Unfortunately it's not _fully_ open source. They don't say it anywhere on their webpage, but they use an [OpenPGP Smart Card](https://www.g10code.com/p-card.html) internally, where some of the implementation by ZeitControl isn't open source. g10 has a reference implementation that is fully open source, but there's some additional (timing?) attacks that Zeitcontrol has implemented and cannot release.
Note the NitroKey start is a gnuk implementation and is fully open source. The tamper-resistant models are using the BasicCard with Zeitcontrol software.
Note the NitroKey start is a gnuk implementation and is fully open source. The tamper-resistant models are using the BasicCard with Zeitcontrol software.