Programming
This page documents how to update or program your Solo.
Prerequisites
To program Solo, you'll likely only need to use our Solo tool.
pip3 install solo-python
Updating the firmware
If you just want to update the firmware, you can run one of the following commands. Make sure your key is in bootloader mode first.
solo key update <--secure | --hacker>
You can manually install the latest release, or use a build that you made.
solo program bootloader <firmware.hex | firmware.json>
Note you won't be able to use all.hex
or the bundle-*.hex
builds, as these include the solo bootloader. You shouldn't
risk changing the Solo bootloader unless you want to make it a secure device, or make other customizations.
Updating a Hacker to a Secure Solo
Updating a hacker to be a secure build overwrites the Solo bootloader. So it's important to not mess this up or you may brick your device.
You can use a firmware build from the latest release or use a build that you made yourself.
You need to use a firmware file that has the combined bootloader, application, and attestation key pair (bootloader + firmware + key).
This means using the bundle-*.hex
file or the bundle.hex
from your build.
Warning
- Any DFU update erases everything! If you overwrite the Solo flash with a missing bootloader, it will be bricked.
- If you program bootloader and firmware with no attestation, you will run into FIDO registration issues.
We provide two types of bundled builds. The bundle-hacker-*.hex
build is the hacker build. If you update with this,
you will update the bootloader and application, but nothing will be secured. The bundle-secure-non-solokeys.hex
is a secured build that will lock your device and it will behave just like a Secure Solo. The main difference is that
it uses a "default" attestation key in the device, rather than the SoloKeys attestation key. There is no security
concern with using our default attestation key, aside from a small privacy implication that services can distinguish it from Solo Secure.
Procedure
-
Boot into DFU mode.
# Enter Solo bootloader solo program aux enter-bootloader # Enter DFU solo program aux enter-dfu
The device should be turned off.
-
Program the device
solo program dfu <bundle-secure-non-solokeys.hex | bundle.hex>
Double check you programmed it with bootloader + application (or just bootloader). If you messed it up, simply don't do the next step and repeat this step correctly.
-
Boot the device
Once Solo boots a secure build, it will lock the flash permantly from debugger access. Also the bootloader will only accept signed firmware updates.
solo program aux leave-dfu
If you are having problems with solo tool and DFU mode, you could alternatively try booting into DFU by holding down the button while Solo is in bootloader mode. Then try another programming tool that works with ST DFU:
- STM32CubeProg
- openocd
- stlink
Windows users need to install libusb for solo-python to work with Solo's DFU.
Programming a Solo that hasn't been programmed
A Solo that hasn't been programmed will boot into DFU mode. You can program it by following a bootloader, or combined bootloader + application.
solo program dfu <bundle-*.hex | all.hex>
Then boot the device. Make sure it has a bootloader to boot to.
solo program aux leave-dfu
Disable signed firmware updates
If you'd like to also permanently disable signed updates, plug in your programmed Solo and run the following:
# WARNING: No more signed updates.
solo program disable-bootloader
You won't be able to update to any new releases.