Hacker News new | ask | show | jobs
by Nexxxeh 3289 days ago
Boot time and physical size might prove to make it unwieldy, but could you use a Pi Zero in a gadget mode with OTG?

You can have it emulate USB HID, so presumably U2F would be workable, and it'll do USB Mass Storage too.

Open hardware and software.
1 comments
drdaeman 3289 days ago
Unless you install some TPM module, RPi itself has no tamper-resistant storage and has DFU (so, basically plug it into a wrong device and it'll be able to run arbitrary code, pulling all secrets).

An FST-01 is a somewhat better choice, but Gnuk doesn't implement U2F. If someone has enough time and knowledge I don't see why it won't be possible to add it, though.

link
Nexxxeh 3288 days ago
Parent-poster said tamper-resistance wasn't an issue in their usage case.

But are you sure it'll DFU over USB?

If so, for avoiding DFU, could you use some simple hardware to disable the data lines on the OTG port until the Pi had finished booting?

Could one use an i2c or spi based crypto chip for key storage?

link
drdaeman 3288 days ago
Actually, no. I think I have confused RPi with some other board.

Don't have Pi at hand to test for sure, but searching online can't find mentions of USB DFU. I think I may be mistaken.

link