FIDO2 USB+NFC token optimized for security, extensibility, and style
Branch: master
Clone or download
Latest commit c986297 Feb 13, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
builds ability to build solo versions via `make docker-build SOLO_VERSION=...` Feb 13, 2019
crypto Add -Wall -Werror and catch sigint (pc only) Oct 25, 2018
docs/solo automate building cbor Feb 12, 2019
fido2 Cleanup makefile, minor typos Feb 13, 2019
metadata better capitalisation Feb 3, 2019
pc add -Wextra: further code cleanup Feb 12, 2019
python-fido2 @ 329434f update python-fido2 Sep 19, 2018
targets/stm32l432 delete old key Feb 14, 2019
tinycbor @ c9059d9 add tinycbor Apr 28, 2018
tools Split building and merging firmware in two, use volumes Feb 13, 2019
web update license to apache2 + mit Feb 12, 2019
.editorconfig Start some cleanup Jan 3, 2019
.envrc fix .envrc Feb 13, 2019
.gitignore ability to build solo versions via `make docker-build SOLO_VERSION=...` Feb 13, 2019
.gitmodules Move to solokeys org, host docs under docs.solokeys.io Jan 7, 2019
.travis.yml Travis: try to get python to work Feb 12, 2019
99-solo.rules udev fix Feb 13, 2019
CODE_OF_CONDUCT.md update docs Oct 10, 2018
Dockerfile ability to build solo versions via `make docker-build SOLO_VERSION=...` Feb 13, 2019
LICENSE-APACHE update license to apache2 + mit Feb 12, 2019
LICENSE-MIT update license to apache2 + mit Feb 12, 2019
Makefile ability to build solo versions via `make docker-build SOLO_VERSION=...` Feb 13, 2019
README.md Add `docker-build` make target, adjust instructions, remove Python2 s… Feb 13, 2019
docker-build.sh ability to build solo versions via `make docker-build SOLO_VERSION=...` Feb 13, 2019
mkdocs.yml Add metadata statements and include in documentation Jan 27, 2019
runtime.txt start documentation Sep 15, 2018

README.md

License Build Status Discourse Users Keybase Chat FOSSA Status

Solo

Solo is an open source security key, and you can get one at solokeys.com.

Solo supports FIDO2 and U2F standards for strong two-factor authentication and password-less login, and it will protect you against phishing and other online attacks. With colored cases and multilingual guides we want to make secure login more personable and accessible to everyone around the globe.

This repo contains the Solo firmware, including implementations of FIDO2 and U2F (CTAP2 and CTAP) over USB and NFC. The main implementation is for STM32L432, and it's ported to NRF52840 and EFM32J.

For development no hardware is needed, Solo also runs as a standalone application for Windows, Linux, and Mac OSX. If you like (or want to learn) hardware instead, you can run Solo on the NUCLEO-L432KC development board, or we make Solo for Hacker, an unlocked version of Solo that lets you customize its firmware.

Security

Solo is based on the STM32L432 microcontroller. It offers the following security features.

  • True random number generation to guarantee random keys.
  • Security isolation so only simple & secure parts of code can handle keys.
  • Flash protection from both external use and untrusted code segments.
  • 256 KB of memory to support hardened crypto implementations and, later, additional features such as OpenPGP or SSH.
  • No NDA needed to develop for.

Solo for Hackers

Solo for Hacker is a special version of Solo that let you customize its firmware, for example you can change the LED color, and even build advanced applications.

You can only buy Solo for Hacker at solokeys.com, as we don't sell it on Amazon and other places to avoid confusing customers. If you buy a Hacker, you can permanently lock it into a regular Solo, but viceversa you can NOT take a regular Solo and turn it a Hacker.

If you have a Solo for Hacker, here's how you can load your own code on it. You can find more details, including how to permanently lock it, in our documentation. We only support Python3.

git clone --recurse-submodules https://github.com/solokeys/solo
cd solo

cd targets/stm32l432
make cbor
make build-hacker
cd ../..

make venv
source venv/bin/activate
python tools/solotool.py program targets/stm32l432/solo.hex

Alternatively, run make docker-build and use the firmware generated in /tmp.

If you forgot the --recurse-submodules when cloning, simply git submodule update --init --recursive.

For example, if you want to turn off any blue light emission, you can edit led_rgb() and force:

uint32_t b = 0;

Then recompile, load your new firmware, and enjoy a blue-light-free version of Solo.

In the Hacker version, hardware is the same and firmware is unlocked, in the sense that you can 1) load an unsigned application, or 2) entirely reflash the key. By contrast, in a regular Solo you can only upgrade to a firmware signed by SoloKeys, and flash is locked and debug disabled permanently.

A frequently asked question is whether Solo for Hacker is less secure than regular Solo. The answer is certainly yes, and therefore we only recommend to use Solo for Hacker for development, experimentation, and fun. An attacker with physical access to a Solo for Hacker can reflash it following the steps above, and even a malware on your computer could possibly reflash it.

Developing Solo (No Hardware Needed)

Clone Solo and build it

git clone --recurse-submodules https://github.com/solokeys/solo
cd solo
make all

This builds Solo as a standalone application. Solo application is set up to send and recv USB HID messages over UDP to ease development and reduce need for hardware.

Testing can be done using our fork of Yubico's client software, python-fido2. Our fork of python-fido2 has small changes to make it send USB HID over UDP to the authenticator application. You can install our fork by running the following:

cd python-fido2 && python setup.py install

Run the Solo application:

./main

In another shell, you can run client software, for example our tests:

python tools/ctap_test.py

Or any client example such as:

python python-fido2/examples/credential.py

You can find more details in our documentation, including how to build on the the NUCLEO-L432KC development board.

Documentation

Check out our official documentation.

Contributors

Solo is an upgrade to U2F Zero. It was born from Conor's passion for making secure hardware, and from our shared belief that security should be open to be trustworthy, in hardware like in software.

Contributors are welcome. The ultimate goal is to have a FIDO2 security key supporting USB, NFC, and BLE interfaces, that can run on a variety of MCUs.

Look at the issues to see what is currently being worked on. Feel free to add issues as well.

License

Solo is fully open source. All software, unless otherwise noted, is dual licensed under Apache 2.0 and MIT. You may use Solo under the terms of either the Apache 2.0 license or MIT license.

FOSSA Status

Where To Buy Solo

You can buy Solo, Solo Tap, and Solo for Hackers at solokeys.com.