My understanding is that it's both a more general platform (targeting more than 2FA) and also uses an FPGA running open-source code, so that the "secure enclave" functionality can be inspected and found to be secure, rather than just trusting NXP/ARM's chip as SoloKeys have done.
If you want to power your key via NFC (tap to phone to authenticate), you need a micro which consumes very little, powers up quickly and can do a signature before the FIDO protocol times out. I'm not sure this is currently possible with a FPGA, but maybe it is.
The TillitisKey should be able to be used for FIDO2, as a TOTP generator etc. Right now there is a SSH agent application, which allows you to sign in by touching the device.
Personally I'm very excited to see what applications will be developed at the hackathon at the OSFC conference, and onwards. We have had people at the conference showing interest in trying to write applications in Rust. I will try and implement an application of my own tomorrow.
I think what they mean is that this can be reprogrammed for more use cases than FIDO2 and U2F, it can say be programmed to support my own homegrown thing that I've made up just now or even a more general concept than just getting into things perhaps.
Yes. And your application will get a per device unique primary secret when loaded, which the application then can use for whatever it needs. (Including not using it all all.)
TOTP, FIDO2, PIV, simple touch triggered challenge/response... or something completely different. If it can fit in around 100 kByte RAM when compiled for RV32IMC and not be too computationally expensive, it could be a Tillitis app.
Just to give you some indication, the Ed25519 signer operation in the SSH authentication we showed on stage today takes ~ one second to perform the signing. And we have several ways to improve that we know already.
Aren't SoloKeys [1] also open hardware and software? Or is the Tillitis key more general purpose and thus not in the same category?
[1] https://solokeys.com/