[Gnuk-users] Upgrading gnuk on a nitrokey start
Remy van Elst
relst at relst.nl
Tue Oct 11 15:33:16 UTC 2016
Small update,
I fried one Nitrokey when trying to solder on the ST Link headers. Bummer.
I hot-air desoldered an USB header from an old motherboard in the e-waste
bin and used the standard USB pinout, which suprisingly, worked. (
https://i.imgur.com/PQ7QG2B.png).
The stm32flash tool was unable to remove the flash protection:
$ sudo stm32flash -u /dev/ttyUSB0
stm32flash 0.5
http://stm32flash.sourceforge.net/
Interface serial_posix: 57600 8E1
Version : 0x22
Option 1 : 0x00
Option 2 : 0x00
Device ID : 0x0410 (STM32F10xxx Medium-density)
- RAM : 20KiB (512b reserved by bootloader)
- Flash : 128KiB (size first sector: 4x1024)
- Option RAM : 16b
- System RAM : 2KiB
Write-unprotecting flash
Got NACK from device on command 0x73
Done.
so I had to use the Windows ST Demo loader tool. It worked, and I'm able to
flash the gnuk 1.2 release to the Nitrokey start. (Not the fried one,
another one). That seems to work so far:
$ gpg --card-status
Reader ...........: Nitrokey Nitrokey Start (FSIJ-1.2.1-87042430) 00 00
Application ID ...: D276000124010200FFFE870424300000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 87042430
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 4
Signature key ....: 3D1B 8501 882B EA0D D813 6CAC 1437 62A5 87BD 54FE
created ....: 2016-10-11 15:06:29
Encryption key....: 9898 208B 7876 4F65 A06E 3E65 637A 80D6 31D5 21C2
created ....: 2016-10-11 15:06:29
Authentication key: 2141 3E30 8EFF F2D0 FB3D 4C9E DA3D F5B9 7130 1532
created ....: 2016-10-11 15:06:29
General key info..: pub rsa2048/0x143762A587BD54FE 2016-10-11 Remy
test (Test gnuk1.2) <remy at test.nl>
sec> rsa2048/0x143762A587BD54FE created: 2016-10-11 expires:
2016-10-18
card-no: FFFE 87042430
ssb> rsa2048/0xDA3DF5B971301532 created: 2016-10-11 expires:
2016-10-18
card-no: FFFE 87042430
ssb> rsa2048/0x637A80D631D521C2 created: 2016-10-11 expires:
2016-10-18
card-no: FFFE 87042430
After flashing it with the Windows tool, stm32flash does work:
$ sudo stm32flash -w build/gnuk.bin -g 0x0 /dev/ttyUSB0
stm32flash 0.5
http://stm32flash.sourceforge.net/
Using Parser : Raw BINARY
Interface serial_posix: 57600 8E1
Version : 0x22
Option 1 : 0x00
Option 2 : 0x00
Device ID : 0x0410 (STM32F10xxx Medium-density)
- RAM : 20KiB (512b reserved by bootloader)
- Flash : 128KiB (size first sector: 4x1024)
- Option RAM : 16b
- System RAM : 2KiB
Write to memory
Erasing memory
Wrote address 0x0801b000 (100.00%) Done.
Starting execution at address 0x08000000... done.
I can also place an ecc 25519 key on the device:
$ gpg --card-status
Reader ...........: Nitrokey Nitrokey Start (FSIJ-1.2.1-87042430) 00 00
Application ID ...: D276000124010200FFFE870424300000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 87042430
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: ed25519 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: 3678 F2EE 1CCB 4B24 B107 38BA 101D 491F 08E7 FD60
created ....: 2016-10-11 15:31:27
Encryption key....: [none]
Authentication key: [none]
General key info..: pub ed25519/0x101D491F08E7FD60 2016-10-11 test
remy ecc (gnuk 1.2) <nitrokey at raymii.nl>
sec> ed25519/0x101D491F08E7FD60 created: 2016-10-11 expires:
2016-10-18
card-no: FFFE 87042430
Yay!
https://raymii.org
On Fri, Sep 16, 2016 at 3:26 PM, NIIBE Yutaka <gniibe at fsij.org> wrote:
> Hello, Jan,
>
> On 09/16/2016 05:38 PM, Jan Suhr wrote:
> > Nitrokey Start hardware is based on FST-01. In particular the MCU is
> > identical. The main differences are:
> > - No external flash
> > - Different pinning. See:
> > https://github.com/Nitrokey/nitrokey-start-firmware/commit/
> c98d6cbc4a225f10bca8f2d7b86effcbdcf534f4
> >
> > Do you think the different pinning may be a cause for the update issue?
>
> Thanks for the pointer.
>
> The file is a bit different to the one in Chopstx (Gnuk 1.2).
>
> https://git.gniibe.org/gitweb/?p=chopstx/chopstx.git;a=commitdiff;h=
> 8650bde8a056ca8d7954837bfd6692958e263634;hp=6e7334dcfff83898ff6b8568bf24c6
> fe90deaa9c
>
> I had thought that it's because of revision change of hardware. If it
> is same hardware, I think that Gnuk 1.0 on Nitrokey Start doesn't work
> well with upgrade through USB.
>
> One of my friends kindly showed me the board of Nitrokey Start.
> I also examined the KiCAD schematic of:
>
> https://github.com/Nitrokey/nitrokey-pro-hardware
>
> Well, examining schematic is not that easy, even for such a simple
> one.
>
> PA9 and PA10 is connected to USB-D- and USB-D+. And with the
> configuration of Gnuk 1.0 for Nitrokey Start, those pins of PA9 and
> PA10 is pulled up by Vdd. I think that this interferes the USB
> shutdown and re-enumeration process of USB upgrade.
>
> I think that the configuration of Gnuk 1.2 for Nitrokey Start is
> better.
> --
>
> _______________________________________________
> gnuk-users mailing list
> gnuk-users at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20161011/b614a5ca/attachment.html>
More information about the gnuk-users
mailing list