What is Fobnail Project?

Fobnail Project provides resources to create axiomatically trustworthy device and simple user interface to attest platform state. For a detailed project description, please check here.

• Fobnail firmware is an open-source implementation of the iTurtle security architecture concept presented at HotSec07; in addition, it will leverage industry standards like TCG D-RTM trusted execution environment and IEFT RATS. The Fobnail project aims to provide a reference architecture for building offline integrity measurement verifiers on the USB device and attesters running in Dynamically Launched Measured Environments (DLME). It allows the Fobnail owner to verify the trustworthiness of the running system before performing any sensitive operation. Fobnail does not need an Internet connection, which makes it immune to the network stack and remote infrastructure attacks. It brings the power of solid system integrity validation to the individual in a privacy-preserving solution.
• The Fobnail Token is a tiny open-source hardware reference design of a USB device that provides a means for a user/administrator/enterprise to determine the integrity of a system. To make this determination, Fobnail Token leverages Fobnail firmware, which acts as an attestor capable of validating attestation assertions made by the system. As an independent device, Fobnail Token provides a high degree of assurance that an infected system cannot influence Fobnail Token as it inspects the attestations made by the system.

Where to go next?

• Get familiar with Fobnail architecture
• Read Fobnail Project detailed description
• Building instructions
• How to support the project?

Other resources

• TPM remote attestation over Bluetooth blog post by Gabriel Kerneis, where he mentioned the Fobnail project.

Where to buy?

• The Fobnail Token Development Kit can be ordered at the 3mdeb online store.