No firm plans for USB-A. A USB-C to USB-A converter works, but maybe not so elegant.

(I work at Tillitis)

Yes, OpenTitan is cool.

The philosophical discussion about FPGAs and ASICs in the context of security is interesting.

For the TKey FPGA design you can inspect both the design (https://github.com/tillitis/tillitis-key1/tree/main/hw/appli...) and the toolchain (Icestorm: https://github.com/tillitis/tillitis-key1/blob/main/doc/tool... that contains synthesis, place&route, NVCM programming tools). However, the internal FPGA fabric—consisting of the logic cells, memory, and interconnects—remains proprietary.

Most Open Source ASICs I am aware of provide open-source RTL designs, but the tool chains are usually proprietary. Hard macros, memories, security mechanisms, etc are typically also closed source. And then there is the manufacturing process itself that is not transparent.

There isn’t a definitive answer as to what constitutes “enough” openness for security inspections. Individuals have different thresholds for what they consider acceptable.

So far we chose as much open source as possible.

Interesting discussion!

There are some exciting things that could be done with an ASIC, but at the same time an ASIC would require extensive supply chain security to be in place (which is a big task). There are a lot of hands touching the design and silicon from point of design sign-off, to ASICs in your hand.

Supply chain attack is more difficult on a FPGAs, partly by processes implemented by the vendors and partly by the fact how FPGAs work, since there is no functionality in the FPGA, malware injection is more difficult (close to impossible?).

Glad to hear your reasoning around this.

(Full disclosure: I work at Tillitis)