Tillitis Tkey: a RISC-V-based USB-C security key

Tillitis Tkey RSIC-V

This is the first time we see a FPGA-based security key is based on a RISC-V core. Unlike alternatives like Yubikey, this security token has no built-in persistent storage. Every time you connect to the host device, you need to load the apps on the dongle.

Use a special bootstrap to generate a unique identifier for each application, making it more secure than alternatives since private keys are not stored on the device. In addition, both the hardware and software of the TKey are completely open source, ensuring its reliability compared to other closed alternatives.

Tillitis is a Swedish security company that spun off from VPN company Mullvad in 2022. The name Tillitis is a play on the Swedish word “tillit,” which means trust. It's a fitting name for a brand that specializes in hardware-based security products.

It must be said that there are Two versions of the TKey security token: locked and unlocked. The locked TKey is intended for general users and cannot be reprogrammed. On the other hand, the unlocked TKey is aimed at general users and allows a complete configuration of the TKey with the help of another device, the Tillitis TK-1 programmer based on a Raspberry Pi Pico.

En the company website you can find several pre-built TKey apps available for download. The TKey Developer's Manual covers developing your own device and client applications for the TKey. As mentioned above, Tillitis' TKey is completely open source and all software, firmware, Verilog source code, schematics and PCB design files can be found in the GitHub repository.

The end-user and advanced user versions of the TKey RISC-V security key can be purchased from the Tillitis store for 880 SEK or SEK (just under €80), while the programmer is priced at 500 SEK (less than €50).

Technical specifications of the Tillitis Tkey

As for the technical characteristics Of this new hardware security key, the Tillitis TKey includes:

  • SoC:
    • PicoRV32 core based on 32-bit RISC-V ISA @ 18 MHz
    • FPGA: Lattice iCE40 UP5K
    • 128 KiB RAM for the TKey app
    • 2 KiB RAM for loaded firmware
    • 6 KiB ROM
    • Execution Monitor
    • RAM memory protection
  • USB-C type connector
  • Privileged modes: firmware mode and application mode
  • Others: biometric touch sensor, power indicator, status indicator using LEDs
  • Feeding: 5V @ 100mA
  • Tolerated temperature range: 0°C – 40°C

What is a security key? What is it for?

In case you didn't already know, a USB security key It is a hardware device that provides an additional layer of security for your online accounts and other sessions that require login credentials. These devices, also known as “dongles,” connect to your devices through a USB4 port, that is, USB-C, generally.

USB security keys work by using U2F, a two-step verification standard. Unlike traditional two-step verification, where you receive a code, with security keys you need to have physical access to a hardware device that acts as a key. These devices are similar to any USB memory on the market, but they are equipped with a special chip that provides extra security by verifying both the account and the URL. This helps avoid phishing techniques that could result in account impersonation.

USB security keys protect your online accounts with a higher degree of security than the software provides. And, being physical tools, they allow a two-step identification process to be applied without the need to use emails or phone numbers to verify your identity, in addition to requiring this key for login. Without the key, you will not be able to access your account of user…

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *



  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.