> A device brewed on a RISC-V SOC in an FPGA is probably very hard to secure against hardware attacks.
Makes sense. Which is why I didn't insist too much on the FPGA nature of the TKey. For maximum security I would want an ASIC system on a chip (ideally some RISC-V profile), with a real fuse bank, neatly lockable ROM for the bootloader firmware, and all the real hardware security I basically know nothing about.
There are some exciting things that could be done with an ASIC, but at the same time an ASIC would require extensive supply chain security to be in place (which is a big task). There are a lot of hands touching the design and silicon from point of design sign-off, to ASICs in your hand.
Supply chain attack is more difficult on a FPGAs, partly by processes implemented by the vendors and partly by the fact how FPGAs work, since there is no functionality in the FPGA, malware injection is more difficult (close to impossible?).
Makes sense. Which is why I didn't insist too much on the FPGA nature of the TKey. For maximum security I would want an ASIC system on a chip (ideally some RISC-V profile), with a real fuse bank, neatly lockable ROM for the bootloader firmware, and all the real hardware security I basically know nothing about.
An FPGA is such a sexy prototype, though.