Tomu is a tiny, open source USB connector-sized board powered by a Silicon Labs Happy Gecko Cortex-M0+ MCU that adds two keys to your computer and can work as a Universal 2nd Factor (U2F) token to support two-factor authentication (2FA). But the board is not secure enough for FIDO2 support, and Tomu’s developer worked on a secure USB key called Solokey, and shrank it to Tomu form factor. Meet Somu open-source and secure key with FIDO2 support for compatibility with your Google, Twitter, and GitHub accounts for two-factor authentication, or your Microsoft account passwordless login.
- Secure MCU – STMicro STM32L432KC Arm Cortex-M4 microcontroller with TRNG, security isolation for keys, two levels of locked flash
- Crypto Algorithms – ECC P256 (as per FIDO2 standard)
- Supported Protocols – FIDO2, U2F
- Host Interface – USB type-A port
- Misc – Two touch buttons ( in FIDO2 firmware the two buttons behave as a single one), RGB LED
- Dimensions – 13 x 13 x 2.4 mm
- Weight – 3 grams
Somu works with Linux, Microsoft Windows, Mac OS X, and Chrome OS operating systems, as well as Chrome, Firefox, and Edge web browsers, with Safari support coming soon (GA in MacOS Catalina).
There will be two version of the board: Somu Secure and Somu Hacker. Both are technically secure with crypto algorithm and FIDO2/U2F protocol, but the former will have locked-down firmware which can upgrade with firmware update released and signed by the company. While the latter will be reprogrammable. Only Somu Hacker is offered in the crowdfunding campaign, except if you go with a 100-unit pledge where you can select Somu Secure instead.
Based on the comparison table provided by Somu’s developers their board is most similar to Yubikey Nano 5 except the latter is not open source. You can already find the firmware source code for Solo, similar to Tomu but larger, on Github.
Somu has launched on Crowd Supply with a $35,000 funding target. Rewards start at $25 for a single Somu Hacker board (early bird), and up to $1,500 for 100 units of Somu Hacker or Somu Secure, or a mix of both models. Shipping is always free to the US, and free for orders of more than 5 pieces, but an extra $7 shipping fee is asked for lower quantities. Backers can expect their secure keys to be shipped in early December 2019 if everything goes according to plans.