Jan Suhr of Nitrokey announced the crowdfunding campaign for their new Nitrokey Storage device, based on open hardware and open source software. Excerpt from announcement:
Nitrokey Storage is a USB device which operates as a “digital latchkey” to protect your data and user accounts. It allows for the secure encryption of emails, files and hard drives, secure login on the web and contains encrypted mass storage. The encryption keys are stored securely in the hardware at all times. Nitrokey is made entirely in Germany and stands out on the market because it is 100% open-source and uses 100% open hardware, which in the times of NSA, hacker attacks and Trojans is the only option that allows users to keep control of their data and to rule out dangerous backdoors. It is also the first hardware worldwide with hidden storage, which enables users to plausibly deny the existence of additional encrypted data. This can be useful during border controls or similar threatening situation. Use Cases:
* Encryption of emails, hard drives, and other data via a highly secure smart card. Secure keys are protected by the hardware.
* Secure login on the web and protection against identity theft via one-time passwords.
* Secure transport and exchange of sensitive files via encrypted mass storage (up to 64 GB).
* The first hardware worldwide with hidden storage, which allows users to plausibly deny the existence of encrypted data (e.g. during border controls).
* 100% open-source and open hardware. No backdoors for intelligence services.
Full announcement:
http://igg.me/at/nitrokey
https://www.nitrokey.com/news/2015/crowdfunding-nitrokey-storage-started-just-now
After reading the above, I emailed Jan asking for pointers to the source to the firmware, and the URLs are below, along with this paragraph response:
https://github.com/Nitrokey/nitrokey-storage-firmware
https://github.com/Nitrokey/nitrokey-storage-hardware
“All are our own custom developments. The firmware is pretty barebone and doesn’t use a full OS (e.g. Linux) to minimize the attack vector. What we use is FreeRTOS which provides minimal abstraction such as interrupts and memory management.”
Firmware Security 