Baochip-1x: A Mostly-Open, 22nm SoC for High Assurance Applications
4 days ago
- #RISC-V
- #hardware-security
- #open-source
- Baochip-1x is a mostly-open, full-custom silicon chip fabricated in TSMC 22nm, targeted at high assurance applications.
- It is a security chip and general-purpose microcontroller, filling a gap between Raspberry Pi RP2350 and NXP iMXRT1062.
- Part of the Betrusted initiative, it stems from work with Ed Snowden on hardware trustworthiness in mass surveillance contexts.
- Features a 350MHz Vexriscv CPU with MMU, quad 700MHz PicoRV32 I/O processors, 4MiB RRAM, and 2MiB SRAM.
- Includes secure element features like TRNG, cryptographic accelerators, secure mesh, glitch sensors, and ECC-protected RAM.
- Fabricated using a fully-production qualified TSMC process with a dedicated mask set, capable of mass production.
- Key differentiator is the inclusion of an MMU, rare in microcontrollers of this class, enabling secure, loadable apps.
- Advocates for older, time-tested security features like MMU and AES over newer, less proven technologies.
- Critiques the lack of MMUs in embedded SoCs, tracing it back to ARM7TDMI's influence and ARM's market segmentation.
- Baochip-1x leverages RISC-V and open-source implementations to break free from proprietary constraints.
- Partially-open RTL approach balances openness with practicality, allowing for community-driven development and ARM de-leveraging.
- Hitchhiked on Crossbar's 22nm chip design to include custom CPU cores without significant cost.
- Open-source strategy faces paradox in security certifications, where closed-source flaws are deemed more secure.
- Early sampling program underway, with production-qualified silicon expected soon and evaluation boards available for pre-order.
- Discusses potential security vulnerabilities in Crossbar's AES implementation and plans for red team testing.