[Gnuk-users] Upgrading gnuk on a nitrokey start

Remy van Elst relst at relst.nl
Tue Aug 23 17:26:06 UTC 2016 

The second batch of Nitrokey starts came today, I ordered two more. On one
I ran the upgrade_by_passwd.py script. Here's the usb_strings recognizing
the key:

$ python2 ./usb_strings.py
Device:
    Vendor: Nitrokey
   Product: Nitrokey Start
    Serial: FSIJ-1.0.4-52FF7106
  Revision: release/1.0.4-6-g739e00e
    Config: NITROKEY_START:dfu=no:debug=no:pinpad=no:certdo=yes:keygen=yes
       Sys: 1.0

No keys generated, no initialization whatsever, upgrade right away:

$ python2 ./upgrade_by_passwd.py  ../regnual/regnual.bin
../src/build/gnuk.bin
Admin password:
../regnual/regnual.bin: 4372
../src/build/gnuk.bin: 110592
CRC32: 8d82b2df

Device:
Configuration: 1
Interface: 0
20001400:20004a00
Downloading flash upgrade program...
start 20001400
end   20002500
Run flash upgrade program...
Wait 1 seconds...
Wait 1 seconds...
Wait 1 seconds...
Wait 1 seconds...
Wait 1 seconds...
Wait 1 seconds...
Wait 1 seconds...
Wait 1 seconds...
Wait 1 seconds...
Wait 1 seconds...
Wait 1 seconds...
Wait 1 seconds...


This goes on and on and on. Here's the dmesg output:

dmesg -wH
[  +2.755257] usb 1-1.1: new full-speed USB device number 4 using ehci-pci
[  +2.755257] usb 1-1.1: new full-speed USB device number 4 using ehci-pci
[ +17.034260] usb 1-1-port1: disabled by hub (EMI?), re-enabling...
[  +0.000008] usb 1-1.1: USB disconnect, device number 4
[  +0.188718] usb 1-1.1: new low-speed USB device number 5 using ehci-pci
[  +0.066661] usb 1-1.1: device descriptor read/64, error -32
[  +0.170001] usb 1-1.1: device descriptor read/64, error -32
[  +0.173339] usb 1-1.1: new low-speed USB device number 6 using ehci-pci
[  +0.066655] usb 1-1.1: device descriptor read/64, error -32
[  +0.169995] usb 1-1.1: device descriptor read/64, error -32
[  +0.173326] usb 1-1.1: new low-speed USB device number 7 using ehci-pci
[  +0.406782] usb 1-1.1: device not accepting address 7, error -32
[  +0.069870] usb 1-1.1: new low-speed USB device number 8 using ehci-pci
[  +0.406659] usb 1-1.1: device not accepting address 8, error -32
[  +0.000199] usb 1-1-port1: unable to enumerate USB device



I stopped it after a few minutes of blinking lights:

^C
Traceback (most recent call last):
  File "./upgrade_by_passwd.py", line 130, in <module>
    main(wait_e, keyno, passwd, data_regnual, data_upgrade[4096:])
  File "./upgrade_by_passwd.py", line 73, in main
    time.sleep(wait_e)
KeyboardInterrupt


Do note that this was on a different laptop with a different OS. My first
attempts were on Arch, I did this on an ubuntu 14.04 machine with gnupg 2.1
compiled.

I also have ordered two FST-01 without case, to see if the upgrade works
there. If that is the case, there might be a nitrokey issue. If not, then I
hope my STM adapter comes in soon to restore these devices and see if the
upgrade works via the stm.

I still have the nitrokey plugged in, lights blinking. If someone has some
magic USB scripts or so, I'll leave it plugged in as long as it goes.

Cheers,
Remy







https://raymii.org

On Fri, Aug 19, 2016 at 7:27 AM, Jan Suhr <jan at nitrokey.com> wrote:

> Hello Gentlemen!
>
> Am 19.08.2016 um 06:28 schrieb Remy van Elst:
> >
> >
> > Op 19 aug. 2016 om 03:12 heeft NIIBE Yutaka <gniibe at fsij.org
> > <mailto:gniibe at fsij.org>> het volgende geschreven:
> >
> >> Hello,
> >>
> >> On 08/19/2016 01:55 AM, Remy van Elst wrote:
> >>> The output of:
> >>>
> >>> data_in_device = gnuk.cmd_read_binary(fileid)
> >>> print(data_in_device)
> >>>
> >>> before and after the commands for key 0 was:
> >>>
> >>> array('B', [212, 53, 156, 129, 194, 146, 131, 155, 213, 187, 122, 61,
> >>
> >> Thanks.  It seemed that it didn't work as I expected (= writing the
> >> first two-byte to zero).  I'll check.
> >>
> >>>    Then, reGNUal works somehow.  I don't know if reGNUal's USB worked
> >>>    well or not.  Do you still run your PC?  What output of dmesg, can
> you
> >>>    see before the time of 142898.997643?
> >>>
> >>>
> >>> This:
> >>>
> >>> [10978.547877] wlp3s0: authentication with fa:8f:ca:54:8d:12 timed out
> >>> [10986.526488] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready
> >>> [11011.497347] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready
> >>> [11014.721191] wlp3s0: authenticate with 34:31:c4:8e:d9:4c
> >>> [11014.723742] wlp3s0: send auth to 34:31:c4:8e:d9:4c (try 1/3)
> >>> [11014.809521] wlp3s0: authenticated
> >>> [11014.810153] wlp3s0: associate with 34:31:c4:8e:d9:4c (try 1/3)
> >>> [11014.829753] wlp3s0: RX AssocResp from 34:31:c4:8e:d9:4c (capab=0x411
> >>> status=0 aid=1)
> >>> [11014.849389] wlp3s0: associated
> >>> [11014.849513] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes
> ready
> >>> [11014.909665] wlp3s0: Limiting TX power to 20 (23 - 3) dBm as
> >>> advertised by 34:31:c4:8e:d9:4c
> >>> [34439.950737] perf: interrupt took too long (5281 > 5185), lowering
> >>> kernel.perf_event_max_sample_rate to 37800
> >>> [142898.997643] usb 1-1.1: USB disconnect, device number 7
> >>> [142900.418569] usb 1-1.1: new full-speed USB device number 8 using
> >>> ehci-pci
> >>> [145925.226816] usb 1-1-port1: disabled by hub (EMI?), re-enabling...
> >>
> >> It seemed that USB part of reGNUal didn't work well.  When upgrade is
> >> requested, Gnuk shutdowns the USB port, erases flash ROM pages, and
> >> then, gives the control to reGNUal.  It is reGNUal which again enables
> >> USB port.  When it is enabled again, we should see something like:
> >>
> >>    usb 1-1.1: New USB device found, idVendor=234b, idProduct=0000
> >>
> >> We need to check how USB port works with Nitrokey Start.
> >
> > I did receive a message from Jan from Nitrokey stating that they don't
> > change the vidpid when compiling gnuk for the nitrokey, but I did add
> > the --vidpid option when configuring set to the out/put /of lsusb, clay
> > logic's usb id. The other compile option was for the board.
>
> My initial statement was wrong. The actual USB VID and PID of Nitrokey
> Start are in fact 20a0:4211 as Remy mentioned.
>
> We compile Gnuk with these options:
> ./configure --vidpid=20a0:4211 --target=NITROKEY_START --enable-certdo
> --enable-keygen
>
>
> >>> I did find a thread somewhere where it was advised to change the sleep
> >>> in this script to 10 seconds. Would that have helped?
> >>
> >> Now, it loops until it finds the USB port.   The problem here is
> Nitrokey
> >> Start's USB port issue.
> >>
> >> I don't know if it was tested by the engineers at Nitrokey.
> >>
> >>
> >
> > I hope one of them reads the mailing list and can give some more
> > information on this part, because I'm also unsure of that.
>
> We didn't test the upgrade procedure.
>
> Nitrokey's Start hardware is based on FST's hardware so that both should
> behave very similarly. Are you sure the USB port issue is specific for
> NK Start?
>
> Best regards,
> Jan
>
> >>> So that part worked at least :). Now on to make the rest also work, and
> >>> after that test the 1.2.1 release!
> >>
> >> Yes.  Gnuk 1.0.4 on Nitrokey Start worked.
> >>
> >>> I do really appriciate the help and support, so thank you for that. I
> >>> did order the swd device (two actually) from aliexpress, so that will
> >>> take at least two weeks to get here. I also ordered two more nitrokey
> >>> devices, which will hopefully arrive sooner.
> >>>
> >>> I'll document the process there and will use the password upgrade
> script
> >>> at first, before hosing it :)
> >>
> >> Thanks a lot.  I suggest to identify/fix the problem of reGNUal at
> >> first.
> >>
> >> How did you configure Gnuk 1.2.1 for Nitrokey Start?  It effects
> >> reGNUal too.
> >
> > As said above, when using the ./configure script I gave the board
> > parameter and the vidpid parameter.
> >
> > Do you have any suggestions on debugging this more when the two other
> > nitrokeys come in?
> >
> >
> >> --
> >>
> >> _______________________________________________
> >> gnuk-users mailing list
> >> gnuk-users at lists.alioth.debian.org
> >> <mailto:gnuk-users at lists.alioth.debian.org>
> >> https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
> >
> >
> > _______________________________________________
> > gnuk-users mailing list
> > gnuk-users at lists.alioth.debian.org
> > https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
> >
>
> --
> Jan Suhr
>
> Nitrokey UG (haftungsbeschränkt)
> Web: https://www.nitrokey.com
>
> Email: jan at nitrokey.com
> Phone: +49 163 7010 408
>
> Berliner Str. 166, 10715 Berlin, Germany
> CEO / Geschäftsführer: Jan Suhr
> Register Record: AG Charlottenburg, HRB 164549 B
> VAT ID / USt-IdNr.: DE300136599
>
> _______________________________________________
> gnuk-users mailing list
> gnuk-users at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20160823/14b905bf/attachment.html>

More information about the gnuk-users mailing list