IC:

Overview

Security Image Protection (RSIP) is specifically designed for firmware protection. It uses the AES algorithm to encrypt all or part of the data in the Flash memory, preventing illegal firmware copying and product cracking. Even if the Flash is read, it cannot be run on other chips without the correct programmed key, thereby preventing firmware cloning. At the same time, the OTP key in the SOC restricts booting to specific firmware only, increasing the difficulty of attacks on the chip.

../../rst_rtos/3_nda_rsip/figures/rsip_work_flow.svg

RSIP Workflow:

  • Development and Production Stage: The compiler generates plaintext firmware. In the post-processing stage, the firmware is encrypted by the RSIP key to generate ciphertext firmware. On the production line, the RSIP key is programmed into the OTP area, and the ciphertext firmware is programmed into the flash.

  • Storage Stage: The firmware in the product flash is encrypted. After leaving the factory, the RSIP key cannot be read, so the product cannot be cloned.

  • Running Stage: When the CPU is executing in XIP (execute in place) mode or reading the image, RSIP automatically decrypts the ciphertext using the RSIP key in the OTP area and returns plaintext to the CPU. The decryption process has almost no impact on execution efficiency.