Solo 2 firmware 1:20220317.0 pre-release

README.md

This firmware may break NFC, but should fix several outstanding issues with the existing 1.0.9 firmware bundle for Solo 2.

It uses the new "calver" representation of firmware versions, where 1:20220317.0 corresponds to the "semver" represeentation 1.806.0, with the middle item being the minor version component (806) interpreted as days since 2020-01-01, and major/patch version components corresponding directly.

Main changes:

• shortened FIDO credential IDs (below 256 bytes), should work on all sites
• improved memory management (previous firmwares often would crash due to stack overflow)
• fixed/updated visual LED language for locked devices (red breathing for waiting, green blinking for processing, blue breathing for waiting on user touch, blue blinking for winking)

Gotcha:

• NFC support unconfirmed

DO NOT USE WITH KEYS YOU RELY ON!

Note that both "hacker" and "secure" devices have rollback protection in place (i.e., you can't downgrade to 1.0.9 or earlier versions once you install this firmware).

To trial it:

• install Solo 2 CLI (v0.2.0) from source (using Rust >= 1.60)

cargo install --git https://github.com/solokeys/solo2-cli --tag v0.2.0 --locked

• download attached firmware bundle solo2-firmware-20220317.sb2
• update one of your keys:

solo2 update --with /path/to/solo2-firmware-20220317.sb2

Now solo2 ls should list firmware version 1:20220317.0, and show whether the key is locked or unlocked.

Please comment below on any issues you encounter, in particular:

• do you still have issues with specific sites or on specific platforms?
• does NFC work for you?

If you have issues, please reset the FIDO app and try again (comment if you had to do this, and whether it helped or not).

• with Chrome/Chromium (on Linux or macOS, does not work with Windows): chrome://settings/securityKeys
• with fido2-token from Yubico's libfido2 (fido2-token -L to get device, then fido2-token -R <device>)
• with Solo 1 CLI: solo key reset

Note that FIDO reset is only possible for 10 seconds after plugging in, so re-plug the key if you get a "not allowed" error.

solo2-firmware-20220317.sb2

NFC issues using firmware 1:20220317.0 - tested on iPhone iOS15.4:

• recognises the key - prompts to open the solo keys website
• doesn't authenticate (tested using Bitwarden app and mobile Safari browser, verified working with firmware 1:20200101.9)

Other:

• Testing a key upgraded to this firmware against Bitwarden on MacOS 12.3 (Intel) - in Chrome and Brave. It reports that it's an unregistered key. My backup key on public firmware works.
• • Bitwarden successfully recognises my backup key as already registered is I try to re-register it
• • Bitwarden allows me to register the primary key on firmware 1:20220317.0 as a new key and then login with it

Further to the above, Gitlab also reported that the key with upgraded firmware is not the same key (unregistered key). It can be successfully used after re-registering it. Therefore I presume that's a firmware issue and not specific to earlier tests in Bitwarden.

Also, resetting the FIDO app via Brave did not help with any of the issues. It also caused it to be registered as a new key again, so had to be reregistered in Gitlab & Bitwarden to be used again.

I would like to give a short feedback:

I'm using MacOS and I had big issues with 1.0.9. After updating to your version I can now log in into Github and after an additional reset with Chrome I can now log in into Twitter as well. I don't know why I could use the key with Github without reset. NFC does not work with my OnePlus 6T.