Skip to main content

Tillitis Tkey: An Open-Source USB-C RISC-V Security Key

The Tillitis TKey is a unique USB-C security key based on a 32-bit RISC-V core, specifically the PicoRV32, housed in a Lattice iCE40 UP5K FPGA. Described as a “new type of flexible USB security token,” it draws inspiration from DICE (Device Identifier Composition Engine) and measured boot technologies. Unlike traditional security keys with persistent onboard storage, the TKey relies on loading apps onto the key each time it connects to a host device. This method, employing measured boot, generates a distinct identifier for each application, enhancing security by avoiding the storage of private keys on the device. Both the hardware and software for the TKey are entirely open-source, ensuring trustability. Developed by Tillitis, a Swedish security firm, the TKey has two versions: locked and unlocked. The locked version, targeting general users, is not reprogrammable, while the unlocked version allows full configuration using the Tillitis TK Programmer, based on a Raspberry Pi Pico, for added flexibility. Tillitis specializes in hardware trust products and emerged as a separate entity from the Mullvad VPN company in 2022.


  • Processor:
    • 32-bit RISC-V PicoRV32 core @ 18 MHz
    • FPGA: Lattice iCE40 UP5K
    • 128 KiB RAM for TKey device application
    • 2 KiB RAM for firmware
    • 6 KiB ROM
    • Execution monitor
    • RAM protection
  • Connector: USB-C
  • Hardware Privilege Modes: Firmware mode and application mode
  • Misc: Touch sensor, power indicator, status indicator
  • Input voltage: 5V
  • Max current consumption: 100mA
  • Operating temperature: 0°C – 40°C

The Tillitis TKey RISC-V security key can be purchased from the Tillitis shop. The end-user version and the advanced user version are priced at 880 Swedish kronor (about $90), while the programmer is priced at 500 Swedish kronor (around $50).

Source: CNX Software – Embedded Systems News.