- Tillitis-announce - Tillitis mailing lists

Tillitis Newsletter December 2025
by sasko＠tillitis.se 23 Dec '25

23 Dec '25

This newsletter is also published on our blog: https://www.tillitis.se/blog/2025/12/23/newsletter-december-2025/ Usually at this time of year we look back and summarize what has happened during the year. We will do the same this year and also start a new tradition by publishing a newsletter. The idea is to have more frequent updates on what is happening at Tillitis by writing a newsletter 3-4 times per year. The newsletter will be published on our blog and sent out on the mailing list, Tillitis announce (https://lists.tillitis.se). Let's start! ## Where we went 2025 Some of the conferences we attended this year are (in chronological order): FOSDEM (https://archive.fosdem.org/2025/), a booth at Elektronikmässan (https://www.elektronikmassan.se/en/), foss-north (https://foss-north.se/), SecurityFest (https://securityfest.com) and Transparency Dev Summit 2025 (https://transparency.dev/summit2025/). It's worth mentioning a bit more about Transparency Dev Summit. The summit is a conference about transparency logging and its different applications. We showed a prototype of a Tillitis Hardware Security Module (HSM) that can be used in transparency logging and witnessing. It's early yet but stay tuned for more about this. As preparation for Transparency Dev Summit 2025 we spent some time working on Glasklar teknik's (https://glasklarteknik.se/) Sigsum transparency log (https://sigsum.org/). We now have a Sigsum witness (https://github.com/tillitis/tillitis.se-tillitis-witness-1/blob/main/about.…) in production. Let us know if you'd like our witness to cosign your log. ## Development Our main focus has been on developing the next generation of the TKey platform, codename Castor, and devloping a FIDO2 device app. ### Castor platform and FIDO2 Castor is compatible with the Bellatrix hardware, so if you have a TKey Unlocked or buy one now you can try out Castor without buying a new TKey. We tagged an alpha version (https://github.com/tillitis/tillitis-key1/releases/tag/TK1-Castor-alpha-3) back in June, head over to Github and read the release note (https://github.com/tillitis/tillitis-key1/blob/TK1-Castor-alpha-3/doc/relea…) and how to use a TKey Unlocked for testing the alpha version. The new Castor platform will feature the following updates: - App on flash, with a FIDO2 app pre-loaded[^1]. - App storage per app, isolated per app and identity (CDI)[^2]. - System calls for e.g. reading from and writing to flash. - Faster client communication. - More USB endpoints: HID, CCID, separate debug output endpoint, as well as the old CDC. - Hardware reset support. - Firmware support for chaining apps and forwarding data between apps. - Firmware support for verified boot. [^1]: pre-loaded means two things; 1) the app is programmed in flash at provisioning by Tillitis and 2) FIDO2 starts automatically with no need for supporting client app. With the reset feature, other apps will be able to reset TKey to load its desired device app. [^2]: the same device app used with a different USS will create different identity and get its own storage area. We made a FIDO2 demo app (https://github.com/tillitis/fido2-demo) which runs on the Castor alpha release (https://github.com/tillitis/tillitis-key1/releases/tag/TK1-Castor-alpha-1). We showcased this at SecurityFest (https://securityfest.com) in June. Current work is focused on finalizing the firmware (https://github.com/tillitis/tillitis-key1/), boot-verifier (https://github.com/tillitis/tkey-boot-verifier), tkey-mgt (https://github.com/tillitis/tkey-boot-verifier) and FIDO2 As ever, we welcome reviews, discussion and feedback. ## Sigsum Sigsum has been created by our friends at Glasklar teknik (https://glasklarteknik.se/) to be a very simple transparency log of signed checksums, meaning you can log digests of arbitrary data. We took a break for a while on our Castor and FIDO2 work to focus on learning about and using the Sigsum transparency log (https://sigsum.org/) before attending the transparency.dev summit 2025 (https://transparency.dev/summit2025/) in October. The first we did was to try to setup a witness, and we documented the work in the form of a Guide (https://www.tillitis.se/guide-tkey-sigsum-lab-witness-howto/). As mentioned above(#where-we-went-2025), we then setup a production witness. We will also use Sigsum ourselves going forward. One way we will use it is with Castor by adding Sigsum support to tkey-verification (https://github.com/tillitis/tkey-verification). tkey-verification contains our tools to verify that a TKey has the same identity when testing as it did when Tillitis provisioned it. ## Trivia Ending with some trivia. During the year we closed 124 issues and 177 PR's (134 were merged). 180 issues were opened during the year, 15 from external users. 171 PR's where opened, 18 from external users. Until next time...

1 0

We've started Using TKey-backed SSH for Git tag signatures
by Michael Cardell Widerkrantz 24 Sep '25

24 Sep '25

Heads up! Since september 17 we've changed to use TKey-backed SSH keys for Git tag signing. We also stopped signing individual commits. Please see: https://github.com/tillitis/ for more information on how to verify tags using the SSH keys and how to build trust in the new keys from the earlier PGP keys. /MC

1 0

The Next Generation TKey - Alpha release of code name Castor
by sasko＠tillitis.se 02 Jun '25

02 Jun '25

Hi! It's been a while since you've heard from us at Tillitis. We have been working on improvements to TKey that we are now ready to release as an alpha release. Code name for the next generation of TKey is Castor. With this release we are ready to receive feedback, being on the new features as such or if you actually try Castor on target and find improvements. Castor runs on existing TKey hardware, so if you have a TKey Unlocked you can test Castor on target. The major changes in Castor are: - Persistent storage on flash with space for two pre-loaded device apps and space for up to four device app storage areas, isolated from each other by firmware. - Support for automatically starting a pre-loaded app. - Support for chaining of apps, including chaining trust by demanding that the next app in the chain should have a specific digest. - System calls to access the file system with hardware support for the privilege raising/lowering. - More USB endpoints besides CDC, including as a security token HID and CCID. - Reset function, to restart TKey without the need to power cycle by removing and inserting TKey in USB port. - Faster USB access. We believe all functionality we sketched out for Castor is already there, but it's not yet completely reviewed and audited. The build process, including getting the filesystem to flash, is also not streamlined. There are things to polish, but the platform is usable. See the release notes[1] for the complete list of new features for the upcoming Castor release. Information on how to go about to test Castor is also found in the release notes. TKey Device Signer (main branch[2]) is updated to work with Castor, for you who like to test. Preliminary app developer documentation for Castor alpha release can be found in the developer handbook[3]. NOTE WELL: BREAKING CHANGE! Older device apps WILL NOT WORK. The way device apps communicate has changed. In order to support several USB endpoints we have introduced a small internal protocol to address which endpoint the device app is communicating with. [1]: https://github.com/tillitis/tillitis-key1/blob/main/doc/release_notes.md [2]: https://github.com/tillitis/tkey-device-signer [3]: https://dev.tillitis.se/castor/

1 0

Tillitis at Open Source Firmware Conference, OSFC
by sasko＠tillitis.se 11 Sep '23

11 Sep '23

At Tillitis, we don’t just develop a security key; we are creating an open source security key with the collaboration and feedback of the open source community, for the open source community. Thus, it’s great to announce that we sponsor and attend this year's Open Source Firmware Conference, OSFC (https://osfc.io), in Sunnyvale, California. We will present an update on where we stand, compared to our presentation last year at OSFC. We will also hold a workshop on how to develop with and for TKey. Check out the schedule at https://www.osfc.io/2023/schedule/ Going to OSFC this year from Tillitis are Michael Cardell Widerkrantz, Daniel Hansson, Fredrik Strömberg and Sasko Simonovski. We look forward to meeting you all there! The Tillitis team Posted at https://tillitis.se/2023/09/12/tillitis-are-proud-sponsors-of-osfc-2023/

1 0

Announcing TKey Unlocked and TKey Programmer
by sasko＠tillitis.se 07 Sep '23

07 Sep '23

Today we’re announcing two new products – TKey Unlocked – TKey Programmer What are they? Tkey Unlocked is a non-provisioned TKey (https://tillitis.se/tkey) for advanced users that want to provision their TKeys themselves, experiment with new hardware designs, or change the bootloader firmware. Tkey Programmer is a circuit board designed to aid the provisioning and programming process of TKey Unlocked. Whom are they for? – High-security organisations or individuals that do not want to trust Tillitis in the provisioning of the device – Hardware designers who want to expand or replace our FPGA design – Software developers who want to change or replace our bootloader firmware Note: You do not need a TKey Unlocked if you want to develop TKey apps. You can do that just fine with a regular TKey. What are the main features of Tkey Unlocked? – Choose your own Unique Device Secret (UDS), the base secret of measurements and key material (read more in this tech post) – Choose your own Unique Device Identifier (UDI), the serial number – Empty FPGA (except for production test design in SPI flash) – Full control of the firmware running on the TKey – Experiment with the full capacity of the Lattice ICE40 UltraPlus Get started with TKey Unlocked To get started, you need a TKey Unlocked, but remember that you also need a TKey Programmer. Then you just follow our instructions in the Tillitis Developer Handbook, https://dev.tillitis.se. You can choose to either “lockdown” the device by programming the FPGA’s NVCM, or you can test your design and/or firmware by programming the SPI flash again and again. Be aware that you only have one chance to program the NVCM; whatever you write is what you will live with. Tkey Unlocked is available in our webshop, https://shop.tillitis.se.

1 0

Tillitis - TKey release: tkey-ssh-agent updated on Homebrew
by sasko＠tillitis.se 23 Aug '23

23 Aug '23

The Homebrew package for tkey-ssh-agent has been updated to include: - man page, i.e., man tkey-ssh-agent - default to promt for the USS input (User Supplied Secret) Since this is only an update to the service, and not the tkey-ssh-agent program, this won’t be flagged as an update in Brew; hence, you need to reinstall the tkey-ssh-agent manually. Note this poses no changes to the software running on the TKey. As such, it will not change the derived private/public keys used for SSH Public Key Authentication, unless you enter a USS in the dialogue when prompted. Instructions to reinstall Run these commands to reinstall the agent and restart the service. $ brew reinstall tkey-ssh-agent $ brew services restart tkey-ssh-agent Test the installation To test and ensure the installation is correct, simply run a regular SSH command that requires authentication from your TKey, remembering to re-insert your TKey if it already has an application loaded (the LED should be steady white). You should then be prompted to input your USS – just press enter to continue without a USS, i.e. with the same keys as before the reinstall. You can also read the man page using the command: $ man tkey-ssh-agent Start using the USS Using the USS is recommended for increased security, as your SSH keys will be protected by both something you have (the TKey) and something you know (the USS). If you start to use the USS, you will need to update your public key at the locations you desire to authenticate. Find the instructions at: https://tillitis.se/app/tkey-ssh-agent/ Blog post: https://www.tillitis.se/2023/08/23/homebrew-tkey-ssh-agent-update/

1 0

Resellers of Tillitis' TKey
by sasko＠tillitis.se 24 May '23

24 May '23

Tillitis is expanding its reseller network. Besides selling via our own web shop (https://shop.tillitis.se), we actively seek cooperation with resellers around the world to simplify and make it easier for individuals to buy TKey locally. This will shorten shipping time (vs e.g. export deliveries directly from us) and also lower shipping cost for customers. Currently we have resellers in Denmark, Finland, Germany, Norway, Sweden and USA. Read more and find direct links to the online stores at https://www.tillitis.se/resellers/ For anyone interested in reselling our products, please drop a mail to hello(a)tillits.se

1 0

TKey currently for sale is locked-down
by Michael Cardell Widerkrantz 27 Apr '23

27 Apr '23

Please note that the TKey currently for sale in the web shop is a provisioned and locked-down version meant for end-users. It's immediately ready for use. This means you can't change the bitstream or even read out the bitstream (or the Unique Device Secret, UDS) from the TKey FPGA configuration memory even if you break the case and insert it into a programmer board. We have updated the text on the web shop and will immediately update other documentation to reflect this. Even if you can't read out the bitstream from the FPGA you can verify the TKey you got through the mail with the tkey-verification program which we point to in: https://tillitis.se/getstarted/ On Github: https://github.com/tillitis/tkey-verification This won't verify the bitstream itself but it will verify that the computed CDI is the same as when we provisioned it (thus proving the presence of the same UDS in the bitstream) and that the firmware is unchanged. -- Michael "MC" Cardell Widerkrantz https://tillitis.se/

1 0

Revised Tillitis TKey SSH Agent
by Michael Cardell Widerkrantz 01 Dec '22

01 Dec '22

We are pleased to announce the revised Tillitis TKey SSH Agent. The revised agent: - runs as a daemon all the time (as systemd user unit, if you want). - autodetects TKey removal and insertion with the help of udev rules (or just send it a SIGHUP yourself to make it look for a TKey again). - spawns a graphical pinentry program to enter the User-Supplied Secret. The first iteration of this revision of the SSH agent is focused on Linux distributions and has an install target geared at Linux distributions with systemd and an Ubuntu/Debian package available. The agent is available on Github at: https://github.com/tillitis/tillitis-key1-apps and as a release with a Ubuntu/Debian package here: https://github.com/tillitis/tillitis-key1-apps/releases/tag/v0.0.1 The package has so far only been tested on Ubuntu 20.10 (Kinetic Kudu) and Debian Sid. See the man page tkey-ssh-agent(1) for usage. Happy hacking, MC. -- Michael "MC" Cardell Widerkrantz https://tillitis.se/

1 0

2026

2025

2024

2023

2022

Tillitis-announce