Skip to content

V0.57

Latest
Latest
Compare
Choose a tag to compare
@szszszsz szszszsz released this 04 Mar 16:55
· 2 commits to master since this release
V0.57
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
f114941
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.

After the update only the Unencrypted and Encrypted Volumes data will be retained. Password Safe, OTPs and Hidden Volumes will be lost.

Update guide:

Use of nitrokey-storage-V0.57.hex firmware file should be preferred.
This is a release with the free space of the image filled with random data (taken from the attached random.bin). The other hex file with the reproducible suffix contains only the compiler produced output, without this extension. Both should work identically. The difference is, that the random data will show up in the results of the firmware image export for the former, which by design should make harder to hide a malicious code in the firmware.

This firmware requires Nitrokey App v1.4 to fully operate. Otherwise the OTP slot writing and configuration update will not work.
Known limitations:
- Write to the 15th TOTP slot is disabled (until the next firmware) due to a bug - #91;
- Write to OTP slots in Nitrokey Apps v1.3.2 and older is silently (without a warning to user) disabled due to a modified authorization method (#22). At the moment only Nitrokey App v1.4 can handle it. Other features works as usual.

Firmware is signed with [email protected], key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22
(valid until 2023-01-11). ID can be confirmed to be the same with one on the main download site - https://www.nitrokey.com/download.

$ gpg2 --verify sha256sum.sig
gpg: assuming signed data in 'sha256sum'
gpg: Signature made Fri 04 Mar 2022 05:42:27 PM CET
gpg:                using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22
gpg: Good signature from "Szczepan Zalega <[email protected]>" [ultimate]
gpg:                 aka "Szczepan Zalega (Nitrokey) <[email protected]>" [ultimate]

Built with optimizations disabled (-O0), using GCC 4.3.3 (AVR_Toolchain_3.0_124).
avr32-gcc (AVR_Toolchain_3.0_124) 4.3.3

Firmware changes:

  • Validate HV setup input data #115
  • Correct firmware binary export boundaries #113
  • Additional barriers during flash writing for the better data coherency

Development:

  • Make input data validation for other commands explicit
  • Updated helpers
  • Remove obsolete commands
  • Disable build of the debug code (previously removed during linking time, now not build at all)
  • Add map file for post-build analysis

Tested on Linux Fedora 34:

  • libnitrokey test suite v3.7-RC2-5-g03303c8
  • firmware update path: v0.56 -> v0.57 -> v0.56

Maintenance note: firmware built locally, using known to work compiler version from the previous releases. New compiler will be introduced on the next release.

Assets 7
Loading