Sessions, devices, and future hardware trust

Today: Rune Token suite sign-in and short-lived operator sessions for consoles. Device trust via the Rune agent. Roadmap: deeper hardware-rooted attestation

How access works today

Long-term hardware trust (roadmap)

National-scale eID proved the model. We may go further: hardware-rooted, offline-capable attestation for high-assurance fleets.

Hardware-rooted trust

TPM 2.0 / secure enclave binding, FIDO2 passkeys, measured boot — identity lives in silicon you control, not a SaaS directory.

Post-quantum ready

Hybrid classical + ML-DSA / SLH-DSA signatures and CRYSTALS-Kyber key exchange — crypto agility baked in before harvest-now-decrypt-later becomes urgent.

Offline ZK attestations

Prove role, clearance, or fleet membership with zero-knowledge proofs on air-gapped Stella nodes — no PII broadcast, no central verifier required.

Mesh revocation

Issuance and CRL sync across your Thala fleet over LAN-only channels — instant lockout without internet, without trusting a third-party OCSP.

Architecture principles

  • Air-gap issuance ceremonies — USB / NFC operator workflow, no cloud enrollment
  • Continuous integrity attestation within your perimeter only
  • Separation of identity, authorization, and session — short-lived scoped tokens
  • Open Rust reference implementation — auditable, deployable on your metal
  • Interoperable with Stella ops gate and Thala fleet policies

Related modules (in repo)

stech::token::identity

DeviceAnchor — TPM EK hash, measured boot PCRs, optional FIDO2 cred binding.

stech::token::crypto

HybridKeyPair — ML-DSA / SLH-DSA + classical agility interfaces.

stech::token::attest

ZkAttestor — offline membership proofs for fleet and clearance claims.

stech::token::revoke

RevocationMesh — LAN CRL sync target for Thala fleet distribution.

Phase 1 live: suite sign-in and short-lived operator sessions. Rune agent for air-gap device login. Phase 2 roadmap: hardware bind options — not required for current SKUs.

← Back to platforms