[OneRNG-Discuss] Tillitis TKey
Jim Cheetham
jim at cheetham.nz
Wed Jul 5 21:24:23 BST 2023
I'm sure we've mentioned the TKey before, but it's being seen out and about in production now ...
https://dev.tillitis.se/intro/
It's basically a full computer with measured boot, and it's up to you what applications you put on it.
> 32-bit RISC-V CPU running at 18 MHz
> Execution monitor
> Hardware-assisted address randomization and RAM scrambling
> 128 kiB RAM for TKey device applications
> 2 kiB firmware RAM
> 6 kiB ROM
> True random number generator
> USB CDC (Communications Device Class) over a Type-C connector
> Timer
> Two levels of hardware privilege modes: firmware mode and application mode
> CPU-controlled LED
> No persistent storage
The RNG is described as
> The True Random Number Generator (TRNG) ring oscillator based internal entropy source.
> The TRNG generates randomness with a fairly good quality. However for security related use cases, for example generating keys, the TRNG should not be used directly. Instead use it to create a seed for a Digital Random Bit Generator (DRBG), also known as a Cryptographically Safe Pseudo Random Number Generator (CSPRNG). Examples of such generators are Hash_DRGG, CTR_DRBG, HKDF.
More hardware details are available in https://github.com/tillitis/tillitis-key1
Here's a blog post where the device user set the TKey up as an ssh agent, and as an authenticator for PAM:
https://www.assured.se/posts/getting-started-tillitis-tkey-security-token
--
Jim Cheetham
jim at cheetham.nz
More information about the Discuss
mailing list