# BLADE-AGENT-HSM — Assembly & Bring-up Guide

**Hardware Root of Trust for AUTHREX-AGENT**
Project: BLADE-AGENT-HSM v1.0
Designer: Burak Oktenli · AUTHREX Systems · Washington, DC
ORCID: 0009-0001-8573-1667
License: CC BY 4.0

---

## Tools

- Hot-air rework station or convection reflow oven (lead-free profile, 245 °C peak)
- Solder-paste stencil (0.10 mm thick stainless steel, sized to PCB)
- Solder-paste dispenser or jar (SAC305 Type-4)
- Fine-tip ESD-safe soldering iron (T12-style preferred), lead-free solder, flux pen
- Tweezers (fine-tip, ESD-safe, both straight and curved)
- 10× stereo microscope or 10× loupe with LED ring
- Digital multimeter with continuity, four-wire ohms, and 0.01 V resolution
- SWD programmer (Segger J-Link Base or ST-Link V2/V3) with 1.27 mm 10-pin cable
- Bench DC power supply with current limit (5 V, 1 A capable)
- USB cable + USB analyser (or any laptop with USB-HID stack)
- M.2 Key-E breakout / test fixture (for M.2 variant only)
- 99 % isopropyl alcohol, lint-free wipes, ESD-safe brush
- Compressed air (filtered, dry, 30 PSI)
- ESD-safe mat, wrist strap, smock
- Torque-limiting screwdriver (0.05 N·m for M1.6, 0.10 N·m for M2)
- SLS 3D printer or service (nylon shells)
- SLA/DLP 3D printer or service (clear-resin light pipes)
- Conformal-coating service or brush (Parylene-C, 25 µm — M.2 variant)
- Thermal epoxy (Arctic Alumina or 3M TC-2810) — M.2 thermal package only
- Tamper-evident security labels (one per device, serialised)

## Assumptions

- Operator has documented SMD soldering competence for QFN, UFQFPN, WSON, OLGA, and 0402 passive packages.
- Operator has STM32CubeIDE + STM32CubeProgrammer installed and previously bring-up'd at least one STM32 board.
- Operator understands I²C and SPI bus signalling, USB-HID enumeration, and TPM 2.0 command framing at the API level.
- ESD precautions are observed at every step.
- An external PCB fabrication service is available for 4-layer FR-4 ENIG production. JLCPCB, OSHPark After Dark, or Sierra Circuits are representative.
- An external SLS / SLA 3D-printing service is available (Shapeways, Hubs, or in-house printer with the required process capability).
- For first-article units, a second operator double-checks every step in this guide and signs off on the inspection criteria.

---

## 1. Fabrication

### 1.1 Order or fabricate the Main PCB Board

**Tools:** none (specification document only).

**Steps:**
1. Submit the 4-layer Gerber set with the following stack-up: L1 signal (top, 1 oz Cu), L2 active tamper mesh + ground pour (0.5 oz), L3 active tamper mesh + 3V3 pour (0.5 oz), L4 signal (bottom, 1 oz Cu). Total finished thickness 1.6 mm.
2. Specify ENIG (immersion gold) surface finish — required for the fine-pitch SE051 and TMP117 QFN/WSON pads.
3. Specify matte-black solder mask both sides; white silkscreen on top with all designators (U1-U9, J1, J2, LD1-LD3, BZ1, TP1-TP8) plus the small teal accent stripe (1 mm wide) across the top short edge.
4. Specify USB-A castellated pads at the +X short edge AND M.2 Key-E gold fingers also at the +X short edge — both populated on the same Gerber; final assembly chooses which to break out.
5. Specify electrical test (flying-probe or bed-of-nails) at the fabricator. Reject any board failing E-test.

**Inspection criteria:** boards arrive within ±10% of stated thickness, ENIG plating visually uniform with no exposed copper, no mask slivers, no missing silk, edges deburred. Sample-measure 5 of 10 boards: 30.0 ± 0.1 mm × 80.0 ± 0.1 mm.

**Expected outcome:** ten matched bare PCBs ready for SMT, each with a unique serialised barcode in the silk corner.

### 1.2 3D-print USB-A Enclosure Top and Bottom Shells

**Tools:** SLS 3D printer (or service); deburring tools.

**Steps:**
1. Print both shells in PA12 (nylon) on an SLS process at 0.1 mm layer height. Charcoal-grey colourant.
2. Orientation: print the inside-facing surfaces down so the outside cosmetic surfaces have the cleanest finish.
3. Post-process: bead-blast both shells, then light tumble for 30 minutes to soften sharp internal edges.
4. Laser-etch the product name `BLADE-AGENT-HSM` on the top face, `AUTHREX SYSTEMS` underneath at 50 % font size, and a 1 mm teal stripe across the top edge. Etch the serial number and ORCID QR code on the back face.
5. Drill / ream the three 2 mm light-pipe holes if not printed to final size. Drill the 1 mm buzzer aperture in the bottom shell.

**Inspection criteria:** shells fit together with < 0.2 mm gap around the perimeter; M1.6 screw posts thread cleanly; USB-A blade aperture allows the PCB to seat without forcing; all three LED apertures align with the LED footprints on the board.

**Expected outcome:** ten matched pairs of shells, each pair etched with a serial number that matches the PCB.

### 1.3 3D-print PCB Retention Ribs

**Tools:** the same SLS process used in 1.2 — the ribs are integral to the shells.

**Steps:**
1. Verify in the CAD model that the retention ribs are part of the top and bottom shell geometry. They should be four ribs of 1 mm cross-section running parallel to the long axis, two on each shell.
2. Inspect each printed shell for full rib formation. Any partial rib (height < 0.8 mm) is a scrap shell.
3. Test-fit a PCB into one bottom shell. The PCB should slide along the ribs with light finger pressure and not lift more than 0.3 mm when the shell is tipped.

**Inspection criteria:** each pair of shells retains a test PCB without rattle or rotation when shaken; PCB sits 0.3 - 0.5 mm above the bottom shell inner surface.

**Expected outcome:** retention is mechanical only — no adhesive — and the PCB can be removed for rework by sliding it out from the open end.

### 1.4 3D-print Light Pipes for Power / Tier / Alarm LEDs

**Tools:** SLA or DLP 3D printer (or service); UV cure oven.

**Steps:**
1. Print three light pipes per device in Formlabs Clear V4 or equivalent at 0.05 mm layer height. They are 5 mm long cylinders, 2 mm diameter, with one end chamfered to seat in the top shell.
2. Wash in IPA for 10 minutes immediately after printing.
3. UV post-cure at 60 °C for 15 minutes for maximum optical clarity.
4. Inspect each pipe end-on for cloudiness or internal voids. Cloudy pipes scatter light and reduce signal contrast.

**Inspection criteria:** when held over a phone-torch source, the LED-side surface lights up cleanly and uniformly. No more than one pipe per 20 should fail this test.

**Expected outcome:** thirty light pipes (three per ten units) ready for assembly.

### 1.5 Clean and prepare PCB surface (skip — there are no component mounts)

**Note:** Earlier versions of this guide included a step for 3D-printed component mounts. **There are no component mounts in this design.** The ICs are surface-mount QFN / UFQFPN / WSON / OLGA packages that solder directly to the PCB pads. Skip directly to step 1.6.

### 1.6 Clean and deburr all 3D-printed parts; verify fitment

**Tools:** compressed air, IPA, lint-free wipes; 10× loupe.

**Steps:**
1. Blow each 3D-printed part with filtered compressed air to remove sintering powder or resin residue.
2. Wipe each part with IPA on a lint-free wipe. Allow 30 seconds to evaporate before next handling.
3. Dry-assemble one shell pair around a test PCB and three light pipes. Confirm seating, LED-aperture alignment, USB-A blade fit, and that the tamper-evident label area is exposed across the seam.
4. Disassemble. Set the matched pair aside with its serialised barcode tag.

**Inspection criteria:** no powder residue under 10× inspection; PCB seats with light pressure; light pipes fit without forcing.

**Expected outcome:** ten serialised assembly kits, each kit containing matched bottom shell, top shell, three light pipes, two M1.6 screws, one tamper label, and one PCB.

---

## 2. Wiring

### 2.1 Solder Main MCU and the two crystals

**Tools:** stencil + paste, reflow oven, tweezers, 10× microscope.

**Steps:**
1. Lay the stencil over a clean PCB. Squeegee SAC305 Type-4 paste once across all MCU + crystal apertures. Lift stencil cleanly.
2. Place the STM32L432KCU6 first (UFQFPN-32, 5 × 5 mm). Confirm pin-1 dot aligns with the silkscreen dot.
3. Place the Abracon ABS06 32.768 kHz crystal next to the LSE pins, then the Abracon ABM3B 8 MHz crystal next to the HSE pins.
4. Reflow with a lead-free profile: 60 s soak at 150 °C, ramp to 245 °C peak, 60 s above 217 °C, cool at <4 °C/s.
5. Under 10× microscope, inspect every MCU pin for solder bridges or insufficient wetting. Inspect crystal pad bonds for full coverage.

**Inspection criteria:** no bridges, no tombstoning, no voids visible at the QFN floor pad (if X-ray is available, verify floor-pad coverage > 75 %).

**Expected outcome:** MCU and crystals seated and reflowed. Board still bare on the U1/U2/U4-U9 positions.

### 2.2 Solder Power Management components

**Tools:** stencil + paste (second pass), tweezers, 10× microscope.

**Steps:**
1. Apply a second stencil pass for the power-section pads only (U6 LDO, U7 ESD, U10 supervisor) so the previously placed parts are not disturbed. Hand-dispense paste with a syringe if a second stencil is impractical.
2. Place the TI TPS73633DBV LDO (SOT-23-5) at the U6 position.
3. Place the TI TPD2E001 USB ESD-protection IC at the U7 position.
4. Place the Maxim MAX16162ANB+T supervisor at the U10 position. Verify the reset polarity dot matches the silk.
5. Hand-solder or hot-air reflow to seat all three parts. Reflow profile identical to step 2.1.
6. Inspect each part under 10× microscope.

**Inspection criteria:** TPS73633 oriented correctly (VIN, GND, EN, NC, VOUT pin order); MAX16162 reset pin (RESET_n) connects to the MCU NRST trace as drawn; ESD chip oriented per silkscreen.

**Expected outcome:** power management chain is mechanically complete. Electrical bring-up will validate the rail.

### 2.3 Solder Security Modules

**Tools:** stencil + paste (third pass), tweezers, hot-air rework, 10× microscope.

**Steps:**
1. The three security ICs are the most placement-sensitive parts on the board. Place under the microscope with care.
2. Place the NXP SE051C2HQ1/Z01V at U1 (HVQFN-32, 5 × 5 mm). Pin-1 must align with the silk dot — wrong orientation will not enumerate on I²C.
3. Place the Infineon SLB 9670VQ2.0 TPM at U2 (VQFN-32, 5 × 5 mm).
4. Place the Microchip ATSHA204A at U5 (UDFN-8). Small package — verify with tweezers it has not migrated during paste-down.
5. Reflow with the same profile as 2.1. Allow board to fully cool before next handling.
6. Inspect under 10× microscope. If any QFN looks misaligned by more than 0.1 mm, re-flow with hot air and gentle tweezer nudge.

**Inspection criteria:** every QFN edge shows solder fillet on every pin; no bridges; floor-pad reflow visible at every part edge.

**Expected outcome:** all three security parts seated. SE051 ENA pin tied to 3V3 via the trace (no extra solder bridge needed).

### 2.4 Solder Indicator LEDs and Piezo Buzzer

**Tools:** soldering iron, fine-tip; tweezers; flux pen.

**Steps:**
1. Hand-solder the three LEDs: LD1 green 0603, LD2 RGB common-anode 0606, LD3 red 0603. The RGB anode is the longest pin in the package — verify against silk.
2. Hand-solder the Kingstate KPT-G2810 piezo buzzer. Polarity-insensitive but mechanical orientation matters for the sound port to align with the bottom shell aperture.
3. Inspect each part for cathode-mark orientation. A reversed LED will not light during step 3.4.

**Inspection criteria:** LED cathodes match silk cathode mark; buzzer sound aperture faces the bottom of the PCB (where the shell aperture sits).

**Expected outcome:** all visual and audible indicators populated. No power applied yet.

### 2.5 Solder TMP117 Temperature Sensor

**Tools:** soldering iron + microscope, or hot-air rework.

**Steps:**
1. Place the TI TMP117AIDRVR (WSON-6, 2.0 × 2.0 mm) under the microscope. Pin-1 dot to silk.
2. The address-strap pin must be tied so the I²C address resolves to 0x49 (to avoid collision with the SE051 default 0x48). Verify the strap-pad jumper is at the "0x49" position before placing the part. The Gerber places this jumper as a track-cut option; default = 0x49.
3. Hand-solder or hot-air. The WSON-6 footprint is small; six pads + thermal pad. Inspect under 20× if available.

**Inspection criteria:** TMP117 I²C address resolves to 0x49 — confirm by reading register 0x0F (Device ID) in step 3.5; expected value 0x0117.

**Expected outcome:** thermal-tamper detection IC populated. ALERT pin trace heads to STM32 PA3.

### 2.6 Solder USB-A castellated pads / M.2 Key-E gold fingers

**Tools:** none — this step is mechanical for the castellated USB-A blade (no separate connector) and electrical only for the M.2 variant.

**Steps:**
1. For the USB-A stick variant: the USB-A blade is part of the PCB itself. Verify the gold plating on the four contacts is unmarked and free of solder splash from earlier steps. Mask with kapton tape if any rework was needed near the edge.
2. For the M.2 Key-E module variant: the gold fingers are part of the PCB. Confirm the Key-E notch is in the correct position (notch E, between pins 31-32). No discrete connector to solder.
3. If both variants are being built from the same PCB, leave both edges populated; the chosen variant determines which edge the host engages.

**Inspection criteria:** gold contacts unmarked; no solder splash within 3 mm of the contacts; notch positions match the M.2 Key-E mechanical drawing.

**Expected outcome:** PCB is now fully populated for the chosen variant.

### 2.7 Perform visual inspection and continuity checks

**Tools:** 10× microscope, DMM in continuity mode, schematic printout.

**Steps:**
1. Sweep every IC under 10× microscope. Document any bridges, voids, or tombstones for rework.
2. With DMM in continuity mode, verify 3V3 → GND is open circuit (no short). A short here means rework before applying any power.
3. Verify continuity from TP1 (3V3 test point) to each IC's VDD pin: U1 SE051, U2 TPM, U3 STM32, U10 MAX16162, U11 TMP117. Each should beep.
4. Verify USB D+ and D− are not shorted to each other or to GND.
5. Verify the SE051 I²C pull-ups: SCL to 3V3 ≈ 10 kΩ; SDA to 3V3 ≈ 10 kΩ.
6. Verify the tamper-mesh loop: probe MESH_LOOP_A and MESH_LOOP_B on the test points; resistance should be 8-12 Ω end-to-end.

**Inspection criteria:** all eight DMM checks pass. Any failure isolates the rework target.

**Expected outcome:** board electrically validated dry. Ready for power application.

---

## 3. Bring-up

### 3.1 Continuity checks on critical power and ground nets

**Tools:** DMM in continuity mode, four-wire ohms mode.

**Steps:**
1. Repeat the rail-by-rail continuity check from 2.7 once more. (Operator habit: bring-up is where mistakes manifest, so a second pass before powering is cheap insurance.)
2. Four-wire ohms from TP1 to GND should show >> 1 MΩ.
3. Visually verify the LDO output capacitor (10 µF + 100 nF) is populated. Missing decoupling will oscillate the rail.

**Inspection criteria:** no shorts; rail-to-ground resistance > 1 MΩ; decoupling visible.

**Expected outcome:** safe to apply power.

### 3.2 Apply initial power and verify 3.3 V rail

**Tools:** bench DC supply with current limit (5.0 V, 250 mA limit), DMM, probe leads.

**Steps:**
1. Set bench supply to 5.00 V, current limit 250 mA. Connect supply ground first, then +5 V to the USB +5V contact (or M.2 pin 19 for M.2 variant). Do not enable the output yet.
2. Enable output. Measure current. Expected: 30-60 mA quiescent. > 200 mA indicates a problem — disable and rework.
3. Measure TP1 (3V3 rail) with DMM. Expected: 3.27-3.33 V.
4. Probe each IC VDD pin one by one to confirm power has reached every part.
5. Apply gentle finger pressure to the LDO during measurement. If voltage drops > 50 mV, the LDO is thermally stressed — investigate.

**Inspection criteria:** 3V3 = 3.27-3.33 V at TP1 and at every IC; current draw < 60 mA at idle.

**Expected outcome:** board powered and stable. LED LD1 may not be lit yet (it lights from firmware), but the rail is up.

### 3.3 Flash basic firmware to MCU via SWD

**Tools:** Segger J-Link or ST-Link V2, STM32CubeProgrammer, 1.27 mm 10-pin SWD cable.

**Steps:**
1. Connect SWD programmer to TP_SWDIO / TP_SWCLK / TP_NRST / TP2 (GND). Use the test-point cluster; the production board has these masked.
2. In STM32CubeProgrammer, connect at 4 MHz SWD speed. Expected chip ID: 0x435 (STM32L432).
3. Verify chip ID and option-bytes match expected defaults. If option bytes show read-protect already enabled, this is a returned/used part — pull from line.
4. Flash the BLADE-AGENT-HSM v1.0 firmware image at address 0x08000000.
5. Verify by reading back the first 1024 bytes; checksum must match the published image checksum.
6. Issue a reset. LD1 (power LED) should illuminate green within 100 ms.

**Inspection criteria:** chip ID = 0x435; flash verify passes; LD1 lit after reset.

**Expected outcome:** MCU is alive and running the reference firmware. Subsequent steps interact via the ABI rather than SWD.

### 3.4 Test LED and Buzzer functionality

**Tools:** host laptop, USB cable, ABI-ping test script (`tools/abi_ping.py`).

**Steps:**
1. Connect the board via USB-A to a host laptop. Confirm HID-class enumeration (vendor 0xCAFE / placeholder product ID until USB-IF assignment).
2. Run `python3 tools/abi_ping.py` from the firmware repo. The script sends opcode 0x00 ten times.
3. Observe LD2 (tier indicator) cycle green → amber → red → blue → off through all four tier states.
4. Observe BZ1 emit one 1 kHz chirp at the start of the cycle.
5. Confirm LD3 (alarm) stays dark — it only lights on T0 lock.

**Inspection criteria:** all three LEDs respond as scripted; buzzer audible; no IRQ storms observable on the host (script reports < 5 % packet loss).

**Expected outcome:** indicator subsystem validated.

### 3.5 Verify I²C communication with SE051, TRNG, TMP117

**Tools:** host laptop, ABI-bus-scan script (`tools/i2c_scan.py`).

**Steps:**
1. Run `python3 tools/i2c_scan.py`. The script triggers an I²C bus enumeration on the MCU and reports back the addresses that ACK'd.
2. Expected ACKs: 0x48 (SE051), 0x49 (TMP117), 0x64 (ATSHA204A). Three responses.
3. Read SE051 firmware version via the SE051 PlainRsa ATR command; expected response begins 0x3B.
4. Read TMP117 Device ID register (0x0F); expected value 0x0117.
5. Read ATSHA204A serial number (4-byte word 0).

**Inspection criteria:** three I²C devices respond at expected addresses; each device returns valid identification.

**Expected outcome:** I²C subsystem validated. SE051 is ready to host the audit-signing key in step 3.5 of the provisioning ceremony (separate document).

### 3.6 Verify SPI communication with TPM 2.0

**Tools:** host laptop, ABI TPM-query script (`tools/tpm_query.py`).

**Steps:**
1. Run `python3 tools/tpm_query.py`. Script issues `TPM2_Startup(CLEAR)` then `TPM2_GetCapability(TPM_CAP_TPM_PROPERTIES, TPM_PT_MANUFACTURER)`.
2. Expected response includes vendor string "IFX" (Infineon).
3. Issue `TPM2_GetCapability(TPM_CAP_TPM_PROPERTIES, TPM_PT_FIRMWARE_VERSION_1)`. Record version for documentation.
4. Read PCR 0; expected: all zeros (no extensions yet on virgin device).
5. Issue a test `TPM2_PCR_Extend(0, sha256("test"))` and re-read PCR 0; should equal SHA-256(0x00...00 || SHA-256("test")).

**Inspection criteria:** vendor = IFX; PCR 0 extends as expected; no SPI bus error responses.

**Expected outcome:** TPM 2.0 validated. The PCR bank is ready for tier / ledger / policy attestation.

### 3.7 Test USB data path and ESD protection

**Tools:** host laptop, USB analyser (Beagle USB 12 or equivalent — optional but recommended).

**Steps:**
1. Run a stress test: 1000 ABI ping round-trips via the HID interface. Expected throughput: ≥ 300 round-trips per second.
2. Pull the USB cable mid-stream three times. Each reconnect should re-enumerate within 200 ms.
3. Optional ESD check (use ESD gun if available): apply a single ±2 kV contact discharge to a non-USB exposed pad. Board must continue normal operation; if it does not, the TPD2E001 has failed.
4. Inspect the host kernel log for any USB error messages — should be empty.

**Inspection criteria:** 1000-iteration packet loss < 0.5 %; clean reconnect on each pull; no kernel errors.

**Expected outcome:** USB transport validated under stress.

### 3.8 Test tamper-mesh circuit response

**Tools:** soldering iron (briefly), conductive tweezers, host laptop, ABI tamper-status script (`tools/tamper_status.py`).

**Steps:**
1. Run `python3 tools/tamper_status.py`. Confirm baseline: mesh loop OK, supply OK, temperature within bounds.
2. Briefly short MESH_LOOP_A to MESH_LOOP_B with conductive tweezers (do not damage the PCB). Within 100 ms the tamper detection should trip:
   - LD3 (alarm) lights solid red
   - BZ1 emits five 200 ms chirps at 1 kHz
   - LD2 (tier) shifts to blink-red (T0 lock)
   - The host script reports a tamper event with cause code 0x01 (mesh fault)
3. Disconnect tweezers. Note that the device does NOT auto-recover — re-provisioning is required. This is correct behaviour.
4. Re-provision via the operator script. PCR 4 is extended with the tamper cause code; the tamper event is now part of the device's permanent forensic record.

**Inspection criteria:** tamper trip within 100 ms of mesh short; visual + audible + ABI signals all fire; re-provisioning succeeds and clears the latch.

**Expected outcome:** tamper subsystem validated. Device is now field-ready pending enclosure assembly.

---

## 4. Assembly

### 4.1 Apply Conformal Coating (Parylene-C) — M.2 variant only

**Tools:** Parylene-C deposition service or in-house chamber; masking tape (kapton).

**Steps:**
1. Mask the USB-A blade, the M.2 gold fingers, the SWD test-point cluster, and the LDO ground tab with kapton tape.
2. Submit to Parylene-C service. Specify 25 µm thickness across all unmasked surfaces.
3. Receive coated boards. Remove kapton masks carefully — pulling along the board plane to avoid lifting any components.
4. Inspect under 10× microscope: coating should be uniform and slightly glossy. No drips, no missed pads.

**Inspection criteria:** thickness 25 ± 5 µm (verify with a dry-film meter on a coupon if available); no electrical contacts coated.

**Expected outcome:** M.2 variant has industrial-grade environmental protection. USB-A variant skips this step.

### 4.2 Bond Optional Copper Heatspreader — M.2 variant only

**Tools:** thermal epoxy (Arctic Alumina or 3M TC-2810), spatula, 24 h cure jig.

**Steps:**
1. Mix the two-part thermal epoxy per manufacturer instructions.
2. Apply a thin (~ 0.1 mm) bead to the top of U1 (SE051) and U2 (TPM).
3. Place the 1 mm copper shim heatspreader over both ICs. Apply gentle even pressure with a flat tool to seat.
4. Wipe any squeeze-out with IPA.
5. Cure at room temperature for 24 hours undisturbed.

**Inspection criteria:** heatspreader sits flat; no gap visible between heatspreader and either IC; cured epoxy is glassy and brittle to fingernail test.

**Expected outcome:** sustained 250 mA peak ECDSA-P384 signing now stays below 60 °C package temperature in a host chassis.

### 4.3 Attach light pipes to the corresponding LEDs

**Tools:** tweezers; UV adhesive (optional, for permanent install).

**Steps:**
1. Insert each clear light pipe into its corresponding aperture in the top shell. Press until the pipe seats fully — the chamfered end should be flush with the inside surface of the shell.
2. For first-article units, do not glue. Production units can be UV-adhered for permanence.
3. Verify alignment by holding the top shell over the assembled PCB with no power applied. Each pipe should sit directly above its 0603 / 0606 LED footprint, within 0.3 mm.

**Inspection criteria:** pipes seated flush; lateral alignment to LED within 0.3 mm.

**Expected outcome:** top shell ready to mate.

### 4.4 Mount the PCB into the bottom shell

**Tools:** none — interference fit.

**Steps:**
1. Hold the PCB with the USB-A blade (or M.2 fingers) facing the open end of the bottom shell.
2. Slide the PCB into the shell along the retention ribs. The blade / fingers should emerge through the front aperture cleanly.
3. Verify the PCB sits parallel to the bottom-shell floor; no rocking. Lateral play < 0.3 mm.
4. Verify the buzzer aligns over the bottom-shell sound aperture.

**Inspection criteria:** PCB seated; no rocking; blade / fingers emerge cleanly; buzzer aligned with aperture.

**Expected outcome:** PCB locked into the bottom shell.

### 4.5 Integrate internal cables (M.2 variant if internal pigtails are used)

**Tools:** small heatshrink tubing, hot-air gun, micro tweezers.

**Steps:**
1. For the USB-A variant: this step is null. The castellated PCB blade is the connector. Skip to 4.6.
2. For the M.2 variant with optional internal pigtails (e.g., LED extension to chassis indicator): route the pigtail along the channel between the two halves of the shell. Heatshrink any solder joints.
3. Verify no pigtail crosses the tamper-evident seam — anything spanning the seam compromises the tamper indication.

**Inspection criteria:** no wire across the seam; heatshrink fully covered; pigtail does not pinch when the shells close.

**Expected outcome:** any optional internal wiring is committed before the shells close.

### 4.6 Mate the top shell with the bottom shell

**Tools:** none — interference fit.

**Steps:**
1. Lower the top shell over the bottom shell, aligning the four locator pins. The light pipes should drop into their LED apertures with no misalignment.
2. Press the two halves together. They should seat with a soft click and < 0.2 mm gap around the seam perimeter.
3. If gap exceeds 0.2 mm anywhere, reopen and inspect for snagged retention rib or pigtail.

**Inspection criteria:** seam gap < 0.2 mm continuous; locator pins fully seated; light pipes properly aligned over LEDs.

**Expected outcome:** shells mated mechanically. Screws not yet installed.

### 4.7 Secure the enclosure with M1.6 self-tapping screws

**Tools:** torque-limiting screwdriver set to 0.05 N·m.

**Steps:**
1. Install the two M1.6 × 5 mm self-tapping screws at the diagonal corners (one per corner).
2. Run each screw down until the screwdriver clicks (0.05 N·m). Do not over-torque — the shell wall is thin and will crack at > 0.08 N·m.
3. Confirm the two halves are fully mated and the seam is flat. The seam should follow a single plane with no step.

**Inspection criteria:** both screws torqued to 0.05 N·m without over-driving; seam flat and continuous.

**Expected outcome:** enclosure is mechanically closed. The device can now be powered without coming apart.

### 4.8 Apply Tamper-Evident Security Label across the enclosure seam

**Tools:** tamper-evident security labels (serialised); ESD-safe gloves.

**Steps:**
1. Choose a label whose serial number matches the device serial. Record the pairing in the device build log.
2. Peel the label backing. Apply the label across one long edge of the clamshell seam, spanning approximately equal area on the top and bottom shells.
3. Press the label firmly for 10 full seconds to activate the security adhesive. The label should adhere without bubbles.
4. Photograph the labelled device from three angles for the build log.

**Inspection criteria:** label crosses the seam; no bubbles or gaps; serial number matches device S/N in the build log.

**Expected outcome:** any opening of the enclosure will visibly tear or fracture the security label. Device is now field-deployable; transfer to provisioning ceremony (separate document) for tier-state initialization, PCR baseline export, and operator key enrolment.

---

## Sign-off

| Phase | Operator initials | Date | QA initials | Date | Notes |
|---|---|---|---|---|---|
| 1 Fabrication |  |  |  |  |  |
| 2 Wiring |  |  |  |  |  |
| 3 Bring-up |  |  |  |  |  |
| 4 Assembly |  |  |  |  |  |
| **Provisioning** (separate ceremony) |  |  |  |  |  |

Device serial number: ________________________
Tamper label serial number: ________________________
Build date: ________________________
Firmware image hash: ________________________

---

*© 2026 Burak Oktenli · AUTHREX Systems · Washington, DC · CC BY 4.0*