[ldng]

It is an FPGA, fully open both at software and hardware level. So quite a bit more futurproof, inspectable and upgradable than a yubikey.

[JoachimS]

(For full disclosure I am the primary FPGA designer of TillitisKey.)

It also perform a measurement of the application being loaded. And the measurement together with the Unique Device Secret (UDS) will generate the primary secret applications can use to derive keys etc it needs. This means that you can verify the application integrity.

This is very close to, inspired by DICE: https://www.microsoft.com/en-us/research/project/dice-device...

[tinco]

Did you design the board? It looks sick, such high density of components on the top layer.

[JoachimS]

No, the board design is done by the wizard Matt Mets at https://blinkinlabs.com/

[zx85wes]

OMG. Just saw the Thinking Machines CM-2 replica on their homepage. What an awesome idea.

[panick21_]

Yeah, super cool. A old school lisp machine would be cool as well.

[zimbatm]

Does this mean that a software upgrade will change the keys?

[JoachimS]

For now, yes. But as Fredrik (kfreds) has written in another comment. What is possible to do is a two stage approach with an application (which gets measured) loading other applications.

[layer8]

What exactly is the “measurement”? A hash of the application code?

[JoachimS]

Yes. The hash of the application code and the 256 bit Unique Device Secret is hashed to generate a primary secret, which then the application can use to derive the secrets it needs.

You can additionally supply a secret from the host (the User Supplied Secret). This means that the keys generated are tied to the specific device (the UDS), that the integrity of the application is correct, and to you as a user.

[dabeeeenster]

I was under the impression that not being upgradeable was a security feature of Yubikeys?

[lucideer]

It is. And therein lies the innovation here: upgradable with verification.