add picokeys(not pub now) & edit some mds
All checks were successful
Deploy / deploy (push) Successful in 1m6s
All checks were successful
Deploy / deploy (push) Successful in 1m6s
This commit is contained in:
100
docs/tech/Picokeys.md
Normal file
100
docs/tech/Picokeys.md
Normal file
@@ -0,0 +1,100 @@
|
||||
# PicoKeys: YubiKey 的开源平替
|
||||
|
||||
!!! danger "重要提醒"
|
||||
|
||||
近期原作者[对固件代码增加了防回滚等功能](https://linux.do/t/topic/1469991),并且[将Pico Commissioner转入闭源](https://github.com/polhenarejos/pico-fido/issues/216),导致社区产生对原作者行为合理性的[质疑](https://github.com/polhenarejos/pico-fido/issues/245)。有鉴于此,社区已经产生基于原项目的[完全开源分支](https://github.com/librekeys/),但是该分支仍处于不稳定状态,分支的整体结构、更新方向和兼容性问题尚未有明确定论。**无论选择哪个固件,我强烈建议不要将刷入该固件的硬件密钥作为你保存 TOTP 和 Webauthn 密钥的唯一途径,并且妥善保管网站提供的恢复代码。**
|
||||
|
||||
[Pico Keys](https://www.picokeys.com/)
|
||||
|
||||
## 材料
|
||||
|
||||
- [微雪 RP2350-One](https://www.waveshare.net/wiki/RP2350-One)
|
||||
|
||||
建议使用官方附赠贴纸粘贴在背面Logo处以紧固USB接口
|
||||
|
||||
## 安装
|
||||
|
||||
[Getting Started - Pico Keys](https://www.picokeys.com/getting-started/)
|
||||
|
||||
Pico Fido
|
||||
|
||||
Raspberry
|
||||
|
||||
Pico 2
|
||||
|
||||
For Raspberry Pico, put the Pico device into recovery mode:
|
||||
|
||||
- Unplug the device
|
||||
- While pressing the BOOTSEL button, plug the device to the USB port
|
||||
- A mounted flash unit will appear in the File Explorer / Finder named RP2350 (for RP2350 boards)
|
||||
- Copy the .uf2 file download previously and copy to the mounted unit
|
||||
- The device will unmount the flash unit and will be remounted as a Pico Key. The led light will blink periodically
|
||||
|
||||
## 初始化
|
||||
|
||||
++windows+i++ 账户 登录选项 安全密钥 管理
|
||||
|
||||
插入 Picokey
|
||||
|
||||
添加安全密钥 PIN
|
||||
|
||||
## 配置
|
||||
|
||||
[picoforge](https://github.com/librekeys/picoforge)
|
||||
|
||||
以管理员身份运行
|
||||
|
||||
Configuration
|
||||
|
||||
- Identify
|
||||
- Vendor Preset `Yubikey 5`
|
||||
- Product Name `Yubico YubiKey`
|
||||
- LED Setting
|
||||
- LED GPIO Pin `16`
|
||||
- LED Driver `WS2812`
|
||||
- Brightness `5`
|
||||
- LED Dimmable `Switch ON`
|
||||
- Touch Timing
|
||||
- Touch Timeouts `15`
|
||||
- Device Options
|
||||
- Power Cycle on Reset `Switch ON`
|
||||
|
||||
Apply Changes
|
||||
|
||||
按下开发板上的"Reset"
|
||||
|
||||
## 使用
|
||||
|
||||
[Yubico Authenticator App for Desktop and Mobile | Yubico](https://www.yubico.com/products/yubico-authenticator/)
|
||||
|
||||
添加 TOTP
|
||||
|
||||
管理 通行密钥
|
||||
|
||||
- 蓝灯: 设备待机
|
||||
- 红灯: 设备处理中
|
||||
- 绿灯: 需要用户按 `BOOT` 键以授权
|
||||
|
||||
``` bash
|
||||
ssh-keygen -t ed25519-sk -O resident -O verify-required -O application=ssh:custom_name -O user=my_username
|
||||
```
|
||||
|
||||
https://zhuanlan.zhihu.com/p/691575345
|
||||
|
||||
## 其他
|
||||
|
||||
如何正确地擦除并刷写新固件?
|
||||
在进行任何操作前,你需要先让 ESP32-S3 进入下载模式(Download Mode / DFU):
|
||||
按住板子上的 BOOT(或 0)按钮不放。
|
||||
单击一下 RESET(或 EN / RST)按钮。
|
||||
松开 BOOT 按钮。
|
||||
(此时电脑会重新识别到一个串口设备)
|
||||
接下来,根据你使用的刷写工具,选择对应的擦除方式:
|
||||
方法一:使用命令行工具 esptool.py(最推荐、最彻底)
|
||||
如果你熟悉命令行,使用乐鑫官方的 esptool 是最稳妥的。在终端中执行以下命令彻底清空闪存:
|
||||
|
||||
``` powershell
|
||||
esptool.py --chip esp32s3 --port COM3 erase_flash
|
||||
```
|
||||
|
||||
显示 Flash memory erased successfully 后,你就可以像对待一块全新的 ESP32-S3 一样,用常规方法刷写任何其他固件了。
|
||||
Reference in New Issue
Block a user