0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/366 Thanks! 1 00:00:09,070 --> 00:00:11,409 So thank you, everybody, and driver, 2 00:00:11,410 --> 00:00:12,939 as you might have seen me yesterday in 3 00:00:12,940 --> 00:00:14,709 the media talk, you might have not. 4 00:00:14,710 --> 00:00:16,779 So I'm going to talk here about 5 00:00:16,780 --> 00:00:18,849 the USB memory, which project that 6 00:00:18,850 --> 00:00:20,889 we very recently announced, and that is 7 00:00:20,890 --> 00:00:23,079 now in a crowdfunding phase. 8 00:00:24,250 --> 00:00:26,469 I will be super quick about it because 9 00:00:26,470 --> 00:00:27,759 this is a one hour presentation that 10 00:00:27,760 --> 00:00:29,139 we're going to squeeze in hopefully. 11 00:00:29,140 --> 00:00:30,039 Twenty five minutes. 12 00:00:30,040 --> 00:00:32,199 So this is a device that I'm going 13 00:00:32,200 --> 00:00:34,749 to talk about, which is basically 14 00:00:34,750 --> 00:00:37,119 a computer squeezed 15 00:00:37,120 --> 00:00:39,459 in very tiny USB stick 16 00:00:39,460 --> 00:00:41,529 and it's all open source and it's called 17 00:00:41,530 --> 00:00:43,179 the USB memory. 18 00:00:43,180 --> 00:00:45,549 So why 19 00:00:45,550 --> 00:00:47,769 did we take on doing something like this? 20 00:00:47,770 --> 00:00:49,839 So we're a company that does security. 21 00:00:49,840 --> 00:00:52,029 So we wanted a very small, trusted 22 00:00:52,030 --> 00:00:53,319 device for personal security 23 00:00:53,320 --> 00:00:54,429 applications. 24 00:00:54,430 --> 00:00:55,869 And as soon as we thought that it would 25 00:00:55,870 --> 00:00:57,699 be nice to have a computer in a very 26 00:00:57,700 --> 00:00:59,859 small form factor, a series of 27 00:00:59,860 --> 00:01:02,079 ideas popped up about having, you 28 00:01:02,080 --> 00:01:04,509 know, announced mass storage 29 00:01:04,510 --> 00:01:06,819 with advanced capabilities, using 30 00:01:06,820 --> 00:01:08,019 it as an openness S.H. 31 00:01:08,020 --> 00:01:10,239 proxy as a VPN router, tor 32 00:01:10,240 --> 00:01:12,069 router, electronic wallet and so on. 33 00:01:12,070 --> 00:01:14,349 And all of these applications fit 34 00:01:14,350 --> 00:01:16,659 to use case for having some 35 00:01:16,660 --> 00:01:18,579 hardware like this. 36 00:01:18,580 --> 00:01:19,580 So 37 00:01:20,650 --> 00:01:23,169 the first use case that we thought 38 00:01:23,170 --> 00:01:24,939 was like, would it be nice to have 39 00:01:24,940 --> 00:01:27,369 announced mass storage so that not only 40 00:01:27,370 --> 00:01:29,589 I can copy a file on a USB drive, 41 00:01:29,590 --> 00:01:31,659 but he would also get out 42 00:01:31,660 --> 00:01:34,359 of Matecumbe encrypted with 43 00:01:34,360 --> 00:01:36,519 whatever Ketut you might want to Witwicky 44 00:01:36,520 --> 00:01:39,159 that may be selected upon the folder 45 00:01:39,160 --> 00:01:41,079 that we're placing the file on or the 46 00:01:41,080 --> 00:01:44,139 name of the file or whatever criteria 47 00:01:44,140 --> 00:01:45,289 that we might decide. 48 00:01:45,290 --> 00:01:46,479 So something that would have the 49 00:01:46,480 --> 00:01:49,029 flexibility to be change 50 00:01:49,030 --> 00:01:50,589 in the manner that you please. 51 00:01:50,590 --> 00:01:52,149 So not a single purpose. 52 00:01:52,150 --> 00:01:54,249 Fix hardware for doing 53 00:01:54,250 --> 00:01:55,509 something like this. 54 00:01:55,510 --> 00:01:57,699 And if we have a computer on a USB 55 00:01:57,700 --> 00:01:59,769 drive, we could also maybe scan the file 56 00:01:59,770 --> 00:02:01,899 for viruses, malware or 57 00:02:01,900 --> 00:02:03,309 whatever, whatever you like. 58 00:02:03,310 --> 00:02:05,769 So this is was one of ideas. 59 00:02:05,770 --> 00:02:07,509 And the way that we wanted to implement 60 00:02:07,510 --> 00:02:09,819 it was to have a Linux 61 00:02:09,820 --> 00:02:12,129 tiny Linux computer emulating 62 00:02:12,130 --> 00:02:14,679 USB storage and then piping filtering 63 00:02:14,680 --> 00:02:16,809 to files that you copy on it 64 00:02:16,810 --> 00:02:18,879 to whatever filter that you might want 65 00:02:18,880 --> 00:02:19,880 to have. 66 00:02:20,680 --> 00:02:22,779 And then, of course, once 67 00:02:22,780 --> 00:02:24,459 this idea came up, we thought, but we 68 00:02:24,460 --> 00:02:26,559 could do so much more. 69 00:02:26,560 --> 00:02:28,719 Let's you know, if we have a 70 00:02:28,720 --> 00:02:29,919 small device, which is actually a 71 00:02:29,920 --> 00:02:32,499 computer, we could just use TCP, 72 00:02:32,500 --> 00:02:35,019 IP and then have capabilities 73 00:02:35,020 --> 00:02:37,209 such as uploading the files somewhere, 74 00:02:37,210 --> 00:02:39,069 sending it over, email, wherever you want 75 00:02:39,070 --> 00:02:41,139 to, giving you whatever a 76 00:02:41,140 --> 00:02:42,849 Google drive at Google might be. 77 00:02:42,850 --> 00:02:44,999 A very bad word here for this audience. 78 00:02:45,000 --> 00:02:47,199 So whatever files sharing or 79 00:02:47,200 --> 00:02:49,509 direct upload mechanist 80 00:02:49,510 --> 00:02:51,189 that you want. So all of these 81 00:02:51,190 --> 00:02:52,839 possibilities enabled by the fact of 82 00:02:52,840 --> 00:02:55,239 having a simple computer open 83 00:02:55,240 --> 00:02:57,429 computer on a USB 84 00:02:57,430 --> 00:02:59,979 drive, and then we thought, 85 00:02:59,980 --> 00:03:01,719 but we could do so much more. 86 00:03:01,720 --> 00:03:04,179 What if for deniability 87 00:03:04,180 --> 00:03:06,429 you could have it to wipe itself 88 00:03:06,430 --> 00:03:08,889 automatically if a fail safe ward 89 00:03:08,890 --> 00:03:11,319 is detected, you copy a file on it, 90 00:03:11,320 --> 00:03:13,449 which is a very specific name, or you 91 00:03:13,450 --> 00:03:15,249 create a folder which is a very specific 92 00:03:15,250 --> 00:03:16,929 name, or you do whatever action that you 93 00:03:16,930 --> 00:03:19,149 might want to do and then the drive 94 00:03:19,150 --> 00:03:21,519 automatically wipes itself. 95 00:03:21,520 --> 00:03:23,679 All of these features are, of course, 96 00:03:23,680 --> 00:03:25,839 things that you cannot achieve nowadays 97 00:03:25,840 --> 00:03:28,809 with a normal USB drive or any 98 00:03:28,810 --> 00:03:31,179 commercial product that is out there. 99 00:03:31,180 --> 00:03:33,039 So and you can see the thought process. 100 00:03:33,040 --> 00:03:35,139 As soon as we had this 101 00:03:35,140 --> 00:03:37,269 idea of having such a tiny 102 00:03:37,270 --> 00:03:39,909 form factor for an open source design, 103 00:03:39,910 --> 00:03:42,489 all of these possibilities 104 00:03:42,490 --> 00:03:44,409 came to mind. 105 00:03:44,410 --> 00:03:45,410 Um. 106 00:03:46,550 --> 00:03:48,979 It, of course, can be used as an SS 107 00:03:48,980 --> 00:03:51,139 proxy, so imagine that you are on 108 00:03:51,140 --> 00:03:53,139 an Internet kiosk or using a computer 109 00:03:53,140 --> 00:03:55,279 that you don't trust and you want 110 00:03:55,280 --> 00:03:57,649 to say to your servers 111 00:03:57,650 --> 00:03:59,959 from it, you connect 112 00:03:59,960 --> 00:04:02,569 this USB device onto your laptop, 113 00:04:02,570 --> 00:04:04,669 it gets exposed with 114 00:04:04,670 --> 00:04:06,859 TCP, IP, USB to 115 00:04:06,860 --> 00:04:09,829 it with maybe one time password 116 00:04:09,830 --> 00:04:11,989 or whatever you might want, or a password 117 00:04:11,990 --> 00:04:13,159 that you don't care if it gets 118 00:04:13,160 --> 00:04:15,649 compromised. And then from it us 119 00:04:15,650 --> 00:04:17,268 out to the Internet by using the private 120 00:04:17,269 --> 00:04:19,549 keys which are stored on the device, 121 00:04:19,550 --> 00:04:22,069 and that they do not leak onto 122 00:04:22,070 --> 00:04:25,069 a host computer which is 123 00:04:25,070 --> 00:04:28,249 supporting the device for communication 124 00:04:28,250 --> 00:04:29,250 on. 125 00:04:30,090 --> 00:04:31,859 It can be used as a password manager. 126 00:04:31,860 --> 00:04:34,259 Why not either something 127 00:04:34,260 --> 00:04:36,749 really stupid where you ask, you 128 00:04:36,750 --> 00:04:38,369 use a pin, you unlock whatever web 129 00:04:38,370 --> 00:04:40,409 application that you have on it. 130 00:04:40,410 --> 00:04:42,089 You ask for a password for a specific 131 00:04:42,090 --> 00:04:44,189 site. The password gets copied to 132 00:04:44,190 --> 00:04:46,289 your clipboard or it 133 00:04:46,290 --> 00:04:47,519 gets displayed. 134 00:04:47,520 --> 00:04:49,649 Or you can even have a proxy on 135 00:04:49,650 --> 00:04:51,419 the device itself, a Web proxy that would 136 00:04:51,420 --> 00:04:54,299 just replace whatever magic 137 00:04:54,300 --> 00:04:55,889 placeholder for a password that you're 138 00:04:55,890 --> 00:04:57,899 putting with the actual real password 139 00:04:57,900 --> 00:05:00,119 that that never gets compromised 140 00:05:00,120 --> 00:05:01,289 on the USB host. 141 00:05:01,290 --> 00:05:03,989 So all of these various applications 142 00:05:03,990 --> 00:05:06,149 are enabled by having such 143 00:05:06,150 --> 00:05:08,279 a very simple concept of having a 144 00:05:08,280 --> 00:05:10,349 computer on a USB 145 00:05:10,350 --> 00:05:12,929 drive. And of course, it can also do 146 00:05:12,930 --> 00:05:14,999 the standard role of being used as an 147 00:05:15,000 --> 00:05:17,979 authentication token with UTF 148 00:05:17,980 --> 00:05:20,339 due to the Feydeau protocol, 149 00:05:20,340 --> 00:05:22,559 which was recently announced, 150 00:05:22,560 --> 00:05:24,899 the Google authentication token or any 151 00:05:24,900 --> 00:05:27,089 other token that you might think of, 152 00:05:27,090 --> 00:05:29,279 of course, and is also a 153 00:05:29,280 --> 00:05:31,919 very interesting idea, 154 00:05:31,920 --> 00:05:34,079 which now can be done with such 155 00:05:34,080 --> 00:05:36,119 hardware, which I really, really like, 156 00:05:36,120 --> 00:05:38,669 which is authenticating the host. 157 00:05:38,670 --> 00:05:40,949 So the USP device, how 158 00:05:40,950 --> 00:05:43,049 Fenty case, the machine that it 159 00:05:43,050 --> 00:05:45,659 is connected to because of course, 160 00:05:45,660 --> 00:05:47,789 being this now an active device with 161 00:05:47,790 --> 00:05:50,269 its own kernal, its own applications 162 00:05:50,270 --> 00:05:52,889 that have been executed in schedule 163 00:05:52,890 --> 00:05:54,989 as you prefer, 164 00:05:54,990 --> 00:05:56,579 this device can communicate with your 165 00:05:56,580 --> 00:05:58,829 hosts and can decide to 166 00:05:58,830 --> 00:06:00,869 assess if the host that's being connected 167 00:06:00,870 --> 00:06:02,939 to is the legitimate one or 168 00:06:02,940 --> 00:06:03,449 not. 169 00:06:03,450 --> 00:06:05,549 A very simple mechanism just to 170 00:06:05,550 --> 00:06:07,919 check the SSL fingerprint 171 00:06:07,920 --> 00:06:09,869 for DSH demon that is running on your 172 00:06:09,870 --> 00:06:12,089 laptop. And then of course you can decide 173 00:06:12,090 --> 00:06:13,469 what action to take. 174 00:06:13,470 --> 00:06:15,809 If the host is not trusted, 175 00:06:15,810 --> 00:06:17,999 the device can decide to wipe itself. 176 00:06:18,000 --> 00:06:19,949 It can decide to even break itself 177 00:06:19,950 --> 00:06:22,049 because the specific system on a chip 178 00:06:22,050 --> 00:06:24,569 has way to Fuze keys 179 00:06:24,570 --> 00:06:26,609 that if they're random, then the system 180 00:06:26,610 --> 00:06:28,589 on a ship would never be able to put any 181 00:06:28,590 --> 00:06:29,639 other code. 182 00:06:29,640 --> 00:06:31,709 So all of these possibilities are 183 00:06:31,710 --> 00:06:34,089 unthinkable with well, with standard 184 00:06:34,090 --> 00:06:35,969 USB devices, and especially this one is 185 00:06:35,970 --> 00:06:37,499 something that that I really like. 186 00:06:37,500 --> 00:06:39,629 You can even have it so that if this 187 00:06:39,630 --> 00:06:41,849 device is connected to a laptop, which 188 00:06:41,850 --> 00:06:44,999 is not yours, it will not do anything 189 00:06:45,000 --> 00:06:47,129 particularly damaging, but it 190 00:06:47,130 --> 00:06:49,199 will just present a different set 191 00:06:49,200 --> 00:06:50,339 of files. 192 00:06:50,340 --> 00:06:52,889 Why not apply it to your laptop 193 00:06:52,890 --> 00:06:54,629 and you see Mickey Mouse applying it to 194 00:06:54,630 --> 00:06:55,979 mine and I see porn. 195 00:06:55,980 --> 00:06:57,719 I don't know. You know, you can decide, 196 00:06:57,720 --> 00:07:00,539 you know, whatever you like. 197 00:07:00,540 --> 00:07:02,759 So in order to 198 00:07:02,760 --> 00:07:04,499 support his application with a few design 199 00:07:04,500 --> 00:07:06,689 goals, it needs to be compact and 200 00:07:06,690 --> 00:07:07,619 USB power. 201 00:07:07,620 --> 00:07:10,049 And when I mean USB power, I don't mean 202 00:07:10,050 --> 00:07:12,209 to have a power supply with a USB form 203 00:07:12,210 --> 00:07:14,369 factor. I mean being 204 00:07:14,370 --> 00:07:16,769 powered by a standard USB port 205 00:07:16,770 --> 00:07:19,259 on your laptop or your PC. 206 00:07:19,260 --> 00:07:21,659 It needs to have a fast CPU, 207 00:07:21,660 --> 00:07:23,609 not some very 208 00:07:24,660 --> 00:07:26,879 low single purpose microcontroller, which 209 00:07:26,880 --> 00:07:28,559 of course might do some of these use 210 00:07:28,560 --> 00:07:30,749 cases, but it would be highly 211 00:07:30,750 --> 00:07:32,849 optimized, the code in order to achieve 212 00:07:32,850 --> 00:07:34,289 your goals. We wanted something which is 213 00:07:34,290 --> 00:07:36,329 fast and a generous amount of ram. 214 00:07:36,330 --> 00:07:38,399 We want secure, but we want 215 00:07:38,400 --> 00:07:40,769 to be able to sign with our own keys 216 00:07:40,770 --> 00:07:43,019 the code that runs on the on the storage 217 00:07:43,020 --> 00:07:43,979 of this device. 218 00:07:43,980 --> 00:07:46,169 And so that he gets executed on our 219 00:07:46,170 --> 00:07:48,809 own, my personal or your personal device, 220 00:07:48,810 --> 00:07:51,209 standard connectivity over USB and 221 00:07:51,210 --> 00:07:53,129 very important. And to have a familiar 222 00:07:53,130 --> 00:07:54,719 developing an execution environment. 223 00:07:54,720 --> 00:07:56,189 So not something which is heavily 224 00:07:56,190 --> 00:07:58,169 customized, not something which is hard 225 00:07:58,170 --> 00:07:59,879 to develop, something that it's easy, 226 00:07:59,880 --> 00:08:00,839 super easy. 227 00:08:00,840 --> 00:08:02,789 And of course it needs to be open open 228 00:08:02,790 --> 00:08:04,589 software, open hardware. 229 00:08:04,590 --> 00:08:05,590 This is a. 230 00:08:06,730 --> 00:08:08,829 Security device and one of 231 00:08:08,830 --> 00:08:10,989 our goals is also to minimize supply 232 00:08:10,990 --> 00:08:13,059 chain attacks, so you need 233 00:08:13,060 --> 00:08:15,249 to be able to look at this device to 234 00:08:15,250 --> 00:08:17,499 open schematics and see exactly 235 00:08:17,500 --> 00:08:19,179 what's here. And if you want to modify 236 00:08:19,180 --> 00:08:21,339 it, you want to have the PCB layout. 237 00:08:21,340 --> 00:08:23,499 We also provide that. 238 00:08:23,500 --> 00:08:25,599 So the challenge 239 00:08:25,600 --> 00:08:27,939 is the first of many challenges in doing 240 00:08:27,940 --> 00:08:29,109 something like this was, of course, 241 00:08:29,110 --> 00:08:31,089 selecting the system on a chip and went 242 00:08:31,090 --> 00:08:32,679 for the Freescale IMX 50 free. 243 00:08:33,760 --> 00:08:36,009 Why did we choose the IMEX 53? 244 00:08:36,010 --> 00:08:38,859 It's powerful. It's an eight arm CPU 245 00:08:38,860 --> 00:08:40,689 and can be clocked between 800 megahertz 246 00:08:40,690 --> 00:08:42,459 and one point two guards. 247 00:08:42,460 --> 00:08:44,619 Almost every datasheet Emanuel is 248 00:08:44,620 --> 00:08:47,019 public. No NDA require, especially 249 00:08:47,020 --> 00:08:48,519 for security, which was very important 250 00:08:48,520 --> 00:08:49,629 for us. 251 00:08:49,630 --> 00:08:51,009 I wouldn't go as far as saying that the 252 00:08:51,010 --> 00:08:52,989 data sheets of Freescale are awesome 253 00:08:52,990 --> 00:08:54,249 because they're not. But there are less 254 00:08:54,250 --> 00:08:55,869 cropping than many other vendors, which 255 00:08:55,870 --> 00:08:57,519 is fine by me. 256 00:08:57,520 --> 00:08:59,799 He has armed treston secure about secure 257 00:08:59,800 --> 00:09:01,449 storage and secure ram on the system on a 258 00:09:01,450 --> 00:09:03,609 chip that we can leverage on this, 259 00:09:03,610 --> 00:09:05,109 a detailed power consumption guide 260 00:09:05,110 --> 00:09:07,119 available, which to us is very useful 261 00:09:07,120 --> 00:09:09,549 when we want to prototype such design 262 00:09:09,550 --> 00:09:11,499 and as xylene native support. 263 00:09:11,500 --> 00:09:13,339 This system on a chip can run Android, 264 00:09:13,340 --> 00:09:15,399 Debian, Ubuntu, FreeBSD, the the, 265 00:09:15,400 --> 00:09:16,539 the OS. 266 00:09:16,540 --> 00:09:18,129 A lot of different operating systems 267 00:09:18,130 --> 00:09:20,259 natively with no customization require, 268 00:09:20,260 --> 00:09:22,269 which of course saved us from a lot of 269 00:09:22,270 --> 00:09:24,639 effort in customizing things. 270 00:09:24,640 --> 00:09:26,859 But it also empowers you to just 271 00:09:26,860 --> 00:09:29,259 use stock Linux distributions 272 00:09:29,260 --> 00:09:30,370 on a USB device. 273 00:09:31,480 --> 00:09:33,129 And also this specific system on a chip 274 00:09:33,130 --> 00:09:34,659 is a good stock in production support 275 00:09:34,660 --> 00:09:36,219 guarantee because you don't want to 276 00:09:36,220 --> 00:09:38,379 commit to a design and then find out 277 00:09:38,380 --> 00:09:40,119 in one month that, oh, sorry, we don't 278 00:09:40,120 --> 00:09:41,949 have this chip anymore because of course 279 00:09:41,950 --> 00:09:43,809 that's going to be a nightmare. 280 00:09:43,810 --> 00:09:45,459 I'll skip over this because we didn't 281 00:09:45,460 --> 00:09:46,749 have too much time. 282 00:09:46,750 --> 00:09:48,579 One of the things that we evaluate is 283 00:09:48,580 --> 00:09:50,649 having a good trust and support into 284 00:09:50,650 --> 00:09:52,869 this CPU, which 285 00:09:52,870 --> 00:09:55,479 will allow us to separate 286 00:09:55,480 --> 00:09:57,789 the software runs on this device to 287 00:09:57,790 --> 00:09:59,919 to even have a further level of 288 00:09:59,920 --> 00:10:01,839 separation. So, of course, with this 289 00:10:01,840 --> 00:10:03,969 device, we shift the concept of live 290 00:10:03,970 --> 00:10:06,519 OS. This is not just a storage 291 00:10:06,520 --> 00:10:08,709 where you bood from, it's a completely 292 00:10:08,710 --> 00:10:10,779 independent computer that 293 00:10:10,780 --> 00:10:12,849 runs. But what we can do, we 294 00:10:12,850 --> 00:10:15,099 can segregate the code that runs on 295 00:10:15,100 --> 00:10:16,899 this device even more. 296 00:10:16,900 --> 00:10:19,299 And having the so-called normal 297 00:10:19,300 --> 00:10:22,149 and secure world that Truxtun 298 00:10:22,150 --> 00:10:25,149 supports in these two wars are completely 299 00:10:25,150 --> 00:10:27,279 separate. And the interesting thing about 300 00:10:27,280 --> 00:10:29,349 Trussoni is that not only you can 301 00:10:29,350 --> 00:10:31,599 separate something like the memory space 302 00:10:31,600 --> 00:10:33,729 and code execution segments, but also 303 00:10:33,730 --> 00:10:35,799 all the different hardware subcomponents 304 00:10:35,800 --> 00:10:37,089 which are attached to the system on a 305 00:10:37,090 --> 00:10:39,249 chip can be assigned to one of these two 306 00:10:39,250 --> 00:10:40,149 words. 307 00:10:40,150 --> 00:10:42,279 So just to give you an 308 00:10:42,280 --> 00:10:43,959 example, there's an Leidy's on this 309 00:10:43,960 --> 00:10:46,239 device and this led, if you one, 310 00:10:46,240 --> 00:10:48,729 can be assigned solely on the secure 311 00:10:48,730 --> 00:10:51,249 word, which means that whenever the LSD 312 00:10:51,250 --> 00:10:53,409 is on, you know, by 313 00:10:53,410 --> 00:10:55,839 design, by hardware enforcement, 314 00:10:55,840 --> 00:10:58,059 that at that specific time 315 00:10:58,060 --> 00:11:00,399 the secure container is 316 00:11:00,400 --> 00:11:02,469 running and not the normal one 317 00:11:02,470 --> 00:11:04,029 just by looking at an LED. 318 00:11:04,030 --> 00:11:06,309 And we thought that's a very 319 00:11:06,310 --> 00:11:08,259 cool feature. So in this way, one of the 320 00:11:08,260 --> 00:11:10,329 ideas that we have is to implement the 321 00:11:10,330 --> 00:11:11,559 encryption and the encryption for the 322 00:11:11,560 --> 00:11:13,779 micro as the car in a secure 323 00:11:13,780 --> 00:11:16,329 container, so that even if the Linux 324 00:11:16,330 --> 00:11:18,459 OS, which is of course wider attack 325 00:11:18,460 --> 00:11:20,649 surface, get compromised, 326 00:11:20,650 --> 00:11:22,209 you won't be able to extract the 327 00:11:22,210 --> 00:11:24,819 encryption keys from memory 328 00:11:24,820 --> 00:11:27,309 because that memory cannot be accessed 329 00:11:27,310 --> 00:11:29,379 either by direct addressing 330 00:11:29,380 --> 00:11:31,539 or also by doing DMAs 331 00:11:31,540 --> 00:11:33,159 with the other components on the system 332 00:11:33,160 --> 00:11:35,169 on a chip, because every single component 333 00:11:35,170 --> 00:11:38,559 is trussoni aware. 334 00:11:38,560 --> 00:11:40,479 So this is a development timeline that we 335 00:11:40,480 --> 00:11:42,189 did. We had a concept idea in January 336 00:11:42,190 --> 00:11:43,689 based on a completely different system on 337 00:11:43,690 --> 00:11:46,329 a chips. In March, we began development. 338 00:11:46,330 --> 00:11:48,549 We did a breakout board in August. 339 00:11:48,550 --> 00:11:49,719 We order an Alpha board. 340 00:11:49,720 --> 00:11:51,909 The Alpha Board worked right away. 341 00:11:51,910 --> 00:11:54,849 We announced the project in October. 342 00:11:54,850 --> 00:11:56,859 In November, we made an order for beta 343 00:11:56,860 --> 00:11:59,049 boards. The beta boards arrived and from 344 00:11:59,050 --> 00:12:01,299 there we finalized the design for 345 00:12:01,300 --> 00:12:03,609 the Mark One completely open source, 346 00:12:03,610 --> 00:12:04,449 open hardware. 347 00:12:04,450 --> 00:12:06,519 It is crowdfunding right now 348 00:12:06,520 --> 00:12:08,589 on Crout supply and we're seventy 349 00:12:08,590 --> 00:12:09,619 two percent of our goal. 350 00:12:09,620 --> 00:12:11,469 So I'm pretty sure that we can make this 351 00:12:11,470 --> 00:12:12,969 happen. But of course, if you're 352 00:12:12,970 --> 00:12:15,369 interested into this, please check that. 353 00:12:15,370 --> 00:12:18,009 So it is USB horsepower, 354 00:12:18,010 --> 00:12:20,109 very small. He has a micro the card 355 00:12:20,110 --> 00:12:21,969 slot. So all of the codes and the 356 00:12:21,970 --> 00:12:24,069 bootloader, they from the micro, the 357 00:12:24,070 --> 00:12:25,329 card. 358 00:12:25,330 --> 00:12:27,489 There's a five pin breakout header for 359 00:12:27,490 --> 00:12:29,709 Gio's S.P.I Square Sea 360 00:12:29,710 --> 00:12:32,169 and cereal, which you can use 361 00:12:32,170 --> 00:12:34,299 does the lid, which can be used for 362 00:12:34,300 --> 00:12:35,409 secure remote detection. 363 00:12:35,410 --> 00:12:37,959 We test the already Ubuntu and Debian 364 00:12:37,960 --> 00:12:40,029 and Android and otherwise running on 365 00:12:40,030 --> 00:12:42,279 it without any issues whatsoever. 366 00:12:42,280 --> 00:12:43,779 And we also tested that we can emulate 367 00:12:43,780 --> 00:12:46,359 Ethernet, my storage input devices, 368 00:12:46,360 --> 00:12:48,190 pretty much everything so. 369 00:12:49,600 --> 00:12:51,789 Of course, so far I only 370 00:12:51,790 --> 00:12:54,099 mentioned device mode, and while 371 00:12:54,100 --> 00:12:55,990 developing the device, we 372 00:12:57,190 --> 00:12:59,079 I would say we were a little dumb because 373 00:12:59,080 --> 00:13:01,269 we drove the ID from the USB on 374 00:13:01,270 --> 00:13:03,369 the go to ground and we thought, you 375 00:13:03,370 --> 00:13:05,169 know, we can never change the role of 376 00:13:05,170 --> 00:13:07,329 that device. But it turns out that we can 377 00:13:07,330 --> 00:13:09,429 also put the device in host mode. 378 00:13:09,430 --> 00:13:11,649 So by putting the device in host mode, 379 00:13:11,650 --> 00:13:13,059 it means that if you have a female to 380 00:13:13,060 --> 00:13:15,279 female adapter, which here 381 00:13:15,280 --> 00:13:16,869 it's implemented with a Bridport, you 382 00:13:16,870 --> 00:13:18,999 just like a keyboard, a mouse, a USB 383 00:13:19,000 --> 00:13:21,129 port, a screen and USB WiFi adapter. 384 00:13:21,130 --> 00:13:22,689 And you can use this in completely 385 00:13:22,690 --> 00:13:25,059 standalone mode just by a software 386 00:13:25,060 --> 00:13:26,919 configuration, and then you can decide to 387 00:13:26,920 --> 00:13:28,989 pull it off, putting it device 388 00:13:28,990 --> 00:13:30,549 and attach it to your laptop, which I 389 00:13:30,550 --> 00:13:32,739 think it's a very nice 390 00:13:32,740 --> 00:13:34,809 way of inverting its 391 00:13:34,810 --> 00:13:36,969 use. So for the super paranoid in 392 00:13:36,970 --> 00:13:40,449 this way, it's completely standalone. 393 00:13:40,450 --> 00:13:42,129 And this is a custom adapter that we're 394 00:13:42,130 --> 00:13:42,489 making. 395 00:13:42,490 --> 00:13:44,889 Of course, all of you hardware nerds 396 00:13:44,890 --> 00:13:46,809 and geeks can make this very easily on a 397 00:13:46,810 --> 00:13:47,829 breadboard or whatever. 398 00:13:47,830 --> 00:13:49,239 It's super easy, but you seem to be 399 00:13:49,240 --> 00:13:51,009 female to female and then a micrographs 400 00:13:51,010 --> 00:13:52,089 before power. 401 00:13:52,090 --> 00:13:54,399 So we just the power 402 00:13:54,400 --> 00:13:56,859 USB hub and this adapter, 403 00:13:56,860 --> 00:13:58,719 you can use the device, whatever 404 00:13:58,720 --> 00:14:00,819 peripherals you want 405 00:14:00,820 --> 00:14:01,929 in host mode. 406 00:14:03,720 --> 00:14:05,639 So what were the challenges in making 407 00:14:05,640 --> 00:14:08,189 this device? Of course, we have BGA 408 00:14:08,190 --> 00:14:09,719 chips for the system on a chip in the 409 00:14:09,720 --> 00:14:11,819 memory and it's also a very 410 00:14:11,820 --> 00:14:13,469 tiny form factor, which means that it was 411 00:14:13,470 --> 00:14:15,539 no way, at least we were incapable 412 00:14:15,540 --> 00:14:17,489 of doing. Maybe some of you are much 413 00:14:17,490 --> 00:14:19,589 better than us to to prototype this 414 00:14:19,590 --> 00:14:22,199 by hand, to just order to PCBs 415 00:14:22,200 --> 00:14:24,449 and sold our everything on our own, our 416 00:14:24,450 --> 00:14:26,969 own. So the process was we make a design, 417 00:14:26,970 --> 00:14:29,159 we make the order for to 10 418 00:14:29,160 --> 00:14:31,559 devices, very expensive one 419 00:14:31,560 --> 00:14:34,679 because it's high specification KPCB 420 00:14:34,680 --> 00:14:36,959 and then we hope for 421 00:14:36,960 --> 00:14:39,119 the best and the other 422 00:14:39,120 --> 00:14:40,439 challenge. So and then the first thing 423 00:14:40,440 --> 00:14:42,059 that we wanted to do was like, let's try 424 00:14:42,060 --> 00:14:44,519 to be smart, let's try to avoid this 425 00:14:44,520 --> 00:14:47,129 and let's do a BGA prototyping 426 00:14:47,130 --> 00:14:49,439 board. And our idea was 427 00:14:49,440 --> 00:14:51,179 we make a really expensive board and it 428 00:14:51,180 --> 00:14:52,829 would buy a really expensive socket 429 00:14:52,830 --> 00:14:54,989 adapter which is there, which allows us 430 00:14:54,990 --> 00:14:56,879 to plumb the system on a chip without 431 00:14:56,880 --> 00:14:59,029 actually shouldering anything at all. 432 00:14:59,030 --> 00:15:01,679 It's about a seven hundred euro adapter. 433 00:15:01,680 --> 00:15:03,869 And maybe this way we can power it 434 00:15:03,870 --> 00:15:06,029 up and test pretty much everything 435 00:15:06,030 --> 00:15:08,459 except the memory and tests 436 00:15:08,460 --> 00:15:10,499 all of the possible routing and 437 00:15:10,500 --> 00:15:12,689 configuration without, you 438 00:15:12,690 --> 00:15:15,449 know, wasting a lot of money with PCBs. 439 00:15:15,450 --> 00:15:17,549 So and this is the power of boards 440 00:15:17,550 --> 00:15:19,349 that we tried to make. 441 00:15:19,350 --> 00:15:21,509 But Darth Vader there, which 442 00:15:21,510 --> 00:15:23,789 is me, killed the admiral, 443 00:15:23,790 --> 00:15:25,889 which is my colleague, because it was 444 00:15:25,890 --> 00:15:27,689 something like you failed me for the last 445 00:15:27,690 --> 00:15:29,999 time because after making 446 00:15:30,000 --> 00:15:32,399 ten of these, we never managed 447 00:15:32,400 --> 00:15:35,399 to make them work, because the tolerances 448 00:15:35,400 --> 00:15:37,649 for distances between Doctorow's 449 00:15:37,650 --> 00:15:40,109 and capacitors and the and the power 450 00:15:40,110 --> 00:15:42,329 control unit are so high 451 00:15:42,330 --> 00:15:44,549 that by doing this by hand, as 452 00:15:44,550 --> 00:15:46,199 you know, as much as careful as you can 453 00:15:46,200 --> 00:15:48,299 be, you out of seven 454 00:15:48,300 --> 00:15:50,189 voltage lines, one of them will not be 455 00:15:50,190 --> 00:15:52,349 stable enough. So this was definitely 456 00:15:52,350 --> 00:15:54,659 not the right way of doing things. 457 00:15:54,660 --> 00:15:56,669 So this may turn out to be like the Super 458 00:15:56,670 --> 00:15:58,799 Star Destroyer, a giant thing 459 00:15:58,800 --> 00:16:00,179 which cost a lot of Omonia. 460 00:16:00,180 --> 00:16:01,859 It's low. At the end of the day, it's 461 00:16:01,860 --> 00:16:04,109 useless. So don't 462 00:16:04,110 --> 00:16:06,359 do this. If you're making hardware, 463 00:16:06,360 --> 00:16:08,609 go for the proper 464 00:16:08,610 --> 00:16:10,769 design right away, because 465 00:16:10,770 --> 00:16:13,109 if you're lucky like we were, 466 00:16:13,110 --> 00:16:15,299 it will work the first try and you can 467 00:16:15,300 --> 00:16:16,499 save a lot of time. 468 00:16:16,500 --> 00:16:18,419 So when you have switch in power like 469 00:16:18,420 --> 00:16:19,769 this, you don't. 470 00:16:19,770 --> 00:16:22,439 At least in our case, it was a completely 471 00:16:22,440 --> 00:16:25,019 pointless exercise to try and be a smart 472 00:16:25,020 --> 00:16:26,039 second challenge. 473 00:16:26,040 --> 00:16:28,379 We use keycard to do everything, 474 00:16:28,380 --> 00:16:29,519 which is a nightmare. 475 00:16:29,520 --> 00:16:31,289 I mean, it's open source and we wanted to 476 00:16:31,290 --> 00:16:33,119 use it because then you can open up the 477 00:16:33,120 --> 00:16:35,009 design and modify it. 478 00:16:35,010 --> 00:16:37,139 But routing Roundwood would keycard 479 00:16:37,140 --> 00:16:39,749 is, you know, I would really rather 480 00:16:39,750 --> 00:16:41,039 be in a different life. 481 00:16:41,040 --> 00:16:42,809 It took me two weeks to route their there 482 00:16:42,810 --> 00:16:45,149 between the SOC and the memory 483 00:16:45,150 --> 00:16:47,819 module. So that was a real, real 484 00:16:47,820 --> 00:16:50,159 pain. But we made it work 485 00:16:50,160 --> 00:16:51,179 so it can be done. 486 00:16:51,180 --> 00:16:53,249 And I think it's pretty amazing that you 487 00:16:53,250 --> 00:16:56,009 can do it completely with open source 488 00:16:56,010 --> 00:16:57,059 tools. 489 00:16:57,060 --> 00:16:59,159 The reason why I'm routing is 490 00:16:59,160 --> 00:17:01,289 tricky is because all of those lines 491 00:17:01,290 --> 00:17:03,579 need to be exactly of the same length 492 00:17:03,580 --> 00:17:06,088 if you really want to be super 493 00:17:06,089 --> 00:17:07,709 paranoid about it. 494 00:17:07,710 --> 00:17:10,139 And when your PCB costs a lot 495 00:17:10,140 --> 00:17:12,449 and you don't want to waste money, 496 00:17:12,450 --> 00:17:14,159 you want to make sure that they are the 497 00:17:14,160 --> 00:17:15,149 same length. 498 00:17:15,150 --> 00:17:17,129 And Kikka doesn't help you in doing that 499 00:17:17,130 --> 00:17:18,130 at all. 500 00:17:19,680 --> 00:17:21,568 So then you go from the schematics. 501 00:17:21,569 --> 00:17:23,029 But Kickett is very good in giving you 502 00:17:23,030 --> 00:17:24,419 Afridi's representation, by the way, of 503 00:17:24,420 --> 00:17:25,889 the board, which is not that useful. 504 00:17:25,890 --> 00:17:27,599 But, you know, at least it looks nice. 505 00:17:34,590 --> 00:17:36,329 So we see our Afridi's thing, we get 506 00:17:36,330 --> 00:17:37,979 hyped and then we make the order and we 507 00:17:37,980 --> 00:17:40,379 get the Alpha Board and the Alpha Board, 508 00:17:40,380 --> 00:17:42,269 you see the admiral, it's a different one 509 00:17:42,270 --> 00:17:44,369 than the one before because that one 510 00:17:44,370 --> 00:17:45,479 died. 511 00:17:45,480 --> 00:17:46,739 But they all look the same anyway. 512 00:17:46,740 --> 00:17:48,929 So that admiral is alive 513 00:17:48,930 --> 00:17:50,849 and standing because the Alpha Board 514 00:17:50,850 --> 00:17:53,279 worked at the first try again, 515 00:17:53,280 --> 00:17:55,079 I wasn't really inspire you to make 516 00:17:55,080 --> 00:17:57,179 hardware. And even if it seems like 517 00:17:57,180 --> 00:17:59,309 a very daunting task for 518 00:17:59,310 --> 00:18:01,049 certain designs, this is one of the most 519 00:18:01,050 --> 00:18:04,019 difficult things I could think of making. 520 00:18:04,020 --> 00:18:06,149 You know, chances are that you will 521 00:18:06,150 --> 00:18:07,529 be successful. So I really want to 522 00:18:07,530 --> 00:18:09,299 inspire you into doing hardware. 523 00:18:09,300 --> 00:18:11,069 So the Alpha Board was a little larger 524 00:18:11,070 --> 00:18:12,569 because we wanted to have a data 525 00:18:12,570 --> 00:18:14,729 connection in all possible test points 526 00:18:14,730 --> 00:18:17,369 to figure out what was wrong in case 527 00:18:17,370 --> 00:18:18,869 things went wrong, because it could be 528 00:18:18,870 --> 00:18:21,869 really, really difficult to debug 529 00:18:21,870 --> 00:18:24,059 issues, especially when the board 530 00:18:24,060 --> 00:18:26,309 doesn't you know, it doesn't power 531 00:18:26,310 --> 00:18:27,310 up. 532 00:18:27,930 --> 00:18:30,149 And, you know, and also you have to work 533 00:18:30,150 --> 00:18:32,309 with the manufacturer a lot because doing 534 00:18:32,310 --> 00:18:34,529 a design on keycard and, 535 00:18:34,530 --> 00:18:36,779 you know, even if your design rules pass, 536 00:18:36,780 --> 00:18:37,889 it doesn't really mean that you can 537 00:18:37,890 --> 00:18:40,019 manufacture that board reliably 538 00:18:40,020 --> 00:18:41,459 or on a larger scale. 539 00:18:41,460 --> 00:18:42,869 So it was really important to work with 540 00:18:42,870 --> 00:18:44,819 the manufacturer to understand what were 541 00:18:44,820 --> 00:18:47,069 the tolerances of the pick and place 542 00:18:47,070 --> 00:18:49,439 machine, the solidary mechanism, 543 00:18:49,440 --> 00:18:51,419 you know, to to understand what were the 544 00:18:51,420 --> 00:18:53,549 various tolerances and see 545 00:18:53,550 --> 00:18:55,139 if the board could have been produced 546 00:18:55,140 --> 00:18:56,879 also. Because when you make something of 547 00:18:56,880 --> 00:18:58,979 this size, you're going to violate 548 00:18:58,980 --> 00:19:00,779 pretty much every single recommendation 549 00:19:00,780 --> 00:19:02,999 that you find in pretty much every single 550 00:19:03,000 --> 00:19:04,989 datasheet for every single component. 551 00:19:04,990 --> 00:19:06,539 It will tell you why you should do this. 552 00:19:06,540 --> 00:19:08,459 And then you're like, oh, you ask me to 553 00:19:08,460 --> 00:19:11,339 have like a soccer field like miles 554 00:19:11,340 --> 00:19:13,379 of Trace's around the memory about I can 555 00:19:13,380 --> 00:19:14,339 only go that way. 556 00:19:14,340 --> 00:19:16,229 So you will you know, you will forget all 557 00:19:16,230 --> 00:19:18,359 of that and you would just go for it. 558 00:19:18,360 --> 00:19:20,279 But it works. You know, we had JATO, 559 00:19:20,280 --> 00:19:21,929 which was useless, but it makes a very 560 00:19:21,930 --> 00:19:24,329 nice picture because that also works 561 00:19:24,330 --> 00:19:26,429 and you can connect to it over 562 00:19:26,430 --> 00:19:28,499 a port with a bus. Pirate power 563 00:19:28,500 --> 00:19:29,819 consumption was great. 564 00:19:29,820 --> 00:19:31,949 It was we can turn on the LSD, which we 565 00:19:31,950 --> 00:19:34,319 added later, by the way. 566 00:19:34,320 --> 00:19:36,419 And the same power of a Pentium 567 00:19:36,420 --> 00:19:38,549 two is squeezed 568 00:19:38,550 --> 00:19:41,219 right there, which I think 569 00:19:41,220 --> 00:19:42,779 and he sold them with open source tools. 570 00:19:42,780 --> 00:19:44,249 I think this is amazing. 571 00:19:44,250 --> 00:19:45,569 And anybody can do this. 572 00:19:53,380 --> 00:19:55,089 Then we got the beta board, so beta 573 00:19:55,090 --> 00:19:57,309 blockers, we order a six revisions 574 00:19:57,310 --> 00:19:59,439 to actually one, two, three, seven 575 00:19:59,440 --> 00:20:01,459 revisions to lower down the price. 576 00:20:01,460 --> 00:20:02,829 So we tried different things. 577 00:20:02,830 --> 00:20:04,629 We tried to move from eight layers to six 578 00:20:04,630 --> 00:20:07,089 layers. We ignored 579 00:20:07,090 --> 00:20:10,089 a few recommendations about how to power 580 00:20:10,090 --> 00:20:11,049 up. 581 00:20:11,050 --> 00:20:12,429 We remove a certain components. 582 00:20:12,430 --> 00:20:14,499 We tried not to power the USB host, 583 00:20:14,500 --> 00:20:16,599 which at the end we didn't do, which is a 584 00:20:16,600 --> 00:20:18,519 good thing because now we also have host 585 00:20:18,520 --> 00:20:20,979 mode. So we went from alpha 586 00:20:20,980 --> 00:20:23,289 to beta to mark 587 00:20:23,290 --> 00:20:25,329 one, which is the final design. 588 00:20:25,330 --> 00:20:27,279 And the betas, as you can see, were 589 00:20:27,280 --> 00:20:28,389 different iterations. 590 00:20:28,390 --> 00:20:30,339 So that was one order with multiple 591 00:20:30,340 --> 00:20:31,749 designs. They all worked. 592 00:20:31,750 --> 00:20:33,999 But from there we picked one. 593 00:20:34,000 --> 00:20:35,589 We picked the one that was cheaper and 594 00:20:35,590 --> 00:20:37,389 that was most effective. 595 00:20:37,390 --> 00:20:38,469 Lessons learned. 596 00:20:38,470 --> 00:20:41,139 No. One, there were some tiny inductors 597 00:20:41,140 --> 00:20:42,819 which were extremely fragile. 598 00:20:42,820 --> 00:20:44,979 And when I say fragile, I mean that 599 00:20:44,980 --> 00:20:47,529 after one week they were just coming off 600 00:20:47,530 --> 00:20:49,479 and not because the soldiering wasn't 601 00:20:49,480 --> 00:20:51,459 done correctly, that you will never break 602 00:20:51,460 --> 00:20:52,839 unless you do it intentionally, but 603 00:20:52,840 --> 00:20:54,939 because the component itself 604 00:20:54,940 --> 00:20:57,009 wasn't meant even to be to 605 00:20:57,010 --> 00:20:59,319 take the shock of being 606 00:20:59,320 --> 00:21:01,989 placed on a table like that 607 00:21:01,990 --> 00:21:04,239 twice a day for a week that were coming 608 00:21:04,240 --> 00:21:06,759 off the importance of testing, 609 00:21:06,760 --> 00:21:07,959 test, test, test. 610 00:21:07,960 --> 00:21:09,459 You don't want to make a thousand boards 611 00:21:09,460 --> 00:21:10,599 that have this problem. 612 00:21:10,600 --> 00:21:12,519 So one of the first thing that we did, we 613 00:21:12,520 --> 00:21:14,439 changed in doctors were new ones which 614 00:21:14,440 --> 00:21:16,239 have which have a very nice shape, which 615 00:21:16,240 --> 00:21:18,159 looks like Battlestar Galactica notepad. 616 00:21:18,160 --> 00:21:19,300 So I'm really proud of them. 617 00:21:21,010 --> 00:21:22,869 When you do hardware, you will get super 618 00:21:22,870 --> 00:21:24,279 hyped about these things. 619 00:21:24,280 --> 00:21:26,349 You're like, oh, I'm reading A about E 620 00:21:26,350 --> 00:21:27,579 these 50 pages long. 621 00:21:27,580 --> 00:21:28,869 It's awesome. Just for one. 622 00:21:28,870 --> 00:21:30,609 Tiny components is don't do it. 623 00:21:30,610 --> 00:21:31,839 You get crazy. 624 00:21:31,840 --> 00:21:34,929 Second, very evil problem, 625 00:21:34,930 --> 00:21:35,829 gold plating. 626 00:21:35,830 --> 00:21:37,959 We need gold plating for the USB 627 00:21:37,960 --> 00:21:40,209 connection because otherwise after 50 628 00:21:40,210 --> 00:21:42,249 uses it will just not work anymore. 629 00:21:43,750 --> 00:21:45,579 The way you do gold plating. 630 00:21:45,580 --> 00:21:46,929 We don't do what gold plating. 631 00:21:46,930 --> 00:21:48,429 We're just going to manufacture, do gold 632 00:21:48,430 --> 00:21:50,229 plating on those pads and then we'll do 633 00:21:50,230 --> 00:21:52,479 it. And the way they do it, in 634 00:21:52,480 --> 00:21:55,299 this case, in the beta version, they 635 00:21:55,300 --> 00:21:57,759 they need some contact 636 00:21:57,760 --> 00:21:59,589 points to place the deposit. 637 00:21:59,590 --> 00:22:01,629 And what they did, they did for traces 638 00:22:01,630 --> 00:22:03,609 that you can see there that we're going 639 00:22:03,610 --> 00:22:05,709 outwards over the edge of the 640 00:22:05,710 --> 00:22:06,759 board. 641 00:22:06,760 --> 00:22:07,929 So what happened there? 642 00:22:07,930 --> 00:22:09,249 We blocked the board. 643 00:22:09,250 --> 00:22:11,499 We see that we have a five seconds 644 00:22:11,500 --> 00:22:14,319 of delay and then the boot starts 645 00:22:14,320 --> 00:22:15,579 every single time. 646 00:22:15,580 --> 00:22:17,679 And we're like, we're d five 647 00:22:17,680 --> 00:22:18,849 seconds coming from. 648 00:22:20,260 --> 00:22:21,729 So what are you going to do? 649 00:22:21,730 --> 00:22:23,709 You search into every datasheet and you 650 00:22:23,710 --> 00:22:25,929 search with your PDF reader five 651 00:22:25,930 --> 00:22:28,029 seconds and you find 652 00:22:28,030 --> 00:22:30,429 that five seconds is the way time 653 00:22:30,430 --> 00:22:33,339 that the voltage regulator uses 654 00:22:33,340 --> 00:22:36,549 for under voltage detection. 655 00:22:36,550 --> 00:22:38,409 And then we're like, so why do we have an 656 00:22:38,410 --> 00:22:39,729 under voltage on connection? 657 00:22:39,730 --> 00:22:41,829 Because by cutting 658 00:22:41,830 --> 00:22:44,139 the board we have four little 659 00:22:44,140 --> 00:22:46,239 conductive dots that make 660 00:22:46,240 --> 00:22:48,459 contact with the USB plug the no 661 00:22:48,460 --> 00:22:50,439 contact and then contact again. 662 00:22:50,440 --> 00:22:52,839 And that causes the voltage 663 00:22:52,840 --> 00:22:54,889 connection. We didn't design those 664 00:22:54,890 --> 00:22:57,129 traces. The manufacturer did. 665 00:22:57,130 --> 00:22:59,229 And we spent three days banging our 666 00:22:59,230 --> 00:23:01,329 heads trying to debug this problem. 667 00:23:01,330 --> 00:23:03,489 So that was very evil. 668 00:23:03,490 --> 00:23:05,199 And on the right side, you see a better 669 00:23:05,200 --> 00:23:07,329 way of doing gold plating with the four 670 00:23:07,330 --> 00:23:09,879 little pads on 671 00:23:09,880 --> 00:23:12,399 the crisis. So that was lesson 672 00:23:12,400 --> 00:23:14,499 number two, even things 673 00:23:14,500 --> 00:23:16,569 that should be trivial options that you 674 00:23:16,570 --> 00:23:17,769 just click. Oh, yeah, sure do. 675 00:23:17,770 --> 00:23:21,009 Gold plating, they might result in 676 00:23:21,010 --> 00:23:22,529 bugs. 677 00:23:22,530 --> 00:23:24,839 So this is the final 678 00:23:24,840 --> 00:23:26,999 design we moved on the back 679 00:23:27,000 --> 00:23:29,069 for people that still want to use 680 00:23:29,070 --> 00:23:31,439 it by shouldering those pads, Shater 681 00:23:31,440 --> 00:23:33,059 can be disabled, of course, and when you 682 00:23:33,060 --> 00:23:35,159 are in secure trust mode, 683 00:23:35,160 --> 00:23:36,759 of course, you are not be able to use it. 684 00:23:36,760 --> 00:23:38,489 So don't worry about that. 685 00:23:38,490 --> 00:23:40,589 And we see the the 686 00:23:40,590 --> 00:23:42,419 butter on the left side. 687 00:23:42,420 --> 00:23:44,819 And I have exactly six minutes 688 00:23:44,820 --> 00:23:46,289 for question. If for interest in this 689 00:23:46,290 --> 00:23:48,299 project, please go on the crowdfunding 690 00:23:48,300 --> 00:23:49,499 page. Thank you very much. 691 00:23:52,670 --> 00:23:53,750 And actually. 692 00:23:56,850 --> 00:23:58,949 I I totally forgot I have 693 00:23:58,950 --> 00:24:01,439 one attached to my laptop 694 00:24:01,440 --> 00:24:03,719 and I can just as I say 695 00:24:03,720 --> 00:24:04,469 to it. 696 00:24:04,470 --> 00:24:07,139 So this year this is my USB drive 697 00:24:07,140 --> 00:24:08,140 running Linux. 698 00:24:13,070 --> 00:24:16,009 And this year, this is the Electrum 699 00:24:16,010 --> 00:24:18,109 Bitcoin wallet running 700 00:24:18,110 --> 00:24:20,389 on the USB drive and being exported 701 00:24:20,390 --> 00:24:22,789 over X to my Windows machine. 702 00:24:22,790 --> 00:24:24,679 So all of the keys are to drive. 703 00:24:24,680 --> 00:24:27,439 This application took 30 seconds to test. 704 00:24:27,440 --> 00:24:28,969 As soon as we to the device, we're like, 705 00:24:28,970 --> 00:24:30,769 let's do that so you can see the 706 00:24:30,770 --> 00:24:32,719 potentiality of this platform. 707 00:24:32,720 --> 00:24:33,079 Thank you. 708 00:24:33,080 --> 00:24:35,569 Questions question 709 00:24:35,570 --> 00:24:37,549 from microphone for please. 710 00:24:37,550 --> 00:24:39,589 First of all, thanks for making such a 711 00:24:39,590 --> 00:24:41,749 great thing. And second of all, I'd like 712 00:24:41,750 --> 00:24:44,209 to ask if you have already an alpha 713 00:24:44,210 --> 00:24:46,519 beta software for authenticated, but 714 00:24:47,810 --> 00:24:48,649 for authenticated. 715 00:24:48,650 --> 00:24:49,699 But yes. 716 00:24:49,700 --> 00:24:52,159 OK, so the secure vote, 717 00:24:52,160 --> 00:24:53,869 there is an application note by 718 00:24:53,870 --> 00:24:56,809 Freescale, which we're going to convert 719 00:24:56,810 --> 00:24:58,849 into open source scripts where you can 720 00:24:58,850 --> 00:25:00,049 just use them so secure. 721 00:25:00,050 --> 00:25:00,949 What is there? 722 00:25:00,950 --> 00:25:03,109 It's not something that we implement, but 723 00:25:03,110 --> 00:25:05,029 we're going to make it easier for you in 724 00:25:05,030 --> 00:25:06,619 order to use it. 725 00:25:06,620 --> 00:25:08,989 So and that should happen before 726 00:25:08,990 --> 00:25:10,489 before March. Now we want to push the 727 00:25:10,490 --> 00:25:11,569 hardware out, but then we're going to 728 00:25:11,570 --> 00:25:12,749 make that awesome. 729 00:25:12,750 --> 00:25:13,750 Thanks. 730 00:25:14,350 --> 00:25:16,059 Microphone number two, please. 731 00:25:16,060 --> 00:25:18,189 Yeah, thanks, a great project 732 00:25:18,190 --> 00:25:20,739 and there is 733 00:25:20,740 --> 00:25:22,929 an e-card with wi fi on it 734 00:25:22,930 --> 00:25:25,239 and a full Linux 735 00:25:25,240 --> 00:25:27,339 system on it, and it's kind of 736 00:25:27,340 --> 00:25:28,340 open source. 737 00:25:28,810 --> 00:25:31,689 Did you take a look at this and 738 00:25:31,690 --> 00:25:33,769 what what's the name of it? 739 00:25:33,770 --> 00:25:36,429 Um, it was wi fi 740 00:25:36,430 --> 00:25:38,619 or something from Sanders, if 741 00:25:38,620 --> 00:25:40,569 I remember. Correct. But the two versions 742 00:25:40,570 --> 00:25:42,699 of it and you can run your own 743 00:25:42,700 --> 00:25:43,269 code on it. 744 00:25:43,270 --> 00:25:45,129 You don't have the nice debugging 745 00:25:45,130 --> 00:25:48,559 features, but you can 746 00:25:48,560 --> 00:25:50,649 it's for showing 747 00:25:50,650 --> 00:25:52,839 over Wi-Fi, for photographs 748 00:25:52,840 --> 00:25:55,209 of photographs, and 749 00:25:55,210 --> 00:25:57,549 you can manipulate 750 00:25:57,550 --> 00:25:58,690 the photos as well, 751 00:26:00,160 --> 00:26:01,539 but it has less features. 752 00:26:01,540 --> 00:26:02,199 So this is great. 753 00:26:02,200 --> 00:26:04,179 But if you take a look at it before you 754 00:26:04,180 --> 00:26:06,069 did this, so before we had the idea, of 755 00:26:06,070 --> 00:26:07,359 course, we looked at everything that was 756 00:26:07,360 --> 00:26:09,039 out there and it was nothing that fit all 757 00:26:09,040 --> 00:26:10,599 the features and nothing that was open 758 00:26:10,600 --> 00:26:12,429 source like this. And also, you should be 759 00:26:12,430 --> 00:26:14,049 very careful because some of them, they 760 00:26:14,050 --> 00:26:16,419 will draw more than 500 million 761 00:26:16,420 --> 00:26:19,149 in order to use the wi fi nd HDMI 762 00:26:19,150 --> 00:26:20,199 and the CPU. 763 00:26:20,200 --> 00:26:21,999 So one thing is having a power adapter, 764 00:26:22,000 --> 00:26:23,829 which is a microcosm form factor, one 765 00:26:23,830 --> 00:26:26,469 thing is buying power from the USB host 766 00:26:26,470 --> 00:26:27,609 completely. 767 00:26:27,610 --> 00:26:29,889 OK, so that's a key difference. 768 00:26:29,890 --> 00:26:32,199 So none of these qualities 769 00:26:32,200 --> 00:26:34,389 were existing when we started this 770 00:26:34,390 --> 00:26:37,239 project and I don't think they exist now 771 00:26:37,240 --> 00:26:39,609 still. So this, in my 772 00:26:39,610 --> 00:26:41,769 opinion, is unique. 773 00:26:41,770 --> 00:26:43,569 OK, yes. Thank you. 774 00:26:43,570 --> 00:26:46,039 Microphone number five, please. 775 00:26:46,040 --> 00:26:47,040 Hey, 776 00:26:48,130 --> 00:26:50,199 do you have experienced any 777 00:26:50,200 --> 00:26:52,089 heat problems? 778 00:26:52,090 --> 00:26:54,400 And the second question is, 779 00:26:55,690 --> 00:26:58,299 could you imagine to put a robust 780 00:26:58,300 --> 00:27:00,929 casing around it so that 781 00:27:00,930 --> 00:27:03,639 so we're working attached to a key ring 782 00:27:03,640 --> 00:27:06,399 and be carried around every day. 783 00:27:06,400 --> 00:27:08,469 So we're working on a case right now 784 00:27:08,470 --> 00:27:10,659 and we hope for a case option to be 785 00:27:10,660 --> 00:27:13,329 available on crowd supply 786 00:27:13,330 --> 00:27:14,859 before the end of January. 787 00:27:14,860 --> 00:27:16,299 So we're definitely thinking of that. 788 00:27:16,300 --> 00:27:17,529 But it's also open source. 789 00:27:17,530 --> 00:27:19,809 So if anybody has capabilities for making 790 00:27:19,810 --> 00:27:20,979 a case, you can do it. 791 00:27:20,980 --> 00:27:22,869 Regarding the heat, we tested it. 792 00:27:22,870 --> 00:27:25,239 Of course, if you're using CPU 793 00:27:25,240 --> 00:27:26,619 one hundred percent, the memory and your 794 00:27:26,620 --> 00:27:28,689 percent, it gets toasty, but 795 00:27:28,690 --> 00:27:30,699 it won't damage the board. 796 00:27:30,700 --> 00:27:33,039 Any one damage you unless 797 00:27:33,040 --> 00:27:34,629 you're extremely stupid. 798 00:27:34,630 --> 00:27:36,879 So it gets hot as any 799 00:27:36,880 --> 00:27:39,339 naked board and any stock. 800 00:27:39,340 --> 00:27:41,469 But there's not a problem at all 801 00:27:41,470 --> 00:27:42,669 about about that. 802 00:27:42,670 --> 00:27:43,670 And we tested that. 803 00:27:44,510 --> 00:27:46,339 Microphone number one, please. 804 00:27:46,340 --> 00:27:48,349 I thank you for the great work. 805 00:27:48,350 --> 00:27:50,539 My question is about you told 806 00:27:50,540 --> 00:27:53,039 us that this all open source and 807 00:27:53,040 --> 00:27:55,309 now as far as I know, the trust 808 00:27:55,310 --> 00:27:57,349 zone with ARM, you need to sign with them 809 00:27:57,350 --> 00:27:58,339 an NDA. 810 00:27:58,340 --> 00:27:59,839 No, that's not correct. 811 00:27:59,840 --> 00:28:02,449 Every reference guide 812 00:28:02,450 --> 00:28:04,579 and usage guide for Tristen is 813 00:28:04,580 --> 00:28:07,429 public and can be used publicly. 814 00:28:07,430 --> 00:28:10,249 Actually, the support for Drosten, 815 00:28:10,250 --> 00:28:11,549 there are two different aspects. 816 00:28:11,550 --> 00:28:13,909 There's what AMA gives you an instruction 817 00:28:13,910 --> 00:28:16,069 set which you will find in the arm. 818 00:28:16,070 --> 00:28:17,449 Assembly instructions said were, of 819 00:28:17,450 --> 00:28:18,919 course, no ideas are required. 820 00:28:18,920 --> 00:28:20,449 And then there's the hardware support, 821 00:28:20,450 --> 00:28:21,799 which is vendor dependent. 822 00:28:21,800 --> 00:28:23,479 The hardware support, which is vendor 823 00:28:23,480 --> 00:28:25,549 dependent, is only partially under 824 00:28:25,550 --> 00:28:27,649 NDA, but all of it 825 00:28:27,650 --> 00:28:29,929 is published within the Genard OS 826 00:28:29,930 --> 00:28:31,009 source code. 827 00:28:31,010 --> 00:28:32,809 So all the information that you need to 828 00:28:32,810 --> 00:28:34,399 use Drosten is open. 829 00:28:34,400 --> 00:28:35,539 OK, great. Thank you. 830 00:28:35,540 --> 00:28:37,099 Thank you. Microphone number three, 831 00:28:37,100 --> 00:28:38,249 please. 832 00:28:38,250 --> 00:28:40,939 Hi. Thanks for the great project. 833 00:28:40,940 --> 00:28:41,839 Quick question. 834 00:28:41,840 --> 00:28:43,519 If you're going to use it as a standalone 835 00:28:43,520 --> 00:28:45,439 computer, it would be really useful to 836 00:28:45,440 --> 00:28:47,539 have HDMI at some point. 837 00:28:47,540 --> 00:28:49,649 I mean, obviously it's a hardware, but 838 00:28:49,650 --> 00:28:50,989 I wonder if you thought about it. 839 00:28:50,990 --> 00:28:53,149 So one of the things that you 840 00:28:53,150 --> 00:28:54,259 want to be careful when you make 841 00:28:54,260 --> 00:28:56,209 hardware, you don't want to put too many 842 00:28:56,210 --> 00:28:57,919 features on it because otherwise you're 843 00:28:57,920 --> 00:28:58,969 going to derail. 844 00:28:58,970 --> 00:29:01,489 We like minimal, beautiful designs. 845 00:29:01,490 --> 00:29:04,079 So we didn't think of HDMI for a second. 846 00:29:04,080 --> 00:29:05,239 Thank you. 847 00:29:05,240 --> 00:29:06,169 And guess what? 848 00:29:06,170 --> 00:29:08,549 We realized that by taking the inverse 849 00:29:08,550 --> 00:29:10,879 hahaha we can use USB host 850 00:29:10,880 --> 00:29:13,009 mode and you can use our USB monitor 851 00:29:13,010 --> 00:29:15,289 of course is not like HDMI, but 852 00:29:15,290 --> 00:29:17,719 you can still, if you want to use 853 00:29:17,720 --> 00:29:19,939 it completely standalone without all 854 00:29:19,940 --> 00:29:22,219 the hassle of having an HDMI connector. 855 00:29:22,220 --> 00:29:24,349 So I don't want to enter into the area of 856 00:29:24,350 --> 00:29:26,719 HDMI sticks that are for multimedia 857 00:29:26,720 --> 00:29:28,849 purposes. I want this to be focus on 858 00:29:28,850 --> 00:29:30,949 that. But who knows, maybe in the future 859 00:29:30,950 --> 00:29:32,269 and it's open source. So if you want to 860 00:29:32,270 --> 00:29:34,189 add a connector, just take the project 861 00:29:34,190 --> 00:29:35,179 and do it. 862 00:29:35,180 --> 00:29:36,679 Thank you. Thanks. 863 00:29:36,680 --> 00:29:38,629 We can take one last question microphone 864 00:29:38,630 --> 00:29:39,919 to please. 865 00:29:39,920 --> 00:29:42,169 And if I got that correctly, I 866 00:29:42,170 --> 00:29:44,269 can put my own keys on the 867 00:29:44,270 --> 00:29:46,999 device for verifying the software 868 00:29:47,000 --> 00:29:48,439 that's straining, right? 869 00:29:48,440 --> 00:29:50,689 Yeah. So how does that work 870 00:29:50,690 --> 00:29:52,969 exactly. How can I put my own keys? 871 00:29:52,970 --> 00:29:55,309 Does it work via USB 872 00:29:55,310 --> 00:29:57,439 to prevent a malicious attacker. 873 00:29:57,440 --> 00:29:59,239 So you bootstrap so you can do it from 874 00:29:59,240 --> 00:30:01,249 either the bootloader or from Linux 875 00:30:01,250 --> 00:30:03,589 itself. You can infuse the keys. 876 00:30:03,590 --> 00:30:05,029 There are certain register which you can 877 00:30:05,030 --> 00:30:06,499 use and you don't use the keys. 878 00:30:06,500 --> 00:30:08,419 You've used the hash of the key. 879 00:30:08,420 --> 00:30:09,589 You have four slots. 880 00:30:12,100 --> 00:30:14,199 And you can 881 00:30:14,200 --> 00:30:15,939 and you can also have one revocation. 882 00:30:15,940 --> 00:30:17,499 I think I don't remember, but you can you 883 00:30:17,500 --> 00:30:19,809 can have up to four different keys 884 00:30:19,810 --> 00:30:21,379 and those are yours. 885 00:30:21,380 --> 00:30:23,559 And once those are enforced, the 886 00:30:23,560 --> 00:30:25,179 bootloader needs to be signed with those 887 00:30:25,180 --> 00:30:27,699 keys. OK, if you otherwise, 888 00:30:27,700 --> 00:30:29,199 nothing will boot and there's no way to 889 00:30:29,200 --> 00:30:30,039 override it. 890 00:30:30,040 --> 00:30:30,999 OK, very good. 891 00:30:31,000 --> 00:30:32,289 Thanks. 892 00:30:32,290 --> 00:30:34,149 Thank you. Thank you very much. 893 00:30:34,150 --> 00:30:35,380 A warm round of applause.