undefined | Better HN

0 pointsJoachimS3y ago0 comments

(For full disclosure I am the primary FPGA designer of TillitisKey.)

It also perform a measurement of the application being loaded. And the measurement together with the Unique Device Secret (UDS) will generate the primary secret applications can use to derive keys etc it needs. This means that you can verify the application integrity.

This is very close to, inspired by DICE: https://www.microsoft.com/en-us/research/project/dice-device...

0 comments

tinco3y ago

Did you design the board? It looks sick, such high density of components on the top layer.

JoachimSOP3y ago

No, the board design is done by the wizard Matt Mets at https://blinkinlabs.com/

zx85wes3y ago

OMG. Just saw the Thinking Machines CM-2 replica on their homepage. What an awesome idea.

1 more reply

zimbatm3y ago

Does this mean that a software upgrade will change the keys?

JoachimSOP3y ago

For now, yes. But as Fredrik (kfreds) has written in another comment. What is possible to do is a two stage approach with an application (which gets measured) loading other applications.

layer83y ago

What exactly is the “measurement”? A hash of the application code?

JoachimSOP3y ago

Yes. The hash of the application code and the 256 bit Unique Device Secret is hashed to generate a primary secret, which then the application can use to derive the secrets it needs.

You can additionally supply a secret from the host (the User Supplied Secret). This means that the keys generated are tied to the specific device (the UDS), that the integrity of the application is correct, and to you as a user.

j / k navigate · click thread line to collapse

0 pointsJoachimS3y ago0 comments

(For full disclosure I am the primary FPGA designer of TillitisKey.)

This is very close to, inspired by DICE: https://www.microsoft.com/en-us/research/project/dice-device...

0 comments

tinco3y ago

Did you design the board? It looks sick, such high density of components on the top layer.

JoachimSOP3y ago

No, the board design is done by the wizard Matt Mets at https://blinkinlabs.com/

zx85wes3y ago

OMG. Just saw the Thinking Machines CM-2 replica on their homepage. What an awesome idea.

1 more reply

zimbatm3y ago

Does this mean that a software upgrade will change the keys?

JoachimSOP3y ago

For now, yes. But as Fredrik (kfreds) has written in another comment. What is possible to do is a two stage approach with an application (which gets measured) loading other applications.

layer83y ago

What exactly is the “measurement”? A hash of the application code?

JoachimSOP3y ago

Yes. The hash of the application code and the 256 bit Unique Device Secret is hashed to generate a primary secret, which then the application can use to derive the secrets it needs.

j / k navigate · click thread line to collapse