Reference a bit more

Try to make it a bit easier to understand "measure" and where to read
more.
This commit is contained in:
Daniel Lublin 2022-09-21 08:55:13 +02:00
parent fcae028007
commit 98c2463dbc
No known key found for this signature in database
GPG Key ID: 75BD0FEB8D3E7830
4 changed files with 16 additions and 5 deletions

View File

@ -9,8 +9,8 @@ different, as other security tokens utilize closed source hardware for
its security-critical operations.
What makes the Tillitis Key 1 security token unique is that it doesnt
verify applications, it measures them, before running them on its open
hardware security processor.
verify applications, it measures them (hashes a digest over the
binary), before running them on its open hardware security processor.
Each security token contains a Unique Device Secret (UDS),
which together with an application measurement, and an optional

View File

@ -52,6 +52,13 @@ your computer (use the USB-C-to-A adapter if needed) and will boot the
firmware. When boot has completed it will start flashing the LED
white. This indicates that it is ready to receive and measure an app.
To try out an app, continue to the README.md the apps repo:
https://github.com/tillitis/tillitis-key1-apps#readme
To learn more about the concepts and workings of the firmware, see:
[system_description/system_description.md](system_description/system_description.md)
and [system_description/software.md](system_description/software.md).
# Device personalization
To personalize Tillitis Key 1, you need to modify the hex file that

View File

@ -5,7 +5,11 @@
* Firmware -- software that is part of ROM, and is currently
supplied via the FPGA bit stream.
* Application -- software supplied by the host machine, which is
received, loaded, and measured by the firmware.
received, loaded, and measured by the firmware (by hashing a
digest over the binary).
Learn more about the concepts in the
[system_description.md](system_description.md).
## CPU

View File

@ -35,8 +35,8 @@ user. Some examples of such security functionality are:
### Measured Based Security
The key, unique feature of the TK1 is that it measures the secure
application when the application is being loaded onto the device. The
measurement, combined with a Unique Device Secret (UDS) is used to
derive secrets for the application.
measurement (a hash digest), combined with a Unique Device Secret
(UDS) is used to derive secrets for the application.
The consequence of this is that if the application is altered, the keys
derived will also change. Conversely, if the keys derived are the same as