https://www.crowdsupply.com/sutajio-kosagi/precursor Made For a Lab. Fits in a Pocket. Verifiable by Design. Precursor is an open hardware development platform for secure, mobile computation and communication. This pocket-sized device accommodates a built-in display, a physical keyboard, and an internal battery while remaining smaller and lighter than the average smartphone. Precursor was built for use on the road, but it compromises nothing as a development platform. Powered by an FPGA-hosted, soft-core System-on-Chip (SoC), it gives developers the freedom to inspect, verify, and customize nearly every aspect of its operation. Help us take those critical first steps toward a world in which silicon-level trustworthiness is attainable. [Precursor teardown parts view] Trust It. Because You Can, Not Because You Have to. We are accustomed to accepting the word of large corporations, like Apple and Google, that our gadgets are trustworthy. Without any hard evidence, we’ve long had to take in on faith that our privacy is being respected and that our personal data is not just one backdoor away from being stolen, exploited, or exposed. (We’ll go ahead and leave "monetized" off that list, since we all know that’s happening.) We’ve had to accept this reality in large part because we’ve had no other choice. Precursor changes the status quo by making evidence-based trust a core principle of its design. We have subjected every aspect of this platform to a level of scrutiny that will allow users to trust their devices. You, the user, will be able to trust Precursor based on scientific evidence that is observable without access to a million-dollar microscope. The principle of evidence-based trust was at work in our decision to implement Precursor’s brain as an SoC on an FPGA, which means you can compile your CPU from design source and verify for yourself that Precursor contains [no hidden instructions](https://github.com/SpinalHDL/VexRiscv/blob/master/src/main/scala/vexriscv/Ri...) or [other backdoors](https://github.com/betrusted-io/betrusted-soc). Accomplishing the equivalent level of inspection on a piece of hardwired silicon would be…a rather expensive proposition. Precursor’s mainboard was [designed for easy inspection](https://www.crowdsupply.com/sutajio-kosagi/precursor/updates/a-guided-tour-o...) as well, and even its LCD and keyboard were chosen specifically because they facilitate verification of proper construction with minimal equipment. Thanks to this pivotal design principle, Precursor is well-suited as a hardware development framework for security-critical applications such as password managers, authenticators, crypto wallets, and secure messaging platforms. [Precursor keyboard PCB translucency] Carry It. With You When You Need It Precursor is also distinctive among open hardware gadgets in that it was designed from the ground up for portability. While most open hardware FPGA development boards share Precursor’s evidence-based, compile-your-own-CPU trust properties, none of them are packaged into a slim, 7.2 mm, machined-aluminum case, complete with a charger, a battery, a display, and a keyboard. And speaking of batteries, Precursor draws less power than most other FPGAs thanks to the "-1L" variant Xilinx Spartan 7-Series at its heart. (The "L" stands for "low leakage.") That efficiency — combined with a super-low-power Lattice iCE40 UP5K FPGA for deep-sleep system management and a Silicon Labs WF200 with integrated network co-processor for Wi-Fi connectivity — allows Precursor to achieve a standby time measured in days and an active screen time of about five to six hours. Precursor gets your bright idea out of the lab and into your pocket. And if that idea happens to involve software for a password manager, a crypto-wallet, a secure messaging platform, or something similar, then Precursor also gets it well on its way toward its destination as a packaged product. [Precursor mobile device on the bar] Jailbreak It? Precursor Was Born Free! The most important difference between a jail and a home is who controls the lock on the door. Most smartphone companies want you to believe that the gilded jail they’ve designed for you is the safest place to spend your time. Precursor takes a different approach. By giving you the keys to the lock, it gives you a home. And, like your actual home, you’re free to make it your own because we’ve published 100% of Precursor’s design source, from the outer case to the inner CPU core. And once you’re done configuring and inspecting your system, you can activate Precursor’s security features to protect your newly redecorated home from unwelcome intruders. ... What’s in the Box? The Precursor tier includes the following items in the box: - One fully assembled and tested Precursor device in an aluminium case, complete with display, bezel, QWERTY keyboard, and battery, and pre-loaded with low-level factory test firmware. - One "debug board," which is a Raspberry Pi 3B+ or 4 HAT. This used for low-level debugging and reflashing of the Precursor in case you brick it. Raspberry Pi not included. - Three alternate keyboard overlays: QWERTZ, AZERTY, and Dvorak. - Press-fit metal shield for trusted domain of the Precursor PCB (to be installed after verification). - Four grams of EPO-TEK 301 in a bi-pak, for sealing the metal shield Note: the seal is permanent and we can't do any warranty returns/exchanges on sealed devices. Do not apply glue to active connectors. The Limited Edition Precursor tier includes all of the above, with a special limited edition case. You will also receive the regular production aluminium case body as well, as a bonus spare part. What exactly is the Limited Edition case? In a fashion similar to ordering [omakase](https://en.wikipedia.org/wiki/Omakase) at a sushi bar, we’re going to prepare a premium experience for your enjoyment. In the end, however, what you get will be a bit of a surprise! Features & Specifications - Made for developers - Easy-access developer's cable (included) - Low-level debugging (GDB + Chipscope) and firmware flashing via developer's cable plugged into a custom Raspberry Pi HAT (included) - Middleware debugging via USB cable via wishbone tunnel - Open source to the core - Inspect, modify and compile your SoC and embedded controller from source - All source files [hosted on GitHub](https://www.crowdsupply.com/sutajio-kosagi/precursor#support-documentation) for convenient fork, pull request, and issue tracking - Open source PCB and case design - Extendable and modifiable - No adhesives holding the bezels in place – just one screw driver is all it takes - Want to add hardware? Maybe a cellular modem? No problem! - Battery compartment is a blank check for your peripherals - Install a smaller battery for more space - Flex PCB breakout for 8x FPGA GPIO into the battery compartment - Bezel is made out of FR-4, and can be user-customized to hold additional components - Slim and light mobile form factor - 69 mm x 138 mm x 7.2 mm - 96 grams reference weight - Compare to iPhone X at 70.9 mm x 143.6 mm x 7.7 mm and 174 grams - Accessible mechanical design - 6063 alloy aluminum case -– 3D files provided, so you can mill your own case! - FR-4 front bezel -– PCB source provided - ABS + PC polymer antenna radome -– 3D printable - User-customizable CPUs - Xilinx XC7S50 primary System on Chip (SoC) FPGA - -L1 speed grade for longer battery life - Tested with 100 MHz VexRISC-V, RV32IMAC + MMU, 4k L1 I/D cache - iCE40UP5K secondary Embedded Controller (EC) FPGA - Manages power, standby, and charging functions - Tested with 18 MHz VexRISC-V, RV32I, no cache - 16 MB external SRAM - 128 MB Flash - 100 MHz DDR 8-bit wide bus for fast XIP code performance - Dual hardware TRNG - External discrete noise generator - In-SoC ring oscillator based TRNG - Inspectable I/O - Physical keyboard with changeable layout overlays - 200 ppi black and white LCD (336 x 536 resolution), 100% inspectable with standard optical microscope - Both keyboard and LCD are backlit for night-time use - Modular keyboard PCB -- customize layouts, add sensors, or swap in a touch surface - Audio with safe defaults - Integrated 0.7 W speaker for notifications - Vibration motor - 3.5 mm headset jack - No integrated microphone -- audio surveillance is not possible when headset is unplugged - Integrated Wi-Fi - Sandboxed in a hardware-delineated untrusted domain - Silicon Labs WF200C chipset - USB Type-C port - Supports charging at 5 V; over-voltage protection tolerant to 20 V - Power negotiation to 5 V @ 1.5 A (source and sink) - Supports legacy USB 2.0 full-speed PHY - Basic DRP negotiation hardware support - 1100 mAh Li-Ion battery - Integrated gas gauge for more accurate battery life estimate - Full charge in about three hours - Runtime depends on user application - Approx. 100 hours standby with Wi-Fi + embedded controller + static display enabled - Approx. 700 mW "on-state" (most features enabled and active, backlight off) power draw, or 5.5 hours continuous use - Anti-tamper features - User-sealable metal can for trusted components - Dedicated real-time clock (RTC) with basic clock integrity monitoring - Power monitors trip reset in case of power glitches - Always-on accelerometer/gyro to detect movement in standby - Support for instant secure erase via battery-backed AES key and self-destruct circuit [Precursor enclosure backside] "Betrusted-SoC" Reference Design Part of the purpose of Precursor is to validate the system-on-chip (SoC) design we hope eventually to produce as a custom ASIC for use in future such products. This SoC, which we call "Betrusted-SoC," is meant to be the central pillar of security for devices like Precursor. The version of Betrusted-SoC used in Precursor is based on a Xilinx FPGA and has the following features: - XC7S50-1L CSG324I, 80% utilized as of October 2020 - 100 MHz customized VexRISC-V RV32IMAC + MMU core with 4k caches - Crypto primitives - Ring oscillator TRNG (compliments off-chip TRNG) - JTAG-based self-fusing for on-chip generation and sealing of secret keys - AES-128, -192, -256 with ECB, CBC and CTR modes - SHA-2 and SHA-512 digests - Microcoded Curve25519 field arithmetic engine - SPI - High speed, 100 MHz DDR OPI SPI interface for code ROM - Low speed, 20 MHz SDR 1-bit SPI interface to insecure domain - I²C (100 kHz) for system integration - Keyboard switch matrix controller with low power standby - Bidirectional I²S interface for audio - Custom frame buffer-based LCD interface - 32-bit async SRAM interface with standby support - Standard UART - Full speed USB device - Hardware Ticktimer - 12-bit ADC (system voltage monitor) - GPIO for power management and extension "Betrusted-EC" Reference Design In addition to using Precursor to validate the SoC, we are also validating the embedded controller (EC) that’s in charge of standby power functions, as well as firewalling the untrusted hardware domain in devices like Precursor. The version of "Betrusted-EC" used in Precursor is based on a Lattice FPGA and has the following properties: - iCE40UP5K SG48, 98% utilized - 18 MHz LiteX VexRISC-V RV32I core (minimal + debug config) - I²C (100 kHz) via softcore for system integration - 2x SPI interfaces - FIFO buffered peripheral interface to SoC - Controller interface to Wi-Fi chipset - Hardware tick timer - Standard UART - GPIO for power control Support & Documentation - [SoC FPGA source](https://github.com/betrusted-io/betrusted-soc) - [SoC FPGA register set](https://ci.betrusted.io/betrusted-soc/doc/) - [EC FPGA source](https://github.com/betrusted-io/betrusted-ec) - [Mainboard & case designs](https://github.com/betrusted-io/betrusted-hardware) - [Project wiki](https://github.com/betrusted-io/betrusted-wiki/wiki) - [Low-level reference firmware](https://github.com/betrusted-io/betrusted-soc/tree/master/fw) - [WIP microkernel](https://github.com/betrusted-io/xous-core) - [Guided tour of the mainboard](https://www.crowdsupply.com/sutajio-kosagi/precursor/updates/a-guided-tour-o...) - IRC channel: #betrusted:matrix.org - More to come soon as the campaign progresses! Manufacturing Plan Precursor consists of the following major elements: - The Mainboard will be manufactured by AQS, an EMS provider, at their South Korea facility. The bare PCB will be produced by King Credie in Guangdong, China. All of the parts on the BOM were selected explicitly for ready availability in distribution channels such as Mouser and Digi-Key. We do anticipate a 12-week lead time on the Xilinx FPGAs, and acquiring them in a timely fashion represents a risk given the current pandemic and the status of the global supply chain. - The rear case and radome will be manufactured by Jiada, a contract mechanical engineering supplier located in Guangdong, China. Production rear cases will be manufactured on-demand using a CNC milling process and finished with anodization. The radome will be produced using an injection molding tool that will be opened upon successful conclusion of the funding campaign. - The battery is sourced from a supplier in Guangdong, China. Because of its short shelf life and high MOQ, this does represent a high risk item. We will finalize the battery supplier and UN38.3 certifications that allow for air shipping after the conclusion of the campaign. - The front bezel is a step-milled, edge-beveled PCB made using a special FR-4 composition impregnated with black dye by King Credie in Guangdong, China. The front bezel also incorporates the Wi-Fi antenna. - The LCD is sourced from Sharp Microelectronics. Due to its highly critical nature and long lead time, we have gone ahead with a risk buy to ensure its availability for the campaign. If the campaign greatly exceeds volume expectations, we may have to take a staged approach to delivery as LCD shipments become available. - The backlight assembly was pre-manufactured to match the LCD. - The keyboard overlay is a full-custom, UV-cured, polycarbonate assembly with silkscreen printing, all done via AQS in Dongguan, China. - The keyboard PCB is a semi-custom "transparent" substrate, manufactured by King Credie in Dongguan, China. - The button array is sourced from AQS in Dongguan, China. - Final assembly will be done at AQS in South Korea. Once the campaign has concluded and we know our final volume, we will begin manufacturing according to the following time line: - January 2021 – Place orders - February 2021 – It will be Chinese New Year, and factories will be shut down. We will use this time to develop the factory test for Precursor - March 2021* – FCC and CE testing of final production prototypes. The question of if and when we can carry out such testing will be heavily impacted by pandemic travel restrictions which represent a significant risk to the project. - March-June 2021 – Roughly 16 weeks lead time for all components to arrive at the South Korea facility. - July-August 2021 – Pilot production of initial units in the South Korea facility. Timing and pace of production will depend heavily on our ability to travel to the facility to oversee production bring-up. If travel is not possible due to pandemic restrictions, we may suffer a 1-2 month delay as we mail samples back and forth from the factory to our engineering HQ in Singapore. - September-October 2021 – Shipment of units to the USA. - November-December 2021 – First shipments of units to backers. We anticipate that Limited Edition units will take up to 2-3 additional months to arrive, depending upon the nature of the manufacturing processes required to produce them.