Taking a U2F Hardware Key from Design to Production

Building a circuit from prototyping to printed circuit board assembly is within the reach of pretty much anyone with the will to get the job done. If that turns out to be something that everyone else wants, though, the job gets suddenly much more complex. This is what happened to [Conor], who started with an idea to create two-factor authentication tokens and ended up manufacturing an selling them on Amazon. He documented his trials and tribulations along the way, it’s both an interesting and perhaps cautionary tale.

[Conor]’s tokens themselves are interesting in their simplicity: they use an Atmel ATECC508A specifically designed for P-256 signatures and keys, a the cheapest USB-enabled microcontroller he could find: a Silicon Labs EFM8UB1. His original idea was to solder all of the tokens over the course of one night, which is of course overly optimistic. Instead, he had the tokens fabricated and assembled before being shipped to him for programming.

Normally the programming step would be straightforward, but using identical pieces of software for every token would compromise their security. He wrote a script based on the Atmel chip and creates a unique attestation certificate for each one. He was able to cut a significant amount of time off of the programming step by using the computed values with a programming jig he built to flash three units concurrently. This follows the same testing and programming path that [Bob Baddeley] advocated for in his Tools of the Trade series.

From there [Conor] just needed to get set up with Amazon. This was a process worthy of its own novel, with Amazon requiring an interesting amount of paperwork from [Conor] before he was able to proceed. Then there was an issue of an import tariff, but all-in-all everything seems to have gone pretty smoothly.

Creating a product from scratch like this can be an involved process. In this case it sounds like [Conor] extracted value from having gone through the entire process himself. But he also talks about a best-case-scenario margin of about 43%. That’s a tough bottom line but a good lesson anyone looking at building low-cost electronics.

17 thoughts on “Taking a U2F Hardware Key from Design to Production

  1. He said his ROI was 43%. Without regard to his labor, the margin looks like it would be about 22.75%: ($8-$6.18)/8. This would be a great margin were it not for all the labor and other stuff that he is probably not getting paid for. I’m in a similar situation on my own projects, but I remind myself that I’m doing it for fun in most cases.

      1. Ah, I must have read the source post wrong, I thought he was including the Amazon charge (and all other charges) in the calculation.

        I didn’t see the total number of units mentioned in the original post. But the comment on margin is meant to bring attention to the lack of labor cost in the calculation.

        1. Except he said in the post that it only took ~4 hours to program all of them, and there are like, 150 of them there. So you’re talking like ~2 minutes of labor per device, even adding a small amount for packaging. Which really highlights the benefit of having an efficient assembly/testing setup.

  2. I’m confused: if the problem is that the programming process is too complicated for PCBCart, why wouldn’t you just have them program in a USB bootloader, and then load the more complicated final firmware later, overwriting the bootloader if you want to remove that possible hole?

    Then you just set up a script to detect the USB bootloader being plugged in, program it with the new firmware and maybe do something to confirm that it’s programmed, and you just plug, wait, unplug, rinse, repeat.

    Bit more upfront work, but gets rid of the programmer need, so you with a bunch of USB hubs or cables it becomes really trivial.

    1. This would be a good optimization. EFM8UB1 chips even come pre-programmed with a bootloader from Silicon Labs.

      I thought about doing it but figured the time I would put in to get it working (bootloader would have to be modified and USB protocol integrated with scripts) would be at least the time I’d save from programming them all with the programmers.

      1. Actually, they also come preprogrammed with a 128-bit unique ID, so you wouldn’t even have to have the ‘setup firmware’ part.

        “I thought about doing it but figured the time I would put in to get it working”

        Yeah, but then you’d never have to do it again with any future EFM8UB project. But I know where you’re coming from here, this is always the problem. So long as things are only taking you ~4 hours for a batch, it’s hard to justify going through the learning process.

  3. Just been having a look at the part & ordered a few dev kits, bewildering array of options but, I am old time cygnal user that gravitated to Silabs format so all tis fine, nice looking parts got them fro m RS components in Australia as Element 14 out of stock for too long, want m hands on em pronto, thanks for the info, cheers :-)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s