The most important part of this project is in the very last sentence: it's all implemented on an FPGA (one which doesn't have any backdoorable-for-surveillance hard cores).
Without that, none of the other stuff would be trustable.
Note that we specifically chose the Lattice ice40 UltraPlus 5K because:
- It is supported by an open-source FPGA toolchain
- Has an in-package non-volatile configuration memory (NVCM) that is lockable. This is where we'll eventually keep the FPGA configuration bitstream, including the unique per device secret.
After some reverse-engineering work we're also able to program and lock NVCM with open tooling, as opposed to having to use Lattice's proprietary one.
Without that, none of the other stuff would be trustable.