Files
Conor Patrick e1f040d30f Add Rust test suite with in-process and on-device support
- Add AGENTS.md with build, flash, and test guidance
- Extract PC runner platform types into library for test reuse
- Add fido2 integration tests: GetInfo, MakeCredential, GetAssertion,
  Reset, reboot persistence, and user presence (approve/deny)
- Table-driven test architecture with per-module organization
- Feature-gated user presence control (test-up-control):
  - PC runner: shared atomic read by check_user_presence()
  - LPC55: probe-rs-writable static at known address (UP_CONTROL)
- Unified UP control module: same API for both backends,
  selected by UP_BACKEND env var
- USB HID CTAPHID client for device transport
- Transport abstraction: in-process or USB HID
- Vendored fido-authenticator with fast-button-timeout feature (5s vs 30s)
- Makefile: `make test` (PC), `make test-lpcxpresso55` (device)

All 31 tests pass against both PC runner and LPC55S69 hardware.
2026-04-11 00:42:54 +00:00
..

fido-authenticator

FIDO authenticator Trussed® app.

Built with Trussed.

As used in the SoloKeys Solo 2 and Nitrokey 3.

Specifications

Setup

For attestation to work, the authenticator's state needs to be provisioned with a batch attestation key and certificate. They are expected in files /fido/sec/00 and /fido/x5c/00, respectively.

In the context of the SoloKeys Solo 2, "secure" devices are pre-provisioned; for "unlocked" devices, if the firmware contains the provisioner app, this can be done with the CLI:

solo2 pki dev fido batch.key batch.cert
solo2 app provision store-fido-batch-key batch.key
solo2 app provision store-fido-batch-cert batch.cert

License

fido-authenticator is fully open source.

All software, unless otherwise noted, is dual licensed under Apache 2.0 and MIT. You may use fido-authenticator software under the terms of either the Apache 2.0 license or MIT license.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

All documentation, unless otherwise noted, is licensed under CC-BY-SA. You may use fido-authenticator documentation under the terms of the CC-BY-SA 4.0 license.