FIDO2 Demo is a device app for the Tillitis TKey security key making it work as a FIDO2 security token. The app is a port of Solokeys Solo1 firmware.

While we work on making FIDO2 work on the TKey this is still a work in progress. The app may contain code that is insecure, store data in insecure ways, and should not be used in real world applications.

• Data is stored without any encryption or authentication
• Random numbers generated by the TRNG are used directly
• Attestation does not work
• PIN-entry on Windows does not work

The build scripts assume that the TKey device libraries are located in ../tkey-libs.

To build, run make tkey_app

A podman/docker image is available at https://ghcr.io/tillitis/tkey-builder:5rc1. For inspiration on how to run it see the run make target in tillitis-key1/contrib/Makefile.

See Tillitis Developer Handbook for tool support.

The TKey used must be able to present itself as a USB FIDO HID device, as well as the usual CDC device. This functionality is available in the Castor alpha release: https://github.com/tillitis/tillitis-key1/tree/TK1-Castor-alpha-1. The tillitis-key1 repository contains code for the FPGA bitstream and USB interface firmware.

This project is licensed under the terms and conditions of the "Apache-2.0" or the "MIT" license. See LICENSE-APACHE and LICENSE-MIT for the full license texts.

Imported libraries are isolated in their own directories. They may be released under other licenses. See each library for specific license information.