[Gnuk-users] Upgrading gnuk on a nitrokey start
Szczepan Zalega | Nitrokey
szczepan at nitrokey.com
Tue Dec 20 13:23:53 UTC 2016
On 12/18/2016 10:18 AM, Remy van Elst wrote:
> Well, it seems to work without issues on the nitrokeys I upgraded
> earlier via DFU, but it still bricks my only non-borked non-upgraded
> Nitrokey start:
> (..)
>
> Upgrade fails:
>
> n python2 ./upgrade_by_passwd.py -f ../regnual/regnual.bin
> ../src/build/gnuk.bin
> ../regnual/regnual.bin: 4372
> ../src/build/gnuk.bin: 110592
> CRC32: f3fafa79
>
> Device:
> Configuration: 1
> Interface: 0
> 20001400:20004a00
> Downloading flash upgrade program...
> start 20001400
> end 20002500
> Run flash upgrade program...
> Waiting for device to appear:
> - Wait 1 seconds...
(...)
> - Wait 1 seconds...
> ^CTraceback (most recent call last):
> File "./upgrade_by_passwd.py", line 134, in <module>
> main(wait_e, keyno, passwd, data_regnual, data_upgrade[4096:])
> File "./upgrade_by_passwd.py", line 75, in main
> time.sleep(wait_e)
> KeyboardInterrupt
>
>
>
> Nitrokey blinks, green light.
Hi Remy!
I have tried to reproduce your issue but with no luck. I have checked
regnual upgrade from:
- v1.0.4 compiled with 4.9.3 GCC (master branch)
- used original firmware for first release
- stock device from first release, 1.0.4
I suspect the compiler could cause this. 6.2 vs 4.9.3 is a great version
difference (assuming this is the one from your next email). Our
regnual's binary files' sizes are different (either compiler or
different ./configure setting).
Also, you have not shown in log the configuration phase. Possible other
causes:
- improper chopstx commit (`git submodule update` should be issued after
checkout)
- regnual and gnuk binaries have not been recompiled after checkout and
./configure command
- vid/pid not set or set to wrong value for ./configuration script
(defaults should be matched by upgrade script AFAIR)
Is the device listed on lsusb?
Upgrade script waits for device appearing under two vid/pid
configurations listed in GNUK_USB_DEVICE_ID. The blinking on the device
shows it executed regnual's binary and waits for commands. If it is
listed on lsusb maybe just changing/adding vid/pid in mentioned GNUK_
file would suffice since it is parsed by upgrade script (removing
previously the code uploading regnual to the device).
If the device is not listed in lsusb then probably wrong configuration
was chosen during the binaries compilation and USB is not enabled on the
device. In this case regnual's upgrade path is blocked and only
reflashing is possible to restore the device.
I am attaching a log from first release stock device's upgrade.
I have used there firmware for second NK Start release, where LEDs are
swapped. Unfortunately swap could not be done with regnual's update and
in the result red LED stays on all the time after that. I will prepare
fix next week. You can do it yourself just reverting commits introducing
this change to make green LED work again (either in main or chopstx
repository).
I will also add prebuilt firmware to the `gnuk1.2-regnual-fix` branch to
avoid such issues (`./prebuilt/` directory).
Let me know in case of any questions (I might respond next week).
PS Here is my configure command:
./configure --vidpid=20a0:4211 --target=NITROKEY_START
--enable-factory-reset --enable-certdo
--
Best regards,
Szczepan
-------------- next part --------------
1 sz at feather:~/work/nitrokey-start-firmware?
1 sz at feather:~/work/nitrokey-start-firmware? cd tool/
sz at feather:~/work/nitrokey-start-firmware/tool? python usb_strings.py
Device:
Vendor: Nitrokey
Product: Nitrokey Start
Serial: FSIJ-1.0.4-52FF7B06
Revision: release/1.0.4-6-g739e00e
Config: NITROKEY_START:dfu=no:debug=no:pinpad=no:certdo=yes:keygen=yes
Sys: 1.0
sz at feather:~/work/nitrokey-start-firmware/tool? gpg2 --card-status
Reader ...........: 20A0:4211:FSIJ-1.0.4-52FF7B06:0
Application ID ...: D276000124010200FFFE52FF7B060000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 52FF7B06
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
sz at feather:~/work/nitrokey-start-firmware/tool? sha512sum ../regnual/regnual.bin ../src/build/gnuk.bin
13cf8536d4a524c42ac88dac059f209c6853df1e4cc608d5f4bf07cc6fa1c65cbbb0d10393784c0dd31b7f702ca60bdb24e90d8ebb0cff421712bd30632fc4a9 ../regnual/regnual.bin
7443ebb99387322be2e00046921adb46c381b8e9d1ee658749c8aca8ba9e398b3a6f44b57dedc1ffe7f30649e862cfdc02ae660846cc49be1f7f6676900e403f ../src/build/gnuk.bin
sz at feather:~/work/nitrokey-start-firmware/tool? ll ../regnual/regnual.bin ../src/build/gnuk.bin
-rwxr-xr-x 1 sz sz 4388 Dec 19 17:27 ../regnual/regnual.bin*
-rwxr-xr-x 1 sz sz 112640 Dec 19 17:27 ../src/build/gnuk.bin*
sz at feather:~/work/nitrokey-start-firmware/tool? cat upgrade_wrapper.sh
#make in src
#make in regnual
./upgrade_by_passwd.py -f ../regnual/regnual.bin ../src/build/gnuk.bin
sz at feather:~/work/nitrokey-start-firmware/tool? lsusb -d 20a0:
Bus 003 Device 032: ID 20a0:4211 Clay Logic
sz at feather:~/work/nitrokey-start-firmware/tool? bash upgrade_wrapper.sh
../regnual/regnual.bin: 4388
../src/build/gnuk.bin: 112640
CRC32: a4811640
Device:
Configuration: 1
Interface: 0
20001400:20004a00
Downloading flash upgrade program...
start 20001400
end 20002500
Run flash upgrade program...
Waiting for device to appear:
- Wait 1 seconds...
Device:
08001000:08020000
Downloading the program
start 08001000
end 0801b800
Resetting device
Update procedure finished
sz at feather:~/work/nitrokey-start-firmware/tool? lsusb -d 20a0:
Bus 003 Device 034: ID 20a0:4211 Clay Logic
sz at feather:~/work/nitrokey-start-firmware/tool? python usb_strings.py
Device:
Vendor: Nitrokey
Product: Nitrokey Start
Serial: FSIJ-1.2.2-87053532
Revision: release/1.2.2-9-g1a76ab5-modified
Config: NITROKEY_START:dfu=no:debug=no:pinpad=no:certdo=yes
Sys: 1.0
sz at feather:~/work/nitrokey-start-firmware/tool? gpg2 --card-status
Reader ...........: 20A0:4211:FSIJ-1.2.2-87053532:0
Application ID ...: D276000124010200FFFE870535320000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 87053532
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
sz at feather:~/work/nitrokey-start-firmware/tool? git status
On branch gnuk1.2-regnual-fix
Your branch is up-to-date with 'origin/gnuk1.2-regnual-fix'.
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git checkout -- <file>..." to discard changes in working directory)
(commit or discard the untracked or modified content in submodules)
modified: ../chopstx (untracked content)
Untracked files:
(use "git add <file>..." to include in what will be committed)
../.idea/
../cmake-build-debug/
../flash.sh
../patch/
../prebuilt/
../regnual/.idea/
../regnual/CMakeLists.txt
../regnual/cmake-build-debug/
../src/.idea/
../src/CMakeLists.txt
../src/cmake-build-debug/
../src/gnuk.bin
../src/gnuk.dmp
../src/gnuk.elf
../src/gnuk.hex
../src/gnuk.map
upgrade_wrapper.sh
no changes added to commit (use "git add" and/or "git commit -a")
sz at feather:~/work/nitrokey-start-firmware/tool? git -C ../chopstx/ status
On branch gnuk1.2-nitrokey_start
Your branch is up-to-date with 'origin/gnuk1.2-nitrokey_start'.
Untracked files:
(use "git add <file>..." to include in what will be committed)
.idea/
0001-Switch-off-red-LED-for-Nitrokey-Start.patch
CMakeLists.txt
cmake-build-debug/
nothing added to commit but untracked files present (use "git add" to track)
sz at feather:~/work/nitrokey-start-firmware/tool?
sz at feather:~/work/nitrokey-start-firmware? arm-none-eabi-gcc --version
arm-none-eabi-gcc (15:4.9.3+svn231177-1) 4.9.3 20150529 (prerelease)
Copyright (C) 2014 Free Software Foundation, Inc.
sz at feather:~/work/nitrokey-start-firmware? lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu 16.10
Release: 16.10
Codename: yakkety
sz at feather:~/work/nitrokey-start-firmware? git show
commit 1a76ab583ddeec49aaf5c4afee447a8607ecefdb
Author: Szczepan Zalega <szczepan at nitrokey.com>
Date: Mon Dec 12 14:33:27 2016 +0100
Blink only on smartcard access
Do not blink after connection
Done to unify Nitrokey Sticks' LED behavior
Signed-off-by: Szczepan Zalega <szczepan at nitrokey.com>
diff --git a/src/openpgp.c b/src/openpgp.c
index b6a2873..a9de120 100644
--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -1551,6 +1551,7 @@ openpgp_card_thread (void *arg)
led_blink (LED_START_COMMAND);
process_command_apdu ();
led_blink (LED_FINISH_COMMAND);
+ led_blink (LED_ONESHOT); //blink after finishing each command
done:
eventflag_signal (ccid_comm, EV_EXEC_FINISHED);
}
diff --git a/src/usb-ccid.c b/src/usb-ccid.c
index 0b7e3f4..21cbd55 100644
--- a/src/usb-ccid.c
+++ b/src/usb-ccid.c
@@ -845,7 +845,7 @@ ccid_send_status (struct ccid *c)
c->epi->tx_done = 1;
usb_lld_write (c->epi->ep_num, ccid_reply, CCID_MSG_HEADER_SIZE);
- led_blink (LED_SHOW_STATUS);
+// led_blink (LED_SHOW_STATUS); //blinks regularly after running gpg2 command
#ifdef DEBUG_MORE
DEBUG_INFO ("St\r\n");
#endif
@@ -1332,7 +1332,7 @@ ccid_handle_timeout (struct ccid *c)
break;
}
- led_blink (LED_ONESHOT);
+// led_blink (LED_ONESHOT); //blinks after powering on, stops after running gpg2 command
return next_state;
}
More information about the gnuk-users
mailing list