⭐ Merited by JayJuanGee (1)
It isn't fully open. Therefore it is closed (as any closed elements can poison the open ones).
If you say it isn't fully open, then maybe specify in more detail what's not open?Quote from: https://tropicsquare.com/faqs
The open elements are*:
The closed aspects (the remaining parts):
*Our SDK has been published on github and can be found here. It is provided under an Apache License.
The TROPIC01 embedded firmware, digital logic, and chip resources have not yet been published on github. That is a work in progress. Engineers, open-source developers, pen-testers, and anyone else interested in access to these components should contact Tropic Square at support@tropicsquare.com
- The digital logic that processes the user’s data
- The whole data path from the interface (The CPU to the hardware cryptographic accelerators and encryption engine)
- SDK software
- Embedded firmware (planned to be open, practicalities still in discussion)
The closed aspects (the remaining parts):
- The infrastructure and technology required to produce the chip
- The standard cells, power supplies, and blocks required for security that don't exist as open source IP blocks like TRNG, PUF, flash and OTP memory
*Our SDK has been published on github and can be found here. It is provided under an Apache License.
The TROPIC01 embedded firmware, digital logic, and chip resources have not yet been published on github. That is a work in progress. Engineers, open-source developers, pen-testers, and anyone else interested in access to these components should contact Tropic Square at support@tropicsquare.com
Quote from: https://tropicsquare.com/faqs
Note: Publication and sharing of the design and implementation details have no adverse effect on the system's security. We however, do not disclose critical design details like the position of laser or EM (electromagnetic field) detectors.
Fair enough for me to keep such details hidden. I'm not sure if really really relevant stuff remains undisclosed by Tropic Square.I'm not sure what is meant by "transparent audibility". From their website they claim:
I understand "transparent auditability" that you're not bound by any NDA and you can publish, at least responsibly, every findings regarding security and possible flaws or attacks. Any relevant or interesting findings regarding TROPIC01 can and will be published and openly discussed. The goal is transparency to have and make a better product and not hiding some shit under NDA as most other Secure Element vendors do.Quote
What sets TROPIC01 further apart from other chips is transparent auditability. TROPIC01 testing is led by experts, customers, and the open-source community to ensure verifiable trust and reliability, with public disclosure of results so that anyone can verify for themselves.
I'm not sure what this means in practice.No, I don't work for their marketing department.
