Security Mechanisms

Overview

This article introduces the security mechanisms and their usage in the RTL8752H chip. The security mechanisms include: Image Encryption, Key Security Storage, SWD Interface Control and Password Debug.

Image Encryption

The Image Encryption solution is developed based on Flash Security. The APP image can be encrypted or not according to your needs.

Flash Security (Flash-Sec for short), also known as Flash on-the-fly, is a technology that allows the CPU to directly access encrypted flash data. The principle is that when the CPU accesses Flash-Sec encrypted data, it first decrypts the data with the help of the Flash-Sec hardware module and then accesses the decrypted data.

Flash-Sec utilizes the AES encryption algorithm with CTR mode, and the encryption key length is 128 bits. Flash-Sec supports configuring up to 8 regions for users. Currently, Patch Image uses Region #0 by default, and App Image uses Region #1 by default.

Note

Please note that the base address of each region must be 4KB aligned.

During the IC startup process, the encrypted image will be initialized by Flash-Sec (region configuration, key setting, etc.). If the key is not burned or the burned key does not match the encryption key, Flash-Sec decryption will fail.

Key Security Storage

It is crucial to implement a special mechanism to safeguard the image encryption key from potential leakage since both the encryption and decryption processes employ the same 128-bit key. To address this, a new key’ is generated when passing the encryption key to the Encryption Tool. This newly generated key’ is also published and downloaded into the Flash Config of the IC.

During the download process, the Download Tool decrypts the new key’ to retrieve the original key and simultaneously reads the UUID of the IC. These pieces of information are combined to generate a new key’’, ensuring that each IC possesses a unique key (key’’). This approach helps enhance the security of the encryption process and mitigates the risk of key compromise.

SWD Interface Control

The SWD interface is a crucial debug port that plays a vital role in program debugging. However, it also introduces the risk of exposing data and code. To mitigate this risk, the security mechanism offers three methods to control the SWD interface: Open, Close, and Password Control. In the case of Password Control, the SWD interface remains closed unless the correct password is received through the UCI UART. This ensures that unauthorized access to the SWD interface is prevented unless the valid password is provided.

Password Debug

Similar to the encryption key, the password is programmed in the eFuse of the IC. When the password is received through the HCI UART, the IC will automatically reboot to verify if the password is correct. The function configured as Password Control remains closed unless the correct password is provided. Every time the IC reboots, the password needs to be retyped to activate the function.

Security Level

RTL8752H provides 3 security levels: 0, 1 and 2. A larger number indicates a higher security level, which will affect debugging and reprogramming of eFuse. Function control of each module under a different security level is listed in the below table. It is suggested to configure the security level to level 1 during minor trial production and level 2 in mass production.

Security Level

Security Level	SWD Control	eFuse Read	eFuse Write
0	Enable	Enable	Enable
1	Enable by password	Enable by password	Enable
2	Enable by password	Enable by password	Enable by password

Usage Example

Configure Encryption Key

Edit tools\keys\key.json file to configure OCEK and PASSWORD, where OCEK and PASSWORD are plaintext that need protection. When asking Realtek to do IC defect analysis, you need to provide the plaintext password here.

{
    "OCEK": "a1a2a3a4a5a6a7a8a9aaabacadaeafb0",
    "PASSWORD": "00112233445566778899aabbccddeeff"
}

Generate Encrypted APP Image

To generate a Flash-Sec encrypted APP image, the following modifications need to be made.

1. Change MACRO FEATURE_FLASH_SEC in App’s mem_config.h to 1, as shown in Enable APP encryption by Flash-Sec. The default value is 0, which means no encryption.

   

   Enable APP encryption by Flash-Sec

2. Keil Project: modify after_build_common.bat to ensure that --aesmode CTR is added at the end of the prepend_header command.

   

   Modification of after_build_common.bat

3. GCC Project: Modify Makefile to ensure that --aesmode CTR is added at the end of the prepend_header command.

Programming eFuse

Danger

When programming the eFuse on the RTL8752H, a voltage of 2.5V (±10%) must be supplied to avoid damage to the eFuse.

1. Generate the file to program eFuse in RD end.

   Above all, confirm that MP Tool is in debug mode: Click Type ‣ Debug item on the toolbar.

   

   Generate the file to program eFuse

   1. Click Browse button to import key.json file in RD Setting UI.

   2. Select the appropriate Security Level for the project.

   3. Click Confirm button to generate EfuseWrite.json file, which can be released to factory for programming eFuse.

2. Program eFuse in factory.

   Above all, confirm that MP Tool is in mass production mode: Click Type ‣ MP item on the toolbar.

   

   Select the file to be programmed in eFuse

   1. Tick Efuse in MP Setting UI and Select the file to be programmed in eFuse.

   2. Click MP Download ‣ Download to program eFuse.

Password Debug

When the security level is set to 1 or 2, the SWD interface is disabled as a security measure. However, developers can reactivate the SWD interface using the Password debug feature. This allows authorized developers to regain access to the SWD interface for debugging purposes while maintaining the overall security of the system.

Use PASSWORD to unlock SWD

The steps are as follows:

1. Open serial port in RD Download interface.

2. Tick Password.

3. Type in the plaintext of the password defined in the key.json file.

4. Click the Unlock button.

5. The IC will reboot.

6. The SWD interface will be reactivated after the reboot process.