foss-north 2025
In April, some of us attended the foss-north 2025 conference in Gothenburg. We had a very good time, listened to interesting talks, and met many friends.
Updated Website
While we are working on updating TKey and adding new features, we also take the opportunity to update the design and platform on our websites; tillitis.se and bugbounty.tillitis.se. Both sites are now statically generated with Hugo.
2024 - Retrospective
As the year draws to a close, it’s natural to reflect on the past 12 months. 2024 marked the second full year of operations for Tillitis, and while it had its challenges, it was also a year of progress and learning.
Change of Source Code License
Tillitis has always been committed to open source. As we promised earlier, we continue to be committed to open licenses. We originally chose “GPLv2-only” as the license for our Verilog and source code. We are now changing to the more permissive BSD 2-clause license for all Verilog and source code. The hardware (PCB, PCBA) license remains the same: CERN Open Hardware License Version 2 - Strongly Reciprocal.
sec-t community day
We will be at sec-t in Stockholm this year and MC from our development team will speak on the community day about verifying the TKey. MC will explain how we during the the end-phase of production run a device app, where the TKey automatically creates a unique identity inspired by TCG DICE and then sign and publish data about this identity. The identity and the signature can be independently verified at any time by a user to help verify that the TKey hasn’t been tampered with.
Tillitis village sponsor @ Security Fest
This year, Tillitis is one of the sponsors of Security Fest. Tillitis is a village sponsor, meaning we will be there coding on new functionality for TKey. The village concept also means anyone participating at the conference can join us in the village and code together with us.
Vulnerability in tkey-device-signer & verisigner
A vulnerability has been found in tkey-device-signer and verisigner that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey.
News to our friends in Australia and New Zealand
We are delighted to announce we now ship products to Australia and New Zealand from our webshop.
Summing up 2023
From time to time, it’s a good idea to take some time to reflect. Especially, as Tillitis’ first full operating year is approaching the end, it’s an ideal opportunity to take a seat, enjoy a cup of coffee, and consider everything that has transpired throughout this intensive year. The thing is, despite the fact that it may seem like progress is moving slowly, one is often surprised by how much has been achieved.
Security Label
As of December 27th, 2023, all product packages sent from Tillitis include a total transfer security label. The reasoning behind this is to enable the recipient of the package to detect if it has been opened or tampered with during shipment. Even if this is not a guarantee, it at least makes it harder to hide the fact that it has been opened. The label is blue with the Tillitis logo and Ant printed on it. When the security label is opened, it will leave the text “OPEN VOID” on the product package, indicating it has been opened. Also, once opened, there is no glue on the sticker, i.e. it’s not easy to re-seal.