Releases: Nitrokey/nitrokey-start-firmware
Nitrokey Start v13.0 - OpenSSH 9.0 support
This release contains:
- The long awaited support for the OpenSSH 9.0 #67.
- Memory management fixes
Notes:
- Update from the previous firmware releases on HW4 might result in non-working LED.
- "Green" branch firmware (an upgrade from RTM.1) is not provided in this release.
Binaries are available in prebuilt/RTM.13/ directory:
Update should be as easy as calling:
pipx run pynitrokey start update
See https://docs.nitrokey.com/start/linux/firmware-update for more information.
Technical details:
- Rebases to GNUK 1.2.19
- Stack memory increased for the main and openpgp-card tasks
Tested RTM.13-RC3 tag on paths:
- hw3-flashed
- hw3-update-10-to-13.rc3
- hw5-flashed
- hw5-update-12.0-to-13.rc3
- hw5-update-12.1-to-13.rc3
- hw5-update-13-to-13 (just update operation)
- hw5-update-13-to-12.1 - reverting update (just update operation)
The failing test is related to the default state for the OpenPGP compatibility, and does not influence day to day use.
Built in isolated Docker environment with:
- arm-none-eabi-gcc (15:8-2019-q3-1+b1) 8.3.1 20190703 (release) [gcc-8-branch revision 273027]
Current regions/sections usage:
Memory region Used Size Region Size %age Used
flash0: 4 KB 4 KB 100.00%
flash: 124944 B 124 KB 98.40%
ram: 11440 B 20 KB 55.86%
build/gnuk.elf :
section size addr
.sys 0x1000 0x8000000
.startup 0xf0 0x8001000
.text 0x18ce0 0x80010f0
.textalign 0x0 0x8019dd0
.stacks 0x1f90 0x20000000
.data 0x0 0x20001f90
.bss 0xd20 0x20001f90
.gnuk_ch_certificate 0x1630 0x8019dd0
.gnuk_flash 0x4400 0x801b400
.gnuk_final 0x10 0x801f800
.debug_info 0x459af 0x0
.debug_abbrev 0x998a 0x0
.debug_loc 0x278ab 0x0
.debug_aranges 0x10c8 0x0
.debug_ranges 0x46d0 0x0
.debug_line 0x19577 0x0
.debug_str 0x4ef9 0x0
.comment 0x9f 0x0
.ARM.attributes 0x2b 0x0
.debug_frame 0x3950 0x0
Total 0xc06c6
Nitrokey Start v12.1 - New serial number for HW5
Fixes serial number issue on the GD32-based hardware (HW5) #70
Planned as a maintenance release. There is no need for an update in case of having a single NK Start device.
Update from the previous firmware releases on HW4 might result in non-working LED.
"Green" branch firmware (an upgrade from RTM.1) is not provided in this release.
Binaries available in prebuilt/RTM.12/ directory:
All tests pass on HW5.
RTM.12.1-RC2 Serial number on HW5
szszszsz
Szczepan Zalega
Fixes serial number issue on the GD32-based hardware (HW5) #70
Planned as a maintenance release. There is no need for an update in case of having a single NK Start device.
$ gpg2 --verify RTM.12.1-RC2-0-gbeacc47.zip.sig
gpg: assuming signed data in 'RTM.12.1-RC2-0-gbeacc47.zip'
gpg: Signature made Sat 05 Nov 2022 02:56:39 PM CET
gpg: using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22
gpg: Good signature from "Szczepan Zalega <szczepan.zalega@gmail.com>" [ultimate]
gpg: aka "Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>" [ultimate]
RTM.12.1-RC1 Serial number on HW5
szszszsz
Szczepan Zalega
Fixes serial number issue on the GD32-based hardware (HW5) #70
$ gpg2 --verify RTM.12.1-rc.1-0-g1d8d970.zip.sig
gpg: assuming signed data in 'RTM.12.1-rc.1-0-g1d8d970.zip'
gpg: Signature made Thu 03 Nov 2022 08:24:53 AM CET
gpg: using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22
gpg: Good signature from "Szczepan Zalega <szczepan.zalega@gmail.com>" [ultimate]
gpg: aka "Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>" [ultimate]
RTM.13-RC2 OpenSSH 9.0 support
szszszsz
Szczepan Zalega
Updates to GNUK 1.2.19. Release candidate mainly to fix OpenSSH support:
Some behavior can change. MI might not work. Might require newer chopstx implementation. To be tested.
This release should be preferred over RTM.13-RC1 if possible, as long as the expected features work.
$ gpg2 --verify RTM.13-RC2-0-g72825e0.zip.sig
gpg: assuming signed data in 'RTM.13-RC2-0-g72825e0.zip'
gpg: Signature made Thu 07 Jul 2022 07:23:40 PM CEST
gpg: using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22
gpg: Good signature from "Szczepan Zalega <szczepan.zalega@gmail.com>" [ultimate]
gpg: aka "Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>" [ultimate]
RTM.13-RC1 OpenSSH 9.0 support
szszszsz
Szczepan Zalega
Updates to GNUK 1.2.16. Release candidate mainly to fix OpenSSH support:
Some behavior can change. MI might not work. To be tested.
Nitrokey Start v12 - Support new hardware - HW5
Add support for the HW5 to the unified firmware.
Maintenance release - no need to update.
Update from the previous firmware releases on HW4 might result in non-working LED.
"Green" branch firmware (an upgrade from RTM.1) is not provided in this release.
Detailed description:
- Update chopstx for the HW5 support (GD32 based).
- Include BOARD_ID in the application config string.
- Allow to get original board name from the SYS page through USB strings.
- Move AES first forward table FT0 to the application page, to make space
for the additional hardware detection code in the SYS page. - Add helper for review of the final listing (lss file).
- Add RNG tests helper, and results for the RTM.12 firmware.
Binaries available in prebuilt/RTM.12/ directory:
Built in isolated Docker environment with:
- arm-none-eabi-gcc (15:8-2019-q3-1+b1) 8.3.1 20190703 (release) [gcc-8-branch revision 273027]
All tests pass on HW3-5.
Nitrokey Start v11 - Support new hardware
Support new hardware platform HW4.
Maintenance release - no need to update.
Tested:
- both HW3 and HW4 platforms;
- firmware update for the "red" branch.
"Green" branch firmware (an upgrade from RTM.1) is not provided in this release.
Nitrokey Start v10 - Serial number update for MI
This release corrects the serial number (change added in RTM.9) to be the same for the first identity as in previous firmware releases, to avoid breaking current setups: #41 .
Edit 31.07.2020: see the following links for automatic update procedure (support for Windows is in development).
- https://github.com/Nitrokey/pynitrokey#windows
- https://github.com/Nitrokey/pynitrokey#firmware-update-1
See previous release for the update procedure.
Reference log using update tool (click)
sz@stumpy:~/work/nitrokey-start-firmware/tool$ ./upgrade_by_passwd.py
Nitrokey Start firmware update tool
System: Linux, is_linux: True
Python: 3.7.7
Saving run log to: upgrade.log
Admin password:
Firmware data to be used:
- FirmwareType.REGNUAL: 4504, hash: ...b'65ac82a1' valid (from ...built/RTM.10/regnual.bin)
- FirmwareType.GNUK: 131072, hash: ...b'f85da8f7' valid (from ...prebuilt/RTM.10/gnuk.bin)
Currently connected device strings:
Device:
Vendor: Nitrokey
Product: Nitrokey Start
Serial: FSIJ-1.2.15-43144852
Revision: RTM.10
Config: NITROKEY_START:dfu=no:debug=no:pinpad=no:certdo=yes:factory_reset=yes
Sys: 3.0
Please note:
- Latest firmware available is: RTM.10 (published: 2020-06-04T12:34:14Z),
provided firmware: None
- All data will be removed from the device
- Do not interrupt the update process, or the device will not run properly
- Whole process should not take more than 1 minute
Do you want to continue? [yes/no]: yes
Entered: "yes"
...
*** Starting bootloader upload procedure
Device:
Configuration: 1
Interface: 0
*** Connected to the device
*** Running update. Do NOT remove the device from the USB slot, until further notice.
Downloading flash upgrade program...
Run flash upgrade program...
Waiting for device to appear:
Wait 20 seconds....
Downloading the program
Protecting device
Finish flashing
Resetting device
Update procedure finished. Device could be removed from USB slot.
Currently connected device strings (after upgrade):
Device:
Vendor: Nitrokey
Product: Nitrokey Start
Serial: FSIJ-1.2.15-43144852
Revision: RTM.10
Config: NITROKEY_START:dfu=no:debug=no:pinpad=no:certdo=yes:factory_reset=yes
Sys: 3.0
Log saved to: upgrade.log