Can't create Google passkey in pico_fido_pico-5.12.uf2 & pico_fido_pico-6.0.uf2

[GremlinStyle]

Hello,
And first i would like to thank you for this awesome project

I noticed an error/bug (or my fault?) which doesn't allow me to create a google passkey in version 5.12 and 6.0 (not nightly) but in 5.8 it is working
I tested it on waterfox and chrome on my windows 10 pc
OS Name: Microsoft Windows 10 Home
OS Version: 10.0.19045 N/A Build 19045
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free

After clicking "create passkey" and entering my security pin
I was stuck for some minutes at this step

Before i finally get the message "Couldn't complete singup" or something similar
(I couldn't catch a screenshot because it's so fast gone)

I hope this information is in someway helpful and wish you a nice evening/morning/day (where ever you are)
(this is my first time writing an issue so i hope it's at least somewhat usable)

[polhenarejos]

Does it work with webauthn.io ?

[GremlinStyle]

Yes i did test it on the 6.0, 5.12 & 5.8 with webauthn.io or https://www.token2.com/tools/fido2-demo and it always worked flawless

[polhenarejos]

I've tried right now with Chrome in macOS and worked. Perhaps is the middle layer that Windows use.

Can you try with macOS or Linux?

[GremlinStyle]

This is a little embarrassing but it seems i can't use on a freshly new installed ubuntu desktop (on my laptop).

First i tried without installing anything but then after some research installed these
pscscd pscsc-tools sssd libpam-sss opensc-pkcs11

And i still can't use it (even after repeatedly reflashing with 6.0 and 5.8 version)
I tried it on firefox and chromium before digging deeper and i found out that

in most cases the pico doesn't even get detected
at least not with pcsc_scan and the browsers

Only from pamu2fcg did i get some success which is another error message
$ pamu2fcfg
No U2F device available, please insert one now, you have 6 seconds
Device found!
Enter PIN for /dev/hidraw0:
error: fido_dev_make_cred (39) FIDO_ERR_OPERATION_DENIED

Or in case i press the button after entering the key without waiting for any message
$ pamu2fcfg
Enter PIN for /dev/hidraw0:
error: fido_cred_verify (-7) FIDO_ERR_INVALID_ARGUMENT

In case i forgot to install a driver or maybe to configure a service let me know?

And on a site note is it normal for the pico to be detected as smartcard/keyboard by windows?
(version 6.0)

I thought it is more like a fido key( yubikey and so ) i noticed it while trying to detect it with libfido2 for 2 hours before seeing that windows calls it a smartcard

[polhenarejos]

For being recognized by OpenSC, you must commission it with known VID & PID. More info at https://www.picokeys.com/pico-commissioner/
Note that using known VID & PID is only necessary for CCID interface and 3rd party tools like Yubikey Manager or similar. FIDO should work with any VID & PID. It has not been tested with PAM.

Pico Fido has FIDO, Keyboard, CCID and WebCCID interfaces, so yes, it is normal.

When I said "try with macOS or Linux" I referred to create Google passkey using Chrome in macOS or Linux.

[GremlinStyle]

Thanks for the explanation
And maybe i said it poorly but i meant i can't use the pico-fido at all in firefox/chrome on ubuntu it just doesn't get detected.
I tried first with webauthn.io but and get the message in firefox to press the button, nothing happens if i do and in chromium to insert the key.

So i tried to troubleshoot it with pamu2fcfg.
I don't know if for linux i forgot to install some packages or similar.

[GremlinStyle]

Ok now also tested on linux mint with chromium.
with libu2f-udev pcscd installed and that 70-u2f.roles file

Again tested with version 6.0 and 5.8

6.0:
Webauthn.io works fine but in chrome but for the google passkey i don't get past the "Press the button on your key" part
It just doesn't react to the button press
similar to the windows case.

5.8:
It works with google just fine

[polhenarejos]

But do you press the BOOT button to confirm? Not the reset one.

[GremlinStyle]

Yes the button with the text "BOOTSEL" above it also the only button onboard

[polhenarejos]

Are you using Pico board? The same as the pic.

[GremlinStyle]

Exactly, it is the same.

[polhenarejos]

Seems a problem of timeout.
In webauthn.io (and probably others) the process is this:

• You click on Register. Board will enter in "waiting for button" state.
• Press BOOTSEL button in less than 10 seconds; otherwise will fail with timeout.
• A PIN windows will appear
• Introduce your PIN and continue. Board will enter in "waiting for button" state.
• Press BOOTSEL button again in less than 10 seconds; otherwise will fail with timeout.
• The process will conclude successfully.

Can you confirm you press BOOTsel button twice in less than 10 seconds after click on Register/Authenticate and PIN input?

[GremlinStyle]

Strange,
I tested it on windows 11 and it worked just fine
But on windows 10 it's getting stuck after entering the pin

So i don't even get to the "waiting for button" state.

This is what i do.

Expected happenings

Here it's stuck for a minute or two

And error messages following

[windskyxb]

Same issue