Open RakibRyan opened 8 months ago
I just compiled it (to fix a very personal gripe about fido2/u2f) so my tips for building it are:
1) Use ESP-IDF v5.1.2 from the "ESP-IDE v2.12.0-with-esp-idf-5.1.2" installer. I personally used v5.1.3 from the online installer, but it looks like this project was built from the aforementioned installer. When I tried v5.2.1, It bombed out early with a large pile of undeclared values which I didn't care to track down since 5.1.3 worked fine.
2) Once the the ESP-IDF is installed, if you're on windows it would launch powershell/command prompt. Go to the fido2-u2f tree you downloaded and set the build target via:
idf.py set-target esp32s3
Note: replace esp32s3 with esp32s2 if that's your target
This will create a build directory under fido2-u2f. Then compile with:
idf.py build
This will leave you with:
bootloader in fido2-u2f\build\bootloader\bootloader.bin partition table in fido2-u2f\build\parititon_table\partition-table.bin u2f firmware in fido2-u2f\build\esp32_u2f.bin
To flash, go to the build directory and use:
esptool --chip esp32s3 write_flash --flash_mode dio --flash_size 2MB --flash_freq 80m 0x0 bootloader/bootloader.bin 0x8000 partition_table/partition-table.bin 0x10000 esp32_u2f.bin
or for a esp32s2:
esptool --chip esp32s2 write_flash --flash_mode dio --flash_size 2MB --flash_freq 80m 0x1000 bootloader/bootloader.bin 0x8000 partition_table/partition-table.bin 0x10000 esp32_u2f.bin
You can also specify the port with --port so in my windows example (my chip showed up as com5) I would use
esptool --port com5 --chip esp32s3 write_flash --flash_mode dio --flash_size 2MB --flash_freq 80m 0x0 bootloader/bootloader.bin 0x8000 partition_table/partition-table.bin 0x10000 esp32_u2f.bin
Linux folks would specify the serial port device name instead of com5
As for what services it works with, The big one is google and I also use it with bitwarden. But anybody who takes u2f passkeys should work. A big caveat to mention is that esp hardware isn't like govt crypto safe, there are known exploits to bypass even the fuses, but I keep them in a safe as a backup passkey and for $3 vs $55, it lets me have more than one backup.
Oh I forgot to mention, I used a generic esp32s3 mini development board with two buttons BOOT & RESET, the "BOOT" button is tied to CONFIG_BUTTON_GPIO (GPIO Pin 0), which in the default code acts as the Presence Touch indicator.
My experience is that you have to be fast to press the button on passkey registration, otherwise it goes into a loop. This doesn't occur when you're authenticating so its just an annoyance. And of course if you press the RESET button by accident the chip will reboot, so I recommend against doing that.
A little more help needed. I was able to flash but not able to use the key. How do I register the key? I tried on github I wasn't able to register.
A video demonstration of full process would really be helpful.
Long story short, unless you want to do some coding, you will want to enable the button in esp32_u2f-main\main\Kconfig.projbuild (then build and upload)
menu "ESP32 U2F GPIO Configuration"
orsource "$IDF_PATH/examples/common_components/env_caps/$IDF_TARGET/Kconfig.env_caps"
config BLINK_GPIO
int "Blink GPIO number"
range ENV_GPIO_RANGE_MIN ENV_GPIO_OUT_RANGE_MAX
default 15 if IDF_TARGET_ESP32S2
default 48 if IDF_TARGET_ESP32S3
default 8
help
GPIO number (IOxx) to blink on and off the LED.
Some GPIOs are used for other purposes (flash connections, etc.) and cannot be used to blink.
config BUTTON_ENABLE
bool "enable Button support"
default y
help
Use button to confirm enter,Default use automatically enter
config BUTTON_GPIO
depends on BUTTON_ENABLE
int "Button GPIO number"
range ENV_GPIO_RANGE_MIN ENV_GPIO_OUT_RANGE_MAX
default 0
help
Button number (IOxx) to button click.
endmenu
Note: In the BUTTON_ENABLE, change the "default" to "y"
If you have a button on any other pin than 0 (normally marked on dev boards as BOOT) then you'll want to change the default pin in BUTTON_GPIO as well.
If you want the long story, I discovered when working on a Solo Hacker (another similar open source project) that if you press the human presence button too quickly or too slowly some sites will give you weird loops and other odd behavior. This is especially true if you hardcode the button to always say I'm pushed. On the solo project, I had to implement a short delay before virtually pushing the button (for an automation project), I'd imagine something similar is needed for this project.
If this doesn't work out I can see if I can do a screen recording of the process.
Also it'd be really helpful if there was a video demonstration on how to setup. And what services can it be used with for example fb, fb on Android, windows Hello GitHub etc.