2022-09-19 06:51:11 +00:00
|
|
|
|
# Tillitis Key 1
|
|
|
|
|
|
|
|
|
|
|
|
## Introduction
|
|
|
|
|
|
|
|
|
|
|
|
Tillitis Key 1 is a new kind of USB security token. All of its
|
|
|
|
|
|
software, FPGA logic, schematics, and PCB layout are open source, as
|
|
|
|
|
|
all security software and hardware should be. This in itself makes it
|
|
|
|
|
|
different, as other security tokens utilize closed source hardware for
|
|
|
|
|
|
its security-critical operations.
|
|
|
|
|
|
|
|
|
|
|
|
What makes the Tillitis Key 1 security token unique is that it doesn’t
|
2022-09-21 06:55:13 +00:00
|
|
|
|
verify applications, it measures them (hashes a digest over the
|
|
|
|
|
|
binary), before running them on its open hardware security processor.
|
2022-09-19 06:51:11 +00:00
|
|
|
|
|
2022-10-04 09:07:44 +00:00
|
|
|
|
Each security token contains a Unique Device Secret (UDS), which
|
|
|
|
|
|
together with an application measurement, and an optional
|
2022-09-19 06:51:11 +00:00
|
|
|
|
user-provided seed, is used to derive key material unique to each
|
|
|
|
|
|
application. This allows users to build and load their own apps, while
|
|
|
|
|
|
ensuring that each app loaded will have its own cryptographic
|
|
|
|
|
|
identity. The design is similar to TCG DICE. The Tillitis Key 1
|
2022-10-31 14:02:48 +00:00
|
|
|
|
platform has 128 KB of RAM. The current firmware is designed to load
|
|
|
|
|
|
an app that is up to 100 KB in size, and gives it a stack of 28 KB. A
|
2022-11-03 15:11:31 +00:00
|
|
|
|
smaller app may want to move itself in memory to get larger continuous
|
|
|
|
|
|
memory.
|
2022-09-19 06:51:11 +00:00
|
|
|
|
|
2022-10-04 09:07:44 +00:00
|
|
|
|
|
|
|
|
|
|
*Tillitis Key 1 PCB, first implementation*
|
2022-09-19 06:51:11 +00:00
|
|
|
|
|
|
|
|
|
|
## Documentation
|
|
|
|
|
|
|
|
|
|
|
|
* [System Description](doc/system_description/system_description.md)
|
|
|
|
|
|
* [Threat Model](doc/threat_model/threat_model.md)
|
|
|
|
|
|
* [Framing Protocol](doc/framing_protocol/framing_protocol.md)
|
|
|
|
|
|
* [Boards](hw/boards/README.md)
|
2022-10-12 08:14:07 +00:00
|
|
|
|
* [Software](doc/system_description/software.md)
|
2022-10-20 12:50:21 +00:00
|
|
|
|
* [Firmware](hw/application_fpga/fw/tk1/README.md)
|
2022-09-19 06:51:11 +00:00
|
|
|
|
* [Toolchain setup](doc/toolchain_setup.md)
|
2022-09-20 14:34:58 +00:00
|
|
|
|
* [Quickstart](doc/quickstart.md) to program the Tillitis Key 1
|
2022-09-19 08:02:58 +00:00
|
|
|
|
* [Release Notes](doc/release_notes.md)
|
2022-09-19 06:51:11 +00:00
|
|
|
|
|
2022-10-04 09:07:44 +00:00
|
|
|
|
Note that development is ongoing. For example, changes might be made
|
|
|
|
|
|
to the measuring and derivation of key material, causing the
|
|
|
|
|
|
public/private keys of a signer app to change. To avoid unexpected
|
|
|
|
|
|
changes, please use a tagged release. Read the [Release
|
|
|
|
|
|
Notes](doc/release_notes.md) to keep up to date with changes and new
|
|
|
|
|
|
releases.
|
|
|
|
|
|
|
|
|
|
|
|
Applications and host programs that communicate with the apps are kept
|
|
|
|
|
|
in this repository: https://github.com/tillitis/tillitis-key1-apps
|
|
|
|
|
|
|
2022-09-19 06:51:11 +00:00
|
|
|
|
## About this repository
|
|
|
|
|
|
|
|
|
|
|
|
This repository contains hardware, software and utilities written as
|
|
|
|
|
|
part of the Tillitis Key 1 project. It is structured as monolithic
|
|
|
|
|
|
repository, or "monorepo", where all components live in one
|
|
|
|
|
|
repository.
|
|
|
|
|
|
|
|
|
|
|
|
The repository follows the [OpenTitan
|
|
|
|
|
|
layout](https://docs.opentitan.org/doc/ug/directory_structure/).
|
|
|
|
|
|
|
|
|
|
|
|
## Licensing
|
|
|
|
|
|
|
|
|
|
|
|
See [LICENSES](./LICENSES/README.md) for more information about
|
|
|
|
|
|
the projects' licenses.
|
