Renesas Introduces How Secure Boot Is Realized on Both Types of Devices

2021-12-30 Renesas
SoC,RH850,Renesas SoC,RH850,Renesas SoC,RH850,Renesas SoC,RH850,Renesas

Hi, I’m Satoshi Yamanaka, Principal Engineer for Automotive Security at RENESAS. I’ve been on the security team at Renesas for 3 years. My division is responsible for automotive security, and we are in charge of customer support. We are glad to be able to convey the importance of automotive security to our customers through this blog. This blog article, part 2 in a three-part series, aims to give readers a basic understanding of what secure boot is and why it is needed.


There are 2 types of security IP on RH850 MCUs, ICU-S and ICU-M. In this blog article, we introduce how secure boot is realized on both types of devices.


Secure boot in ICU-S and ICU-M can be implemented based on HIS (now AUTOSAR) Secure Hardware Extension (SHE) specification. If you want more information about the SHE specification, please refer to AUTOSAR SHE (URL: Specification of Secure Hardware Extensions (autosar.org)). Everyone can get the SHE specification from AUTSAR SHE site.

Secure boot implementation method using ICU-S on RH850

ICU-S is Intelligent Cryptographic Unit equivalent of EVITA light.


Security software works on the Main Processor Element (MainPE) in ICU-S MCUs. MainPE can use hardware resources in the ICU-S module, such as cryptographic accelerators and secure key storage, through the special function register interface of the ICUS.

ICU-S does not have a dedicated security-only CPU. Secure Boot runs from the non-secure CPU (PE1). To prevent tampering, the initial secure boot logic is stored in One Time Program (OTP) memory. The reset vector must point to this immutable of code to prevent tampering. Along with OTP, secure boot on ICUS devices uses the secure boot MAC key and secure boot MAC slots stored protected within the ICUS. In this strategy, the OTP memory and ICUS create the Root of Trust.


Method Summary:

·Hardware Root of Trust:OTP flash memory and storage of keys protected in ICUS

·Tamper resistance:MAC and MAC key are securely stored in the protected ICUS memory

·Cryptographic Algorithm:CMAC (NIST SP 800-38B)

Staged secure boot example using ICUS on RH850:

1.After MCU reset, CPU(PE1) starts and runs the secure boot program located in OTP memory.

2.The secure boot program verifies the User Program A.

·Secure boot program calculates the CMAC value from User Program A and Boot MAC key.

·Secure boot program verifies the calculation result and “CMAC value of Program A”(Note1).

3.If verification in step 2 passes, PE1 operates User Program A and verifies User Program B with help of the ICU-S.

·Same as step 2 (Program A -> Program B).

4.If verification in step 3 passes, User program (Program B) is executed by PE1.


Secure boot implementation method using ICU-M on RH850

ICU-M is the Renesas Intelligent Cryptographic Unit meeting the EVITA medium use case.


MCUs featuring ICU-M have a separate ICU-M processor called the Intelligence Cryptographic Unit Processor (ICUP). Security software runs entirely on the ICUP. ICUP has exclusive access to the hardware resources in the ICU-M, such as cryptographic accelerators and secure flash memory. Additionally, the ICUP can access some shared resources for communication with the Main Processor Element (MainPE).


Application software operating on the MainPE cannot directly access resources in ICU-M, such as cryptographic accelerators and secure flash. Therefore, the MainPE must request security services to ICUP through a defined communication interface. This interface is defined by the ICUM firmware design. MCUs featuring ICUM support inter processor communication through shared memory mailboxes as well as inter processor interrupts.

On devices with ICUM, Secure Boot runs from the secure ICUP. The initial secure boot logic is stored in secure code storage accessible only ICU-M. The secure boot implementation verifies the application using a secure boot key stored within the protected ICUM data flash. The secure boot key and ICUM form the hardware “Root of Trust”. After reset, the ICUP starts first and performs secure boot of the application software. After verification, the ICUP releases other processor elements in the MCU from the reset state and starts operation. As mentioned earlier, hardware resources in ICU-M, such as cryptographic accelerators and secure flash memory, are exclusively accessed by the ICUP.


Method Summary:

·Hardware Root of Trust:

ICU-M hardware. and Secure boot program on Secure Code Flash. (Attacker cannot change Secure boot program protected by ICU-M hardware)


·Tamper resistance:
Boot MAC is stored in protected data flash only accessible to ICUM.

·Cryptographic Algorithms:

CMAC (NIST SP 800-38B)

RSA Digital Signature Algorithm

Staged secure boot example using ICUM in RH850 MCU (symmetric algorithms)

1.ICUP is configured to be the boot processor after MCU reset.

2.User Program A is verified by Secure boot program in ICU-M.

    Secure boot program calculates the CMAC value from User Program A and Boot MAC key.

    Secure boot program verifies the calculation result and “CAMC value of Program A”.

3.If verification in step 2 passes, CPU(PE1) is started by ICUM (Security Software)

4.PE1 operates User Program A and verifies User Program B to use Secure software.

    Same as step 2 (Program A -> Program B).

5.If verification in step 4 passes, User Program B is operated by PE1.

Staged secure boot example using ICUM in RH850 MCU (asymmetric algorithms)

1.ICUP is configured to be the boot processor after MCU reset.

2.User Program A is verified by Secure boot program in ICU-M.

    Secure boot program calculates the message digest(hash) from User Program A.

    Secure boot program calculates the message digest from Signature of Program A and Public key.

    Secure boot program verifies both message digest.

3.If verification in step 2 passes, CPU(PE1) is started by ICUM (Security Software)

4.PE1 operates User Program A and verifies User Program B to use Secure software.

    Same as step 2 (Program A -> Program B).

5.If verification in step 4 passes, User Program B is operated by PE1.


Conclusion

In summary…

1.ICU-S and ICU-M can make “root of trust” and “chain of trust”.

2.Secure boot in ICU-S and ICU-M can be implemented based on AUTOSAR (SHE) HIS.

3.Secure boot in ICU-M can be implemented based on signature verification.


Keep an eye out for part three in our secure boot series where Phil Lapczynski-san will introduce secure boot concepts on our R-Car SoC devices.


技术资料,数据手册,3D模型库,原理图,PCB封装文件,选型指南来源平台:世强硬创平台www.sekorm.com
现货商城,价格查询,交期查询,订货,现货采购,在线购买,样品申请渠道:世强硬创平台电子商城www.sekorm.com/supply/
概念,方案,设计,选型,BOM优化,FAE技术支持,样品,加工定制,测试,量产供应服务提供:世强硬创平台www.sekorm.com
集成电路,电子元件,电子材料,电气自动化,电机,仪器全品类供应:世强硬创平台www.sekorm.com
  • +1 赞 0
  • 收藏
  • 评论 0

本文由Batman转载自Renesas,原文标题为:Achieving a root of trust with secure boot in automotive RH850 and R-Car devices – Part 2,本站所有转载文章系出于传递更多信息之目的,且明确注明来源,不希望被转载的媒体或个人可与我们联系,我们将立即进行删除处理。

评论

   |   

提交评论

全部评论(0

暂无评论

相关推荐

Achieving A Root of Trust With Secure Boot in Automotive RH850 and R-Car Devices

Renesas R-Car devices leverage hardware as the secure root of trust for building dependable, secure systems.

设计经验    发布时间 : 2021-12-27

【经验】以RH850/F1K MCU为例,分享怎么提高CPU使用效益

某客户在做基于RH850/F1K的开发时用到了浮点运算功能,在运行浮点运算函数时发现CPU利用率比较高,响应速度比较慢,运行不正常,怀疑是MCU内部资源问题。

设计经验    发布时间 : 2023-06-21

【经验】注意,MCU温度等级不同,CPU最高支持频率也不同

以瑞萨电子RL78/F1x为例,此系列MCU应用于汽车电子控制器,集成了车身控制需要的各种丰富接口,拥有能够进行独立控制和诊断的CAN接口,优异的安全性能和可靠性,分为三个温度等级,Grade L为105℃,Grade K为125℃,Grade Y为150℃。针对温度等级Grade L,CPU所支持的最高频率为32MHz······

设计经验    发布时间 : 2019-08-23

复旦微电子(FMSH)MCU产品选型指南

描述- 从上世纪90年代初开始,深耕智能电表领域二十余年,成为智能电表专用MCU领域的领头羊。公司在不断推出满足市场需求的低功耗MCU产品系列的同时,也在不断完善产品的生态系统,致力于为客户提供可靠性高、平台化优、易用性强、资源丰富的MCU产品。目前复旦微MCU已广泛应用于智能电表、汽车电子、智能水气热表、工业控制、仪器仪表、电机驱动、传感检测、家用电器、消费电子、健康医疗、智能家居、物联网、新能源等多个领域。

型号- FM33M0XX系列,FM33LC045N,FM33LG023A,MG33M068ER,MG33M026ER,FM3316,FM3318,FM33FR045,MG33A045EV,FM33FT056A,FM33A0XXEV系列,FM33FR046,FM33FR043,FM33FR044,FM33FT028A,FM33LE0XXEVB系列,FM33A065EVB,FM33LE0XXA SERIES,FM33A0610EVB,FM33A0XXEV SERIES,FM33A0XX系列,FM33LC046N,MG33M0410ER,FM33A0410EV,FM33KF5XX,FM33LC022N,FM33LG0XXA,FM33FR056,FM33A0XXEVB系列,FM33FR054,FM33FR055,FM33FR053,FM33LG0XXEV系列,MG33M0XXER系列,FM33FR0XX SERIES,FM33A068EVB,FM33FR048,FM33LE0XX SERIES,MG33M0610ER,FM33LG048A,FM33LE0XXA系列,FM33LG0XX系列,MG33M046ER,FM33LG013A,FM33LC015N,FM33LG025A,FM33LC043N,FM33FR023,FM33FR024,FM33FT046A,FM33LC015M,FM33FT058A,FM33M0XX,FM3308,FM33A065EV,FM33LG0XX,FM33LC016N,FM33FR028,FM33FR026,FM33KT5XX,FM33LE015A,FM33A0XXEV,FM33LG026A,FM33LC0XXM SERIES,FM33LC0XXU SERIES,FM33FT0XXA SERIES,FM33L0XX,FM33LC013N,FM33LC025N,MG33M066ER,FM33G0XX系列,FM3316系列,FM33FT0XXA,FM33FT0XXA系列,FM33FR0XX,MG33M0XXER SERIES,FM33LG0XX SERIES,FM23XX,FM33FT048A,FM33LE015,FM33LE016,FM33LG0XXEV,FM33LE012,FM33LE013,MG33M028ER,FM33LG015A,FM33LC044NR,FM33LC0XXU,FM33LC026N,FM33LC042N,FM33A068EV,FM33FR0510,MG33M0XXER,FM33LE0XX系列,FM33FT0510A,MG33M0XX,FM33LE0XX,FM33LG025,FM33LG026,FM33G0XX,FM33LC0XXN SERIES,FM33LE013A,FM33LE025A,FM33LG016A,FM33LG0XXA SERIES,FM33LC023N,FM33LG045A,MG33M048ER,FM33FR0XX系列,FM33A048EVB,FM331X,FM33A0XXEVB,FM33A0XXEVB SERIES,FM33A0410EVB,FM33LE0XXA,FM33LF0XX,FM33FT026A,FM33LE0XXEVB,FM33FR058,FM33LC046U,FM33A0610EV,MG33A045EVB,FM33LC0XXN,FM33LC012N,FM33A048EV,FM33LC012M,FM33LG046A,FM33LC0XX系列,FM33LC0XXM,FM33LE023A,FM33LG045,FM23XX系列,FM33A0XX,FM33LE026,FM33LC0XX,FM33LG0XXA系列,FM33LE022,FM33LE023,FM33LG046,FM33L0XX系列,FM33LE025,FM33LG048,FM33LC023U

选型指南  -  复旦微电子  - 2022/10/31 PDF 中文 下载

NOVOSENSE Released NSUC1610 Micro&Special Motor Driver SoC for Automotive-qualified Chips

NOVOSENSE NSUC1610 integrates a Cortex M3 processor, power MOSFET, and DAC. It supports a 4-wire LIN bus and dual-channel temperature sensor which can be used for power-side over temperature shutdown and low-voltage-side temperature detection inside the Automotive-qualified chip.

产品    发布时间 : 2023-09-27

What is the Difference between CPU and MCU?

CPU (Central Processing Unit): The CPU is the core component of a computer system, responsible for executing instructions and processing data. It is typically used in systems with high performance requirements, such as personal computers, servers, and high-performance computing devices. MCU (Microcontroller Unit): An MCU is a single-chip system that integrates a processor core, memory, and peripherals, designed specifically for control applications. MCUs are commonly used in embedded systems such as home appliances, automotive electronics, and industrial control.

技术探讨    发布时间 : 2024-10-18

Six New Models of Cmsemicon MCU BAT32A2 Series Passed AEC-Q100 Automotive Certification

Cmsemicon announced that the automotive-grade MCU BAT32A2 series automotive certification is progressing well, and has passed the AEC-Q100 Grade 1 automotive grade reliability certification by the authoritative third-party testing and certification organization SGS.

产品    发布时间 : 2023-09-29

Geehy’s G32A1445 Automotive General-Purpose MCU Certified by TÜV Rheinland for ISO 26262 ASIL-B

On May 16, 2024, Geehy’s G32A1445 automotive general-purpose MCU officially received the ISO 26262 ASIL-B functional safety certification from TÜV Rheinland.

产品    发布时间 : 2024-05-31

数据手册  -  WILLSEMI  - Version 1.0  - January 2022 PDF 英文 下载

Cmsemicon‘s 32-bit Automotive-Grade MCU BAT32A237 Wins the Automotive Market Breakthrough of 2023 Year Award

At the 2024 Semiconductor Investment Annual Meeting & IC Industry Award Ceremony, Cmsemicon has once again received good news, as its automotive-grade chip series BAT32A237 has been honored with the “Automotive Market Breakthrough of the Year Award“ for its advantageous market share and positive reviews.

产品    发布时间 : 2024-01-18

世强目前有代理riscv的mcu吗?

世强代理的RISC-V内核MCU厂家越来越多,还在不断增长。 国外厂家有瑞萨 【产品】瑞萨推出全新RISC-V MCU R9A02G020,优化先进电机控制系统设计和降低用户开发成本 国内厂家介绍如下: 广芯微内置32位RISC-V内核的PD SoC芯片UM3506,最高主频33MHz 全球首家全栈自研RISC-V内核的通讯接口芯片/全栈MCU供应商沁恒(WCH) RISC-V内核低功耗32位MCU,中移芯昇授权世强先进全线代理 芯昇科技携多款芯片产品亮相ICDIA,助力RISC-V生态发展 先楫半导体提供多系列通用MCU,以开源的RISC-V架构为核心,综合性能达世界领先水平 航顺芯片首次进入胡润全球独角兽榜,已量产中国第一颗M3+RISC-V多核MCU 中微半导体积极推动RISC-V架构安全化、智能化,共筑国产安全芯片生态 博流业界第一款基于RISC-V CPU的WI-FI+BLE双模SoC芯片,打造智慧家居AIoT芯片平台 璇玑CLE系列是核芯互联基于32位RISC-V内核推出的通用嵌入式MCU处理器 方寸微电子加入RISC-V产业联盟,推动安全芯片国产化,打破国外芯片技术垄断

技术问答    发布时间 : 2019-12-09

数据手册  -  WILLSEMI  - Version 1.2  - July 2024 PDF 英文 下载

Automotive-grade MCU BAT32A237 from Cmsemicon Wins the 2023 Automotive Chip Top 50 Award

In the “Chip to E-Town” Automotive Chip Competition 2023, the Automotive-grade MCU BAT32A237 from Cmsemicon was recognized for its outstanding performance and awarded the 2023 Automotive Chip Top 50 in this automotive chip competition.

产品    发布时间 : 2024-01-19

MindMotion‘s First Automotive MCU MM32A0144 Has Passed AEC-Q100 Automotive Certification

MM32A0144 (MM32A0144C6PM), MindMotion‘s first automotive product series, has passed AEC-Q100 automotive-grade reliability test from a third-party authority. MM32A0144, featured with high performance, low power consumption and high reliability, can meet the needs of the automotive electronics industry.

原厂动态    发布时间 : 2023-06-10

WAYON Launches AEC-Q100 Automotive Grade 8-bit MCU – WY8A8503

WAYON WY8A8503 Automotive Grade 8-bit MCU adopts a TSSOP20 package form, supporting a wide voltage operating range of 2.5V to 5.5V. It has a main frequency of 16MHz, 16KB Flash, and 512B+256B RAM. It integrates two UARTs, one standard SPI, one standard I2C, and enhanced 6-channel PWM and 8-channel 12-bit ADC.

产品    发布时间 : 2024-08-11

展开更多

电子商城

查看更多

品牌:瑞纳捷

品类:高性能防复制加密芯片

价格:¥0.7000

现货: 1,234,500

品牌:瑞纳捷

品类:MCU

价格:¥0.5500

现货: 740,897

品牌:兴威帆

品类:实时时钟IC

价格:¥5.8500

现货: 585,235

品牌:兴威帆

品类:实时时钟IC

价格:¥8.0100

现货: 498,360

品牌:兴威帆

品类:实时时钟IC

价格:¥2.5000

现货: 459,602

品牌:兴威帆

品类:实时时钟IC

价格:¥1.8000

现货: 396,520

品牌:武汉芯源

品类:通用MCU

价格:¥8.4750

现货: 300,010

品牌:武汉芯源

品类:通用MCU

价格:¥7.6275

现货: 300,000

品牌:武汉芯源

品类:通用MCU

价格:¥7.0625

现货: 300,000

品牌:武汉芯源

品类:通用MCU

价格:¥7.6275

现货: 300,000

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

现货市场

查看更多

品牌:RENESAS

品类:32-BIT GENERAL MCU

价格:¥257.6400

现货:58,799

品牌:RENESAS

品类:16-BIT MCU

价格:¥5.5190

现货:910,635

品牌:RENESAS

品类:MCU

价格:¥5.1500

现货:200,000

品牌:RENESAS

品类:MCU

价格:¥5.8041

现货:86,925

品牌:RENESAS

品类:32-BIT GENERAL MCU

价格:¥7.3800

现货:76,715

品牌:RENESAS

品类:32-BIT GENERAL MCU

价格:¥15.3000

现货:75,000

品牌:RENESAS

品类:MCU

价格:¥25.3732

现货:42,346

品牌:RENESAS

品类:MCU

价格:¥19.4999

现货:39,718

品牌:RENESAS

品类:MCU

价格:¥39.8484

现货:38,160

品牌:RENESAS

品类:MCU

价格:¥78.9058

现货:34,935

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

品牌:

品类:

价格:

现货:

服务

查看更多

TFT LCD液晶显示屏/模组定制

可定制显示屏的尺寸0.96”~15.6”,分辨率80*160~3840*2160,TN/IPS视角,支持RGB、MCU、SPI、MIPI、LVDS、HDMI接口,配套定制玻璃、背光、FPCA/PCBA。

最小起订量: 1000 提交需求>

高热流密度液冷板定制

定制液冷板尺寸5mm*5mm~3m*1.8m,厚度2mm-100mm,单相液冷板散热能力最高300W/cm²。

最小起订量: 1片 提交需求>

查看更多

授权代理品牌:接插件及结构件

查看更多

授权代理品牌:部件、组件及配件

查看更多

授权代理品牌:电源及模块

查看更多

授权代理品牌:电子材料

查看更多

授权代理品牌:仪器仪表及测试配组件

查看更多

授权代理品牌:电工工具及材料

查看更多

授权代理品牌:机械电子元件

查看更多

授权代理品牌:加工与定制

世强和原厂的技术专家将在一个工作日内解答,帮助您快速完成研发及采购。
我要提问

954668/400-830-1766(工作日 9:00-18:00)

service@sekorm.com

研发客服
商务客服
服务热线

联系我们

954668/400-830-1766(工作日 9:00-18:00)

service@sekorm.com

投诉与建议

E-mail:claim@sekorm.com

商务合作

E-mail:contact@sekorm.com

收藏
收藏当前页面