- Tillitis-announce - Tillitis mailing lists

Tillitis at Open Source Firmware Conference, OSFC
by sasko＠tillitis.se 11 Sep '23

11 Sep '23

At Tillitis, we don’t just develop a security key; we are creating an open source security key with the collaboration and feedback of the open source community, for the open source community. Thus, it’s great to announce that we sponsor and attend this year's Open Source Firmware Conference, OSFC (https://osfc.io), in Sunnyvale, California. We will present an update on where we stand, compared to our presentation last year at OSFC. We will also hold a workshop on how to develop with and for TKey. Check out the schedule at https://www.osfc.io/2023/schedule/ Going to OSFC this year from Tillitis are Michael Cardell Widerkrantz, Daniel Hansson, Fredrik Strömberg and Sasko Simonovski. We look forward to meeting you all there! The Tillitis team Posted at https://tillitis.se/2023/09/12/tillitis-are-proud-sponsors-of-osfc-2023/

1 0

Announcing TKey Unlocked and TKey Programmer
by sasko＠tillitis.se 07 Sep '23

07 Sep '23

Today we’re announcing two new products – TKey Unlocked – TKey Programmer What are they? Tkey Unlocked is a non-provisioned TKey (https://tillitis.se/tkey) for advanced users that want to provision their TKeys themselves, experiment with new hardware designs, or change the bootloader firmware. Tkey Programmer is a circuit board designed to aid the provisioning and programming process of TKey Unlocked. Whom are they for? – High-security organisations or individuals that do not want to trust Tillitis in the provisioning of the device – Hardware designers who want to expand or replace our FPGA design – Software developers who want to change or replace our bootloader firmware Note: You do not need a TKey Unlocked if you want to develop TKey apps. You can do that just fine with a regular TKey. What are the main features of Tkey Unlocked? – Choose your own Unique Device Secret (UDS), the base secret of measurements and key material (read more in this tech post) – Choose your own Unique Device Identifier (UDI), the serial number – Empty FPGA (except for production test design in SPI flash) – Full control of the firmware running on the TKey – Experiment with the full capacity of the Lattice ICE40 UltraPlus Get started with TKey Unlocked To get started, you need a TKey Unlocked, but remember that you also need a TKey Programmer. Then you just follow our instructions in the Tillitis Developer Handbook, https://dev.tillitis.se. You can choose to either “lockdown” the device by programming the FPGA’s NVCM, or you can test your design and/or firmware by programming the SPI flash again and again. Be aware that you only have one chance to program the NVCM; whatever you write is what you will live with. Tkey Unlocked is available in our webshop, https://shop.tillitis.se.

1 0

Tillitis - TKey release: tkey-ssh-agent updated on Homebrew
by sasko＠tillitis.se 23 Aug '23

23 Aug '23

The Homebrew package for tkey-ssh-agent has been updated to include: - man page, i.e., man tkey-ssh-agent - default to promt for the USS input (User Supplied Secret) Since this is only an update to the service, and not the tkey-ssh-agent program, this won’t be flagged as an update in Brew; hence, you need to reinstall the tkey-ssh-agent manually. Note this poses no changes to the software running on the TKey. As such, it will not change the derived private/public keys used for SSH Public Key Authentication, unless you enter a USS in the dialogue when prompted. Instructions to reinstall Run these commands to reinstall the agent and restart the service. $ brew reinstall tkey-ssh-agent $ brew services restart tkey-ssh-agent Test the installation To test and ensure the installation is correct, simply run a regular SSH command that requires authentication from your TKey, remembering to re-insert your TKey if it already has an application loaded (the LED should be steady white). You should then be prompted to input your USS – just press enter to continue without a USS, i.e. with the same keys as before the reinstall. You can also read the man page using the command: $ man tkey-ssh-agent Start using the USS Using the USS is recommended for increased security, as your SSH keys will be protected by both something you have (the TKey) and something you know (the USS). If you start to use the USS, you will need to update your public key at the locations you desire to authenticate. Find the instructions at: https://tillitis.se/app/tkey-ssh-agent/ Blog post: https://www.tillitis.se/2023/08/23/homebrew-tkey-ssh-agent-update/

1 0

Resellers of Tillitis' TKey
by sasko＠tillitis.se 24 May '23

24 May '23

Tillitis is expanding its reseller network. Besides selling via our own web shop (https://shop.tillitis.se), we actively seek cooperation with resellers around the world to simplify and make it easier for individuals to buy TKey locally. This will shorten shipping time (vs e.g. export deliveries directly from us) and also lower shipping cost for customers. Currently we have resellers in Denmark, Finland, Germany, Norway, Sweden and USA. Read more and find direct links to the online stores at https://www.tillitis.se/resellers/ For anyone interested in reselling our products, please drop a mail to hello(a)tillits.se

1 0

TKey currently for sale is locked-down
by Michael Cardell Widerkrantz 27 Apr '23

27 Apr '23

Please note that the TKey currently for sale in the web shop is a provisioned and locked-down version meant for end-users. It's immediately ready for use. This means you can't change the bitstream or even read out the bitstream (or the Unique Device Secret, UDS) from the TKey FPGA configuration memory even if you break the case and insert it into a programmer board. We have updated the text on the web shop and will immediately update other documentation to reflect this. Even if you can't read out the bitstream from the FPGA you can verify the TKey you got through the mail with the tkey-verification program which we point to in: https://tillitis.se/getstarted/ On Github: https://github.com/tillitis/tkey-verification This won't verify the bitstream itself but it will verify that the computed CDI is the same as when we provisioned it (thus proving the presence of the same UDS in the bitstream) and that the firmware is unchanged. -- Michael "MC" Cardell Widerkrantz https://tillitis.se/

1 0

Revised Tillitis TKey SSH Agent
by Michael Cardell Widerkrantz 01 Dec '22

01 Dec '22

We are pleased to announce the revised Tillitis TKey SSH Agent. The revised agent: - runs as a daemon all the time (as systemd user unit, if you want). - autodetects TKey removal and insertion with the help of udev rules (or just send it a SIGHUP yourself to make it look for a TKey again). - spawns a graphical pinentry program to enter the User-Supplied Secret. The first iteration of this revision of the SSH agent is focused on Linux distributions and has an install target geared at Linux distributions with systemd and an Ubuntu/Debian package available. The agent is available on Github at: https://github.com/tillitis/tillitis-key1-apps and as a release with a Ubuntu/Debian package here: https://github.com/tillitis/tillitis-key1-apps/releases/tag/v0.0.1 The package has so far only been tested on Ubuntu 20.10 (Kinetic Kudu) and Debian Sid. See the man page tkey-ssh-agent(1) for usage. Happy hacking, MC. -- Michael "MC" Cardell Widerkrantz https://tillitis.se/

1 0

2025

2024

2023

2022

Tillitis-announce