Please note that the TKey currently for sale in the web shop is a
provisioned and locked-down version meant for end-users. It's
immediately ready for use.
This means you can't change the bitstream or even read out the bitstream
(or the Unique Device Secret, UDS) from the TKey FPGA configuration
memory even if you break the case and insert it into a programmer board.
We have updated the text on the web shop and will immediately update
other documentation to reflect this.
Even if you can't read out the bitstream from the FPGA you can verify
the TKey you got through the mail with the tkey-verification program
which we point to in:
https://tillitis.se/getstarted/
On Github:
https://github.com/tillitis/tkey-verification
This won't verify the bitstream itself but it will verify that the
computed CDI is the same as when we provisioned it (thus proving the
presence of the same UDS in the bitstream) and that the firmware is
unchanged.
--
Michael "MC" Cardell Widerkrantz
https://tillitis.se/
We are pleased to announce the revised Tillitis TKey SSH Agent.
The revised agent:
- runs as a daemon all the time (as systemd user unit, if you want).
- autodetects TKey removal and insertion with the help of udev rules
(or just send it a SIGHUP yourself to make it look for a TKey
again).
- spawns a graphical pinentry program to enter the User-Supplied
Secret.
The first iteration of this revision of the SSH agent is focused on
Linux distributions and has an install target geared at Linux
distributions with systemd and an Ubuntu/Debian package available.
The agent is available on Github at:
https://github.com/tillitis/tillitis-key1-apps
and as a release with a Ubuntu/Debian package here:
https://github.com/tillitis/tillitis-key1-apps/releases/tag/v0.0.1
The package has so far only been tested on Ubuntu 20.10 (Kinetic Kudu)
and Debian Sid.
See the man page tkey-ssh-agent(1) for usage.
Happy hacking,
MC.
--
Michael "MC" Cardell Widerkrantz
https://tillitis.se/
