Menu

Solokeys Version 2 - Why it matters

So Solokeys has started their second Kickstarter campaign, after the Solo, we get its second iteration, so let's look at what it has and have a first impression.*

*I dont have this yet so take it all with a grain (or some more) of salt, rather than treating it as the absolute truth.

So, the Solo V2 adds many things, but it also removes 2 main things:
First off would be the Clicky button, a thing I personally liked since you can very well hear and feel the interaction with your solo and the button on the solo just felt very nice in general being made unlike any button on a FIDO2 device I have seen before. But clicky buttons usually come with problems of their own, not only that they themselves have a lifespan but also that especially on a Solo-C I would say it's a bad idea to try to push it with only one finger without supporting it on the back, especially as C-Plugs are usually weaker. One thing I know for sure is that I dont wanna try it.
Second, the cheaper non-nfc version is also going away likely to keep tooling and logistics costs down as I would sooner or later expect at least 6 variants even without any non-NFC variants as you have the firmware style being Secure, Hacker and possibly a Dicekey variant as well, and obviously the 2 connectors, USB-A and USB-C. Ultimately this means the Solo V2 will be much more expensive if you didnt plan to get an NFC device considering the base price they noted in the Keybase chat would be 48$ which is even a 20% step up from the USB-C NFC Version), which isnt a problem on its own except that it puts it into the territory of the yubikeys, which despite me personally not liking them, are definitely strong competition

But these 2 kinda smaller things set aside there are a LOT of additions for the Solo V2.

Better Updates
The orignal Solo, Solo V1 for disambiguation, already has updates, however it does only check the update process itself, however if you can skirt an update around that e.g. by going onto the flash itself it wont really help as the bootloader assumes that all is fine as DFU is supposed to be dead and the bootloader's own update process checks already, and just boots whetever is on it.
However the Solo V2 has secure boot so it will do the checks not only on the update itself but also on every single boot making the updates as well as the general concept of updatable firmware much more secure.
Easier Development using modular applets
They call them apps, I dont care since they arent really doing anything on their own but more like part of an entire thing like the FIDO2 applet would only be part of the entire system of the FIDO2 authentication stream.
Basically the main difference to Solo V1 is that on the V1 everything is part of a more or less monolithic firmware and need to be embedded into it, yet the applets on the V2 are basically completely modular and the Update process would just compile all the applets you want into one firmware package for the Solo V2 to accept.
More Secure Firmware due to better Programming
The Solo V2's Firmware will be made in Rust which allows them to get less of the issues that C has and therefore make the firmware more secure in general.
Reversible USB-A
While technically being a stretch goal, it was already surpassed by its own amount already, this is likely one of the biggest things, the Solo V2 features reversibility not only on the USB-C side but the Conor Patrick one of the 4 People made some research, but obviously not without the help of some Stack Exchange forums, and got a USB-A plus they seem to have working and trust me without Stack Exchange, IT nowadays would likely be off SO MUCH WORSE. 🙂
Better NFC
They say 10 times, but I obviously have neither the knowledge, nor the tools to quantify that, however it can be clearly seen that they have put quite some work into it. Not only did they seem to have improved the antenna and therefore power harvesting big time, but they also made a way to die less while doing stuff if the NFC field isnt perfectly stable by quickly making it drop the performance level to at least stay alive until power recovers.
Touch buttons, 3 of them
I dont overly like touch buttons but they are objectively better in many ways as they need borderline no force to activate and have basically unlimited livespan, also due to them being at the sides and far end, they are also easier to reach as there is no upside down problematic and even in cramped spaces like a USB-Hub you should still reach the button at the far end. and that's not even mentioning that 3 buttons allows for extra functionality.
More than Just FIDO2
Solo V2 will also implement PIV, a standard for smartcards which can be used for several things although sadly at its current state neither PIV nor FIDO2 can be used to login to a layman's (Windows) PC directly but are rather for enterprise level, with Smartcards being limited to Active Directory and FIDO2 to Azure AD. And with it being modular, I wouldnt be surprised if people throw in applets that sooner or later will be added to the catalog of approved ones to be able to be thrown onto a secure Solo as well.
Physically more robust and secure
so there are 2 main weaknesses of the Solo V1 from a physical standpoint:
1) On a C-Solo the USB-C connector is obviously relatively weak as there isnt too much holding them especially on the much thinner PCB compared to the A-Solo I have.
2) the components are either totally exposed or just behind the rubber case.
The Solo V2 solves both by using a dual-PCB consruction using a connector PCB which features the USB-Connector and the NFC as well as a cavity for the actual main PCB with the components to be filled with Epoxy which not only provides resistance to the elements (including being resistant to water) and some extra abuse, but also makes it harder to attack the actual chips, and maybe even almost impossible to do so covertly.
A GIF showing the assemby of a USB-C Solo V2 including its 2 PCBs.

And not only that but the Solo V2 will obviously inherit many things its predecessor already had like being open source and if you want it to be, hackable as well.

All in All I would say the Solo V2 looks very promising and I look forward to it already. Currently the Solos you can back on their Kickstarter are expected to ship in June although I would expect some Corona-related delays. How does the saying always go, expect the worst, hope for the best.

Obvious transparency note: I have been paid 100% nothing for this neither in Money nor in Solos 🙂 In fact I have backed this myself and looking forward already. while the best discounts are either already gone, or close to that, it would be likely the cheapest option to pool with some friends and get for example 4 solos together which also comes with the added benefit of free shipping in the EU, UK and Switzerland. Also shipping to Europe is planned to be done from inside meaning less or no hassle with customs procedures and import taxes or bonus fees by shipping companies.

Comments 2

  • Thank you for the clear review. The Solokeys website and campaign pages do not do as good of a job of differentiating the Solo V2 from the Solo V1. They jump from being too vague to suddenly using terms I was not familiar with. (I had to look up what "PIV" stood for and all I can say is... do _not_ look it up.) This article set me straight.

    If you review V2 once it comes out, please do link to it from here as I have many questions. In particular, as one of the people whose Solokey V1 snapped off its USB C connector the second time I used it, I'm curious how well the "epoxy everything" method will work. Also, I saw an issue filed with the Solokeys Github that said that the V2 Hacker versions do *not* work with Google or Github! Is there even the remotest chance that is true? DId the Microsoft Windows login problem get resolved by modules in V2 as you predicted?

    P.S. Solo V1 works fine for me to login on my PC which runs GNU/Linux. I'm using this method: https://askubuntu.com/questions/1167691/passwordless-login-with-yubikey-5-nfc . That should still work for Solo V2, right?

    • Thanks for the comment.

      well PIV is likely a very deep subject but knowing that it can act as a smartcard will likely be enough for most people.

      I have done a preprod review and while I got the final units already the fw seems to need polish and generally most of the preprod review still applies, however thry are also still working on a revision of their build process so stuff can change.

      I honestly need to check whether the hacker solo I have lying around works on google/github but it would be unusual to say the least, as I have not been aware of big attestation checks on those, tho I have seen issues with using them with windows 10 sometimes (specifically getting an "are you there" message), although it then often helps to when the window appears and the solo2's LED turns yellow, to just tap it without waiting for any text, no idea what's causing this tbh, as I havent seen FIDO much outside the perspective of the user and a website's perspectives.

      the epoxy thing has nothing to do with the USB-C although while looking at my usb-C unit it seems to be connected more sturdy, do NOT expect me to conduct any force tests tho, aside from not being easy to come by solo2 isnt cheap and seriously is in a price region where it has to compete with yubico.

      also modules while having been mentioned next to the PIV/Smartcard section which does mention windows login, does not nesecarily offer you different ways to log into windows, the point of the paragraph was basically to say that unlike the solo1 which is purely a fido device the Solo2 isnt a one trick pony anymore.

      some problems regarding a decent way to log into windows for normal users is something that has to be solved by either offering something that works with windows hello in some measure, or needs a program that hooks into the credential methods of windows, no idea how all that works tho.

      regarding the linux login method which you are using with the solo1 there's no reason it shouldnt work with solo2 although I didnt try. generally it just uses U2F/FIDO2 so generally any compliant device should work, you could likely hook up some of the more uncommon ones.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.