Git-Mirrors/tillitis-key
1
0
Fork 0
mirror of https://github.com/tillitis/tillitis-key1.git synced 2025-01-01 19:06:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improve wording of what makes TK1 unique

Browse Source 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
This commit is contained in:
Joachim Strömbergson 2022-11-21 15:35:43 +01:00
parent 8179f40642
commit 9760ebeea4
No known key found for this signature in database
GPG Key ID: 865B8A548EA61679
1 changed files with 30 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
README.md
View File

@ -2,26 +2,39 @@
## Introduction ## Introduction
Tillitis Key 1 is a new kind of USB security token. All of its Tillitis Key 1 (TK1) is a new kind of USB security token. What makes
software, FPGA logic, schematics, and PCB layout are open source, as the TK1unique is that it allows a user to load and run applications on
all security software and hardware should be. This in itself makes it the device, while still providing security. This allow for open ended,
different, as other security tokens utilize closed source hardware for flexible usage. Given the right application, the TK1 can support use
its security-critical operations. cases such as SSH login, Ed25519 signing, Root of Trust, FIDO2, TOTP,
Passkey and more.
What makes the Tillitis Key 1 security token unique is that it doesnt During the load operation, the device measures the application
verify applications, it measures them (hashes a digest over the (calculates a cryptographic hash digest over the) before running
binary), before running them on its open hardware security processor. it on the open hardware security processor. This measurement
is similar to [TCG DICE](https://trustedcomputinggroup.org/work-groups/dice-architectures/).
Each security token contains a Unique Device Secret (UDS), which Each TK1 device contains a Unique Device Secret (UDS), which
together with an application measurement, and an optional together with the application measurement, and an optional
user-provided seed, is used to derive key material unique to each user-provided seed, is used to derive key material unique to each
application. This allows users to build and load their own apps, while application. This guarantees that if the integrity of the application
ensuring that each app loaded will have its own cryptographic loaded onto the device has been tampered with, the correct keys
identity. The design is similar to TCG DICE. The Tillitis Key 1 needed for an authentication will not be generated.
platform has 128 KB of RAM. The current firmware is designed to load
an app that is up to 100 KB in size, and gives it a stack of 28 KB. A The key derivation with user provided seed allows users to build and
smaller app may want to move itself in memory to get larger continuous load their own apps, while ensuring that each app loaded will have
memory. its own cryptographic identity, and can also be used for authentication
towards different services.
The TK1 platform is based around a 32-bit RISC-V processor and has
128 KB of RAM. The current firmware is designed to load an app that is
up to 100 KB in size, and gives it a stack of 28 KB. A smaller app may
move itself in memory to get larger continuous memory.
All of the TK1 software, FPGA logic, schematics, and PCB layout are
open source, as all security software and hardware should be. This in
itself makes it different, as other security tokens utilize closed source
hardware for its security-critical operations.
![Tillitis Key 1 PCB, first implementation](doc/images/mta1-usb-v1.jpg) ![Tillitis Key 1 PCB, first implementation](doc/images/mta1-usb-v1.jpg)
*Tillitis Key 1 PCB, first implementation* *Tillitis Key 1 PCB, first implementation*