Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A little more friendlier documentation for casual people would be nice. #5

Open
RakibRyan opened this issue Mar 11, 2024 · 4 comments
Open

A little more friendlier documentation for casual people would be nice. #5

RakibRyan opened this issue Mar 11, 2024 · 4 comments

Comments

@RakibRyan
Copy link

Also it'd be really helpful if there was a video demonstration on how to setup. And what services can it be used with for example fb, fb on Android, windows Hello GitHub etc.
@yaddatrance
Copy link

I just compiled it (to fix a very personal gripe about fido2/u2f) so my tips for building it are:

  1. Use ESP-IDF v5.1.2 from the "ESP-IDE v2.12.0-with-esp-idf-5.1.2" installer. I personally used v5.1.3 from the online installer, but it looks like this project was built from the aforementioned installer. When I tried v5.2.1, It bombed out early with a large pile of undeclared values which I didn't care to track down since 5.1.3 worked fine.

  2. Once the the ESP-IDF is installed, if you're on windows it would launch powershell/command prompt. Go to the fido2-u2f tree you downloaded and set the build target via:

idf.py set-target esp32s3

Note: replace esp32s3 with esp32s2 if that's your target

This will create a build directory under fido2-u2f. Then compile with:

idf.py build

This will leave you with:

bootloader in fido2-u2f\build\bootloader\bootloader.bin
partition table in fido2-u2f\build\parititon_table\partition-table.bin
u2f firmware in fido2-u2f\build\esp32_u2f.bin

To flash, go to the build directory and use:

esptool --chip esp32s3 write_flash --flash_mode dio --flash_size 2MB --flash_freq 80m 0x0 bootloader/bootloader.bin 0x8000 partition_table/partition-table.bin 0x10000 esp32_u2f.bin

or for a esp32s2:

esptool --chip esp32s2 write_flash --flash_mode dio --flash_size 2MB --flash_freq 80m 0x1000 bootloader/bootloader.bin 0x8000 partition_table/partition-table.bin 0x10000 esp32_u2f.bin

You can also specify the port with --port so in my windows example (my chip showed up as com5) I would use

esptool --port com5 --chip esp32s3 write_flash --flash_mode dio --flash_size 2MB --flash_freq 80m 0x0 bootloader/bootloader.bin 0x8000 partition_table/partition-table.bin 0x10000 esp32_u2f.bin

Linux folks would specify the serial port device name instead of com5

As for what services it works with, The big one is google and I also use it with bitwarden. But anybody who takes u2f passkeys should work. A big caveat to mention is that esp hardware isn't like govt crypto safe, there are known exploits to bypass even the fuses, but I keep them in a safe as a backup passkey and for $3 vs $55, it lets me have more than one backup.

@yaddatrance
Copy link

yaddatrance commented Mar 12, 2024
edited
Loading

Oh I forgot to mention, I used a generic esp32s3 mini development board with two buttons BOOT & RESET,
the "BOOT" button is tied to CONFIG_BUTTON_GPIO (GPIO Pin 0), which in the default code acts as the Presence Touch indicator.

My experience is that you have to be fast to press the button on passkey registration, otherwise it goes into a loop. This doesn't occur when you're authenticating so its just an annoyance. And of course if you press the RESET button by accident the chip will reboot, so I recommend against doing that.

@RakibRyan
Copy link
Author

RakibRyan commented Mar 13, 2024
edited
Loading

A little more help needed. I was able to flash but not able to use the key. How do I register the key? I tried on github I wasn't able to register.

A video demonstration of full process would really be helpful.

@yaddatrance
Copy link

Long story short, unless you want to do some coding, you will want to enable the button in esp32_u2f-main\main\Kconfig.projbuild (then build and upload)

menu "ESP32 U2F GPIO Configuration"

    orsource "$IDF_PATH/examples/common_components/env_caps/$IDF_TARGET/Kconfig.env_caps"

    config BLINK_GPIO
        int "Blink GPIO number"
        range ENV_GPIO_RANGE_MIN ENV_GPIO_OUT_RANGE_MAX
        default 15 if IDF_TARGET_ESP32S2
        default 48 if IDF_TARGET_ESP32S3
        default 8
        help
            GPIO number (IOxx) to blink on and off the LED.
            Some GPIOs are used for other purposes (flash connections, etc.) and cannot be used to blink.

    config BUTTON_ENABLE
        bool "enable Button support"
        default y
        help
            Use button to confirm enter,Default use automatically enter

    config BUTTON_GPIO
    	depends on BUTTON_ENABLE
        int "Button GPIO number"
        range ENV_GPIO_RANGE_MIN ENV_GPIO_OUT_RANGE_MAX
        default 0
        help
            Button number (IOxx) to button click.

endmenu

Note: In the BUTTON_ENABLE, change the "default" to "y"

If you have a button on any other pin than 0 (normally marked on dev boards as BOOT) then you'll want to change the default pin in BUTTON_GPIO as well.

If you want the long story, I discovered when working on a Solo Hacker (another similar open source project) that if you press the human presence button too quickly or too slowly some sites will give you weird loops and other odd behavior. This is especially true if you hardcode the button to always say I'm pushed. On the solo project, I had to implement a short delay before virtually pushing the button (for an automation project), I'd imagine something similar is needed for this project.

If this doesn't work out I can see if I can do a screen recording of the process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yaddatrance @RakibRyan