Google open-sources the firmware needed to build hardware security keys

January 30, 2020

Google has open-sourced today a new project called OpenSK that will make it easier for hobbyists and hardware vendors to build their own security key.

The project, which has been open-sourced on GitHub, contains Rust-based firmware that can be installed on Nordic chip dongles and effectively convert the dongle into a FIDO U2F and FIDO2-complaint security key.

Further, Google has also published stereolithography source code files so users can also 3D-print a physical case in which they can place the Nordic chip dongle and actually assemble a real-life security key they can carry around.

The idea is to provide all the materials needed so people who can’t openly buy security keys can, at least, make their own.

In addition, Google is also hoping that the project is also broadly adopted by hardware vendors that have not yet invested RD into security key products.

“By opening up OpenSK as a research platform, our hope is that it will be used by researchers, security key manufacturers, and enthusiasts to help develop innovative features and accelerate security key adoption,” Google said today in a blog post.

This is an important announcement. Great job to everyone involved!

— Bob Lord (@boblord) January 30, 2020

The first versions of the OpenSK firmware were created for Nordic chip dongles, but Google is also hoping to expand OpenSK for other types of chips.

“In addition to being affordable, we chose Nordic as initial reference hardware because it supports all major transport protocols mentioned by FIDO2: NFC, Bluetooth Low Energy, USB, and a dedicated hardware crypto core,” Google said.

“Under the hood, OpenSK is written in Rust and runs on TockOS to provide better isolation and cleaner OS abstractions in support of security,” the search giant added.

“Rust’s strong memory safety and zero-cost abstractions makes the code less vulnerable to logical attacks. TockOS, with its sandboxed architecture, offers the isolation between the security key applet, the drivers, and kernel that is needed to build defense-in-depth.”

Installation instructions are available in the GitHub repo.