[Gnuk-users] reflash without working pin?

NIIBE Yutaka gniibe at fsij.org
Thu Sep 28 23:57:18 UTC 2017


Vagrant Cascadian <vagrant at debian.org> wrote:
> Without a reset pin, admin pin, or user pin, how can I reflash the
> firmware?

When you build your Gnuk with --enable-factory-reset option, you can do
reset by the subcommand "factory-reset" of "gpg --card-edit".

Or, you can flash it by SWD debugger.  When doing some experiments (of
trials and errors), I recommend having SWD debugger, so that you can
recover the functionality of device.

That's because the locked state of Gnuk is irreversible (non-recoverble)
by its design.

I recommend building Gnuk with --enable-factory-reset option, only when
needed, because it means inviting another attack vector.  Default is
--disable-factory-reset option.
-- 



More information about the gnuk-users mailing list