# Solo 2 Getting Started (for developers)
Monorepo: https://github.com/solokeys/solo2
Hardware: https://github.com/solokeys/solo2-hw
**Feel free to edit or comment on this getting started page directly**
Shortlink: https://solo2.dev
This documentation is [CC BY-SA](https://creativecommons.org/licenses/by-sa/4.0/) licensed.
#### Contact
- tech talk synchronous: https://matrix.to/#/#solokeys-dev:matrix.org
- tech talk asynchronous: https://github.com/solokeys/solo2/discussions
- getting started: edit here directly (don't PR README.md in solo2 repo)
- Issues / PR: **please NO at this time**
Other chat rooms of interest:
- Trussed® framework: https://matrix.to/#/#trussed:matrix.org
- Rust Embedded: https://matrix.to/#/#rust-embedded:matrix.org
- RTIC: https://matrix.to/#/#rtic:matrix.org
- LPC55 chips: https://matrix.to/#/#lpc55:matrix.org
## Overview
1. [Setup machine](#Initial-Setup) with Rust + dependencies
1. [Build firmware](#Build-Firmware) — choose the path for your hardware (NXP devkit or Solo 2 Hacker)
1. [Flash / run](#Bootloader) the firmware on the device
1. [Application setup](#Application-specific-Setup) — provision attestation keys etc.
1. [Configure debugging](#Debugging)
**Recommended:** use an [NXP LPC55 devkit](https://www.nxp.com/design/development-boards/lpcxpresso-boards/lpcxpresso55s69-development-board:LPC55S69-EVK) rather than a physical Solo 2 for development. Recovering a bricked devkit is much easier than recovering a bricked key.
## Initial Setup
Install Rust/Cargo from rustup.rs:
https://www.rust-lang.org/tools/install
```bash
rustup target install thumbv8m.main-none-eabi
cargo install flip-link
cargo install cargo-binutils
rustup component add llvm-tools-preview
```
Then perform OS/distro specific steps listed below.
Both VS Code + neovim (nightly 0.5 preview) work well with [rust-analyzer](https://rust-analyzer.github.io/).
For debugging setup, please see the [debugging section](#Debugging).
### Debian/Ubuntu
```
sudo apt-get install git llvm clang libclang-dev gcc-arm-none-eabi gdb-arm-none-eabi libc6-dev-i386
```
### Arch Linux
```
yay clang llvm arm-none-eabi-gdb
```
### NixOS
You can use the following `mkShell` expression inside a `flake.nix` or `shell.nix`, as long as you provide `nixpkgs` and `nixpkgs-mozilla`.
```nix
{ nixpkgs, mozilla }:
let
rust-overlay = import "${mozilla}/rust-overlay.nix";
pkgs = import nixpkgs {
overlays = [ rust-overlay ];
};
rust_stable = pkgs.latest.rustChannels.stable.rust;
rust_thumbv8m = rust_stable.override {
targets = [ "thumbv8m.main-none-eabi" ];
};
pkgs_cross = pkgs.pkgsCross.arm-embedded;
gcc = pkgs_cross.buildPackages.gcc;
libc_include = "${gcc.libc}/${gcc.libc.incdir}";
gcc-unwrapped = pkgs_cross.buildPackages.gcc-unwrapped;
gcc_include = "${gcc-unwrapped}/lib/gcc/${gcc-unwrapped.targetConfig}/${gcc-unwrapped.version}/include";
in pkgs.mkShell {
nativeBuildInputs = [
gcc
rust_thumbv8m
# Is being added to nixpkgs: https://github.com/NixOS/nixpkgs/pull/121184
#pkgs.flip-link
pkgs.llvm
pkgs.wget
];
LIBCLANG_PATH = "${pkgs.llvmPackages.libclang}/lib";
TARGET_CC = "${gcc.targetPrefix}cc";
TARGET_AR = "${gcc.targetPrefix}ar";
TARGET_CFLAGS = "-I${libc_include}";
BINDGEN_EXTRA_CLANG_ARGS = "-I${libc_include} -I${gcc_include}";
}
```
### macOS
TODO (doesn't work currently, because of littlefs2 which cannot be easily compiled on macOS)
### Win10
TODO
## Build Firmware
All commands run from the `runners/lpc55/` directory of the `solo2` repository.
### NXP LPC55 devkit
Build only:
```bash
make build-dev
# equivalent: cargo build --release --features board-lpcxpresso55,develop
# cargo objcopy --release --features board-lpcxpresso55,develop -- -O binary app.bin
```
Build, flash, and run in one step (requires probe-rs and a connected J-Link):
```bash
make run-dev
# equivalent: cargo run --release --features board-lpcxpresso55,develop
# runner: probe-rs run --chip LPC55S69JBD100 (configured in .cargo/config.toml)
```
Helpful during development: `cargo install bacon; bacon -j check-dev`
> **Do not flash devkit firmware onto a physical Solo 2 Hacker.**
> `board-lpcxpresso55` has different pin assignments. Flashing it onto a Solo 2
> reassigns the button pin, making it impossible to re-enter bootloader mode — the
> device becomes unrecoverable.
### Solo 2 Hacker
```bash
cargo build --release --features board-solo2,develop
cargo objcopy --release --features board-solo2,develop -- -O binary app-solo2.bin
```
Flash `app-solo2.bin` using `lpc55 write-flash` — see the [lpc55-host section](#lpc55-host) below.
### The `develop` feature
Both paths above use the `develop` feature. It currently enables:
- `no-encrypted-storage` — skips PRINCE/PUF setup; filesystem contents are unencrypted
Note: silent authentication and disabling the FIDO reset time window are **not** active.
The current `Cargo.toml` defines `develop = ["no-encrypted-storage", "trussed/clients-4"]`
only; the `no-buttons` and `no-reset-time-window` sub-features are commented out.
Button presses and the reset time window behave normally in `develop` builds.
See [runners/lpc55/Cargo.toml](https://github.com/solokeys/solo2/blob/main/runners/lpc55/Cargo.toml) for all features.
### Basic test
```
pip install 'fido2~=0.9'
python tests/basic.py
```
## Bootloader
There are multiple possibilities for writing firmware to the Solo 2.
### `lpc55-host`
Install the [lpc55](https://github.com/lpc55/lpc55-host) utility:
```bash
cargo install lpc55
```
Bring the device into bootloader mode.
It should then show up using the `lpc55` tool.
```bash
$ lpc55 ls
bootloaders:
Bootloader { vid: 1209, pid: B000, uuid: A2... }
```
#### Making a backup of the flash
Before writing custom firmware and data onto your Solo's flash, make a backup to ensure that you can go back to a sane state later.
```bash
# Read the program memory flash
lpc55 read-memory -vvv 0 524288 -o solo2-fw-backup-program.bin
# Also read the Protected Flash Region pages.
# CFPA scratch 0x9de00
lpc55 read-memory -vvv 646656 512 -o solo2-fw-backup-pfr-cfpa-scratch.bin
# CFPA ping 0x9e000
lpc55 read-memory -vvv 647168 512 -o solo2-fw-backup-pfr-cfpa-ping.bin
# CFPA pong 0x9e200
lpc55 read-memory -vvv 647680 512 -o solo2-fw-backup-pfr-cfpa-pong.bin
# CMPA 0x9e400
lpc55 read-memory -vvv 648192 512 -o solo2-fw-backup-pfr-cmpa.bin
```
#### Disabling Secure Boot
To be able to run custom firmware, we need to disable secure boot.
This is done by disabling the `SECURE_BOOT_CFG` / `SEC_BOOT_EN` flag in the CMPA protected flash region page.
First, read the PFR with the `lpc55-host` tool:
```bash
lpc55 pfr yaml > pfr-settings.yaml
cp pfr-settings.yaml pfr-settings-no-secure-boot.yaml
```
**IMPORTANT**: You now need to modify the copied file. *Only keep the `factory`* top level object and set `secure-boot-configuration` → `secure-boot-enabled: false`.
Your file should look something like this:
```yaml
factory:
boot-configuration:
speed: 48MHz
mode: Usb
usb-id:
vid: 4617
pid: 45056
secure-boot-configuration:
secure-boot-enabled: false # this was changed
dice-computation-disabled: true
rot-fingerprint: ... # omitted, don't change in your file
customer-data: ... # omitted, don't change in your file
```
After that, we can write the CMPA settings:
```bash
lpc55 configure factory-settings -vvv pfr-settings-no-secure-boot.yaml
```
#### Flashing The Firmware
After secure boot was disabled, you can flash the self-built firmware.
```bash
lpc55 write-flash -vvv path/to/provisioner.bin
```
When you are really sure that the flashing process worked fine, restart the Solo2.
```bash
lpc55 reboot
```
## Application-specific Setup
### `fido-authenticator`
`fido-authenticator` needs an attestation key and certificate, both with the ID 0. These can be generated using [`solo2-cli`](https://github.com/solokeys/solo2-cli) (requires the `dev-pki` feature):
```
$ solo2 pki dev fido fido.key fido.cert
```
These files (or any other files in the required format) can then be written to the device using the provisioner app. First, run the provisioner app on the prototype:
```
$ cd runners/lpc55 && make run-pro
```
Then use `solo2` to write the key and the certificate to the device:
```
$ solo2 apps provision store-fido-batch-cert fido.cert
$ solo2 apps provision store-fido-batch-key fido.key
```
(Make sure that there is no other pcsc smartcard connected to the device becuase currently, solo2-cli can't handle multiple available smartcards.)
## Flashing via `mboot` (advanced)
> **Only follow this section if you know what you are doing.** `mboot erase --mass`
> erases the entire flash including the bootloader and protected flash regions (CFPA/CMPA).
> Use `lpc55 write-flash` (see [Bootloader](#Bootloader) above) for normal firmware
> flashing — it is safer and does not touch protected regions.
Install [`cargo-binutils`](https://github.com/rust-embedded/cargo-binutils):
```
$ cargo install cargo-binutils
$ rustup component add llvm-tools-preview
```
Install [`mboot`](https://github.com/molejar/pyMBoot), for example using `pip` and a virtual environment:
```
$ python3 -m venv mboot
$ source mboot/bin/activate
$ pip install mboot
```
If you want to perform the following steps without superuser rights, install [these UDEV rules](https://raw.githubusercontent.com/molejar/pyIMX/master/udev/90-imx-sdp.rules):
```
$ curl https://raw.githubusercontent.com/molejar/pyIMX/master/udev/90-imx-sdp.rules | sudo tee /etc/udev/rules.d/90-imx-sdp.rules
$ sudo udevadm control --reload-rules
```
Check that the device is connected and in bootloader mode:
```
$ mboot info
DEVICE: USB COMPOSITE DEVICE (0x1FC9, 0x0021)
...
```
Compile the firmware and prepare a binary image (see the [Build Firmware](#Build-Firmware) section for feature details):
```
$ cargo objcopy --release --features board-lpcxpresso55,develop -- -O binary firmware.bin
```
Flash the firmware image to the MCU:
```
$ mboot erase --mass
$ mboot write firmware.bin
```
## Debugging
To debug the firmware on the board, the `arm` version of GDB (Debian `gdb-multiarch` and Arch `arm-none-eabi-gdb`) is required.
### Initial Debugging Setup
If you want to use a J-Link (highly recommended, as *it can be used to flash the firmware without bootloader mode*), install the [J-Link Software and Documentation Pack](https://www.segger.com/downloads/jlink/#J-LinkSoftwareAndDocumentationPack) providing `JLinkGDBServer`.
#### DevKit
**Flash the JLink debugger firmware to the NXP LPC55 devkit** ([guide](https://www.nxp.com/docs/en/supporting-information/Debug_Probe_Firmware_Programming.pdf)).
Then you need to connect both the debug port via USB and USB for the LPC55 itself.
Note: `probe-rs` (configured as the default `cargo run` runner) also supports J-Link and
is the simpler path for flash-and-run without a full GDB session.
#### Solo 2 Hacker
For debugging with the Solo 2 Hacker edition, you need a special cable ([TC2030-**CTX** No Legs, 6 PIN, 10 PIN](https://www.tag-connect.com/product/tc2030-ctx-nl-6-pin-no-legs-cable-with-10-pin-micro-connector-for-cortex-processors) - note the number of pins for the ribbon connector).
This can be used with the [Segger JLink EDU mini](https://www.segger.com/products/debug-probes/j-link/models/j-link-edu-mini/), which you are allowed to use in private or educational contexts.
*Note*: The outer metal pins are too long for the spring pins to make contact with the Solo 2. You need to shorten them carefully.
### Debugging With GDB
1. With the devboard connected to the `Debug Link` port, run `JLinkGDBServer -strict -device LPC55S69 -if SWD -vd`.
1. In a separate terminal, run `nc localhost 19021` to connect to the RTT port of the J-Link server. This will show you the [delog](docs.rs/delog) log output of the firmware via RTT.
1. Build the Solo 2 firmware for the devboard using `make build-dev` (see [runners/lpc55](https://github.com/solokeys/solo2/blob/main/runners/lpc55/README.md#logging) for more information on building with logging enabled).
1. Inside the folder of the Solo 2 firmware, run `arm-none-eabi-gdb -x runners/lpc55/jlink.gdb runners/lpc55/target/thumbv8m.main-none-eabi/release/runner`. This executes the GDB commands from the `runners/lpc55/jlink.gdb` file and loads the symbols from the specified `runner` binary.
1. Finally, you should see the output of the firmware in the running netcat.
### Debugging with VS Code
If you're not the command-line person but would still like to debug the firmware, the `marus25.cortex-debug` VS Code extension will do the heavy-lifting for you.
Note, however, that is does not work as well as plain GDB does.
When setting breakpoints using the VS Code interface, make sure to open the files that are actually compiled in the firmware.
Thus, setting a breakpoint in the `fido-authenticator` for example, will require you to open the corresponding file in your `.cargo` folder, unless you modified the `Cargo.toml` to use a local copy of the source code.
The following is an examplary launch configuration for VS Code:
```json
{
"type": "cortex-debug",
"request": "launch",
"servertype": "jlink",
"executable": "./solo2/runners/lpc55/target/thumbv8m.main-none-eabi/release/runner",
"name": "Debug (J-Link)",
"device": "LPC55S69",
"interface": "swd",
"cwd": "${workspaceRoot}",
"serverArgs": [
"-strict",
"-vd",
],
"rttConfig": {
"enabled": true,
"address": "auto",
"decoders": [
{
"label": "",
"port": 0,
"type": "console"
}
]
}
}
```
Sign in via Facebook
Sign in via X(Twitter)
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
Connect another wallet