cattom/blog
0
0
Fork 0
Code Actions Activity
Files
64c94e94f837eb4452343f286fdfb6dedfcd0ce2
blog/docs/tech/Picokeys.md
Cat Tom 014f554500
All checks were successful
Deploy / deploy (push) Successful in 1m6s
Details
add picokeys(not pub now) & edit some mds
2026-03-12 22:54:28 +08:00

100 lines
3.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# PicoKeys: YubiKey 的开源平替
!!! danger "重要提醒"
近期原作者[对固件代码增加了防回滚等功能](https://linux.do/t/topic/1469991),并且[将Pico Commissioner转入闭源](https://github.com/polhenarejos/pico-fido/issues/216),导致社区产生对原作者行为合理性的[质疑](https://github.com/polhenarejos/pico-fido/issues/245)。有鉴于此,社区已经产生基于原项目的[完全开源分支](https://github.com/librekeys/),但是该分支仍处于不稳定状态,分支的整体结构、更新方向和兼容性问题尚未有明确定论。**无论选择哪个固件,我强烈建议不要将刷入该固件的硬件密钥作为你保存 TOTP 和 Webauthn 密钥的唯一途径,并且妥善保管网站提供的恢复代码。**
[Pico Keys](https://www.picokeys.com/)
## 材料
- [微雪 RP2350-One](https://www.waveshare.net/wiki/RP2350-One)
建议使用官方附赠贴纸粘贴在背面Logo处以紧固USB接口
## 安装
[Getting Started - Pico Keys](https://www.picokeys.com/getting-started/)
Pico Fido
Raspberry
Pico 2
For Raspberry Pico, put the Pico device into recovery mode:
- Unplug the device
- While pressing the BOOTSEL button, plug the device to the USB port
- A mounted flash unit will appear in the File Explorer / Finder named RP2350 (for RP2350 boards)
- Copy the .uf2 file download previously and copy to the mounted unit
- The device will unmount the flash unit and will be remounted as a Pico Key. The led light will blink periodically
## 初始化
++windows+i++ 账户 登录选项 安全密钥 管理
插入 Picokey
添加安全密钥 PIN
## 配置
[picoforge](https://github.com/librekeys/picoforge)
以管理员身份运行
Configuration
- Identify
- Vendor Preset `Yubikey 5`
- Product Name `Yubico YubiKey`
- LED Setting
- LED GPIO Pin `16`
- LED Driver `WS2812`
- Brightness `5`
- LED Dimmable `Switch ON`
- Touch Timing
- Touch Timeouts `15`
- Device Options
- Power Cycle on Reset `Switch ON`
Apply Changes
按下开发板上的"Reset"
## 使用
[Yubico Authenticator App for Desktop and Mobile | Yubico](https://www.yubico.com/products/yubico-authenticator/)
添加 TOTP
管理 通行密钥
- 蓝灯: 设备待机
- 红灯: 设备处理中
- 绿灯: 需要用户按 `BOOT` 键以授权
``` bash
ssh-keygen -t ed25519-sk -O resident -O verify-required -O application=ssh:custom_name -O user=my_username
```
https://zhuanlan.zhihu.com/p/691575345
## 其他
如何正确地擦除并刷写新固件?
在进行任何操作前,你需要先让 ESP32-S3 进入下载模式Download Mode / DFU
按住板子上的 BOOT或 0按钮不放。
单击一下 RESET或 EN / RST按钮。
松开 BOOT 按钮。
(此时电脑会重新识别到一个串口设备)
接下来,根据你使用的刷写工具,选择对应的擦除方式:
方法一:使用命令行工具 esptool.py最推荐、最彻底
如果你熟悉命令行,使用乐鑫官方的 esptool 是最稳妥的。在终端中执行以下命令彻底清空闪存:
``` powershell
esptool.py --chip esp32s3 --port COM3 erase_flash
```
显示 Flash memory erased successfully 后,你就可以像对待一块全新的 ESP32-S3 一样,用常规方法刷写任何其他固件了。
View Git Blame Copy Permalink