[Gnuk-users] Upgrading gnuk on a nitrokey start
Remy van Elst
relst at relst.nl
Wed Sep 7 18:27:32 UTC 2016
I received the two FST_01's I ordered (without case, sadly) and it seems
the upgrade via usb (password script) does work there, on my first try
actually.
The configure:
./configure --target=FST_01 --vidpid="234b:0000"
Then the other regular make and for regnual the same.
I was hoping it would fail on the FST_01 as well because that would mean it
might be a hardware issue. But it seems it is actually an issue with the
Nitrokey Start hardware. I'm still waiting for the STM devices, yay for
long shipping.
Before the upgrade:
$ python2 usb_strings.py
Device:
Vendor: Free Software Initiative of Japan
Product: FSIJ USB Token
Serial: FSIJ-1.0.1-87022326
Revision: release/1.0.1
Config: FST_01:dfu=no:debug=no:pinpad=no:certdo=yes:keygen=yes
Sys: 1.0
$ gpg --card-status
Reader ...........: 234B:0000:FSIJ-1.0.1-87022326:0
Application ID ...: D276000124010200FFFE870223260000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 87022326
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
Upgrade:
$ python2 ./upgrade_by_passwd.py -f ../regnual/regnual.bin
../src/build/gnuk.bin
../regnual/regnual.bin: 4412
../src/build/gnuk.bin: 110592
CRC32: 303d2f62
Device:
Configuration: 1
Interface: 0
20001400:20004a00
Downloading flash upgrade program...
start 20001400
end 20002500
Run flash upgrade program...
Wait 1 seconds...
Device:
08001000:08020000
Downloading the program
start 08001000
end 0801b000
After the upgrade:
$ python2 usb_strings.py
Device:
Vendor: Free Software Initiative of Japan
Product: Gnuk Token
Serial: FSIJ-1.2.1-87022326
Revision: release/1.2.1-1-g2b784cb-modified
Config: FST_01:dfu=no:debug=no:pinpad=no:certdo=no
Sys: 1.0
dmesg during the upgrade and after:
[ 294.977933] thinkpad_acpi: EC reports that Thermal Table has changed
[ 726.481249] usb 1-1.1: new full-speed USB device number 3 using
ehci-pci
[ 1408.628722] usb 1-1.1: USB disconnect, device number 3
[ 1412.817498] usb 2-1.2: new full-speed USB device number 4 using
ehci-pci
[ 1461.011520] usb 2-1.2: USB disconnect, device number 4
[ 1464.014677] usb 2-1.2: new full-speed USB device number 5 using
ehci-pci
[ 1469.705384] usb 2-1.2: USB disconnect, device number 5
[ 1469.893972] usb 2-1.2: new full-speed USB device number 6 using
ehci-pci
GPG still works:
[20:20:18] [remy at gateway] [ ~ ]
$ gpg --card-status
Reader ...........: 234B:0000:FSIJ-1.2.1-87022326:0
Application ID ...: D276000124010200FFFE870223260000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 87022326
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
So now lets hope I get the bricked Nitrokeys working again with the STM
device so that we can further debug them.
https://raymii.org
On Wed, Aug 24, 2016 at 3:51 AM, NIIBE Yutaka <gniibe at fsij.org> wrote:
> Hello,
>
> Thanks for further experiment with Nitrokey Start.
>
> On 08/24/2016 02:26 AM, Remy van Elst wrote:
> > $ python2 ./upgrade_by_passwd.py ../regnual/regnual.bin
> > ../src/build/gnuk.bin
> > Admin password:
> > ../regnual/regnual.bin: 4372
> > ../src/build/gnuk.bin: 110592
> > CRC32: 8d82b2df
> >
> > Device:
> > Configuration: 1
> > Interface: 0
> > 20001400:20004a00
> > Downloading flash upgrade program...
> > start 20001400
> > end 20002500
> > Run flash upgrade program...
> > Wait 1 seconds...
> > Wait 1 seconds...
> > Wait 1 seconds...
> > Wait 1 seconds...
> > Wait 1 seconds...
> > Wait 1 seconds...
> > Wait 1 seconds...
> > Wait 1 seconds...
> > Wait 1 seconds...
> > Wait 1 seconds...
> > Wait 1 seconds...
> > Wait 1 seconds...
> >
> >
> > This goes on and on and on. Here's the dmesg output:
> >
> > dmesg -wH
> > [ +2.755257] usb 1-1.1: new full-speed USB device number 4 using
> ehci-pci
> > [ +2.755257] usb 1-1.1: new full-speed USB device number 4 using
> ehci-pci
> > [ +17.034260] usb 1-1-port1: disabled by hub (EMI?), re-enabling...
> > [ +0.000008] usb 1-1.1: USB disconnect, device number 4
> > [ +0.188718] usb 1-1.1: new low-speed USB device number 5 using ehci-pci
> > [ +0.066661] usb 1-1.1: device descriptor read/64, error -32
> > [ +0.170001] usb 1-1.1: device descriptor read/64, error -32
> > [ +0.173339] usb 1-1.1: new low-speed USB device number 6 using ehci-pci
> > [ +0.066655] usb 1-1.1: device descriptor read/64, error -32
> > [ +0.169995] usb 1-1.1: device descriptor read/64, error -32
> > [ +0.173326] usb 1-1.1: new low-speed USB device number 7 using ehci-pci
> > [ +0.406782] usb 1-1.1: device not accepting address 7, error -32
> > [ +0.069870] usb 1-1.1: new low-speed USB device number 8 using ehci-pci
> > [ +0.406659] usb 1-1.1: device not accepting address 8, error -32
> > [ +0.000199] usb 1-1-port1: unable to enumerate USB device
>
> So, reGNUal doesn't work well on the device (USB does not work).
>
> > I also have ordered two FST-01 without case, to see if the upgrade works
> > there. If that is the case, there might be a nitrokey issue. If not,
> then I
> > hope my STM adapter comes in soon to restore these devices and see if the
> > upgrade works via the stm.
> >
> > I still have the nitrokey plugged in, lights blinking. If someone has
> some
> > magic USB scripts or so, I'll leave it plugged in as long as it goes.
>
> I think that there is no way to recover, as USB seems not to be working.
>
> For your information, I show my session log with FST-01.
>
> I inserted FST-01 with Gnuk 1.0.1 on my PC.
>
> ========================================= my session log
> $ pwd
> /home/gniibe/work/gnuk-1.2.1
> $ cd src
> $ ./configure --vidpid=234b:0000
> Header file is: board-fst-01.h
> Debug option disabled
> Configured for bare system (no-DFU)
> PIN pad option disabled
> CERT.3 Data Object is NOT supported
> Card insert/removal by HID device is NOT supported
> $ cd ..
> $ lsusb -d 234b:0000 -v
>
> Bus 001 Device 004: ID 234b:0000
> Device Descriptor:
> bLength 18
> bDescriptorType 1
> bcdUSB 1.10
> bDeviceClass 0 (Defined at Interface level)
> bDeviceSubClass 0
> bDeviceProtocol 0
> bMaxPacketSize0 64
> idVendor 0x234b
> idProduct 0x0000
> bcdDevice 2.00
> iManufacturer 1 Free Software Initiative of Japan
> iProduct 2 FSIJ USB Token
> iSerial 3 FSIJ-1.0.1-50FF6E06
> bNumConfigurations 1
> Configuration Descriptor:
> bLength 9
> bDescriptorType 2
> wTotalLength 86
> bNumInterfaces 1
> bConfigurationValue 1
> iConfiguration 0
> bmAttributes 0x80
> (Bus Powered)
> MaxPower 100mA
> Interface Descriptor:
> bLength 9
> bDescriptorType 4
> bInterfaceNumber 0
> bAlternateSetting 0
> bNumEndpoints 2
> bInterfaceClass 11 Chip/SmartCard
> bInterfaceSubClass 0
> bInterfaceProtocol 0
> iInterface 0
> ChipCard Interface Descriptor:
> bLength 54
> bDescriptorType 33
> bcdCCID 1.10 (Warning: Only accurate for version 1.0)
> nMaxSlotIndex 0
> bVoltageSupport 1 5.0V
> dwProtocols 2 T=1
> dwDefaultClock 3571
> dwMaxiumumClock 3571
> bNumClockSupported 1
> dwDataRate 9600 bps
> dwMaxDataRate 9600 bps
> bNumDataRatesSupp. 1
> dwMaxIFSD 254
> dwSyncProtocols 00000000
> dwMechanical 00000000
> dwFeatures 00020842
> Auto configuration based on ATR
> Auto parameter negotation made by CCID
> Short APDU level exchange
> dwMaxCCIDMsgLen 271
> bClassGetResponse echo
> bClassEnvelope echo
> wlcdLayout none
> bPINSupport 0
> bMaxCCIDBusySlots 1
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x81 EP 1 IN
> bmAttributes 2
> Transfer Type Bulk
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0040 1x 64 bytes
> bInterval 0
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x01 EP 1 OUT
> bmAttributes 2
> Transfer Type Bulk
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0040 1x 64 bytes
> bInterval 0
> Device Status: 0x0000
> (Bus Powered)
> $ cd tool
> $ ./upgrade_by_passwd.py -f ../regnual/regnual.bin ../src/build/gnuk.bin
> ../regnual/regnual.bin: 4428
> ../src/build/gnuk.bin: 110592
> CRC32: d746d12a
>
> Device:
> Configuration: 1
> Interface: 0
> 20001400:20004a00
> Downloading flash upgrade program...
> start 20001400
> end 20002500
> Run flash upgrade program...
> Wait 1 seconds...
> Device:
> 08001000:08020000
> Downloading the program
> start 08001000
> end 0801b000
> $ lsusb -d 234b:0000 -v
>
> Bus 001 Device 006: ID 234b:0000
> Device Descriptor:
> bLength 18
> bDescriptorType 1
> bcdUSB 1.10
> bDeviceClass 0 (Defined at Interface level)
> bDeviceSubClass 0
> bDeviceProtocol 0
> bMaxPacketSize0 64
> idVendor 0x234b
> idProduct 0x0000
> bcdDevice 2.00
> iManufacturer 1 Free Software Initiative of Japan
> iProduct 2 Gnuk Token
> iSerial 3 FSIJ-1.2.1-87061034
> bNumConfigurations 1
> Configuration Descriptor:
> bLength 9
> bDescriptorType 2
> wTotalLength 93
> bNumInterfaces 1
> bConfigurationValue 1
> iConfiguration 0
> bmAttributes 0x80
> (Bus Powered)
> MaxPower 100mA
> Interface Descriptor:
> bLength 9
> bDescriptorType 4
> bInterfaceNumber 0
> bAlternateSetting 0
> bNumEndpoints 3
> bInterfaceClass 11 Chip/SmartCard
> bInterfaceSubClass 0
> bInterfaceProtocol 0
> iInterface 0
> ChipCard Interface Descriptor:
> bLength 54
> bDescriptorType 33
> bcdCCID 1.10 (Warning: Only accurate for version 1.0)
> nMaxSlotIndex 0
> bVoltageSupport 1 5.0V
> dwProtocols 2 T=1
> dwDefaultClock 4000
> dwMaxiumumClock 4000
> bNumClockSupported 0
> dwDataRate 9600 bps
> dwMaxDataRate 9600 bps
> bNumDataRatesSupp. 0
> dwMaxIFSD 254
> dwSyncProtocols 00000000
> dwMechanical 00000000
> dwFeatures 0002047A
> Auto configuration based on ATR
> Auto voltage selection
> Auto clock change
> Auto baud rate change
> Auto parameter negotation made by CCID
> Auto IFSD exchange
> Short APDU level exchange
> dwMaxCCIDMsgLen 271
> bClassGetResponse echo
> bClassEnvelope FF
> wlcdLayout none
> bPINSupport 0
> bMaxCCIDBusySlots 1
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x81 EP 1 IN
> bmAttributes 2
> Transfer Type Bulk
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0040 1x 64 bytes
> bInterval 0
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x01 EP 1 OUT
> bmAttributes 2
> Transfer Type Bulk
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0040 1x 64 bytes
> bInterval 0
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x82 EP 2 IN
> bmAttributes 3
> Transfer Type Interrupt
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0004 1x 4 bytes
> bInterval 255
> Device Status: 0x0000
> (Bus Powered)
> $ cd ../test
> $ nosetests --with-freshen
> ............................................................
> ............................................................
> ............................................................
> ............................................................
> ............................................................
> ............................................................
> ....................
> ----------------------------------------------------------------------
> Ran 380 tests in 473.934s
>
> OK
> $
> =========================================
>
> I just found that test may not work well in some environment (it has
> been working well for me, but newer Python-usb would cause a problem),
> so, I fixed in 23bbc9c755493ba5fe8317e401e0876fd7524d40.
> --
>
> _______________________________________________
> gnuk-users mailing list
> gnuk-users at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20160907/4b4eb2c3/attachment-0001.html>
More information about the gnuk-users
mailing list