 bit / ECDSA 512 bit (Cryptographic algorithm for authentication): Not supported

Operating Environment

MCURX FamilyRE FamilyRZ Family
IDE
  • CS+ V8.02.00 or later
  • e2 studio 2020-07
  • IAR Embedded Workbench for Renesas RX 4.14.01 later
IAR Embedded Workbench for ARM version 8.32.1 or latere2 studio V.7 or latere2 studio V.7.6.0
C CompilerC/C++ Compiler Package for RX Family V3.03.00 or laterIAR C/C++ Compiler for ARM version 8.32.1 or laterGCC ARM Embedded Version 6.3.1.20170620GCC ARM Embedded Toolchain (6-2017-q2)
Debugger
  • IAR I-jet
  • Segger J-Link
Segger J-LinkSegger J-Link
Evaluation board
  • Evaluation Kit RE01 1500KB
  • Evaluation Kit RE01 256KB

(Please contact Renesas sales division.)

RZ/A2M Evaluation Board Kit
(Contact us about details)
Evaluation board (optional) NoteWireless LAN expansion board package for RSK (includes Wireless LAN module (eWBC))(Part Number: RTK0ZZZZZZP00000BR)

Note: This board is required to check the operation of sample code for checking the secure updating of firmware via wireless LAN.

Purpose

  • Cryptographic communications among CPUs in equipment at sites or within equipment
  • Secure updating of firmware for embedded devices in general

Obtaining the product

We will provide the product to customers who will be adopting or plan to adopt a Renesas microcontroller. Please contact your local Renesas Electronics sales office or distributor.