Releases: solokeys/solo1
Capacitive touch sensing + bug fixes
This adds capacitive touch sensing support to Solo if a touch-sensing-capable device is detected. At time of this release, only our "Somu" model supports capacitive touch. More info can be found here: https://www.crowdsupply.com/solokeys/somu
Additionally, a behavior with U2F and user presence (UP) test was improved. Previously, U2F would block on waiting for user presence, and not return a response to the platform until UP was received or timed out. Most platforms expect to get a response immediately and poll until UP is given. U2F was changed to return immediately, which makes better behavior on some platforms.
Fix broken web updates and other fixes
Solo leverages custom KEYID parameters to create "custom" commands, for checking firmware version, and adding a firmware update mechanism. The get_assertion response returned was invalid and was getting rejected by browsers.
Also:
- reduce stack usage by about 3-4k bytes
- update tinycbor submodule
- rebooted cryptocurrency demo extension.
A future improvement would be to use the extension part of webauthn/fido2, but that is pending on browser support.
Small fixes with NFC and pinAuth
Fix CBOR ordering and U2F and FIDO2 interoperability
This release fixes the ordering of keys encoded in CBOR maps to be canonical ordering. They previously were not ordered in any particular way and caused issues for Chrome. #170
Also fixes CTAP2 implementation to accept credential IDs created by the CTAP1 implementation. So registering with U2F and later authenticating with FIDO2 should work.
Hmac-secret + some bug fixes
WARNING: This update may break previous registrations! This is because we fixed the U2F counter for good (rather than arbitrarily set the upper byte high for backwards-compatibility reasons, which ends up causing other issues).
- Adds hmac-secret extension support. This extension is used for generating 32 or 64 byte symmetric keys using parameters from the platform and secrets on the authenticator. It's used by Windows Hello for offline authentication.
- Fix bug in FIDO auth, where setting the pin requires all previous registrations to use pin. Only UV bit needs to be cleared.
- Slightly change serial emulation USB descriptor to make it less abused by Linux Modem Manager.
NFC functionality + another counter change.
This update includes 100+ commits, mostly related to NFC functionality. Note for NFC to work, it requires new hardware (Solo Tap) which is going through production still.
There are also some bug fixes:
- Buffer over-run when the USB device name is too long.
- Set upper byte of counter to
0x7f
instead of0xff
. Some websites (gitlab) have issues with the upper bit of a uint32 being set.
Note if you're upgrading from 1.1.0
or 1.1.1
, AND you've used your key to authenticate to an services, then those services may need to be re-registered. This is due to the counter decreasing.
pip install -U solo-python
# update for Solo
solo key update --secure
# update for solo hacker
solo key update --hacker
U2F Bug fix
This version fixes an incorrect error code returned in U2F.
This was causing issues for some browsers (Chrome and Firefox) where multiple keys were already registered. It's recommended to update to this version.
This update won't cause any registrations to be lost.
pip install -U solo-python
# update for Solo
solo key update --secure
# update for solo hacker
solo key update --hacker
First official release 1.1.0
This contains firmware that can update any (secure) Solo produced by SoloKeys. Also contains Hacker build firmware. These files are easily reproducible using Docker.
- Code cleanup
- Buffer over-read bug fix
- U2F counter endianness bug fix
- More testing
- Extension interface to U2F and FIDO2
- Read firmware version
- Read RNG bytes
To update a secure solo, use firmware-secure-1.1.0.json
, which is the same as firmware-secure-1.1.0.hex
, but with some formatting and the signature added.
Hacker Build (no debug messages)
This is an unsigned build of the "hacker" version (by Conor, on Windows).
It can be used to reset a borked token:
- plug in token keeping button pressed for a few seconds to activate the STM DFU bootloader (press until it enumerates as
idVendor=0483, idProduct=df11
insudo dmesg -w
) - run
tools/solotool.py program all.hex --use-dfu --detach
Assuming the bootloader is working, you can reset the firmware:
- run
tools/solotool.py program solo.hex
In both cases, the token should enumerate as idVendor=0483, idProduct=a2ca
.
You can setup a working Python environment by running make env3
and source env3/bin/activate
.