Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upNitrokey Start firmware is not read protected #14
Comments
This comment has been minimized.
This comment has been minimized.
|
Hi! Our intention is to enable the read protection on all Pro, HSM and Start devices. Looks like an error in production. Will look into it. |
This comment has been minimized.
This comment has been minimized.
|
@rot42 could you provide the serial number of your STM32? |
This comment has been minimized.
This comment has been minimized.
|
@jans23 |
This comment has been minimized.
This comment has been minimized.
|
From my side, could you post the USB serial number of the affected Nitrokey Start device? You can send it by email (szcze****pan@nitrokey.com; please remove |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
I meant the part starting with FSIJ, e.g.: |
This comment has been minimized.
This comment has been minimized.
|
@szszszsz The serial number is initialized with the last 4 bytes of the above posted STM32 UID in little-endian order -> |
This comment has been minimized.
This comment has been minimized.
|
@rot42 Thank you. Will check this specific sample in logs. Our current production environment locks Start samples. That does not mean of course there was no error earlier. |
This comment has been minimized.
This comment has been minimized.
|
Reading the STM32 unique device ID using
Extracting the firmware:
I've also extracted the firmware using The extracted firmware match exactly the prebuilt RTM.6 version from this repo. The only differences are, the serial number flashed on 1st start, and the key material and data objects at the end of the firmware. |
This comment has been minimized.
This comment has been minimized.
|
Updating firmware to the latest release RTM.7 solves the issue - Regarding your specific sample, I could not find it in our current logs - perhaps it was flashed more than 3 months ago. Nevertheless I will make sure read-protection is double-checked. Thank you for reporting! |
This comment has been minimized.
This comment has been minimized.
I've tested the
I bought it around 2 months ago so it might very well have been flashed more than 3 months ago.
That perfectly answers my concerns, thanks a lot! |
This comment has been minimized.
This comment has been minimized.
|
Great! Will track self-locking in a separate issue. Closing this one as solved. |
I've recently bought a Nitrokey Start and noticed that the firmware is not read protected.
Your documentation for the old Nitrokey Pro and this tutorial about an earlier version of the Nitrokey Start state that the firmware is supposed to be read protected.
For reference, the Nitrokey Start I received is using the Nitrokey Pro v2 board (without the smartcard socket). Maybe you forgot to read protect the firmware when you switched to hardware version 2?
I think it would make sense to leave the firmware readable on the Nitrokey Pro for auditability, as the key material is stored on the smartcard (assuming the smartcard itself does the PIN verification, I didn't look if this is the case). But for the Nitrokey Start, not read protecting the firmware makes it trivial to extract the key material and bruteforce the PIN.