What do you want to protect against precisely? "Key misuse" as in it signed a blob it shouldn't have signed?

You're quite right to question this.

Unless they've significantly changed the product since last time I talked to them it's just a chip that does blind signing. It can prevent a key from being leaked, hopefully. But it can't really prevent a key from being misused. Which in most circumstances is pretty much just as bad.

Now, if you could actually run code on the chip and get a remotely verifiable attestation that the code was run correctly, it could be more useful. But it can't. It just blindly signs things provided to it. 

petertodd

bitcoin

Tropic Square is shipping samples of TROPIC01, its open-source secure element

k00b

> Implementing TROPIC01 into your system protects assets and manages cryptographic functions, lightening the load of your micro controller unit (MCU) and eliminate vulnerabilities by dramatically reducing the attack surface.

dramatically?

