As far as I understand at the moment Nitrokey’s strong point is the ability to upgrade the firmware. After analyzing this topic, it became clear that:
Summary
While researching the Graphene OS forum for this situation, I was able to become familiar with a resource such as ycombinator.
The following information caught my attention there:
Summary
It’s not just YubiKey.
NinjaLab: “All Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack.”
-
Chips in e-passports from the US, China, India, Brazil and numerous European and Asian nations
-
Secure enclaves in Samsung and OnePlus phones
-
Cryptocurrency hardware wallets like Ledger and Trezor
-
SIM cards
-
TPMs in laptops from Lenovo, Dell, and HP
-
EMV chips in credit and debit cards
This is kind of an entire class of attack where similar paths may be able to be used on these other controllers. Don’t gloss over it.