High Level Device Overview - mooltipass/minible GitHub Wiki

The New Mooltipass Device

Contrary to all our previous Mooltipass devices, our new platform uses 2 microcontrollers: a MCU considered as secure and a standard one. In practice, they are MCUs from the same family.
This design decision was made for several reasons:

• reduce the attack surface by only having a serial link exposed to the outside word
• the selected cheap Bluetooth transceiver requires proprietary libraries
• the possibility to use any USB library on the non-secure microcontroller
• the lack of GPIO pins for the selected secure microcontroller

Security Constraints

• The secure MCU can disable the Bluetooth transceiver through an enable signal
• The secure MCU may communicate with previous Mooltipass smartcards
• We aim to not use any libraries on the secure MCU (crypto excluded)
• There are no restrictions on the non-secure MCU

Power Supplies

• The device may be powered through an AAA battery or through USB
• Complete power off functionality is implemented
• Less than 100uA sleep current is targetted

Flash Memories

• The dataflash contains graphic elements as well as firmware updates
• The DB flash contains users' logins and passwords