Swedish safety agency Tillitis is seeking to launch a “new form of safety key:” a USB Sort-C dongle pushed by a field-programmable gate array (FPGA) working a compact 32-bit RISC-V processor core.
“The TKey is a small laptop in a USB-C system type issue,” the corporate writes of its creation, “that may run small functions that are loaded onto it. The aim of TKey is to be a safe setting for functions that present a safety operate.”
The TKey is a safety dongle with none native storage, loading its utility afresh every time it is used. (📷: Tillitis)
To this point, and the TKey sounds lots like different trusted execution setting initiatives. What makes the system stand out — apart from its use of an FPGA, the Lattice iCE40UP5, working a 32-bit soft-core processor based mostly on the free and open RISC-V instruction set structure (ISA) — is that it would not truly retailer knowledge itself.
“There is no such thing as a means of storing a tool utility (or some other knowledge) on the TKey. A tool app needs to be loaded onto the TKey each time you plug it in,” Tillitis explains. ” It measures the loaded system utility earlier than beginning it. A hash digest measurement (utilizing BLAKE2s) mixed with a Distinctive Gadget Secret (UDS) makes up a base secret we name a Compound Gadget Identifier (CDI) which may then utilized by the TKey system app.
“If the TKey system app is altered in any means the CDI can also be modified. If the keys derived from the CDI are the identical because the final time the given system app was loaded onto the identical TKey the system app’s integrity is assured.”
The compact {hardware} dongle supplies the aforementioned 32-bit RISC-V core, working at a sedate 18MHz, for consumer functions, together with a {hardware} execution monitor, hardware-assisted handle randomization and RAM scrambling capabilities, a real random quantity generator (TRNG), and 128kB of application-accessible RAM — plus 2kB for the firmware and 6kB of ROM storage.
Whereas the FPGA is locked-down in the usual model, the TKey Unlocked could be reprogrammed utilizing a Raspberry Pi Pico. (📷: Tillitis)
What it would not present, nonetheless, is entry to the FPGA immediately. “Ultimately-user model the FPGA configuration is locked down,” the corporate explains. “This implies you can’t change the FPGA bitstream or learn out the bitstream (or the Distinctive Gadget Secret, UDS) from the configuration reminiscence, even if you happen to break the case and insert it right into a programmer board.” For many who need to have the ability to fiddle with the system at a decrease degree, Tillitis supplies the TKey Unlocked — a less-secure however more-hackable variant.
The corporate has launched all software program, firmware, Verilog supply code, and {hardware} design information for the venture on GitHub below the GNU Normal Public License v2.0 Solely and CERN Open {Hardware} Licence Model 2 — Strongly Reciprocal licenses respectively; extra info is on the market on the Tillitis web site. Assembled boards can be found on the Tillitis Store at $72, with a Raspberry Pi Pico-powered programming instrument obtainable for $41.