Swedish safety agency Tillitis is seeking to launch a “new type of safety key:” a USB Sort-C dongle pushed by a field-programmable gate array (FPGA) operating a compact 32-bit RISC-V processor core.
“The TKey is a small laptop in a USB-C machine type issue,” the corporate writes of its creation, “that may run small purposes that are loaded onto it. The aim of TKey is to be a safe atmosphere for purposes that present a safety perform.”
The TKey is a safety dongle with none native storage, loading its utility afresh every time it is used. (📷: Tillitis)
To this point, and the TKey sounds so much like different trusted execution atmosphere initiatives. What makes the machine stand out — other than its use of an FPGA, the Lattice iCE40UP5, operating a 32-bit soft-core processor based mostly on the free and open RISC-V instruction set structure (ISA) — is that it does not really retailer knowledge itself.
“There is no such thing as a approach of storing a tool utility (or every other knowledge) on the TKey. A tool app needs to be loaded onto the TKey each time you plug it in,” Tillitis explains. ” It measures the loaded machine utility earlier than beginning it. A hash digest measurement (utilizing BLAKE2s) mixed with a Distinctive Gadget Secret (UDS) makes up a base secret we name a Compound Gadget Identifier (CDI) which may then utilized by the TKey machine app.
“If the TKey machine app is altered in any approach the CDI can also be modified. If the keys derived from the CDI are the identical because the final time the given machine app was loaded onto the identical TKey the machine app’s integrity is assured.”
The compact {hardware} dongle offers the aforementioned 32-bit RISC-V core, operating at a sedate 18MHz, for consumer purposes, together with a {hardware} execution monitor, hardware-assisted tackle randomization and RAM scrambling capabilities, a real random quantity generator (TRNG), and 128kB of application-accessible RAM — plus 2kB for the firmware and 6kB of ROM storage.
Whereas the FPGA is locked-down in the usual model, the TKey Unlocked will be reprogrammed utilizing a Raspberry Pi Pico. (📷: Tillitis)
What it does not present, nevertheless, is entry to the FPGA straight. “Ultimately-user model the FPGA configuration is locked down,” the corporate explains. “This implies you can’t change the FPGA bitstream or learn out the bitstream (or the Distinctive Gadget Secret, UDS) from the configuration reminiscence, even if you happen to break the case and insert it right into a programmer board.” For individuals who need to have the ability to fiddle with the machine at a decrease degree, Tillitis offers the TKey Unlocked — a less-secure however more-hackable variant.
The corporate has launched all software program, firmware, Verilog supply code, and {hardware} design information for the undertaking on GitHub beneath the GNU Basic Public License v2.0 Solely and CERN Open {Hardware} Licence Model 2 — Strongly Reciprocal licenses respectively; extra info is accessible on the Tillitis web site. Assembled boards can be found on the Tillitis Store at $72, with a Raspberry Pi Pico-powered programming software accessible for $41.
