Tomu is a tiny, open source USB connector-sized board powered by a Silicon Labs Happy Gecko Cortex-M0+ MCU that adds two keys to your computer and can work as a Universal 2nd Factor (U2F) token to support two-factor authentication (2FA). But the board is not secure enough for FIDO2 support, and Tomu’s developer worked on a secure USB key called Solokey, and shrank it to Tomu form factor. Meet Somu open-source and secure key with FIDO2 support for compatibility with your Google, Twitter, and GitHub accounts for two-factor authentication, or your Microsoft account passwordless login.
- Secure MCU – STMicro STM32L432KC Arm Cortex-M4 microcontroller with TRNG, security isolation for keys, two levels of locked flash
- Crypto Algorithms – ECC P256 (as per FIDO2 standard)
- Supported Protocols – FIDO2, U2F
- Host Interface – USB type-A port
- Misc – Two touch buttons ( in FIDO2 firmware the two buttons behave as a single one), RGB LED
- Dimensions – 13 x 13 x 2.4 mm
- Weight – 3 grams
Somu works with Linux, Microsoft Windows, Mac OS X, and Chrome OS operating systems, as well as Chrome, Firefox, and Edge web browsers, with Safari support coming soon (GA in MacOS Catalina).
There will be two version of the board: Somu Secure and Somu Hacker. Both are technically secure with crypto algorithm and FIDO2/U2F protocol, but the former will have locked-down firmware which can upgrade with firmware update released and signed by the company. While the latter will be reprogrammable. Only Somu Hacker is offered in the crowdfunding campaign, except if you go with a 100-unit pledge where you can select Somu Secure instead.
Based on the comparison table provided by Somu’s developers their board is most similar to Yubikey Nano 5 except the latter is not open source. You can already find the firmware source code for Solo, similar to Tomu but larger, on Github.
Somu has launched on Crowd Supply with a $35,000 funding target. Rewards start at $25 for a single Somu Hacker board (early bird), and up to $1,500 for 100 units of Somu Hacker or Somu Secure, or a mix of both models. Shipping is always free to the US, and free for orders of more than 5 pieces, but an extra $7 shipping fee is asked for lower quantities. Backers can expect their secure keys to be shipped in early December 2019 if everything goes according to plans.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
“You can already find the firmware source code for Solo, similar to Tomy but larger, on Github.”
Should be Tomu?
Good article, I’ve been meaning to look into an open source secruity key for a while and Solo looks good.
Take a look at the nitrokey stuff:
They have a range of different dongles that are opensource and audited.
Nitrokey is a sponsor of Somu project.
sudo snap install 2fa … seriously I don’t get the point of a hardware key holder that responds to local software without physical interaction. It will give up its secrets to anyone who gets local execution, which defeats it’s reason to exist in the first place.
>It will give up its secrets to anyone who gets local execution
The whole point of these dongles is that the secrets never leave the dongle. Any private keys are generated in the dongle and the dongle only ever outputs responses to challenges.
We need to see tiny usb-c versions of these security devices. yubikey dont even make them tiny enough and they are a $$$ rip off.
if you want mass adoption, then the price really has to come way down for this type of device.