From 8c2d4123cbbf95c6383f57f9a2e066bf5dc29241 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 9 Oct 2018 21:31:25 -0400 Subject: [PATCH] update docs --- CODE_OF_CONDUCT.md | 46 ++++++++++++++++++++++++++++++++++++++++++++++ README.md | 20 ++++++++------------ 2 files changed, 54 insertions(+), 12 deletions(-) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..84dfcc5 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at hello@solokeys.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/README.md b/README.md index 2bcf80d..6bacbc1 100644 --- a/README.md +++ b/README.md @@ -7,26 +7,22 @@ include SSH, GPG, and cryptocurrency. Solo is an upgrade to [U2F Zero](https:// ![](https://i.imgur.com/vwFbsQW.png?1) The Solo FIDO2/U2F code base is designed to be easily ported to different embedded systems. -Right now, it has been ported to the NRF52840 and EFM32J. Soon to be supported is the SAM L11. +Right now, it has been ported to the NRF52840 and EFM32J. Soon to be supported is the STM32L442. No hardware is needed for development. You can run and extend the FIDO2 code base using just your PC. # Security -Solo is based on the SAM L11 secure microcontroller. It offers the following security features. +Solo is based on the STM32L442 microcontroller. It offers the following security features. - True random number generation to guarantee random keys. -- Side channel resistant RAM and AES for physically secure key derivation. -- ARM TrustZone to provide security isolation for master key. -- Scrambled key storage to prevent invasive flash readout methods. -- Secure boot to ensure application integrity. +- Firewall feature for code and secret data isolation. +- Locked flash -The SAM L11 is one of the best chips for this application in terms of security, -when considering the NDA-free market. +It also has up to 256 KB of memory, meaning it has room for side channel and fault resistant crypto implementations, plus other features. -Solo can be trusted to be running the open source code. The firmware can be readout using a debugger to verify that a Solo is running -the code posted publicly. The secret information is of course inaccessible. +Each chip ships with a read-only USB bootloader, put in place by ST. This can be leveraged to completely reset and reprogram the device, to make sure you can trust it's running the right code. The bootloader can be disabled. # How do I get one? @@ -34,11 +30,11 @@ We are still working on open sourcing an implementation that anyone can cheaply build and program, just like with U2F Zero. This will be released soon. It will be easy to solder :) In the meantime, you can port the code to your favorite microcontroller, or support -us by [signing up for our Kickstarter](https://solokeys.com/). Our aim is to crowdfund enough to make an economic +us by [signing up for our Kickstarter](https://solokeys.com/kickstarter). Our aim is to crowdfund enough to make an economic bulk order and provide open source security tokens for everyone that is interested. We will offer "hackable" tokens that come with USB bootloaders and are reprogrammable. -[Sign up here](https://solokeys.com/)! +[Sign up here](https://solokeys.com/kickstarter)! # Setting up