FIDO2 is a solution to the problems associated with passwords by replacing them with secret keys stored on dedicated hardware security keys. However, these security keys can become a target for attackers. The author of this post implemented a safer FIDO2 security key called Plat for their Master’s thesis. Plat uses privilege separation to prevent bugs from compromising the security of the key. It utilizes WebAssembly to create isolation domains and control access to hardware peripherals. The goal is to ensure that bugs cannot lead to the compromise of secret keys and that each signature is approved by the user.
https://benkettle.xyz/posts/plat/