Baochip-1x raises the bar on inspectable hardware, bringing you a system-on-chip (SoC) that you can check from the silicon all the way to the software. Not only is the entire bootloader open-source and NDA-free, most of the design source for the compute logic is open and NDA-free. To top it off, the chip comes in a package specifically designed to facilitate Infra-Red, In-situ (IRIS) inspection - a non-destructive way to look at the silicon and confirm you’ve got the right chip based on the pattern of transistors printed on the silicon itself.

You can get your hands on a Baochip-1x by pre-ordering the Dabao Evaluation Board in this campaign: a Baochip-1x mounted on a cost-optimized 2-layer board, targeted at entry-level embedded developers and hobbyists.

Security Should Be For Everyone. Period

Baochip-1x is positioned as a "general-purpose" microcontroller, yet it shares features normally found exclusively in NDA-only hardware secure elements: multiple cryptography accelerators, key stores, one-way counters, true random number generation, and hardware attack countermeasures such as glitch sensors and a security mesh.

At Baochip, we believe great security should be standard and open. Access to top-notch hardware security shouldn’t be only for the privileged elite, the well-connected, or big corporations: it’s long overdue for everyday product specs to assume these basic primitives as building blocks, so that we can build better, more secure products as a community.

Can something be both secure and fun to hack? We think so.

A core use case of embedded microcontrollers is interacting with real-world devices - sensors, LED strips, various bus standards. The Dabao’s Baochip-1x features the "BIO", a 700 MHz, quad-core PicoRV-powered I/O coprocessor that enables a wide range of I/O applications.

Each PicoRV core in the BIO has a dedicated 4 kiB RAM for code and data, and features register-mapped GPIOs, inter-processor communication, and event handling thanks to custom hardware extensions implemented over the base RV32-EMC architecture. Not only can the BIO bit-bang an LED strip, it can also render simple animations, freeing the main CPU for other applications, or simply being shut down for power savings.

I’ve really enjoyed hacking on the BIO, and I hope you do, too. The possibilities feel limitless, and if you’re a baremetal, assembly-language type of hacker, you’re going to love playing with the BIO. The BIO has a really solid "road feel" and because it’s open source, you can also check your code with RTL simulations.

Unlike comparable I/O cores on other microcontrollers, the BIO is 100% open source and patent-free - so anyone can make chips using the BIO IP. You’re not locked into buying Baochip silicon; in fact we have published a demo of the BIO RTL targeting an Arty A7 FPGA board.

Open architectures mean you can own your ideas - you are empowered to build your own versions of the hardware that runs them. You don’t have to trust us to be the corporate stewards of your chips. If you’re unhappy with our direction, we encourage you to fork the code and build your own, better version!

Trust It. Because You Can, Not Because You Must

Baochip changes the status quo by making evidence-based trust a core principle of its design. You, the user, will have reasons to trust the Dabao’s Baochip-1x CPU based on scientific evidence that is observable without access to a million-dollar microscope.

See the actual transistors inside Baochip using a technique called IRIS: all you need is a slightly modified CMOS microscope camera and LED illuminator. Learn more about IRIS and how to modify a camera.

In addition to being able to see the physical transistors, you can inspect the logical design behind the active compute portions of the chip by browsing the RTL in the Baochip-1x GitHub repository.

And of course, all of the code that comes on the chip in the form of its bootloader and OS is 100% open source and inspectable. Extra attention was given to the bootloader to ensure that anyone can reproduce the actual binary image using a GUIX toolchain.

Thanks to this design principle, Baochip-1x is well-suited as a hardware development framework for security-critical applications such as password managers, authenticators, and other high-assurance applications — or just bringing security to your everyday IoT project!

Comparisons

Here’s how the Dabao stacks up against a variety of other popular small development boards.

[1]: Pico 2 datasheet + RP2350 datasheet + Bootrom source
[2]: DevKitC user guide + ESP32 datasheet + ESP32 TRM
[3]: XIAO ESP32C3 wiki + ESP32-C3 datasheet
[4]: Teensy 4.1 product page + iMXRT1062 datasheet + iMXRT1062 reference manual
[5]: Nano 33 IoT docs + SAMD21 datasheet
[6]: Feather M4 guide + SAMD51 datasheet
[7]: micro:bit hardware spec + nRF52833 product spec

What’s in the Box?

Dabao backers will receive the dabao evaluation board in antistatic packaging.

Features & Specifications

• Baochip-1x mostly-open RTL SoC
  • 350 MHz Vexriscv RV32-IMAC CPU core with MMU
  • 4x 700MHz PicoRV RV32-EMC CPU cores with BIO register extensions
  • 4MiB of fast on-chip RRAM
  • 2MiB of on-chip SRAM + 256k of I/O SRAM
  • Cryptographic accelerators
  • Physical attack hardening countermeasures
  • On-chip ring oscillator-based TRNG
  • Fully open source & reproducible bootloader
  • Rust-based Xous OS featuring virtual memory for process isolation
  • USB high speed device via USB type C connector
  • IRIS inspectable
• Dabao evaluation board

Support & Documentation

Manufacturing Plan

Baochip-1x has gone through an engineering qualification lot and been distributed in limited quantities to alpha developers. As such, the design risk is deemed to be low and chip yields so far seem acceptable.

To fully understand the manufacturing flow, it’s important to establish the context of Baochip. Baochip buys its wafers through a company called Crossbar. They are the "host" company that paid for the mask set; Baochip is a "hitchhiker" on their mask in the sense that Crossbar allowed us to put our CPU core on their chip, and through chip probe-time fusing their features are turned off. Thus our chips share the exact same mask, but you wouldn’t guess that we’re the same die unless I told you this. And to be clear, our version has some "dead silicon" that can’t be used because it’s been disabled - and for what it’s worth, this is a standard industry practice to use one mask to create multiple product "views" on the same chip by disabling cores or features.

There are two revisions of the die, an -A0 stepping and an -A1 stepping. From the standpoint of Baochip, the revisions are transparent: the firmware is designed to run on both identically. The -A1 version has some critical fixes for the Crossbar variant, but since their CPU is turned off on our version, these fixes don’t affect us. Thus for Baochip variants, the main difference is that the -A1 stepping hardens access to the RRAM configuration register. The main purpose of the hardening is that in case the kernel or bootloader is breached and an arbitrary-write primitive has been achieved, an attacker would be unable to modify the access control bits on the RRAM. However, in practice, by the time an attacker has an arbitrary-write primitive in the kernel or bootloader, there are numerous other more powerful exploits available, so this stepping effectively seals off only one bad outcome out of many in the case of a kernel bug.

The -A1 stepping may not be in full production until much later in 2026, so to pull in the schedule for this campaign, we will be shipping mostly -A0 stepping chips to end users.

With that in mind, here is the manufacturing timeline:

• December 2025 - Place order for -A1 engineering wafers. This has already been done.
• January 2026 – Place order for -A0 production wafers. This has already been done.
• April 2026 - About 500 chips become available for Dabao production from the engineering test lot for -A1 wafers. Assuming the -A1 wafers work, these will be put on Dabaos.
• June 2026 - The -A0 production wafer lot becomes available for Dabao production. Assuming we hit our wafer yield targets, chips will become available for up to 3000 additional Dabaos.

Fulfillment & Logistics

We will be relying on Mouser Electronics, Crowd Supply’s fulfillment partner, to handle the global shipment of devices to backers. For more information about shipping, please see Crowd Supply’s Ordering, Paying, and Shipping guide and the International shipping section of their Fulfillment & Logistics guide.

Risks & Challenges

Global instability is the most significant risk to delivery. The design itself is vetted and working, and the supply chain is set up to pump out chips - just need to know how many to build. The following outcomes could greatly impact the timing of delivery:

• A world war, or a conflict in the East Asia region.
• Additional sanctions or tariffs on components originating from our suppliers.
• AI driving shortages in the supply chain. In particular, chip probe time is scarce; if AI providers preemptively buy out chip probe capacity, it could delay production schedules for months, even years.
• Natural disasters such as earthquakes hitting the fab cluster in Hsinchu
• A civil war in the United States would lead to unpredictable consequences in the supply chain
• A collapse of the US dollar between now and fulfillment would reduce the value of the funds raised, and thus make us unable to pay vendors and fulfill our obligations. In this case we would do a best-effort to fulfill the campaign but a devaluation event of greater than 25% on the USD within the intervening months would likely impact our ability to fill orders.