This is an automated archive made by the Lemmit Bot.

The original was posted on /r/linux by /u/erilaz123 on 2026-03-28 04:34:55+00:00.

What it is, its a attempt at a firmware for a hardware token with advanced features. Its written in rust using validated and audited crypto crates.

It has been machine tested and fuzzed.

The only things remaining is hardware release and release of the Baochip-X1 , and wiring the USB CCID service into the running Xous image and creating a more hardware token friendly pcb as the Dabao is in raspberry pico format.

The stuff one needs to do is here:

https://github.com/Supermagnum/Galdralag-firmware/blob/main/docs/usb-pcb.md

Human reviews and testing when the actual hardware is available in Q2 is very welcomed.

Its located here:

https://github.com/Supermagnum/Galdralag-firmware

Galdralag (Galdr) Firmware — Capabilities & Test Results (Baochip-1x / Xous microkernel, riscv32imac, as of 2026-03-27)

PLATFORM

Target: Baochip-1x (Dabao eval board), Xous microkernel, RISC-V (riscv32imac-unknown-none-elf)

License: GPLv3

CAPABILITIES BY MODULE

galdr-core — HAL traits: monotonic counter, hardware TRNG, zeroisation controller, vault storage

vault — RRAM vault, HKDF domain-separated key derivation, key types with automatic memory zeroisation (no Clone/Copy)

pin-policy — PIN state machine; counter incremented before constant-time comparison; threshold-based full zeroisation on failure

usb-personality — Dual USB modes: mass-storage and authenticated-unlock; no secret leakage to uninformed hosts

host-tools — Manifest hashing and firmware update verification

xtask — Build/check/test orchestration

CRYPTOGRAPHIC PRIMITIVES (all via audited RustCrypto/dalek crates)

Symmetric AEAD: AES-128-GCM, AES-256-GCM, ChaCha20-Poly1305, Serpent-EtM, Twofish-EtM

Signatures: Ed25519, RSA-PSS, Brainpool ECDSA (256/384/512)

Key exchange: X25519, Brainpool ECDH (256/384/512), ephemeral ECDH

Key derivation: HKDF, PBKDF2-HMAC-SHA256

Hashing: SHA-256, SHA-512, SHA3-256, SHA3-512, BLAKE2b, BLAKE2s, BLAKE3

Secret sharing: Shamir (vsss-rs)

Safe memory: zeroize, subtle (constant-time ops)

OpenPGP card application (CCID/ISO 7816-4 APDU)

UNIT TEST RESULTS

398 passed / 0 failed / 14 ignored — full workspace (excluding xtask)

CRYPTOGRAPHIC VECTOR VALIDATION

AES-128-GCM: 105/105 Wycheproof vectors — PASS

AES-256-GCM: 102/102 Wycheproof vectors — PASS

ChaCha20-Poly1305: 1/1 RFC 8439 vectors — PASS

NIST CAVP (SHA-256, SHA3-256, HMAC-SHA256): 4/4 — PASS

Twofish-256: 1203/1203 KAT vectors (incl. 10,000-iteration Monte Carlo) — PASS

BSI TR-03111 Brainpool vectors — PASS

RFC vectors — PASS

KAT vectors (Twofish/Serpent/Shamir/BLAKE3) — PASS

Key lifecycle integration tests — PASS

PIN lifecycle integration tests — PASS

Zeroisation simulation — PASS

OpenPGP/CCID (usb-personality) — PASS

CONSTANT-TIME / SIDE-CHANNEL TESTING (dudect, Welch t-test, threshold |t| ≤ 4.5)

29/29 harnesses passed.

FUZZING (cargo-fuzz / libFuzzer, x86_64 host):

All 12 targets completed with exit 0 (no crashes):

chacha_roundtrip — 3,667,006 executions in ~121 s (~30k exec/s)

shamir_split_recover — PASS

brainpool384_ecdh — PASS

brainpool512_ecdh — PASS

serpent_aead — PASS

twofish_aead — PASS

rsa_oaep_decrypt — PASS

rsa_pss_verify — PASS

rsa_der_import — PASS

fuzz_ephemeral_handshake — PASS

fuzz_cipher_profile — PASS

openpgp_dispatch — ~10^8 executions over 1 h, no crashes, no ASAN findings

PIPELINE SUMMARY

check-fw · check-fw (pq-signatures) · unit tests · wycheproof · rfc_vectors · bsi_brainpool · nist_cavp · kat_vectors · key_lifecycle · pin_lifecycle · zeroise_simulation · timing-test · cargo-fuzz (12 targets) · usb-personality — all PASS