
In addition, Google has published stereolithography source code files that allow users to 3D print a physical case in which they can place a Nordic chip dongle. TockOS was picked thanks to its sandboxed architecture that allows isolation between the security key applet, the drivers and kernel required to build “defense-in-depth.” OpenSK runs on TockOS, the Tock embedded operating system. Nordic was picked as the initial reference hardware because it supports FIDO2 protocols, including NFC, Bluetooth Low Energy, USB and a dedicated hardware crypto core. Google is hoping to expand OpenSK to other types of chips in the future. The early release of OpenSK is said to allow those using the code to make their own developer keys by flashing the firmware onto a Nordic chip dongle. “By opening up OpenSK as a research platform, our hope is that it will be used by researchers, security key manufacturers, and enthusiasts to help develop innovative features and accelerate security key adoption,” Elie Bursztein, Google security and anti-abuse research lead, and Google software engineer Jean-Michel Picod explained in a blog post.

OpenSK supports FIDO U2F and FIDO2 standards, both authentication standards from the FIDO Alliance that facilitate authentication.

Rust is a system programming language focused on safety while Nordic chip dongles are dongles, a small piece of computer hardware that connects to another device, designed in this case by Nordic Semiconductor ASA. Google LLC has released a new open-source multifactor authentication security key platform that allows both hobbyists and hardware vendors to build their own security keys.Ĭalled OpenSK, the project has been released on GitHub and contains Rust-based firmware that can be installed on Nordic chip dongles.
