Sutajio Kosagi
Security & Privacy
FPGA Boards
AMD

Precursor

Mobile, Open Hardware, RISC-V System-on-Chip (SoC) Development Kit

$503,868 raised

of $220,000 goal

229% Funded! Order Below

In stock. Order now, ships within three business days.

$590

View Purchasing Options

Recent Updates

You'll be notified about news and stock updates for this project.

Made For a Lab. Fits in a Pocket. Verifiable by Design.

Precursor is an open hardware development platform for secure, mobile computation and communication. This pocket-sized device accommodates a built-in display, a physical keyboard, and an internal battery while remaining smaller and lighter than the average smartphone. Precursor was built for use on the road, but it compromises nothing as a development platform. Powered by an FPGA-hosted, soft-core System-on-Chip (SoC), it gives developers the freedom to inspect, verify, and customize nearly every aspect of its operation. Join us as we build out a world in which silicon-level trustworthiness is attainable.

An End-to-End Solution for Passwords and Authentication

For those in search of a turn-key password-management solution, Precursor features the vault app since Xous v0.9.9. When vault is running, Precursor performs all of the following roles on a single device:

And it does so using secret database overlays to provide plausible deniability!

The images above demonstrate the app in each of these modes. Unlike your typical U2F authenticator, Precursor can show you exactly which credential you’re approving. It can also quickly scroll and search through lists of dozens of authenticator tokens and passwords, thanks to its tight integration with a keyboard and screen. Finally, Precursor can "auto-type" passwords into a host computer by appearing as a USB keyboard device. This way, you are in full control of your security: you can create, store, and deploy passwords from a separate physical device that you control. No more worries about Spectre, for the data you entrust to Precursor, and no more cloud vendors mining your metadata!

The vault app also natively supports the Plausibly Deniable DataBase (PDDB), a fully encrypted data store that can dynamically show different views of the same app depending on which secret overlays, or "Bases", are unlocked. Locked Bases (plural of "Basis") look and behave exactly the same as free disk space, so we believe that even an adversary who can forensically image your Precursor will have a difficult time proving or disproving the existence of a secret Basis beyond a reasonable doubt.

Finally, Precursor features encrypted backup and restoration of the PDDB via USB, so you can bootstrap your digital self onto a new device, using the encrypted backup image and a BIP-39 word list, even if your device is lost, destroyed, or confiscated.

Trust It. Because You Can, Not Because You Have to.

We are accustomed to accepting the word of large corporations, like Apple and Google, that our gadgets are trustworthy. Without any hard evidence, we’ve long had to take in on faith that our privacy is being respected and that our personal data is not just one backdoor away from being stolen, exploited, or exposed. (We’ll go ahead and leave "monetized" off that list, since we all know that’s happening.) We’ve had to accept this reality in large part because we’ve had no other choice. Precursor changes the status quo by making evidence-based trust a core principle of its design. We have subjected every aspect of this platform to a level of scrutiny that will allow users to trust their devices. You, the user, will be able to trust Precursor based on scientific evidence that is observable without access to a million-dollar microscope.

The principle of evidence-based trust was at work in our decision to implement Precursor’s brain as an SoC on an FPGA, which means you can compile your CPU from design source and verify for yourself that Precursor contains no hidden instructions or other backdoors. Accomplishing the equivalent level of inspection on a piece of hardwired silicon would be…a rather expensive proposition. Precursor’s mainboard was designed for easy inspection as well, and even its LCD and keyboard were chosen specifically because they facilitate verification of proper construction with minimal equipment.

We’ve even prepared a one-hour walkthrough video to help you navigate Precursor’s design and focus on the relevant parts for inspection. The video takes you from "Boot to Root", touching on not only the usual software chain-of-trust starting from the CPU reset vector going to the root keys, but also from the CPU reset vector back into the CPU’s design source, and the hardware elements that it runs on.

Thanks to this pivotal design principle, Precursor is well-suited as a hardware development framework for security-critical applications such as password managers, authenticators, crypto wallets, and secure messaging platforms.

Carry It. With You When You Need It

Precursor is also distinctive among open hardware gadgets in that it was designed from the ground up for portability. While most open hardware FPGA development boards share Precursor’s evidence-based, compile-your-own-CPU trust properties, none of them are packaged into a slim, 7.2 mm, machined-aluminum case, complete with a charger, a battery, a display, and a keyboard. And speaking of batteries, Precursor draws less power than most other FPGAs thanks to the "-1L" variant Xilinx Spartan 7-Series at its heart. (The "L" stands for "low leakage.") That efficiency — combined with a super-low-power Lattice iCE40 UP5K FPGA for deep-sleep system management and a Silicon Labs WF200 with integrated network co-processor for Wi-Fi connectivity — allows Precursor to achieve a standby time measured in days and an active screen time of about five to six hours.

Precursor gets your bright idea out of the lab and into your pocket. And if that idea happens to involve software for a password manager, a crypto-wallet, a secure messaging platform, or something similar, then Precursor also gets it well on its way toward its destination as a packaged product.

Jailbreak It? Precursor Was Born Free!

The most important difference between a jail and a home is who controls the lock on the door. Most smartphone companies want you to believe that the gilded jail they’ve designed for you is the safest place to spend your time. Precursor takes a different approach. By giving you the keys to the lock, it gives you a home. And, like your actual home, you’re free to make it your own because we’ve published 100% of Precursor’s design source, from the outer case to the inner CPU core. And once you’re done configuring and inspecting your system, you can activate Precursor’s security features to protect your newly redecorated home from unwelcome intruders.

Situating Precursor Within the Device Ecosystem

We are the first to admit that Precursor isn’t for everyone. It’s a new class of development platform, made for security- and privacy-critical applications. We know it’s not going to replace your smartphone today. Rather, we see it as an indicator of good things to come from the open hardware ecosystem.

Toward the lower left, you’ll see some of FPGA development boards that share Precursor’s ability to compile its primary CPU. Such devices are well within the intersection of trustability and hackability, but they are not pocket-ready. (They might fit in your pocket, sure, but they’ll have pretty limited utility when you pull them out. Unless of course you plan on strapping them to a keyboard, a battery, and a display, in which case…why not let us do it for you?)

Toward the upper left, we have a whole category of devices—including FPGA development boards with hardwired internal CPUs capable of running mainline Linux—that will get the job done if all you care about is hackability. But these devices fail the pocket test as well. And, worse yet, they require that you take the vendor at their word about the absence of undocumented backdoors in those hardwired CPUs.

On the top, toward the middle are devices for enthusiasts who desire pocketability and hackability but who don’t have a strong need for evidence-based trust. Products like the Librem 5 and the PinePhone fall into this category.

Toward the upper right, you’ll find the supercomputer-in-your-pocket smartphones of today. Nothing holds a candle to iOS and Android devices if you’re looking for all the power you can get and have no need for hackability or evidence-based trust

And right there in the middle is Precursor, quite possibly the only device around that occupies the intersection of evidence-based trust, pocket-readiness, and hackability.

Comparisons

Precursor is much more than an FPGA development board and much less than a mobile phone. The tables below help to place Precursor within two different continua: one of gadgets and one of FPGA development boards.

Precursor vs. the Gadgets

For each of the Palm, Blackberry, and Nintendo families of gadgets, we’ve picked two devices: one from the generation with slightly less raw computing power than Precursor (such as the Palm m515) and one from the generation with slightly more raw computing power (such as the Palm Treo 600). We’ve also included the Samsung A11 smartphone, just to keep ourselves honest. If we’re willing to set aside evidence-based trust and hackability, today’s proprietary, full-custom, mass-market production techniques can achieve a truly incredible price-to-performance ratio.

Our four main takeaways from the table are as follows:

  1. Precursor's FPGA-based CPU, in terms of raw computing power, is comparable to an era from about 15 years ago.
  2. Even 15 years ago, we were doing a lot with the gadgets we could make: planning our days on digital calendars, sending and receiving emails and short messages, listening to music, and playing games, to name just a few examples.
  3. CPU power aside, peripheral technologies have improved significantly over those same 15 years, giving Precursor advantages such as faster networking stacks, higher display resolutions, and larger data storage capacities.
  4. At a $512, Precursor is at the middle-of-the-pack in terms of non-contract pricing for a new mobile-gadget class. Considering the relatively low production volume we anticipate, this is quite remarkable. With a campaign goal equivalent to a production lot size of under 500 units, we can't bargain with manufacturers like the big companies can.
Precursor Palm m515Palm Treo 600Blackberry 6210Blackberry 8700Nintendo DSNintendo 3DSSamsung A11
Release year2020 2002200320032005200420112020
MSRP at release year$512 $399$600 (no contract)CAD$449 ~$315$349 (1-yr contract)$149.99$249$138
Release price (2020 equivalent)$512 $576$847.56$445$464$205$287$138
CPU/FPGAXC7S50 MC68VZ328OMAP1510ARM7EJ-S (AD6528)PXA901ARM946E-SARM11 dualA53 octa
CPU core speed100 MHz 33 MHz144 MHz"It's a secret" (NDA-only)312 MHz67 MHz268 MHz1.8 GHz
RAM16 MiB 16 MiB8+24 MiB2 MiB16 MiB4 MiB128 MiB2 GiB
Storage128 MiB OPI SPI 4 MiB24 MiB RAM16 MiB64 MiB256 kiB cartridge2 GiB32 GiB
Display (Primary)336x536 mono 160x160 color160x160 color160x100 mono320x240 color LCD256x192 color LCD800x240 3D LCD720x1560 PLS TFT
Wired connectivityUSB 2.0 Type-C RS-232USBUSB 1.1USBLink cableLink cableUSB2.0 Type C
Hack ports8x GPIO + I²C internal hack port NoneNoneNoneNoneNoneNoneNone
Wireless connectivityWi-Fi IrDAGSM, IrDAGSMGSM, BluetoothWi-FiWi-Fi, IRWi-Fi, BLE, GPS, LTE
InputPhysical keyboard TouchscreenPhysical keyboard, touchscreenPhysical keyboard and jog dialPhysical keyboard and jog dialTouchscreenTouchscreen, cameraTouchscreen, camera
AudioSpeaker, headphone/mic jack, vibe motor NoneSpeaker, headphone/mic jack, vibe motorSpeaker, headphone/mic jack, vibe motorSpeaker, headphone/mic jack, vibe motorStereoStereo speakers, microphoneSpeaker, headphone/mic jack
Battery1100 mAh Li-Ion 1350 mAh?1800 mAh900 mAh?1100 mAh850 mAh Li-Ion1300 mAh4000 mAh
"Screen on" life5-6 hours 4-7 hours4 hours5 hours4 hours15-16 hours3-5 hours28 hours
Sleep mode life2-3 days ~1 week?10 days~2 weeks~2 weeks1 week3 days16 days
Case height7.2 mm 12.7 mm22 mm20 mm19.5 mm28.9 mm21 mm8 mm
PCB design publishedYes No No No No No No No
CPU design publishedYes No No No No No No No

Our hope is that Precursor will continue to appear over the next decade and a half as a benchmark in many tables like this one, as the starting point on a trend towards the performance and capabilities of mobile, open hardware solutions reaching parity with today’s proprietary solutions. In the meantime, we have to start somewhere. And with your help, we believe Precursor will live up to its name as a harbinger of good things to come.

Precursor vs. the Dev Boards

The table below helps to place Precursor’s capabilities in a different sort of context, this time alongside a pair of development boards with similar FPGA logic capacity. There are really only two things that Precursor has in common with these boards: 1) they all use an FPGA for their CPU, and 2) they are all open hardware, with published PCB and CPU design source. As a result, this is a bit of an apples-to-oranges comparison, but it’s the best we could come up with.

Precursor NeTV2 "just the board"Arty A7-100T
Release year2020 2018unknown
MSRP at release year$512 $215$249
Release price (2020 equivalent)$512 $215$249
CPU/FPGAXC7S50 XC7A35TXC7A100T
CPU core speed100 MHz 100 MHz100 MHz
RAM16 MiB 512 MiB256 MiB
Storage128 MiB OPI SPI 8 MiB SPI16 MiB QSPI
Display (Primary)336x536 mono NoneNone
Wired connectivityUSB 2.0 Type-C Ethernet, HDMI, Rpi Hat, PCIe, microSDEthernet, USB
Hack ports8x GPIO + I²C internal hack port Serial, "hack" pins on PCIe and header4x Pmod + Arduino
Wireless connectivityWi-Fi NoneNone
InputPhysical keyboard None4 buttons/4 switches
AudioSpeaker, headphone/mic jack, vibe motor NoneNone
Battery1100 mAh Li-Ion N/AN/A
"Screen on" life5-6 hours N/AN/A
Sleep mode life2-3 days N/AN/A
Case height7.2 mm 51 mmN/A
PCB design publishedYes Yes Yes
CPU design publishedYes Yes Yes

What’s in the Box?

The Precursor tier includes the following items in the box:

Customer Support

Anyone who receives their Precursor will probably want to familiarize themselves with the following:

In addition, for crowdfunding backers with a Limited Edition Precursor, we have an explainer on how to use your gift set. And finally, below is a video that demonstrates how to install your debug cable:

Documentation

Features & Specifications

"Betrusted-SoC" Reference Design

Part of the purpose of Precursor is to validate the system-on-chip (SoC) design we hope eventually to produce as a custom ASIC for use in future such products. This SoC, which we call "Betrusted-SoC," is meant to be the central pillar of security for devices like Precursor. The version of Betrusted-SoC used in Precursor is based on a Xilinx FPGA and has the following features:

"Betrusted-EC" Reference Design

In addition to using Precursor to validate the SoC, we are also validating the embedded controller (EC) that’s in charge of standby power functions, as well as firewalling the untrusted hardware domain in devices like Precursor. The version of "Betrusted-EC" used in Precursor is based on a Lattice FPGA and has the following properties:

Precursor is an offshoot of the Betrusted project, which aims to make a complete hardware and software solution for secure and private communications. Our team would like to acknowledge partial funding for development of Precursor from the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet program.

NLnet Foundation, NGI Zero

In the Press


Hackaday

Ask a Question

Produced by Sutajio Kosagi in Singapore.

Sold and shipped by Crowd Supply.

Precursor

One fully assembled and tested Precursor. Includes a debug interface but no USB Type-C cable or charger. Comes with an installed QWERTY keyboard and alternate QWERTZ, AZERTY, Dvorak, Hangul, and blank keyboard overlays.

$590 Free US Shipping / $18 Worldwide

Raspberry Pi Debug HAT

An adapter board between a Precursor and a Raspberry Pi 3B+ or 4 for low-level debugging and reflashing.

$25 $8 US Shipping / $18 Worldwide

Raspberry Pi 4 Model B 2GB

From the Raspberry Pi 4 Model B project.

2GB version of the Raspberry Pi 4 Model B single-board computer, featuring a Broadcom BCM2711 quad-core Cortex-A72 64-bit SoC at 1.8GHz, 2.4GHz and 5GHz 802.11ac Wi-Fi, two USB 3.0 and two USB 2.0 ports, two micro HDMI ports, and a microSD card slot.

$45 $8 US Shipping / $18 Worldwide

Replacement LCD Screen

A 336 x 536 resolution, 200 PPI black-and-white memory LCD by Sharp, including an integrated backlight module.

$40 $8 US Shipping / $18 Worldwide

Replacement Keyboard PCB

A replacement Precursor keyboard PCB – no overlays included.

$15 $8 US Shipping / $18 Worldwide

Replacement Keyboard Overlay: QWERTY

A QWERTY keyboard overlay for Precursor.

$12 $8 US Shipping / $18 Worldwide

Replacement Keyboard Overlay: QWERTZ

A QWERTZ keyboard overlay for Precursor.

$12 $8 US Shipping / $18 Worldwide

Replacement Keyboard Overlay: AZERTY

An AZERTY keyboard overlay for Precursor.

$12 $8 US Shipping / $18 Worldwide

Replacement Keyboard Overlay: Dvorak

A Dvorak keyboard overlay for Precursor.

$12 $8 US Shipping / $18 Worldwide

Replacement Keyboard Overlay: Blank

A blank (unprinted) keyboard overlay for Precursor.

$12 $8 US Shipping / $18 Worldwide

Replacement Keyboard Overlay: Hangul

A Hangul keyboard overlay for Precursor.

$12 $8 US Shipping / $18 Worldwide

About the Team

Sutajio Kosagi

Singapore  ·   kosagi.com

Sutajio Ko-usagi supports and produces open hardware products designed by bunnie and xobs.

See Also

Subscribe to the Crowd Supply newsletter, highlighting the latest creators and projects