{"id":28285423,"url":"https://github.com/pokusew/lionkey","last_synced_at":"2025-06-16T07:31:01.471Z","repository":{"id":216331865,"uuid":"715025129","full_name":"pokusew/lionkey","owner":"pokusew","description":"LionKey: An open-source FIDO2 USB Security Key 🔑 implemented on STM32H533. CTAP 2.1 compliant. Supports passkeys.","archived":false,"fork":false,"pushed_at":"2025-06-12T08:54:30.000Z","size":8943,"stargazers_count":5,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-12T09:31:54.943Z","etag":null,"topics":["ctap","ctap2","ctaphid","fido2","hid","passkeys","stm32","stm32h5","stm32h533","usb","webauthn"],"latest_commit_sha":null,"homepage":"https://lionkey.dev","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pokusew.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-11-06T10:30:07.000Z","updated_at":"2025-06-12T09:30:56.000Z","dependencies_parsed_at":"2025-02-26T07:18:13.640Z","dependency_job_id":"b9d77a1c-19a7-416d-9728-908e9e97079a","html_url":"https://github.com/pokusew/lionkey","commit_stats":{"total_commits":110,"total_committers":1,"mean_commits":110.0,"dds":0.0,"last_synced_commit":"6b765c343fbbd284f2cd4e33dbec9a0bc7baf967"},"previous_names":["pokusew/fel-krp-project","pokusew/lionkey"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pokusew/lionkey","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pokusew%2Flionkey","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pokusew%2Flionkey/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pokusew%2Flionkey/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pokusew%2Flionkey/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pokusew","download_url":"https://codeload.github.com/pokusew/lionkey/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pokusew%2Flionkey/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260119247,"owners_count":22961497,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ctap","ctap2","ctaphid","fido2","hid","passkeys","stm32","stm32h5","stm32h533","usb","webauthn"],"created_at":"2025-05-21T18:18:09.772Z","updated_at":"2025-06-16T07:31:01.458Z","avatar_url":"https://github.com/pokusew.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\u003cimg src=\"./docs/assets/img/lionkey-logo-v2-no-padding.svg\" title=\"LionKey\" alt=\"LionKey logo\" height=\"100\"\u003e\u003c/p\u003e\n\n# LionKey: An open-source FIDO2 USB Security Key\n\n[![website](https://img.shields.io/badge/docs-lionkey.dev-A6672A)](https://lionkey.dev/)\n[![build status](https://img.shields.io/github/actions/workflow/status/pokusew/lionkey/ci.yml?logo=github)](https://github.com/pokusew/lionkey/actions/workflows/ci.yml)\n\nA working [FIDO2]/[WebAuthn] USB hardware external authenticator (also called “security key”) 🔑\nimplemented on STM32H533.\n\nIn terms of [WebAuthn], **LionKey** is a _roaming authenticator_ with _cross-platform attachment_\nusing CTAP 2.1 over USB 2.0 (CTAPHID) as the communication protocol,\nsupporting _user verification_ using PIN (CTAP2 ClientPIN),\nand capable of storing **passkeys** _(client-side discoverable credentials)_.\n\nKey features:\n* **Fully compliant implementation of [CTAP 2.1].**\n  * Implements all mandatory features.\n  * Written in **C**.\n  * No dynamic memory allocations.\n  * Designed for use in resource-constrained environments.\n  * MCU independent, easily portable, can be used as a library (see the [core](./core) dir).\n  * Just a single external dependency ([TinyCBOR]).\n* Running on the **[NUCLEO-H533RE]** board with the **[STM32H533RET6]** MCU.\n* Uses [STM32CubeH5](#stm32cubeH5).\n* **Hardware-accelerated cryptography** on STM32H533 (using the RNG, PKA, AES, SHA peripherals).\n\n\u003e [!WARNING]  \n\u003e 🚧 This is still a work in progress. **The security key is already usable.**\n\u003e More detailed documentation will be added soon.\n\u003e The main missing feature is state persistence to the flash memory on STM32H533\n(currently all state is reset when power is lost).\n\n## Content\n\n\u003c!-- **Table of Contents**  *generated with [DocToc](https://github.com/thlorenz/doctoc)* --\u003e\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n- [Development](#development)\n  - [Requirements](#requirements)\n  - [Cloning the Project](#cloning-the-project)\n  - [Build from the Command Line](#build-from-the-command-line)\n  - [Using IDE](#using-ide)\n  - [SVD file for the MCU](#svd-file-for-the-mcu)\n- [STM32CubeH5](#stm32cubeh5)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n\n## Development\n\n\n### Requirements\n\n- [CMake] _(tested with version 3.30.5)_\n  * Note: [CLion](#using-ide) has a bundled CMake so there is no need to install it.\n\n- [Arm GNU Toolchain] _(tested with Version 14.2.Rel1)_\n  * Download _AArch32 bare-metal target (arm-none-eabi)_ from the Arm website [here][Arm GNU Toolchain].\n  * On macOS, `brew install --cask gcc-arm-embedded` can be used.\n\n- [OpenOCD] or any other tool for programming and debugging Arm Cortex-M microcontrollers,\n  such as pyOCD or ST-LINK_gdbserver (a part of STM32CubeIDE).\n\n\u003e [!CAUTION]  \n\u003e **STM32H5** does not work with the original OpenOCD.\n\u003e Currently, it only works with the STMicroelectronics' fork [STMicroelectronics/OpenOCD],\n\u003e which has to be built from source,\n\u003e **see 👉 [this guide for the instructions](https://lionkey.dev/docs/development/openocd)**.\n\n\n### Cloning the Project\n\nThe project uses [Git submodules] to manage some of the external dependencies (see [.gitmodules](./.gitmodules)).\n\nThere are two options how to get the contents of the submodules:\n\n**When cloning the project**, you can use:\n```bash\ngit clone --recurse-submodules https://github.com/pokusew/lionkey.git\n```\n\n**If you already cloned the project** and forgot `--recurse-submodules`, you can use:\n```bash\ngit submodule update --init --recursive\n```\n\n\n### Build from the Command Line\n\nIt is possible to build, flash and start the whole project from the command line.\n\nBuilding is done via `cmake` since this project is a standard [CMake] project (see [CMakeLists.txt](./CMakeLists.txt)).\nWe also included a [CMakePresets.json](CMakePresets.json) to simplify passing common options.\n\nHere is an example how to build the executable for the NUCLEO-H533RE board with the STM32H533RET6 MCU.\n```bash\n# configure step (only has to be done once)\ncmake --preset stm32h533-debug\n# build step\ncmake --build --preset stm32h533-debug\n```\n\nFlashing can be done for example using `openocd` like this (run from the project root):\n```bash\nopenocd -s /usr/local/share/openocd/scripts -f targets/stm32h533/st_nucleo_h5.cfg -c 'tcl_port disabled' -c 'gdb_port disabled' -c 'program \"build/stm32h533-debug/targets/stm32h533/lionkey_stm32h533.elf\"' -c reset -c shutdown\n```\n\n\n### Using IDE\n\n**Use JetBrains [CLion] (free for non-commercial use) for development.**\nThe project is already imported and fully configured, use _File \u003e Open..._ to just open it.\n\nIf you have all the [tools](#requirements) installed, you should be able to open, build and run the project from CLion.\n\nYou can read more in this [CLion's Embedded development with STM32CubeMX projects][CLion-Embedded-Development]\nguide.\n\nNote that CLion bundles CMake (and other tools). Those can be used outside CLion from terminal as well.\nOn a x64 macOS system, the CLion's `cmake` binary\nis located at `/Applications/CLion.app/Contents/bin/cmake/mac/x64/bin/cmake`.\nIf you add the `/Applications/CLion.app/Contents/bin/cmake/mac/x64/bin/` dir to your PATH,\nthen you can run CLion's CMake just by typing `cmake` in your terminal.\n\n\n### SVD file for the MCU\n\nCLion and other IDEs support SVD files for describing the layout of registers for debugging.\n\nSee the [README in the tools/svd dir](./tools/svd/README.md) which lists the available SVD files you can use.\n\n\n## STM32CubeH5\n\nWe use the **STM32CubeH5** package (CMSIS, HAL, LL) via the [STM32CubeMX] generator.\n\nThe STM32CubeH5 includes the CMSIS modules (for the Arm Cortex-M33 core and for the STM32H5 MCUs),\nand the HAL (hardware abstraction layer) and LL (low-level) drivers for the STM32H5 MCUs.\n\n**Relevant resources:**\n* see [STM32CubeH5 GitHub repo][STM32CubeH5-GitHub]\n* see [product page with docs on st.com][STM32CubeH5-Product-Page]\n* see [UM3132 Description of STM32H5 HAL and low-layer drivers][UM3132]\n\n\n\u003c!-- links references --\u003e\n\n[Thesis]: https://github.com/pokusew/fel-masters-thesis\n\n[Thesis-PDF]: https://github.com/pokusew/fel-masters-thesis/raw/main/docs/FIDO2_USB_Security_Key.pdf\n\n[FIDO2]: https://fidoalliance.org/specifications/\n\n[WebAuthn]: https://w3c.github.io/webauthn/\n\n[CTAP 2.1]: https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html\n\n[TinyCBOR]: https://github.com/intel/tinycbor\n\n[NUCLEO-H533RE]: https://www.st.com/en/evaluation-tools/nucleo-h533re.html\n\n[STM32H533RET6]: https://www.st.com/en/microcontrollers-microprocessors/stm32h533re.html\n\n[STM32CubeH5-GitHub]: https://github.com/STMicroelectronics/STM32CubeH5\n\n[STM32CubeH5-Product-Page]: https://www.st.com/en/embedded-software/stm32cubeh5.html#documentation\n\n[UM3132]: https://www.st.com/resource/en/user_manual/um3132-description-of-stm32h5-hal-and-lowlayer-drivers-stmicroelectronics.pdf\n\n[STM32CubeMX]: https://www.st.com/en/development-tools/stm32cubemx.html\n\n[CLion]: https://www.jetbrains.com/clion/\n\n[CLion-Embedded-Development]: https://www.jetbrains.com/help/clion/embedded-development.html\n\n[Arm GNU Toolchain]: https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads\n\n[OpenOCD]: https://openocd.org/pages/getting-openocd.html\n\n[STMicroelectronics/OpenOCD]: https://github.com/STMicroelectronics/OpenOCD\n\n[xPack OpenOCD Releases]: https://github.com/xpack-dev-tools/openocd-xpack/releases\n\n[CMake]: https://cmake.org/\n\n[Git submodules]: https://git-scm.com/docs/gitsubmodules\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpokusew%2Flionkey","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpokusew%2Flionkey","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpokusew%2Flionkey/lists"}