
Tomu: An ARM board which fits inside your USB connector - flanfly
https://www.crowdsupply.com/sutajio-kosagi/tomu
======
api
Unfortunately this doesn't have enough RAM or storage to do much of anything.
Even basic asymmetric crypto usually requires more.

~~~
sowbug
It's twice the RAM/program specs of an Arduino (different arch but probably
still comparable), which has been useful for many applications.

That said, they don't actually have example source yet for U2F, which is one
of the suggested applications. I don't have an instinctive sense whether that
would fit in 64K flash, or whether operations like key generation would have
to be moved off it to make signing fit.

~~~
Shoothe
U2F requires asymmetric crypto (EC P-256) so it may be more capable than it
looks on a first sight.

~~~
sowbug
[https://github.com/kmackay/micro-ecc](https://github.com/kmackay/micro-ecc)
claims to run on an Arduino and supports secp256r1. The rest of the U2F flow
is mostly packing and unpacking what gets signed and verified.

U2F has a neat property that the device can be nearly stateless. The two main
functions it performs, registration and authentication, can offload per-origin
storage requirements onto the origin, like web cookies but in reverse. So the
device can ship with its single unique signing key already generated in the
factory, and no further configuration is ever needed.

The one exception is the counter parameter that's supposed to track the number
of authentication operations in the device's lifetime. Its purpose is to allow
sites to detect device cloning. But I have a feeling that if someone always
returned 1, most sites would still accept it. And if it really were a hard
requirement, holding a single 4-byte number in non-volatile storage would
still be well within this board's capabilities.

