Can't create Google passkey in pico_fido_pico-5.12.uf2 & pico_fido_pico-6.0.uf2

[GremlinStyle]

Hello,
And first i would like to thank you for this awesome project

I noticed an error/bug (or my fault?) which doesn't allow me to create a google passkey in version 5.12 and 6.0 (not nightly) but in 5.8 it is working
I tested it on waterfox and chrome on my windows 10 pc
OS Name: Microsoft Windows 10 Home
OS Version: 10.0.19045 N/A Build 19045
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free

After clicking "create passkey" and entering my security pin
I was stuck for some minutes at this step

Before i finally get the message "Couldn't complete singup" or something similar
(I couldn't catch a screenshot because it's so fast gone)

I hope this information is in someway helpful and wish you a nice evening/morning/day (where ever you are)
(this is my first time writing an issue so i hope it's at least somewhat usable)

[polhenarejos]

Does it work with webauthn.io ?

[GremlinStyle]

Yes i did test it on the 6.0, 5.12 & 5.8 with webauthn.io or https://www.token2.com/tools/fido2-demo and it always worked flawless

[polhenarejos]

I've tried right now with Chrome in macOS and worked. Perhaps is the middle layer that Windows use.

Can you try with macOS or Linux?

[GremlinStyle]

This is a little embarrassing but it seems i can't use on a freshly new installed ubuntu desktop (on my laptop).

First i tried without installing anything but then after some research installed these
pscscd pscsc-tools sssd libpam-sss opensc-pkcs11

And i still can't use it (even after repeatedly reflashing with 6.0 and 5.8 version)
I tried it on firefox and chromium before digging deeper and i found out that

in most cases the pico doesn't even get detected
at least not with pcsc_scan and the browsers

Only from pamu2fcg did i get some success which is another error message
$ pamu2fcfg
No U2F device available, please insert one now, you have 6 seconds
Device found!
Enter PIN for /dev/hidraw0:
error: fido_dev_make_cred (39) FIDO_ERR_OPERATION_DENIED

Or in case i press the button after entering the key without waiting for any message
$ pamu2fcfg
Enter PIN for /dev/hidraw0:
error: fido_cred_verify (-7) FIDO_ERR_INVALID_ARGUMENT

In case i forgot to install a driver or maybe to configure a service let me know?

And on a site note is it normal for the pico to be detected as smartcard/keyboard by windows?
(version 6.0)

I thought it is more like a fido key( yubikey and so ) i noticed it while trying to detect it with libfido2 for 2 hours before seeing that windows calls it a smartcard

[polhenarejos]

For being recognized by OpenSC, you must commission it with known VID & PID. More info at https://www.picokeys.com/pico-commissioner/
Note that using known VID & PID is only necessary for CCID interface and 3rd party tools like Yubikey Manager or similar. FIDO should work with any VID & PID. It has not been tested with PAM.

Pico Fido has FIDO, Keyboard, CCID and WebCCID interfaces, so yes, it is normal.

When I said "try with macOS or Linux" I referred to create Google passkey using Chrome in macOS or Linux.

[GremlinStyle]

Thanks for the explanation
And maybe i said it poorly but i meant i can't use the pico-fido at all in firefox/chrome on ubuntu it just doesn't get detected.
I tried first with webauthn.io but and get the message in firefox to press the button, nothing happens if i do and in chromium to insert the key.

So i tried to troubleshoot it with pamu2fcfg.
I don't know if for linux i forgot to install some packages or similar.

[GremlinStyle]

Ok now also tested on linux mint with chromium.
with libu2f-udev pcscd installed and that 70-u2f.roles file

Again tested with version 6.0 and 5.8

6.0:
Webauthn.io works fine but in chrome but for the google passkey i don't get past the "Press the button on your key" part
It just doesn't react to the button press
similar to the windows case.

5.8:
It works with google just fine

[polhenarejos]

But do you press the BOOT button to confirm? Not the reset one.

[GremlinStyle]

Yes the button with the text "BOOTSEL" above it also the only button onboard

[polhenarejos]

Are you using Pico board? The same as the pic.

[GremlinStyle]

Exactly, it is the same.

[polhenarejos]

Seems a problem of timeout.
In webauthn.io (and probably others) the process is this:

• You click on Register. Board will enter in "waiting for button" state.
• Press BOOTSEL button in less than 10 seconds; otherwise will fail with timeout.
• A PIN windows will appear
• Introduce your PIN and continue. Board will enter in "waiting for button" state.
• Press BOOTSEL button again in less than 10 seconds; otherwise will fail with timeout.
• The process will conclude successfully.

Can you confirm you press BOOTsel button twice in less than 10 seconds after click on Register/Authenticate and PIN input?

[GremlinStyle]

Strange,
I tested it on windows 11 and it worked just fine
But on windows 10 it's getting stuck after entering the pin

So i don't even get to the "waiting for button" state.

This is what i do.

Expected happenings

Here it's stuck for a minute or two

And error messages following

[windskyxb]

Same issue

[polhenarejos]

But do you press twice the button? One after click on "Register" and one after introducing the PIN.

[windskyxb]

But do you press twice the button? One after click on "Register" and one after introducing the PIN.

After entering the PIN for the security key, the system will get stuck in getting things ready for a while and report an error: Could't complete sign-in. Try again and ensure you do the follow-up action. Prior to this, I had already used Pico Commissioner to set VENDOR to Yubikey 4/5. During this process, the system did not require me to press a button

[GremlinStyle]

I tested if i can login in google after creating the key on windows 11.
And it worked.

But if i try to create the key it fails.

Also it (creating the key) doesn't work in linux mint with firefox or chromium

[GremlinStyle]

Update:

I tested it today it on a PICO 2 with the firmware 6.0

On Windows 10:
Firefox and Chrome (same responses):
For webauthn.io i get stuck at the same "getting things ready" error
but for fido2-demo it's working
google doesn't even find it, error message "Are you there? Use your security key to sign in.

Edit:
After using the comission tool with "Nitrokey Fido2" it suddenly worked for webauthn.io
So i tried to replicate it and after flashing nuke.uf2 and doing it again it didn't work.
Also i want to note the pico2 often crashes ( i think it crashes because the led stops)

Linux Mint:
Chrome can create a key but only on webauthn.io but nothing else
Registered key can be used to login on any OS or browser.
Firefox doesn't work at all, like windows firefox

[GremlinStyle]

Hello,
It's been a while today i gathered some useful troubleshooting infos from the windows even viewer
Here are the logs as txt, xml and windows event viewer format pico_fido.zip

Also i used chrome to gather additional data

I hope these are use full

[polhenarejos]

1. Install the development nightly build, as it includes a new capability to tune the button timeout.
2. Go to the Commissioner and set the Presence Button Timeout to 0 to disable it.
3. Test again to see whether it is a problem with the button or it is another timeout.

[GremlinStyle]

Anyway even after flashing the file onto the pico and afterwards using the commission tool to set the timeout to 0

In linux it works with webauthn.io but google still has the problem where it loads without any end in sight.
Led is still blinking.

In windows 10 it sometimes works on webauthn.io? but only once then i could not replicate it.
It still is the same problem where the pico seems to crash (led not blinking, either stuck at glowing or being not on).
And that "getting things ready" error is ever present.

i added here the chrome logs from windows 10 chrome
chrome://device-log/?refresh=5

FIDOEvent[20:58:14] UI step: kClosed
 
FIDODebug[20:58:14] Advertisements stopped
 
FIDODebug[20:58:14] Stopping 0 caBLE advertisements
 
FIDODebug[20:58:14] WebAuthNAuthenticatorMakeCredential()=0x800704C7 (NotAllowedError)
 
FIDODebug[20:55:21] WebAuthNAuthenticatorMakeCredential(rp={1, "webauthn.io", "webauthn.io"}, user={1, 3654314B79305266534F793179737339346E7832686A5361306E64346437515F376C664F416E5161467273, "test", "test"}, cose_credential_parameters={2, &[{1, "public-key", -7}, {1, "public-key", -257}]}, client_data={1, "{\"type\":\"webauthn.create\",\"challenge\":\"Ok4fC7GKEQirJN14yAGI0EDaCYaWD6ZcIOT-pvTfHMT-6rh3VCSqDFl9AV7N-7BroCUfxrDDbI_y2aFRApTF7w\",\"origin\":\"https://webauthn.io\",\"crossOrigin\":false}", "SHA-256"}, options={7, 300000, {0, &[]}, {0, &[]}, 2, 0, 2, 1, 0, 0000008E095FF2E0, &{20, &[&{1, 1889BAAF3A93708863CC4487EE3C1B46, "public-key", 48}, &{1, 2412669E3D28C8B120202E13F963F34417801B0A, "public-key", 16}, &{1, 255E698DA8795859CCC4D8F83869B95F0E526BE4, "public-key", 48}, &{1, 27C824054F36BBF0F5B5C7F6C5D91D81, "public-key", 48}, &{1, 51C91DFB590B770B10F1838D3B3B5EDE, "public-key", 48}, &{1, 7BD9DFF7A5BFDC681131A7ED86945C171263D2823CFDB5850EC368B55EAD45751D3E74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF01D000000, "public-key", 55}, &{1, 83BB2B166E6A1F37B218E1A4BA5E7900D39F02D0AE7EC397C47ED306CFDF649C, "public-key", 16}, &{1, 8E86DA1548CF4A5EB34747B60FF30D80, "public-key", 16}, &{1, 9400E086967BFC3BFE99768219054917, "public-key", 48}, &{1, 970A68F4A3CDD76457696B15F170876459E2504321342C0C5A0FFBA0E3CAD15A0B2F74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF01A000000, "public-key", 55}, &{1, 9BD04F94DB162834D75A9FBE370BFFDC3BA53FE6A9FC9BE9034AFD178011F8F6, "public-key", 16}, &{1, AA3368683832CEDEB560D7B1403400F98F54C608605ACC27424099A02142AFEF2153B5B67457C3A6ED3D40D40B98E1BE, "public-key", 3}, &{1, CC44AC17DEC945BED438CE656DE0EE96, "public-key", 3}, &{1, DD5B79D62A70487C89DDEEFADFB9D72D, "public-key", 16}, &{1, E523D1C3DD2B661064CB1967E66D60777EDB80D70A823A24E49992CF09F8258DBE1474A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF01A000000, "public-key", 55}, &{1, F1D0020124A3935A14ED944ADF38D66629C4C6E941FFD02B476F79A7A38D3447F2F06AC831DEEFB1733D3AD08374F9538D5092B68112E98FC6D5408E648A41674BFFC760DAB08C1F9A4732F52C9266ED821581ED8F0EF1613AB3BF50F5A851DCA8FFD343D25FDF3927886751C0221771485D767CECE65B8826DE2D9684A0BFE47BA8D5481AD5B9CA6051AEAE9CDFC58BCBEE6EFC70E6AE9FD73259623C2A2849259E, "public-key", 1}, &{1, F1D002013206C2FAD750EA4E5F59B8DF708DC230C09896654ED5791880FC03C8D10CA3E130D543C3BCCE87D8BB98B9BD50ACEC85392C77819371107D40F7A901BD1CD6A0477D2A64573D91C699C0252521949B404F2AC85360BC037836F74A98FBA17072A661900302E0D2D488C08A3DD0FB60CC041B0E423F8DE2BF613C7AF54E3A2DAA14BE645CCE73D88E654B97D7FE0B74CF5D3410D41321B237434C08B9391A, "public-key", 1}, &{1, F1D002015B3563667E9B9B1D645B98E3480701AE55AC9E9B2E1F37CEDA36E058A54B28205B6168FA01CE2F4A4074D1E64BC55B725162E4200DBB753414CA7ACDF594F776ABCE9D79E3877E3416F819185355A964F56813CEFB3AD440260B82F81523E19D626B35B6456CEE4F0A92F098952FA360FC9D85DB3D95BE4D64BC642D79793FA8FE996329DA622FD05CECA35DA6839F5BB6CF8451BB910790B32C777F158D3C13A16BF8487CDCBFC176D605ABEE4B8231ACEA5278D9, "public-key", 55}, &{1, F4364E04D82E4D7CA5A15933EFA1442A, "public-key", 16}, &{1, FA8B20609C0A014A5D9E258A2EF583A7A3CF88C4, "public-key", 16}]}, 0})
 
FIDOEvent[20:55:21] UI step: kNotStarted
 
FIDODebug[20:55:21] No BLE adapter present
 
FIDODebug[20:55:21] Bluetooth status: Off
 
FIDOEvent[20:55:21] Starting MakeCredential flow: { "attestation": "none", "authenticatorSelection": { "authenticatorAttachment": "cross-platform", "residentKey": "preferred", "userVerification": "preferred" }, "challenge": "Ok4fC7GKEQirJN14yAGI0EDaCYaWD6ZcIOT-pvTfHMT-6rh3VCSqDFl9AV7N-7BroCUfxrDDbI_y2aFRApTF7w", "excludeCredentials": [ { "id": "GIm6rzqTcIhjzESH7jwbRg", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "JBJmnj0oyLEgIC4T-WPzRBeAGwo", "transports": [ "internal" ], "type": "public-key" }, { "id": "JV5pjah5WFnMxNj4OGm5Xw5Sa-Q", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "J8gkBU82u_D1tcf2xdkdgQ", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "Uckd-1kLdwsQ8YONOzte3g", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "e9nf96W_3GgRMafthpRcFxJj0oI8_bWFDsNotV6tRXUdPnSm6pITyZwvdLIkkrMgz0AmKpTBqVCgOX8pJQtghB7wHQAAAA", "transports": [ "usb", "nfc", "ble", "hybrid", "internal" ], "type": "public-key" }, { "id": "g7srFm5qHzeyGOGkul55ANOfAtCufsOXxH7TBs_fZJw", "transports": [ "internal" ], "type": "public-key" }, { "id": "jobaFUjPSl6zR0e2D_MNgA", "transports": [ "internal" ], "type": "public-key" }, { "id": "lADghpZ7_Dv-mXaCGQVJFw", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "lwpo9KPN12RXaWsV8XCHZFniUEMhNCwMWg_7oOPK0VoLL3Sm6pITyZwvdLIkkrMgz0AmKpTBqVCgOX8pJQtghB7wGgAAAA", "transports": [ "usb", "nfc", "ble", "hybrid", "internal" ], "type": "public-key" }, { "id": "m9BPlNsWKDTXWp--Nwv_3DulP-ap_JvpA0r9F4AR-PY", "transports": [ "internal" ], "type": "public-key" }, { "id": "qjNoaDgyzt61YNexQDQA-Y9UxghgWswnQkCZoCFCr-8hU7W2dFfDpu09QNQLmOG-", "transports": [ "usb", "nfc" ], "type": "public-key" }, { "id": "zESsF97JRb7UOM5lbeDulg", "transports": [ "usb", "nfc" ], "type": "public-key" }, { "id": "3Vt51ipwSHyJ3e7637nXLQ", "transports": [ "internal" ], "type": "public-key" }, { "id": "5SPRw90rZhBkyxln5m1gd37bgNcKgjok5JmSzwn4JY2-FHSm6pITyZwvdLIkkrMgz0AmKpTBqVCgOX8pJQtghB7wGgAAAA", "transports": [ "usb", "nfc", "ble", "hybrid", "internal" ], "type": "public-key" }, { "id": "8dACASSjk1oU7ZRK3zjWZinExulB_9ArR295p6ONNEfy8GrIMd7vsXM9OtCDdPlTjVCStoES6Y_G1UCOZIpBZ0v_x2DasIwfmkcy9SySZu2CFYHtjw7xYTqzv1D1qFHcqP_TQ9Jf3zkniGdRwCIXcUhddnzs5luIJt4tloSgv-R7qNVIGtW5ymBRrq6c38WLy-5u_HDmrp_XMlliPCooSSWe", "transports": [ "usb" ], "type": "public-key" }, { "id": "8dACATIGwvrXUOpOX1m433CNwjDAmJZlTtV5GID8A8jRDKPhMNVDw7zOh9i7mLm9UKzshTksd4GTcRB9QPepAb0c1qBHfSpkVz2RxpnAJSUhlJtATyrIU2C8A3g290qY-6FwcqZhkAMC4NLUiMCKPdD7YMwEGw5CP43iv2E8evVOOi2qFL5kXM5z2I5lS5fX_gt0z100ENQTIbI3Q0wIuTka", "transports": [ "usb" ], "type": "public-key" }, { "id": "8dACAVs1Y2Z-m5sdZFuY40gHAa5VrJ6bLh83zto24FilSyggW2Fo-gHOL0pAdNHmS8VbclFi5CANu3U0FMp6zfWU93arzp1544d-NBb4GRhTValk9WgTzvs61EAmC4L4FSPhnWJrNbZFbO5PCpLwmJUvo2D8nYXbPZW-TWS8ZC15eT-o_pljKdpiL9Bc7KNdpoOfW7bPhFG7kQeQsyx3fxWNPBOha_hIfNy_wXbWBavuS4IxrOpSeNk", "transports": [ "usb", "nfc", "ble", "hybrid", "internal" ], "type": "public-key" }, { "id": "9DZOBNguTXyloVkz76FEKg", "transports": [ "internal" ], "type": "public-key" }, { "id": "-osgYJwKAUpdniWKLvWDp6PPiMQ", "transports": [ "internal" ], "type": "public-key" } ], "extensions": { "credProps": true }, "hints": [ "security-key" ], "pubKeyCredParams": [ { "alg": -7, "type": "public-key" }, { "alg": -257, "type": "public-key" } ], "rp": { "id": "webauthn.io", "name": "webauthn.io" }, "user": { "displayName": "test", "id": "NlQxS3kwUmZTT3kxeXNzOTRueDJoalNhMG5kNGQ3UV83bGZPQW5RYUZycw", "name": "test" } }
 
FIDODebug[20:55:21] Found 0 caBLEv2 devices
 
FIDOEvent[20:55:21] Enclave authenticator disabled because no suitable account
 
FIDOEvent[20:55:21] UI step: kClosed
 
FIDOEvent[20:55:07] UI step: kConditionalMediation
 
FIDODebug[20:55:07] No BLE adapter present
 
FIDODebug[20:55:07] Bluetooth status: Off
 
FIDODebug[20:55:07] Silent discovery unavailable
 
FIDODebug[20:55:07] Silently discovering credentials for webauthn.io
 
FIDOEvent[20:55:07] Starting GetAssertion flow: { "allowCredentials": [ ], "challenge": "GggWY5nBOTTf6mEKSQr7VV2nzxH-nBcAbI_em4lwmNhFdrOmr6MiAyEE2GueCU2DU7Z2uW3KRnMupp5otZNTow", "rpId": "webauthn.io", "userVerification": "preferred" }
 
FIDODebug[20:55:07] Found 0 caBLEv2 devices
 
FIDOEvent[20:55:07] Enclave authenticator disabled because no suitable account
 
USBError[20:55:01] SetupDiGetDeviceProperty({{A45C254E-DF1C-4EFD-8020-67D146A850E0}, 6}) failed: Element nicht gefunden. (0x490)
 
USBError[20:55:01] SetupDiEnumDeviceInterfaces: Es sind keine Daten mehr verfügbar. (0x103)
 
USBError[20:55:01] SetupDiGetDeviceProperty({{A45C254E-DF1C-4EFD-8020-67D146A850E0}, 6}) failed: Element nicht gefunden. (0x490)
 
USBEvent[20:55:01] USB device function updated: guid=43c1a89f-7166-45d2-a329-d07daed49109, interface_number=2, path="\\?\usb#vid_20a0&pid_42b1&mi_02#6&62bb226&0&0002#{50dd5230-ba8a-11d1-bf5d-0000f805f530}", driver="WUDFRd"
 
USBUser[20:55:01] USB device added: path=\\?\usb#vid_20a0&pid_42b1#e660382823638f35#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=8352 "Pol Henarejos", product=17073 "Pico Key", serial="E660382823638F35", driver="usbccgp", guid=43c1a89f-7166-45d2-a329-d07daed49109

Also checked if it's not the pico which may be damaged but with the 5.8 version it's working just fine.

Tested on two windows 10 pc
And a linux mint

PS:
Thanks for taking your time to work this issue

[polhenarejos]

What happens if you run the tests?

pytest tests

[GremlinStyle]

Done
I should have started with this right?
Anyway here are the logs for 6.0 with and without the comission where the timout is set to 0.
picofido_6.0_night_dev_with_comission.log
picofido_6.0_night_dev_without_comission.log

Enviroment is windows and scripts are run with admin privs.
Otherwise pytest gives me an Access denied error.

[polhenarejos]

Try using the nightly build and disable the Power cycle after reboot option in the Commissioner.

[GremlinStyle]

Hi
Sorry for the delay,
It is still not working as intended (as in getting stuck at "Getting things ready" even on webauthn.io)

Here the logs and i wasn't sure which nightly so i did both:
PicoFido_nightly-dev_Commision-PowerCycle_7-12-2024_windows10.log
PicoFido_nightly-stable_Commision-PowerCycle_7-12-2024_windows10.log

Thanks

[79812b]

hey i am facing the same problem
Win10

when using on discord or webauth.io it works

but when trying to use it on binance or google it get stuck in "getting things ready phase"
if anyone have any solution let me know

[jcodeth]

There seems to be a problem with the handling of the excludelist in the cbor_make_credential function. webauthn.io does not allow multiple keys to be registered. As a result, it works because excludelist is never used. For a quick check, I was able to register a key by deleting the range shown below.

pico-fido/src/fido/cbor_make_credential.c

Lines 282 to 298 in 7a59b51

	for (size_t e = 0; e < excludeList_len; e++) { //12.1
	if (excludeList[e].type.present == false || excludeList[e].id.present == false) {
	CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
	}
	if (strcmp(excludeList[e].type.data, (char *)"public-key") != 0) {
	continue;
	}
	Credential ecred;
	if (credential_load(excludeList[e].id.data, excludeList[e].id.len, rp_id_hash,
	&ecred) == 0 &&
	(ecred.extensions.credProtect != CRED_PROT_UV_REQUIRED ||
	(flags & FIDO2_AUT_FLAG_UV))) {
	credential_free(&ecred);
	CBOR_ERROR(CTAP2_ERR_CREDENTIAL_EXCLUDED);
	}
	credential_free(&ecred);
	}

https://w3c.github.io/webauthn/#dom-scopedcredentialoptions-excludelist

[polhenarejos]

But this is the expected behavior. If a credential is already created and relayed by the RP, then it fails creating a new one (because it has been already created). It is described here:
https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#op-makecred-step-if-excludeList

I already created passkeys in google without problems.

[jcodeth]

Sorry for the poor explanation.
I wanted to explain why it works with webauthn.io.
I think the problem may be caused by omission of initialization of the structure.

pico-fido/src/fido/credential.c

Lines 146 to 160 in 7a59b51

	int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash, Credential *cred) {
	int ret = 0;
	CborError error = CborNoError;
	uint8_t *copy_cred_id = (uint8_t *) calloc(1, cred_id_len);
	memcpy(copy_cred_id, cred_id, cred_id_len);
	ret = credential_verify(copy_cred_id, cred_id_len, rp_id_hash);
	if (ret != 0) { // U2F?
	if (cred_id_len != KEY_HANDLE_LEN || verify_key(rp_id_hash, cred_id, NULL) != 0) {
	CBOR_ERROR(CTAP2_ERR_INVALID_CREDENTIAL);
	}
	}
	else {
	CborParser parser;
	CborValue map;
	memset(cred, 0, sizeof(Credential));

/src/fido/cbor_make_credential.c

    Credential ecred = {0};    // Add initialization
    if (credential_load(excludeList[e].id.data, excludeList[e].id.len, rp_id_hash,
                             &ecred) == 0 &&
             (ecred.extensions.credProtect != CRED_PROT_UV_REQUIRED ||
              (flags & FIDO2_AUT_FLAG_UV))) {
                 credential_free(&ecred);
             CBOR_ERROR(CTAP2_ERR_CREDENTIAL_EXCLUDED);
    }
    credential_free(&ecred);

[polhenarejos]

I tried to create a new passkey in Google without problems. Here's the flow (it's in catalan but easily recognized):

1. Two options: "Create a passkey" or "Use a security key". Click on "Use a security key", the good one.

2. Configure this key to be used by Google. OK or NOK?

3. Google will get the vendor name and model. Are you sure?

4. Introduce the PIN

5. Touch the BOOTSEL button.

And voilà. After touching the key is registered.

[polhenarejos]

You're right @jcodeth . If it is not properly initialized, it might crash on credential_free() afterwards. I'll push a fix.

[samsell]

I think I have the same issue, arch linux using chrome 131. Firefox doesn't work at all, but that looks expected from some of the other issues. Works perfectly fine with github and webauthn.io, but creating a passkey for a google account fails at the same point:

Pretty sure it is properly initialised, through the web commissioner

[polhenarejos]

I found the bug and it is related with the timeout/keepalive procedure. By specified in the FIDO documents, the authenticator must send keepalive commands regularly, to inform the client the command is still being processed. But taking the old U2F specifications, no keepalive was specified. So, it is in the client side the procedure to check the timeout.

Depending on the platform, google may decide to use CTAP2 (FIDO) protocol or CTAP1 (U2F). If it chooses CTAP2 (my above examples), it works normally. But if it chooses CTAP1, then it does not expect any keepalive command, regardless the specification. Once the keepalive is sent, it throws an error about "unknown command" and closes the connection.

I put a fix which mainly sends a keepalive command only if we are in a middle of CTAP2 transaction. Hopefully it will fix all these errors you have. I pushed the fix to development branch. You can wait for the nightly development build tonight or build yourself.

[79812b]

oh thanks for the update this issue i was facing with
Google
Binance
mostly both having same issue hope this fixes binance one too

[samsell]

Awesome! Worked perfectly for me

Thanks for this project!!

[79812b]

@samsell how can i update my pico ? where can i get the new file?

[samsell]

@79812b it's in the releases section, click the nightly development build and look for the pico-fido .uf2 file. Or the link is here if you have the standard pico: https://github.com/polhenarejos/pico-fido/releases/download/nightly-development/pico_fido_pico-6.0.uf2

[Filz0r]

@79812b it's in the releases section, click the nightly development build and look for the pico-fido .uf2 file. Or the link is here if you have the standard pico: https://github.com/polhenarejos/pico-fido/releases/download/nightly-development/pico_fido_pico-6.0.uf2

Hello I was trying this project out on my pico on Firefox and Chromium on Linux and was having this exact issue, so I started to go trough this thread and found this message, tried it out and now it works, I'm now able to use my pico to authenticate for me, I was only able to register the device on Chromium though but that's already been mentioned elsewhere if I'm not mistaken.

Thanks a lot!