[Gnuk-users] Flashing the FST-01 and generating and importing a key in a secure environment

[NIIBE Yutaka]

On 02/16/2015 06:15 PM, Jonathan Schleifer wrote:
> Flashing the firmware would erase all keys, right?

Yes.

> So, you would notice if someone flashes your Gnuk.

My concern is the possibility of fake firmware.  If user's environment
is not secure enough against malicious USB hardware, some attack would
be possible.

Here is an example, perhaps, pretty unlikely usually.

Suppose your carrier is easily accessed by someone else.  He knows you
order "bare" or "open" version of FST-01.  He intercepts the delivery,
and flashes his own firmware which has a backdoor and a deficiency not
to perform signing correctly.  After your personalization and storing
your private keys, you find it doesn't generate correct signature.
You return FST-01 to the manufacturer.  And he intercepts again...

No, transparent shrink tube couldn't prevent such an attack, either.
It only makes it difficult a bit.  However, it requires physical
modification/recovery, which would be more guilty under some
legislation.

> And for the firmware it comes with, well, the first thing for me was
> updating it to 1.1.4 anyway :).

Good.  That's the practice of mine, too.
--