Usually at this time of year we look back and summarize what has happened during the year. We will do the same this year and also start a new tradition by publishing a newsletter. The idea is to have more frequent updates on what is happening at Tillitis by writing a newsletter 3-4 times per year. The newsletter will be published on our blog and sent out on the mailing list, Tillitis announce.
In April, some of us attended the foss-north 2025 conference in Gothenburg. We had a very good time, listened to interesting talks, and met many friends.
While we are working on updating TKey and adding new features, we also take the opportunity to update the design and platform on our websites; tillitis.se and bugbounty.tillitis.se. Both sites are now statically generated with Hugo.
As the year draws to a close, it’s natural to reflect on the past 12 months. 2024 marked the second full year of operations for Tillitis, and while it had its challenges, it was also a year of progress and learning.
For third year in row, Tillitis sponsors Advent of Code . Advent of Code is an Advent calendar of small programming puzzles for a variety of skill levels that can be solved in any programming language you like. It’s made by Eric Wastl .
Tillitis has always been committed to open source. As we promised earlier, we continue to be committed to open licenses. We originally chose “GPLv2-only” as the license for our Verilog and source code. We are now changing to the more permissive BSD 2-clause license for all Verilog and source code. The hardware (PCB, PCBA) license remains the same: CERN Open Hardware License Version 2 - Strongly Reciprocal.
We will be at sec-t in Stockholm this year and MC from our development team will speak on the community day about verifying the TKey. MC will explain how we during the the end-phase of production run a device app, where the TKey automatically creates a unique identity inspired by TCG DICE and then sign and publish data about this identity. The identity and the signature can be independently verified at any time by a user to help verify that the TKey hasn’t been tampered with.
What is a TRNG, what is its purpose, and how does it work? These are the questions we try to answer in this blog post.
This year, Tillitis is one of the sponsors of Security Fest. Tillitis is a village sponsor, meaning we will be there coding on new functionality for TKey. The village concept also means anyone participating at the conference can join us in the village and code together with us.
A vulnerability has been found in tkey-device-signer and verisigner that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey.
Copyright © 2022 - 2025, Tillitis AB
Template by Bootstrapious. Ported to Hugo by DevCows.
