Precursor is an open hardware development platform for secure, mobile computation and communication. This pocket-sized device accommodates a built-in display, a physical keyboard, and an internal battery while remaining smaller and lighter than the average smartphone. Precursor was built for use on the road, but it compromises nothing as a development platform. Powered by an FPGA-hosted, soft-core System-on-Chip (SoC), it gives developers the freedom to inspect, verify, and customize nearly every aspect of its operation. Join us as we build out a world in which silicon-level trustworthiness is attainable.
For those in search of a turn-key password-management solution, Precursor
vault app since Xous
vault is running, Precursor performs all of the following roles on a
And it does so using secret database overlays to provide plausible deniability!
The images above demonstrate the app in each of these modes. Unlike your typical U2F authenticator, Precursor can show you exactly which credential you’re approving. It can also quickly scroll and search through lists of dozens of authenticator tokens and passwords, thanks to its tight integration with a keyboard and screen. Finally, Precursor can "auto-type" passwords into a host computer by appearing as a USB keyboard device. This way, you are in full control of your security: you can create, store, and deploy passwords from a separate physical device that you control. No more worries about Spectre, for the data you entrust to Precursor, and no more cloud vendors mining your metadata!
vault app also natively supports the
Plausibly Deniable DataBase (PDDB), a fully encrypted
data store that can dynamically show different views of the same app depending
on which secret overlays, or "Bases", are unlocked. Locked Bases (plural of
"Basis") look and behave exactly the same as free disk space, so we believe that
even an adversary who can forensically image your Precursor will have a
difficult time proving or disproving the existence of a secret Basis beyond a
Finally, Precursor features encrypted backup and restoration of the PDDB via USB, so you can bootstrap your digital self onto a new device, using the encrypted backup image and a BIP-39 word list, even if your device is lost, destroyed, or confiscated.
We are accustomed to accepting the word of large corporations, like Apple and Google, that our gadgets are trustworthy. Without any hard evidence, we’ve long had to take in on faith that our privacy is being respected and that our personal data is not just one backdoor away from being stolen, exploited, or exposed. (We’ll go ahead and leave "monetized" off that list, since we all know that’s happening.) We’ve had to accept this reality in large part because we’ve had no other choice. Precursor changes the status quo by making evidence-based trust a core principle of its design. We have subjected every aspect of this platform to a level of scrutiny that will allow users to trust their devices. You, the user, will be able to trust Precursor based on scientific evidence that is observable without access to a million-dollar microscope.
The principle of evidence-based trust was at work in our decision to implement Precursor’s brain as an SoC on an FPGA, which means you can compile your CPU from design source and verify for yourself that Precursor contains no hidden instructions or other backdoors. Accomplishing the equivalent level of inspection on a piece of hardwired silicon would be…a rather expensive proposition. Precursor’s mainboard was designed for easy inspection as well, and even its LCD and keyboard were chosen specifically because they facilitate verification of proper construction with minimal equipment.
We’ve even prepared a one-hour walkthrough video to help you navigate Precursor’s design and focus on the relevant parts for inspection. The video takes you from "Boot to Root", touching on not only the usual software chain-of-trust starting from the CPU reset vector going to the root keys, but also from the CPU reset vector back into the CPU’s design source, and the hardware elements that it runs on.
Thanks to this pivotal design principle, Precursor is well-suited as a hardware development framework for security-critical applications such as password managers, authenticators, crypto wallets, and secure messaging platforms.
Precursor is also distinctive among open hardware gadgets in that it was designed from the ground up for portability. While most open hardware FPGA development boards share Precursor’s evidence-based, compile-your-own-CPU trust properties, none of them are packaged into a slim, 7.2 mm, machined-aluminum case, complete with a charger, a battery, a display, and a keyboard. And speaking of batteries, Precursor draws less power than most other FPGAs thanks to the "-1L" variant Xilinx Spartan 7-Series at its heart. (The "L" stands for "low leakage.") That efficiency — combined with a super-low-power Lattice iCE40 UP5K FPGA for deep-sleep system management and a Silicon Labs WF200 with integrated network co-processor for Wi-Fi connectivity — allows Precursor to achieve a standby time measured in days and an active screen time of about five to six hours.
Precursor gets your bright idea out of the lab and into your pocket. And if that idea happens to involve software for a password manager, a crypto-wallet, a secure messaging platform, or something similar, then Precursor also gets it well on its way toward its destination as a packaged product.
The most important difference between a jail and a home is who controls the lock on the door. Most smartphone companies want you to believe that the gilded jail they’ve designed for you is the safest place to spend your time. Precursor takes a different approach. By giving you the keys to the lock, it gives you a home. And, like your actual home, you’re free to make it your own because we’ve published 100% of Precursor’s design source, from the outer case to the inner CPU core. And once you’re done configuring and inspecting your system, you can activate Precursor’s security features to protect your newly redecorated home from unwelcome intruders.
We are the first to admit that Precursor isn’t for everyone. It’s a new class of development platform, made for security- and privacy-critical applications. We know it’s not going to replace your smartphone today. Rather, we see it as an indicator of good things to come from the open hardware ecosystem.
Toward the lower left, you’ll see some of FPGA development boards that share Precursor’s ability to compile its primary CPU. Such devices are well within the intersection of trustability and hackability, but they are not pocket-ready. (They might fit in your pocket, sure, but they’ll have pretty limited utility when you pull them out. Unless of course you plan on strapping them to a keyboard, a battery, and a display, in which case…why not let us do it for you?)
Toward the upper left, we have a whole category of devices—including FPGA development boards with hardwired internal CPUs capable of running mainline Linux—that will get the job done if all you care about is hackability. But these devices fail the pocket test as well. And, worse yet, they require that you take the vendor at their word about the absence of undocumented backdoors in those hardwired CPUs.
On the top, toward the middle are devices for enthusiasts who desire pocketability and hackability but who don’t have a strong need for evidence-based trust. Products like the Librem 5 and the PinePhone fall into this category.
Toward the upper right, you’ll find the supercomputer-in-your-pocket smartphones of today. Nothing holds a candle to iOS and Android devices if you’re looking for all the power you can get and have no need for hackability or evidence-based trust
And right there in the middle is Precursor, quite possibly the only device around that occupies the intersection of evidence-based trust, pocket-readiness, and hackability.
Precursor is much more than an FPGA development board and much less than a mobile phone. The tables below help to place Precursor within two different continua: one of gadgets and one of FPGA development boards.
For each of the Palm, Blackberry, and Nintendo families of gadgets, we’ve picked two devices: one from the generation with slightly less raw computing power than Precursor (such as the Palm m515) and one from the generation with slightly more raw computing power (such as the Palm Treo 600). We’ve also included the Samsung A11 smartphone, just to keep ourselves honest. If we’re willing to set aside evidence-based trust and hackability, today’s proprietary, full-custom, mass-market production techniques can achieve a truly incredible price-to-performance ratio.
Our four main takeaways from the table are as follows:
|Precursor||Palm m515||Palm Treo 600||Blackberry 6210||Blackberry 8700||Nintendo DS||Nintendo 3DS||Samsung A11|
|MSRP at release year||$512||$399||$600 (no contract)||CAD$449 ~$315||$349 (1-yr contract)||$149.99||$249||$138|
|Release price (2020 equivalent)||$512||$576||$847.56||$445||$464||$205||$287||$138|
|CPU/FPGA||XC7S50||MC68VZ328||OMAP1510||ARM7EJ-S (AD6528)||PXA901||ARM946E-S||ARM11 dual||A53 octa|
|CPU core speed||100 MHz||33 MHz||144 MHz||"It's a secret" (NDA-only)||312 MHz||67 MHz||268 MHz||1.8 GHz|
|RAM||16 MiB||16 MiB||8+24 MiB||2 MiB||16 MiB||4 MiB||128 MiB||2 GiB|
|Storage||128 MiB OPI SPI||4 MiB||24 MiB RAM||16 MiB||64 MiB||256 kiB cartridge||2 GiB||32 GiB|
|Display (Primary)||336x536 mono||160x160 color||160x160 color||160x100 mono||320x240 color LCD||256x192 color LCD||800x240 3D LCD||720x1560 PLS TFT|
|Wired connectivity||USB 2.0 Type-C||RS-232||USB||USB 1.1||USB||Link cable||Link cable||USB2.0 Type C|
|Hack ports||8x GPIO + I²C internal hack port||None||None||None||None||None||None||None|
|Wireless connectivity||Wi-Fi||IrDA||GSM, IrDA||GSM||GSM, Bluetooth||Wi-Fi||Wi-Fi, IR||Wi-Fi, BLE, GPS, LTE|
|Input||Physical keyboard||Touchscreen||Physical keyboard, touchscreen||Physical keyboard and jog dial||Physical keyboard and jog dial||Touchscreen||Touchscreen, camera||Touchscreen, camera|
|Audio||Speaker, headphone/mic jack, vibe motor||None||Speaker, headphone/mic jack, vibe motor||Speaker, headphone/mic jack, vibe motor||Speaker, headphone/mic jack, vibe motor||Stereo||Stereo speakers, microphone||Speaker, headphone/mic jack|
|Battery||1100 mAh Li-Ion||1350 mAh?||1800 mAh||900 mAh?||1100 mAh||850 mAh Li-Ion||1300 mAh||4000 mAh|
|"Screen on" life||5-6 hours||4-7 hours||4 hours||5 hours||4 hours||15-16 hours||3-5 hours||28 hours|
|Sleep mode life||2-3 days||~1 week?||10 days||~2 weeks||~2 weeks||1 week||3 days||16 days|
|Case height||7.2 mm||12.7 mm||22 mm||20 mm||19.5 mm||28.9 mm||21 mm||8 mm|
|PCB design published||Yes||No||No||No||No||No||No||No|
|CPU design published||Yes||No||No||No||No||No||No||No|
Our hope is that Precursor will continue to appear over the next decade and a half as a benchmark in many tables like this one, as the starting point on a trend towards the performance and capabilities of mobile, open hardware solutions reaching parity with today’s proprietary solutions. In the meantime, we have to start somewhere. And with your help, we believe Precursor will live up to its name as a harbinger of good things to come.
The table below helps to place Precursor’s capabilities in a different sort of context, this time alongside a pair of development boards with similar FPGA logic capacity. There are really only two things that Precursor has in common with these boards: 1) they all use an FPGA for their CPU, and 2) they are all open hardware, with published PCB and CPU design source. As a result, this is a bit of an apples-to-oranges comparison, but it’s the best we could come up with.
|Precursor||NeTV2 "just the board"||Arty A7-100T|
|MSRP at release year||$512||$215||$249|
|Release price (2020 equivalent)||$512||$215||$249|
|CPU core speed||100 MHz||100 MHz||100 MHz|
|RAM||16 MiB||512 MiB||256 MiB|
|Storage||128 MiB OPI SPI||8 MiB SPI||16 MiB QSPI|
|Display (Primary)||336x536 mono||None||None|
|Wired connectivity||USB 2.0 Type-C||Ethernet, HDMI, Rpi Hat, PCIe, microSD||Ethernet, USB|
|Hack ports||8x GPIO + I²C internal hack port||Serial, "hack" pins on PCIe and header||4x Pmod + Arduino|
|Input||Physical keyboard||None||4 buttons/4 switches|
|Audio||Speaker, headphone/mic jack, vibe motor||None||None|
|Battery||1100 mAh Li-Ion||N/A||N/A|
|"Screen on" life||5-6 hours||N/A||N/A|
|Sleep mode life||2-3 days||N/A||N/A|
|Case height||7.2 mm||51 mm||N/A|
|PCB design published||Yes||Yes||Yes|
|CPU design published||Yes||Yes||Yes|
The Precursor tier includes the following items in the box:
Anyone who receives their Precursor will probably want to familiarize themselves with the following:
In addition, for crowdfunding backers with a Limited Edition Precursor, we have an explainer on how to use your gift set. And finally, below is a video that demonstrates how to install your debug cable:
Part of the purpose of Precursor is to validate the system-on-chip (SoC) design we hope eventually to produce as a custom ASIC for use in future such products. This SoC, which we call "Betrusted-SoC," is meant to be the central pillar of security for devices like Precursor. The version of Betrusted-SoC used in Precursor is based on a Xilinx FPGA and has the following features:
In addition to using Precursor to validate the SoC, we are also validating the embedded controller (EC) that’s in charge of standby power functions, as well as firewalling the untrusted hardware domain in devices like Precursor. The version of "Betrusted-EC" used in Precursor is based on a Lattice FPGA and has the following properties:
Produced by Sutajio Kosagi in Singapore.
Sold and shipped by Crowd Supply.
One fully assembled and tested Precursor. Includes a debug interface but no USB Type-C cable or charger. Comes with an installed QWERTY keyboard and alternate QWERTZ, AZERTY, Dvorak, Hangul, and blank keyboard overlays.
An adapter board between a Precursor and a Raspberry Pi 3B+ or 4 for low-level debugging and reflashing.
A 336 x 536 resolution, 200 PPI black-and-white memory LCD by Sharp, including an integrated backlight module.
A replacement Precursor keyboard PCB – no overlays included.
A QWERTY keyboard overlay for Precursor.
A QWERTZ keyboard overlay for Precursor.
An AZERTY keyboard overlay for Precursor.
A Dvorak keyboard overlay for Precursor.
A blank (unprinted) keyboard overlay for Precursor.
A Hangul keyboard overlay for Precursor.