<div dir="ltr">Is there a test suite or other specific things I can test with the Nitrokey and GnuK 1.2?<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><br><br><a href="https://raymii.org" target="_blank">https://raymii.org</a><br></div></div>
<br><div class="gmail_quote">On Tue, Oct 11, 2016 at 6:26 PM, Remy van Elst <span dir="ltr"><<a href="mailto:relst@relst.nl" target="_blank">relst@relst.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I've written a small guide for anyone else with a bricked nitrokey:<br><br><a href="https://raymii.org/s/tutorials/Nitrokey_gnuk_firmware_update_via_DFU.html" target="_blank">https://raymii.org/s/<wbr>tutorials/Nitrokey_gnuk_<wbr>firmware_update_via_DFU.html</a><br></div><div class="gmail_extra"><br clear="all"><div><div class="m_5587797807445371865gmail_signature" data-smartmail="gmail_signature"><br><br><a href="https://raymii.org" target="_blank">https://raymii.org</a><br></div></div><div><div class="h5">
<br><div class="gmail_quote">On Tue, Oct 11, 2016 at 5:33 PM, Remy van Elst <span dir="ltr"><<a href="mailto:relst@relst.nl" target="_blank">relst@relst.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div>Small update, <br><br>I fried one Nitrokey when trying to solder on the ST Link headers. Bummer.<br><br></div>I hot-air desoldered an USB header from an old motherboard in the e-waste bin and used the standard USB pinout, which suprisingly, worked. (<a href="https://i.imgur.com/PQ7QG2B.png" target="_blank">https://i.imgur.com/PQ7QG2B.p<wbr>ng</a>).<br><br></div>The stm32flash tool was unable to remove the flash protection:<br><br> $ sudo stm32flash -u /dev/ttyUSB0 <br> stm32flash 0.5<br><br> <a href="http://stm32flash.sourceforge.net/" target="_blank">http://stm32flash.sourceforge.<wbr>net/</a><br><br> Interface serial_posix: 57600 8E1<br> Version : 0x22<br> Option 1 : 0x00<br> Option 2 : 0x00<br> Device ID : 0x0410 (STM32F10xxx Medium-density)<br> - RAM : 20KiB (512b reserved by bootloader)<br> - Flash : 128KiB (size first sector: 4x1024)<br> - Option RAM : 16b<br> - System RAM : 2KiB<br> Write-unprotecting flash<br> Got NACK from device on command 0x73<br> Done.<br><br></div>so I had to use the Windows ST Demo loader tool. It worked, and I'm able to flash the gnuk 1.2 release to the Nitrokey start. (Not the fried one, another one). That seems to work so far:<br><br><br><br>$ gpg --card-status<br><br> Reader ...........: Nitrokey Nitrokey Start (FSIJ-1.2.1-87042430) 00 00<br> Application ID ...: D276000124010200FFFE8704243000<wbr>00<span><br> Version ..........: 2.0<br> Manufacturer .....: unmanaged S/N range<br></span> Serial number ....: 87042430<span><br> Name of cardholder: [not set]<br> Language prefs ...: [not set]<br> Sex ..............: unspecified<br> URL of public key : [not set]<br> Login data .......: [not set]<br></span><span> Signature PIN ....: forced<br> Key attributes ...: rsa2048 rsa2048 rsa2048<br></span><span> Max. PIN lengths .: 127 127 127<br> PIN retry counter : 3 3 3<br></span> Signature counter : 4<br> Signature key ....: 3D1B 8501 882B EA0D D813 6CAC 1437 62A5 87BD 54FE<br> created ....: 2016-10-11 15:06:29<br> Encryption key....: 9898 208B 7876 4F65 A06E 3E65 637A 80D6 31D5 21C2<br> created ....: 2016-10-11 15:06:29<br> Authentication key: 2141 3E30 8EFF F2D0 FB3D 4C9E DA3D F5B9 7130 1532<br> created ....: 2016-10-11 15:06:29<br> General key info..: pub rsa2048/0x143762A587BD54FE 2016-10-11 Remy test (Test gnuk1.2) <<a href="mailto:remy@test.nl" target="_blank">remy@test.nl</a>><br> sec> rsa2048/0x143762A587BD54FE created: 2016-10-11 expires: 2016-10-18<br> <wbr> card-no: FFFE 87042430<br> ssb> rsa2048/0xDA3DF5B971301532 created: 2016-10-11 expires: 2016-10-18<br> <wbr> card-no: FFFE 87042430<br> ssb> rsa2048/0x637A80D631D521C2 created: 2016-10-11 expires: 2016-10-18<br> <wbr> card-no: FFFE 87042430<br><br><br><br></div>After flashing it with the Windows tool, stm32flash does work:<br><br><br><br> $ sudo stm32flash -w build/gnuk.bin -g 0x0 /dev/ttyUSB0 <br> stm32flash 0.5<br><br> <a href="http://stm32flash.sourceforge.net/" target="_blank">http://stm32flash.sourceforge.<wbr>net/</a><br><br> Using Parser : Raw BINARY<br> Interface serial_posix: 57600 8E1<br> Version : 0x22<br> Option 1 : 0x00<br> Option 2 : 0x00<br> Device ID : 0x0410 (STM32F10xxx Medium-density)<br> - RAM : 20KiB (512b reserved by bootloader)<br> - Flash : 128KiB (size first sector: 4x1024)<br> - Option RAM : 16b<br> - System RAM : 2KiB<br> Write to memory<br> Erasing memory<br> Wrote address 0x0801b000 (100.00%) Done.<br><br> Starting execution at address 0x08000000... done.<br><br></div>I can also place an ecc 25519 key on the device:<br><br> $ gpg --card-status<br><br> Reader ...........: Nitrokey Nitrokey Start (FSIJ-1.2.1-87042430) 00 00<br> Application ID ...: D276000124010200FFFE8704243000<wbr>00<span><br> Version ..........: 2.0<br> Manufacturer .....: unmanaged S/N range<br></span> Serial number ....: 87042430<span><br> Name of cardholder: [not set]<br> Language prefs ...: [not set]<br> Sex ..............: unspecified<br> URL of public key : [not set]<br> Login data .......: [not set]<br></span> Signature PIN ....: forced<br> Key attributes ...: ed25519 rsa2048 rsa2048<span><br> Max. PIN lengths .: 127 127 127<br> PIN retry counter : 3 3 3<br> Signature counter : 0<br></span> Signature key ....: 3678 F2EE 1CCB 4B24 B107 38BA 101D 491F 08E7 FD60<br> created ....: 2016-10-11 15:31:27<br> Encryption key....: [none]<br> Authentication key: [none]<br> General key info..: pub ed25519/0x101D491F08E7FD60 2016-10-11 test remy ecc (gnuk 1.2) <<a href="mailto:nitrokey@raymii.nl" target="_blank">nitrokey@raymii.nl</a>><br> sec> ed25519/0x101D491F08E7FD60 created: 2016-10-11 expires: 2016-10-18<br> <wbr> card-no: FFFE 87042430<br><br><br></div>Yay!<br><div><div><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="m_5587797807445371865m_-4984475829490383345gmail_signature" data-smartmail="gmail_signature"><br><br><a href="https://raymii.org" target="_blank">https://raymii.org</a><br></div></div><div><div class="m_5587797807445371865h5">
<br><div class="gmail_quote">On Fri, Sep 16, 2016 at 3:26 PM, NIIBE Yutaka <span dir="ltr"><<a href="mailto:gniibe@fsij.org" target="_blank">gniibe@fsij.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello, Jan,<br>
<span><br>
On 09/16/2016 05:38 PM, Jan Suhr wrote:<br>
> Nitrokey Start hardware is based on FST-01. In particular the MCU is<br>
> identical. The main differences are:<br>
> - No external flash<br>
> - Different pinning. See:<br>
> <a href="https://github.com/Nitrokey/nitrokey-start-firmware/commit/c98d6cbc4a225f10bca8f2d7b86effcbdcf534f4" rel="noreferrer" target="_blank">https://github.com/Nitrokey/ni<wbr>trokey-start-firmware/commit/c<wbr>98d6cbc4a225f10bca8f2d7b86effc<wbr>bdcf534f4</a><br>
><br>
> Do you think the different pinning may be a cause for the update issue?<br>
<br>
</span>Thanks for the pointer.<br>
<br>
The file is a bit different to the one in Chopstx (Gnuk 1.2).<br>
<br>
<a href="https://git.gniibe.org/gitweb/?p=chopstx/chopstx.git;a=commitdiff;h=8650bde8a056ca8d7954837bfd6692958e263634;hp=6e7334dcfff83898ff6b8568bf24c6fe90deaa9c" rel="noreferrer" target="_blank">https://git.gniibe.org/gitweb/<wbr>?p=chopstx/chopstx.git;a=commi<wbr>tdiff;h=8650bde8a056ca8d795483<wbr>7bfd6692958e263634;hp=6e7334dc<wbr>fff83898ff6b8568bf24c6fe90deaa<wbr>9c</a><br>
<br>
I had thought that it's because of revision change of hardware. If it<br>
is same hardware, I think that Gnuk 1.0 on Nitrokey Start doesn't work<br>
well with upgrade through USB.<br>
<br>
One of my friends kindly showed me the board of Nitrokey Start.<br>
I also examined the KiCAD schematic of:<br>
<br>
<a href="https://github.com/Nitrokey/nitrokey-pro-hardware" rel="noreferrer" target="_blank">https://github.com/Nitrokey/ni<wbr>trokey-pro-hardware</a><br>
<br>
Well, examining schematic is not that easy, even for such a simple<br>
one.<br>
<br>
PA9 and PA10 is connected to USB-D- and USB-D+. And with the<br>
configuration of Gnuk 1.0 for Nitrokey Start, those pins of PA9 and<br>
PA10 is pulled up by Vdd. I think that this interferes the USB<br>
shutdown and re-enumeration process of USB upgrade.<br>
<br>
I think that the configuration of Gnuk 1.2 for Nitrokey Start is<br>
better.<br>
<span class="m_5587797807445371865m_-4984475829490383345HOEnZb"><font color="#888888">--<br>
</font></span><div class="m_5587797807445371865m_-4984475829490383345HOEnZb"><div class="m_5587797807445371865m_-4984475829490383345h5"><br>
______________________________<wbr>_________________<br>
gnuk-users mailing list<br>
<a href="mailto:gnuk-users@lists.alioth.debian.org" target="_blank">gnuk-users@lists.alioth.debian<wbr>.org</a><br>
<a href="https://lists.alioth.debian.org/mailman/listinfo/gnuk-users" rel="noreferrer" target="_blank">https://lists.alioth.debian.or<wbr>g/mailman/listinfo/gnuk-users</a><br>
</div></div></blockquote></div><br></div></div></div>
</blockquote></div><br></div></div></div>
</blockquote></div><br></div>