[Gnuk-users] Upgrading gnuk on a nitrokey start

Jan Suhr jan at nitrokey.com
Fri Aug 19 05:27:15 UTC 2016 

Hello Gentlemen!

Am 19.08.2016 um 06:28 schrieb Remy van Elst:
> 
> 
> Op 19 aug. 2016 om 03:12 heeft NIIBE Yutaka <gniibe at fsij.org
> <mailto:gniibe at fsij.org>> het volgende geschreven:
> 
>> Hello,
>>
>> On 08/19/2016 01:55 AM, Remy van Elst wrote:
>>> The output of:
>>>
>>> data_in_device = gnuk.cmd_read_binary(fileid)
>>> print(data_in_device)
>>>
>>> before and after the commands for key 0 was:
>>>
>>> array('B', [212, 53, 156, 129, 194, 146, 131, 155, 213, 187, 122, 61,
>>
>> Thanks.  It seemed that it didn't work as I expected (= writing the
>> first two-byte to zero).  I'll check.
>>
>>>    Then, reGNUal works somehow.  I don't know if reGNUal's USB worked
>>>    well or not.  Do you still run your PC?  What output of dmesg, can you
>>>    see before the time of 142898.997643?
>>>
>>>
>>> This:
>>>
>>> [10978.547877] wlp3s0: authentication with fa:8f:ca:54:8d:12 timed out
>>> [10986.526488] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready
>>> [11011.497347] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready
>>> [11014.721191] wlp3s0: authenticate with 34:31:c4:8e:d9:4c
>>> [11014.723742] wlp3s0: send auth to 34:31:c4:8e:d9:4c (try 1/3)
>>> [11014.809521] wlp3s0: authenticated
>>> [11014.810153] wlp3s0: associate with 34:31:c4:8e:d9:4c (try 1/3)
>>> [11014.829753] wlp3s0: RX AssocResp from 34:31:c4:8e:d9:4c (capab=0x411
>>> status=0 aid=1)
>>> [11014.849389] wlp3s0: associated
>>> [11014.849513] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
>>> [11014.909665] wlp3s0: Limiting TX power to 20 (23 - 3) dBm as
>>> advertised by 34:31:c4:8e:d9:4c
>>> [34439.950737] perf: interrupt took too long (5281 > 5185), lowering
>>> kernel.perf_event_max_sample_rate to 37800
>>> [142898.997643] usb 1-1.1: USB disconnect, device number 7
>>> [142900.418569] usb 1-1.1: new full-speed USB device number 8 using
>>> ehci-pci
>>> [145925.226816] usb 1-1-port1: disabled by hub (EMI?), re-enabling...
>>
>> It seemed that USB part of reGNUal didn't work well.  When upgrade is
>> requested, Gnuk shutdowns the USB port, erases flash ROM pages, and
>> then, gives the control to reGNUal.  It is reGNUal which again enables
>> USB port.  When it is enabled again, we should see something like:
>>
>>    usb 1-1.1: New USB device found, idVendor=234b, idProduct=0000
>>
>> We need to check how USB port works with Nitrokey Start.
> 
> I did receive a message from Jan from Nitrokey stating that they don't
> change the vidpid when compiling gnuk for the nitrokey, but I did add
> the --vidpid option when configuring set to the out/put /of lsusb, clay
> logic's usb id. The other compile option was for the board.

My initial statement was wrong. The actual USB VID and PID of Nitrokey
Start are in fact 20a0:4211 as Remy mentioned.

We compile Gnuk with these options:
./configure --vidpid=20a0:4211 --target=NITROKEY_START --enable-certdo
--enable-keygen


>>> I did find a thread somewhere where it was advised to change the sleep
>>> in this script to 10 seconds. Would that have helped?
>>
>> Now, it loops until it finds the USB port.   The problem here is Nitrokey
>> Start's USB port issue.
>>
>> I don't know if it was tested by the engineers at Nitrokey.
>>
>>
> 
> I hope one of them reads the mailing list and can give some more
> information on this part, because I'm also unsure of that.

We didn't test the upgrade procedure.

Nitrokey's Start hardware is based on FST's hardware so that both should
behave very similarly. Are you sure the USB port issue is specific for
NK Start?

Best regards,
Jan

>>> So that part worked at least :). Now on to make the rest also work, and
>>> after that test the 1.2.1 release!
>>
>> Yes.  Gnuk 1.0.4 on Nitrokey Start worked.
>>
>>> I do really appriciate the help and support, so thank you for that. I
>>> did order the swd device (two actually) from aliexpress, so that will
>>> take at least two weeks to get here. I also ordered two more nitrokey
>>> devices, which will hopefully arrive sooner.
>>>
>>> I'll document the process there and will use the password upgrade script
>>> at first, before hosing it :)
>>
>> Thanks a lot.  I suggest to identify/fix the problem of reGNUal at
>> first.
>>
>> How did you configure Gnuk 1.2.1 for Nitrokey Start?  It effects
>> reGNUal too.
> 
> As said above, when using the ./configure script I gave the board
> parameter and the vidpid parameter. 
> 
> Do you have any suggestions on debugging this more when the two other
> nitrokeys come in? 
> 
> 
>> -- 
>>
>> _______________________________________________
>> gnuk-users mailing list
>> gnuk-users at lists.alioth.debian.org
>> <mailto:gnuk-users at lists.alioth.debian.org>
>> https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
> 
> 
> _______________________________________________
> gnuk-users mailing list
> gnuk-users at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
> 

-- 
Jan Suhr

Nitrokey UG (haftungsbeschränkt)
Web: https://www.nitrokey.com

Email: jan at nitrokey.com
Phone: +49 163 7010 408

Berliner Str. 166, 10715 Berlin, Germany
CEO / Geschäftsführer: Jan Suhr
Register Record: AG Charlottenburg, HRB 164549 B
VAT ID / USt-IdNr.: DE300136599

More information about the gnuk-users mailing list