Skip to content

Building a U2F Token

Jump to bottom
Conor Patrick edited this page Jan 28, 2017 · 41 revisions

After buying the parts, you can solder everything together like in this high res picture. Notice that the red dot on the LED should be on the left side. Two of the pins on the microcontroller have shorted traces.

Programming

You should be able to complete these instructions whether if you're on Windows, OS X, or Linux. If you're interested in programming large volumes, check out DIY Production programming instructions.

Prerequisites

  1. First you should install Simplicity Studio 3 from Silicon Labs. Simplicity Studio 4 will not work.

    • Once installed, open it and install "EFM8/C8051 8-bit Products"

  2. Install Python and pip.

  3. Install OpenSSL and USB development packages.

    # Ubuntu
sudo apt-get install openssl libssl-dev libusb-1.0-0-dev libudev-dev
# Or use OS X equivalent or Cygwin on windows

  4. Download project and python modules.

    git clone https://github.com/conorpp/u2f-zero.git
cd u2f-zero/tools/u2f_zero_client
sudo pip install -r requirements.txt

  5. If you're on Linux, some HID devices are only accessible to root. So you will need to add a udev rule for U2F Zero.

Configuring

First we need to configure the U2F token with a set up build. This is to permanently configure the ATECC508 secure element, generate unique device secrets, and upload a device attestation key pair.

  1. Connect GND, C2D, and C2CK signals to your debugger/programmer device. Use this for reference. You also need to plug the U2F token into a USB port on your computer.

  2. Open up Simplicity Studio. On the left, click "Refresh detected hardware." The debugger you are using should show up. Under the debugger, it should detect "EFM8UB11F16G-QSOP24." If this doesn't happen, make sure you soldered it correctly. If the debugger is clearly having issues, try resetting it using Silicon Lab's reset utility.

  3. Once detected, click on "Flash Programmer" and erase and flash the device with firmware/SETUP.hex.

    3.5 Optional: If you would like to build firmware/SETUP.hex yourself, just uncomment ATECC_SETUP_DEVICE in app.h, then rebuild and firmware/release/u2f-firmware.hex will be a new setup build.

  4. Now open a terminal. We will run a set of small scripts to generate device secret and upload a attestation key pair on the U2F token. The attestation private key and generated master key are each stored on the ATECC508 and are write only in hardware.

    # Now we can generate a key pair for U2F device attestation.
# If you have a different prime256v1 ECC key pair that you would like to use, skip this step.
# You only need to do this once.
cd ca/
./genca.sh


# Now to lock ATECC508 configuration, generate device secrets, and upload the private key.
# This should be done for every token.
cd ../..
./setup_device.sh gencert/ca/key.pem gencert/ca/cert.der   # or path to your preferred attestation key pair

    The script stored some secrets and public key in the source code file cert.c. We can build the project and program the U2F Token.

    • Open Simplicity Studio and open Simplicity IDE
    • Click File -> Import
    • General -> Existing Projects into Workspace
    • Select root directory and choose the firmware/ directory
    • Finish
    • Build project and then program U2F Token with firmware/release/u2f-firmware.hex
      • You can find programmer from Tools -> Flash Programmer

If the LED is pulsing a green light then it is working.

Trouble shooting

Clone this wiki locally