Touch security key to continue...

[fastchain]

Hello,
I've just flashed RPI PICO 2020 (c)
With this firmware
https://github.com/polhenarejos/pico-fido/releases/download/v5.8/pico_fido_pico-5.8.uf2

after pico reboot I see

[1466535.469647] usb 1-8: new full-speed USB device number 29 using xhci_hcd
[1466535.611275] usb 1-8: config 1 interface 2 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[1466535.612120] usb 1-8: New USB device found, idVendor=feff, idProduct=fcfd, bcdDevice= 5.00
[1466535.612130] usb 1-8: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[1466535.612135] usb 1-8: Product: Pico Key
[1466535.612139] usb 1-8: Manufacturer: Pol Henarejos
[1466535.612142] usb 1-8: SerialNumber: E6612483CB1F932D
[1466535.618983] hid-generic 0003:FEFF:FCFD.0011: hiddev100,hidraw10: USB HID v1.11 Device [Pol Henarejos Pico Key] on usb-0000:00:14.0-8/input0
[1466535.620845] input: Pol Henarejos Pico Key as /devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8:1.1/0003:FEFF:FCFD.0012/input/input36
[1466535.677164] hid-generic 0003:FEFF:FCFD.0012: input,hidraw11: USB HID v1.11 Keyboard [Pol Henarejos Pico Key] on usb-0000:00:14.0-8/input1

in dmesg (I use Linux box 6.8.7-arch1-1) and according to green led it's in "Active mode".

And when I go to https://webauthn.io/ to run registration test, I get "Touch security key to continue". I push BOOTSEL button, but nothing happens.

What am I doing wrong?

I use FF 126 as snap package and it works fine with yubikey.

Thank you!

[polhenarejos]

Which browser? With Chrome should work out the box, with Firefox works partially and some parameter needs to be tuned in config params. Other browsers have not been tested yet.

[fastchain]

Which browser?

FF 126 as snap package

And I moved a bit forward:

I've patched the firmware to "Yubikey 4/5 OTP+FIDO+CCID" with https://www.picokeys.com/pico-patcher/ . This made FF "to see" the token, and now FF asks for a pin on "registration". Is it some default PIN?

Since I don't know the pin, I reset the pin with ykman tool

ykman fido access change-pin  --new-pin 000000

And when I provide a new pin to FF, it accepts it asks to push the button. After the push I see this

Firefox works partially and some parameter needs to be tuned in config params.

which one?

Thank you!

[polhenarejos]

I've patched the firmware to "Yubikey 4/5 OTP+FIDO+CCID" with https://www.picokeys.com/pico-patcher/ . This made FF "to see" the token, and now FF asks for a pin on "registration". Is it some default PIN?

There's no default PIN. Actually, if no PIN is detected, your client should ask you to set one. With Chrome, if you go to webauthn.io for the first time, it asks you to set a PIN. I do not know how Firefox is handling it but from what I saw the support for FIDO2 is partial.

And when I provide a new pin to FF, it accepts it asks to push the button. After the push I see this

It seems your browser denied the action but I am not sure why. I'll debug with Firefox to see what's happening.
In the meantime, try with Advanced Settings > User verification > Discouraged, and it should not ask you for a PIN/verification, at Registration and also at Authentication.

Firefox works partially and some parameter needs to be tuned in config params.

which one?

Here's some users tested it with Firefox:

#18 (comment)

I forgot to ask you: which Pico board do you use?

[fastchain]

Thank you!

I forgot to ask you: which Pico board do you use?

I'll play around with a FF and let you know results.

[polhenarejos]

Seems a common problem with Firefox.

NixOS/nixpkgs#292134

I tried with FF 126 with macOS and got the same result as you. It works for some people, which makes it more weird. Probably is a problem with permissions.