solo2 0.2.2

Library and CLI for the SoloKeys Solo 2 security key
Documentation

This repository is incomplete and under active development.

🐝 solo2 library and CLI

The Solo 2 device can operate in one of two modes (USB VID:PID in brackets):

In regular mode, the PCSC or CTAP interface is used opportunistically.
In maintenance mode, NXP's custom HID protocol is used (via lpc55-host).

On Linux, maintenance mode needs udev rules.

You can switch to LPC 55 mode using solo2 app admin maintenance
You can switch to Solo 2 mode using solo2 bootloader reboot (or by replugging the device).

Solo 2 is supported by Ludovic Rousseau's CCID driver since release 1.4.35 (July 25, 2021).
Unfortunately, Debian and macOS have not updated yet.

The included Info.plist works.

⚠ DANGER ⚠

If the firmware is invalid according to the bootloader, the device always stays in bootloader mode. This is OK.

BUT: If the firmware is valid according to the bootloader, and the device boots into it, but the firmware has issues (e.g., panics), the only way to get back into bootloader mode and flash a new firmware is by attaching a debugger.

This is quite fiddly, and needs a special cable. We recommend using NXP's development board instead.

Installation

Packaging status

cargo install solo2

For experimental "PKI lite" support, use cargo install --features dev-pki solo2. This is not intended to and will not grow into full PKI creation + management functionality, the goal is only to enable developing and testing all functionality of all official apps.

Examples

If the key is in regular mode, and its firmware contains the admin app:

  • solo2 app admin uuid reads out the serial number.
  • solo2 app admin maintenance switches to bootloader mode.

If the key is in regular mode, and its firmware contains the NDEF app:

  • solo2 app ndef capabilities reads out the NDEF capabilities.

If the key is in maintenance mode:

  • solo2 bootloader reboot switches to regular mode (if the firmware is valid).

Note that subcommands are inferred, so e.g. solo2 b r works like solo2 bootloader reboot.

Logging

Uses pretty_env_logger, configured via --verbose flags. For instance, -v logs INFO and -vv logs DEBUG level logs.

License

SoloKeys is fully open source.

All software, unless otherwise noted, is dual licensed under Apache 2.0 and MIT. You may use SoloKeys software under the terms of either the Apache 2.0 license or MIT license.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

All hardware, unless otherwise noted, is licensed under CERN-OHL-S-2.0.

All documentation, unless otherwise noted, is licensed under CC-BY-SA-4.0.

The file Info.plist is from CCID, which is licensed under LGPL-2.1.