One successful year in for Raspberry Pi’s second-gen microcontroller RP2350, we’re releasing a new version — the chip’s A4 stepping — addressing bugs and security vulnerabilities.

A new RP2350 Hacking Challenge also launches on Tuesday: we think we’ve made something resistant to side-channel analysis, and we’re challenging people to prove us wrong.

What’s new with RP2350?

• New A4 stepping has numerous security and other improvements, including fixes for:
  
  
  • The glitching bugs that our 2024 Hacking Challenge identified in the A2 stepping, all of which required physical access to the chip in order to exploit them.
    
    
  • The E9 GPIO erratum (related to GPIO pull-ups).
    
    
• A4 stepping is a drop-in replacement for the earlier A2 stepping.
  
  
• GPIO now qualified as 5V-tolerant, great for retro computing hackery and other 5V IO-related use cases (chip must remain powered while 5V IOs are used; details in updated datasheet to be released on Tuesday).
  
  
• RP2354A and RP2354B variants with 2MB of stacked-in-package QSPI flash available from Tuesday.
  
  
• The A4 stepping will be available from Tuesday from Raspberry Pi Approved Resellers and distributors, including JLCPCB.

Software updates
Version 2.2.0 of pico-sdk, pico-examples, and picotool released, supporting RP2040 and RP2350 and including:

• Numerous bug fixes, documentation improvements, and new features.
  
  
• Newly hardened AES decryption code with high resistance against side-channel attacks.
  
  
• New support for self-decrypting binaries, where the tooling will AES-encrypt your code into flash memory and embed a bootloader that will decrypt your code/data to RAM before running.
  
  
• New RP2350 examples for encryption, OTA (over-the-air) update, and UART bootloading.
  
  
• Users should note that: version 2.1.0 or later of pico-sdk is required for the A4 stepping of RP2350.

Security through transparency: RP2350 Hacking Challenge 2

• Our 2024 RP2350 Hacking Challenge was a hit: security through transparency works. We learned a ton from the four winners who identified ways to exploit vulnerabilities, given physical access to the device.
  
  
• We think our new hardened AES implementation is resistant to side-channel attacks (SCA), and we challenge people to prove us wrong!
  
  
• This new software was developed to allow customers to encrypt their application code and data when they are stored in flash memory, and have these loaded into internal SRAM, where our AES software library will decrypt the application in place, using cryptographic key material and a per-device salt (random value) squirreled away in the one-time programmable storage on-chip.
  
  
• Once again, we’ve worked with Thomas “stacksmashing” Roth (website, LinkedIn) and Hextree to develop this challenge as well as test our new AES implementation.
  
  
• We’re going back to the DEF CON Hacking Conference this year, where we’ll be giving demos and running a few workshops as part of the Embedded Systems Village.
  
  

Raspberry Pi microcontrollers in embedded applications

• We’re seeing RP2350 in drones, industrial automation, synthesisers, electronics development tools, space hardware, premises management, robotics, and more. You can browse some of these in our Powered by Raspberry Pi product catalogue.
  
  
• In June we launched Raspberry Pi Radio Module 2, a pre-certified radio co-processor that provides turnkey wireless connectivity for RP2040- and RP2350-based products.
  
  
• We continue to build out our support for OEM customers integrating Raspberry Pi microcontrollers and other technology into their products, for example with extensive Global Market Access support.