On Sun, Dec 14, 2025, at 07:43, sirjofri wrote: > More ideally, but also offtopic, I's like to have a factotum usb drive, > where the secrets never leave the usb device. It would talk 9p directly > over the serial bus.
I think this is a great idea; an HSM-like device with an interface that doesn't suck. After some discussion about this idea on IRC, I want to try and implement it. I purchased the "security" variant of this family of microcontrollers: https://tomu.im/ It's an STM32L432KC (Arm v7) in the form factor of a yubikey nano, so it's nearly flush with a USB Type-A port. It has a capacitive button which would work nice with the `confirm` attribute of factotum to require human presence before using a key. It is still in the mail, so I am exploring the firmware it ships with, and trying to prove things out with qemu. If our tc compiler can produce code for this microcontroller, I will probably replace their firmware, otherwise I will adapt their firmware to run factotum. It could be nice to retain the webauthn abilities of their firmware. I'm trying to figure out how to serve 9P over USB, which I know very little about. My initial plan is to make the device a USB serial device that expects 9P, then try to mount the /dev/eiaUN device. However, nusb(4) states that the nusb/serial driver only works for two chips, so I'd have to add support for this one. That's not a problem, but am I going in the right direction? There are a number of USB device classes, maybe a different one is more suitable to carrying 9P? If this works out it would be great if I could also mount it under Linux, with v9fs or 9pfuse, but that's not a priority. David ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T969c381dcd9c760d-M076fe1fcc6f57d1f2db9913f Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
