Somu Tiny Open Source FIDO2 Security Key Enables Passwordless Login & Two-factor Authentication (Crowdfunding)

Tomu is a tiny, open source USB connector-sized board powered by a Silicon Labs Happy Gecko Cortex-M0+ MCU that adds two keys to your computer and can work as a Universal 2nd Factor (U2F) token to support two-factor authentication (2FA).  But the board is not secure enough for FIDO2 support, and Tomu’s developer worked on a secure USB key called Solokey, and shrank it to Tomu form factor. Meet Somu open-source and secure key with FIDO2 support for compatibility with your Google, Twitter, and GitHub accounts for two-factor authentication, or your Microsoft account passwordless login.

Somu FIDO2 KeySomu hardware specifications:

  • Secure MCU – STMicro STM32L432KC Arm Cortex-M4 microcontroller  with TRNG, security isolation for keys, two levels of locked flash
  • Crypto Algorithms – ECC P256 (as per FIDO2 standard)
  • Supported Protocols – FIDO2, U2F
  • Host Interface – USB type-A port
  • Misc – Two touch buttons ( in FIDO2 firmware the two buttons behave as a single one), RGB LED
  • Dimensions – 13 x 13 x 2.4 mm
  • Weight – 3 grams

STM32 FIDO2 secure key

Somu works with Linux, Microsoft Windows, Mac OS X, and Chrome OS operating systems, as well as Chrome, Firefox, and Edge web browsers, with  Safari support coming soon (GA in MacOS Catalina).

There will be two version of the board: Somu Secure and Somu Hacker. Both are technically secure with crypto algorithm and FIDO2/U2F protocol, but the former will have locked-down firmware which can upgrade with firmware update released and signed by the company. While the latter will be reprogrammable. Only Somu Hacker is offered in the crowdfunding campaign, except if you go with a 100-unit pledge where you can select Somu Secure instead.

Somu vs Tomu vs YubikeyBased on the comparison table provided by Somu’s developers their board is most similar to Yubikey Nano 5 except the latter is not open source. You can already  find the firmware source code for Solo, similar to Tomu but larger, on Github.

Somu has launched on Crowd Supply with a $35,000 funding target. Rewards start at $25 for a single Somu Hacker board (early bird), and up to $1,500 for 100 units of Somu Hacker or Somu Secure, or a mix of both models. Shipping is always free to the US, and free for orders of more than 5 pieces, but an extra $7 shipping fee is asked for lower quantities.  Backers can expect their secure keys to be shipped in early December 2019 if everything goes according to plans.

Support CNX Software - Donate via PayPal or become a Patron on Patreon

6
Leave a Reply

avatar
3 Comment threads
3 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
5 Comment authors
CryptolizedgpWilliam BarathJean-Luc Aufranc (CNXSoft)David Willmore Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
David Willmore
Guest
David Willmore

“You can already find the firmware source code for Solo, similar to Tomy but larger, on Github.”
Should be Tomu?

Good article, I’ve been meaning to look into an open source secruity key for a while and Solo looks good.

dgp
Guest
dgp

Take a look at the nitrokey stuff:

https://www.nitrokey.com/

They have a range of different dongles that are opensource and audited.

William Barath
Guest

sudo snap install 2fa … seriously I don’t get the point of a hardware key holder that responds to local software without physical interaction. It will give up its secrets to anyone who gets local execution, which defeats it’s reason to exist in the first place.

dgp
Guest
dgp

>It will give up its secrets to anyone who gets local execution

The whole point of these dongles is that the secrets never leave the dongle. Any private keys are generated in the dongle and the dongle only ever outputs responses to challenges.

Cryptolize
Guest
Cryptolize

We need to see tiny usb-c versions of these security devices. yubikey dont even make them tiny enough and they are a $$$ rip off.
if you want mass adoption, then the price really has to come way down for this type of device.