We open sourced the firmware. To our knowledge this is the 1st open source implementation of FIDO2/CTAP2.
Our firmware is designed to be run/developed without hardware, and we have implementations already for efm32 and nrf52840. We're actively working on a new port to SAM L11 that will use ARM TrustZone for improved security.
There's still a lot to do on the ecosystem side. We'd like to improve tests, code style and comments, and make it pass some static analysis tools.
Feel free to join the discussions in the github issues, and of course we'd love to see you at our Kickstarter that will launch VERY soon (like in the next couple weeks). You can join the waitlist at https://solokeys.com
Not that I'm aware of. Might be trickier than U2F (that exists already) because FIDO2 is a bit more computationally expensive, and probably larger code base. But certainly an interesting project to add to the pipeline.
Yes. We're still defining the exact date, but it should be within the next two weeks.
We're working on some really exciting partnerships, we need a few more days to finalize details. So far we're super excited about how the campaign is coming up!
MIT worked before on Sanctum that you might want to look at, its sort of the pre-version of what keystone will be. See: https://eprint.iacr.org/2015/564.pdf
I didn't see any schematics, but maybe I just missed them.
The SAM L11 doesn't have a USB peripheral... are you bit-banging USB or using a second IC or something? I was considering using an L10/L11 for another project, but this omission is what led me elsewhere.
Edit:
Thinking about it some more, it may be advantageous to rely on a second, physically separate chip to handle USB communication, as it's next to impossible to verify that there isn't a backdoor in the secure chip. Chips that are likely to be used as secure elements are probably juicy targets for backdoors, and a USB peripheral would be an excellent place to hide one (e.g. a special "knock" code that dumps the contents of secure memory and resets the chip and is unlikely to be found via fuzz testing).
I really like the concept, though. I think we need more efforts like this, aimed at making our security tools simpler, more open, and easier to verify.
We are using the EFM8UB1 chip to implement the USB HID interface, then communicate with the SAM L11 via SPI.
After considering many MCUs with USB interfaces, it seems to always be more cost effective to get the non-USB MCU and use the EFM8UB1 (from a BOM perspective anyways). The lesser chance of having a backdoor is a plus!
Maybe the Tomu discussed in another comment here would be a good starting point. We're really focused on the Kickstarter now, so unlikely we'll have time to do it ourselves in the next, say, month or two. But the code is open now :)
I personally use a Nano, but only for limited use cases like VPN. I don't like it for web access to Google/Facebook/Github simply because it feels like someone else could get access to it easily. Of course it's more like a feeling than a real threat.
It'd be interesting to see some numbers on sales, to see if it's worth from a business perspective.
If you get an ECAD/EDA tool you could do some work to reduce the size of the board.
From what it looks like, you can squish things together by a lot still and replacing components could further reduce it.
Though it's unlikely you'll be able to match the Yubi Nano easily unless you go for some expensive decisions (expensive unless you get a couple thousand keys).
I think if we had a single chip solution, we could make it work, but since we're using 2 chips, it would be tight. I posted schematic in other comments.
Maybe one "affordable" idea could be to stack 2 two-layer PCBs XD.
We'd love to make something small like the Yubikey Nano!
Right now it'd be a bit tough, because to fit our chipset [1] in that tight space, it would likely involve making a custom IC package [2] or placing silicon die's directly on the circuit. I think it'd be really cool to do that, and if we get enough sales/interesting, we'll definitely go that route.
Using something like the Tomu seems promising as well. It doesn't have the same security features and is just an M0 core, so it's not the best fit.
24 comments
[ 3.0 ms ] story [ 59.9 ms ] threadOur firmware is designed to be run/developed without hardware, and we have implementations already for efm32 and nrf52840. We're actively working on a new port to SAM L11 that will use ARM TrustZone for improved security.
There's still a lot to do on the ecosystem side. We'd like to improve tests, code style and comments, and make it pass some static analysis tools.
Feel free to join the discussions in the github issues, and of course we'd love to see you at our Kickstarter that will launch VERY soon (like in the next couple weeks). You can join the waitlist at https://solokeys.com
Our code is designed to be small and portable, so I think it could easily be run on the Tomu. Just need some work to change the USB drivers stuff.
Changing the website to an approximate month or a quarter would be fantastic for those of us not from that side of the world.
We're working on some really exciting partnerships, we need a few more days to finalize details. So far we're super excited about how the campaign is coming up!
Then we would have open hardware implementation of this on a open application core as well.
Thank you so much for open sourcing this!
I don't know of that actually happening officially but probably you can.
See: https://keystone-enclave.org/
MIT worked before on Sanctum that you might want to look at, its sort of the pre-version of what keystone will be. See: https://eprint.iacr.org/2015/564.pdf
The SAM L11 doesn't have a USB peripheral... are you bit-banging USB or using a second IC or something? I was considering using an L10/L11 for another project, but this omission is what led me elsewhere.
Edit:
Thinking about it some more, it may be advantageous to rely on a second, physically separate chip to handle USB communication, as it's next to impossible to verify that there isn't a backdoor in the secure chip. Chips that are likely to be used as secure elements are probably juicy targets for backdoors, and a USB peripheral would be an excellent place to hide one (e.g. a special "knock" code that dumps the contents of secure memory and resets the chip and is unlikely to be found via fuzz testing).
I really like the concept, though. I think we need more efforts like this, aimed at making our security tools simpler, more open, and easier to verify.
After considering many MCUs with USB interfaces, it seems to always be more cost effective to get the non-USB MCU and use the EFM8UB1 (from a BOM perspective anyways). The lesser chance of having a backdoor is a plus!
Here's our schematic: https://i.imgur.com/sVQ34em.pnghttps://i.imgur.com/sVQ34em.p...
Still have to document this better on Github :)
Sad that the form factor looks terrible compared to YubiKey Nano.
It'd be really cool to have an "open" solution which comes in a minimally invasive package.
For reference: https://i1.wp.com/vaultumllc.com/wp-content/uploads/2017/03/...
[0] https://news.ycombinator.com/item?id=18036336
I personally use a Nano, but only for limited use cases like VPN. I don't like it for web access to Google/Facebook/Github simply because it feels like someone else could get access to it easily. Of course it's more like a feeling than a real threat.
It'd be interesting to see some numbers on sales, to see if it's worth from a business perspective.
Edit: grammar
From what it looks like, you can squish things together by a lot still and replacing components could further reduce it.
Though it's unlikely you'll be able to match the Yubi Nano easily unless you go for some expensive decisions (expensive unless you get a couple thousand keys).
Maybe one "affordable" idea could be to stack 2 two-layer PCBs XD.
Right now it'd be a bit tough, because to fit our chipset [1] in that tight space, it would likely involve making a custom IC package [2] or placing silicon die's directly on the circuit. I think it'd be really cool to do that, and if we get enough sales/interesting, we'll definitely go that route.
Using something like the Tomu seems promising as well. It doesn't have the same security features and is just an M0 core, so it's not the best fit.
[1] https://i.imgur.com/sVQ34em.pnghttps://i.imgur.com/sVQ34em.p...
[2] http://www.icproto.com/
Could you please elaborate on to why?
That would be quite awesome, consider me sold on this. Having a fully self-buildable and OSS Yubikey alternative would be very amazing indeed.