Fidelio does not work on my Raspi Picos

[pagong]

I started by soldering a push button switch between GND and GPIO 15 of an original Raspberry Pi Pico. Then I've cloned this github repo and followed all steps to create the build environment. Next I've created my attestation-cert.conf file and started the mkcert.sh script. Then I've used cmake and (cd build; make) to generate my fidelio.uf2 firmware. Finally I've reset the Pico and put it into boot mode and copied file fidelio.uf2 to drive "RPI-RP2".

After downloading the firmware, the Pico did a reset and the LED was switched on. And it did never turn off. I've waited for at least 1/4 hour, before unplugging the Pico. After replugging the Pico, it get's recognized by Windows11 as a security device.

But the YUBICO test page does not work. And pressing the button does not turn the LED again. The output is similar to https://github.com/danielinux/fidelio/issues/1#issuecomment-1992212026 (only in german).

I did have a look at the source code (src/rand.c). In function custom_random_seed() there's a possibility for an endless loop. Maybe there is a problem with acquiring random bits from the analog pins?

Any help appreciated, Michael

[danielinux]

Hi, I wonder why you suspect an infinite loop in the random seed function, but I had a look and it seems like I forgot to flush the FIFO after reading the ADC value. I don't think this is relevant tho.

Do you think this would help?

diff --git a/src/rand.c b/src/rand.c
index 126952d..27a3262 100644
--- a/src/rand.c
+++ b/src/rand.c
@@ -55,6 +55,9 @@ int custom_random_seed(unsigned char *output, unsigned int sz) {
         /* Read the least significant 3 bits from the ADC */
         result = (result << 3) | (adc_read() & 0x00000007);

+        /* Drain ADC FIFO */
+        adc_fifo_drain();
+
         /* Introduce a delay to capture environmental noise */
         sleep_ms(1);

[pagong]

Thanks for the quick response. I've added the patch to rand.c, but I'm unsure if it really matters.

When fidelio.uf2 is uploaded, the LED is turned ON (and never OFF). [ This should be the case, if I understand flash_master_keygen() in src/u2f.c correctly. ]

Nevertheless I've unplugged the Pico after 15 minutes and replugged it again. However, this time I'm using a Linux client (Suse Leap 15.6) instead of Windows-11.

dmesg-output: [95339.594766] usb 1-1.2: new full-speed USB device number 9 using ehci-pci [95339.705863] usb 1-1.2: New USB device found, idVendor=1209, idProduct=f1de, bcdDevice= 1.00 [95339.705874] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [95339.705879] usb 1-1.2: Product: U2F-Fido rp2040 [95339.705883] usb 1-1.2: Manufacturer: Danielinux [95339.705886] usb 1-1.2: SerialNumber: 122023 [95339.715110] hid-generic 0003:1209:F1DE.0003: hiddev96,hidraw0: USB HID v1.11 Device [Danielinux U2F-Fido rp2040] on usb-0000:00:1a.0-1.2/input0

This looks promising! I've then tried the Yubico test site again (with Firefox browser) and got a successful registration. (step 1) And step 2 (authentication) was also successful.

Conclusion: maybe the Windows environment (either Win11 or Edge browser) is behaving strangely. With a Linux environment (compile host = Debian12) and (Firefox 115.13.0esr on openSUSE 15.6) Fidelio is working properly.

Thanks, Michael

[pagong]

PS: Daniele, do you mind if I show Fidelio at the MakerFaire Hannover 2024 in August? https://maker-faire.de/maker/kilpikonna-crew/

[danielinux]

do you mind if I show Fidelio at the MakerFaire Hannover 2024 in August? Please, go ahead. This is great. Thank you!

Too bad there are issues with windows/edge. Let me know if you find out more and it is something we can fix.

I'll close this for now, but feel free to reopen if you find out more.