[Gnuk-users] Maple Mini board support
NIIBE Yutaka
gniibe at fsij.org
Wed Apr 8 00:32:36 UTC 2015
On 04/07/2015 09:49 PM, Aidan Thornton wrote:
> Since I have a Maple Mini clone lying around with an STM32F103 I
> thought I'd try and get gnuk running on that board.
Thanks a lot. It is included into Chopstx repository.
> Note that I haven't even tried to support the Maple Mini bootloader
> so the firmware needs to be loaded via SWD or the serial bootloader
> in ROM. (Also, this will overwrite the Maple Mini bootloader -
> you'll have to load it back on using SWD or serial if you want to
> use the board with their IDE again.)
I think that it's OK (or rather recommended). If there will remain a
bootloader, it means that it can access its flash ROM (and thus,
encrypted private keys). Thus, it only makes sense in the
development/experiment stage for Gnuk, and the bootloader should not
be removed for actual use of Gnuk Token.
The reason why I support bootloader for STBee (and STBee Mini) was
some people who wanted to join the development of Gnuk complained
that JTAG/SWD debugger was expensive.
> (Enabling read protection may require a recent version of stm32flash.
> Use -k to disable read protection and mass-erase the chip if you want
> to reflash it with something else afterwards.)
Enabling read protection is highly recommended for normal use of Gnuk
to make sure private keys safe (from access of stm32flash by an
attacker).
If your configuration of the header file is correct, a user should be
able to use firmware upgrade feature of Gnuk. Once upgraded with that,
it will be protected. I didn't test in this way (non-protected but
protected by firmware upgrade), but it is intended to do so.
--
More information about the gnuk-users
mailing list