Skip to content

V0.55: Correct configuration handling
Compare
Choose a tag to compare
@szszszsz szszszsz released this 30 Dec 14:23
· 104 commits to master since this release
V0.55
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
f376b08
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.

After the update only the Unencrypted and Encrypted Volumes data will be retained. Password Safe, OTPs and Hidden Volumes will be lost.

Update guide:

This firmware requires Nitrokey App v1.4 to fully operate. Otherwise the OTP slot writing and configuration update will not work.
Known limitations:
- Write to the 15th TOTP slot is disabled (until the next firmware) due to a bug - #91;
- Write to OTP slots in Nitrokey Apps v1.3.2 and older is silently (without a warning to user) disabled due to a modified authorization method (#22). At the moment only Nitrokey App v1.4 can handle it (will be released in coming days released already). Other features works as usual.

Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22
(valid until 2021-01-12). ID can be confirmed to be the same with one on the main download site - https://www.nitrokey.com/download.

$ gpg2 --verify nitrokey-storage-V0.55.hex.sig
gpg: assuming signed data in 'nitrokey-storage-V0.55.hex'
gpg: Signature made Wed 30 Dec 2020 03:12:54 PM CET
gpg:                using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22
gpg: Good signature from "Szczepan Zalega <szczepan.zalega@gmail.com>"
gpg:                 aka "Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>"

Built with optimizations disabled (-O0), using GCC 4.3.3 (AVR_Toolchain_3.0_124).

Firmware changes:

  • Guard configuration structure access to avoid rare event resulting in data loss
  • Mark global variables volatile, where accessed between tasks
  • Timeout and reset DMA channels on failure
  • Introduce smart card start up delay to favor internal processes
  • Increased firmware version to v0.55
  • Configuration access refactorization for easier data manipulation

Development:

  • Import project to Atmel Studio 7
  • Allow to build using Makefile
  • Add stub for CMake usage
  • Remove obsolete code
  • Add initial support for stack guard protection

Connected: #98

Tested on:

  • macOS 10.15.2
  • Linux Fedora 32
  • Windows 10 20H2

with:

  • libnitrokey 3.6 (Python test suites; skipped on Windows)
  • Nitrokey App v1.4 (manual test)

For tests firmware was built using GCC 4.3.3 (AVR_Toolchain_3.0_124), -O0.
Firmware upgrade and downgrade tested on the previous latest firmware.

Test suite was modified to account TOTP#15 slot being disabled.

Assets 5
Loading