Nitrokey/nitrokey-pro-firmware Nitrokey/nitrokey-pro-firmware

  • Stars
    star
    114
  • Rank 297,192 (Top 7 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created over 9 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Nitrokey/nitrokey-pro-firmware
github

Nitrokey

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Firmware for the Nitrokey Pro device

Nitrokey Pro firmware

The following information is about the firmware of the Nitrokey Pro. For information about the hardware please have a look at the Nitrokey Pro hardware repo.

Overview

Nitrokey Pro, Start and HSM use the same hardware but different firmwares and different smart cards. The microprocessor being used is a STM32F103R8T6. The firmware is written in C, the desktop software Nitrokey App is written in C/C++.

To develop the firmware of the Nitrokey Pro/Start/HSM you would need:

  • An original Nitrokey Pro/Start/HSM or better a development board such as the Nucleo-F103RB or the Olimex STM32-H103. Alternatively, get any other development board equipped with a STM32F103TB and 128KB flash. On request you can get a Nitrokey for development purposes from us.
  • An OpenPGP Card 3.4 available at FLOSS Shop or on request from us. (Of course, this is not necessary for Nitrokey Start which doesn't contain a smart card.) If you use it with original Nitrokey hardware, you would need to cut it to Micro-SIM size. This can be done by using a special SIM card cutter or even with scissors. If you use a development board, you may solder the OpenPGP Card to the board directly by using some wires or you get yourself a smart card jack which you solder to the dev board instead.
  • To compile the firmware we recommend ARM's official GNU tools.

Building

make [VID=0x20a0] [PID=0x4108] firmware

Parameters:

  • VID: Define Vendor ID
  • PID: Define Product ID

Flashing

Note
Any user data present on the device will be erased when flashing it. A backup is essential to prevent data loss.

The microcontroller can be flashed in one of the following ways, depending on your hardware version:

  • all hardware versions: SWD is a STM-specific protocol and similar to JTAG allowing programming and debugging. Working adapters are Versaloon or any of the ST-Link V2 (clones). Under Linux the recent OpenOCD works quite well. This approach requires soldering wires to the contact pads or to use an adapter with pogo pins and some kind of mounting (recommended).
  • purchased before 04/04/2018: DFU is a simple protocol via serial port which allows programming but no debugging. On older Nitrokey versions, the appropriate pins are exposed over the USB connector (though it is not USB, the pin is only shared between these two).

SWD

Requirements

  • Download the .hex file you want to flash e.g. look at the releases section or build it yourself (see above).
  • Any SWD compatible programmer for ST microcontrollers. They come as part of ST's line of Discovery and Nucleo boards or can be bought seperately from ST as well as as clones for around $5 on eBay, Amazon or AliExpress (search for "ST-Link v2")

The following picture shows the pin pads of the Nitrokey. The red rectangle is only available in newer versions and easier to use as the pads are much bigger. The blue rectangle is present in older and newer devices.

SWD pins of newer Nitrokey Pro device

The SWD pins are as follows:

NK Pro v2.0 Programming Connector Layout

For SWD programming, connect the SWDIO, SWDCLK and GND pads to the respective pins of your ST-Link programmer. The device should be powered externally through USB or a 5V power supply during programming.

Flashing and Development Access

See the Development Guide for the current use.

OpenOCD

Modern OpenOCD works quite well, if not better than the official tools (especially for the debugging).

GDB Server
  openocd -f interface/stlink-v2.cfg  -f target/stm32f1x.cfg
Reading MCU Flash

Make sure the MCU is not memory protected, otherwise this operation will fail.

$ cat <<END >stm32read.cfg 
source [find interface/stlink.cfg]
source [find target/stm32f1x.cfg]
init
flash read_bank 0 firmware.bin 0 0x20000
exit
END
$ openocd -f stm32read.cfg

STM32 Official Tool

Official tool is available at stm32cubeprog.

Flashing STM32
  STM32_Programmer_CLI -c port=SWD -halt  --readunprotect
  STM32_Programmer_CLI -c port=swd -e all -w firmware.hex 0x8000000 -v -rst
GDB Server
  st-util

DFU

Please note, that this approach only works for older Nitrokey Pro device, not Nitrokey Pro 2 (all devices purchased before 04/04/2018).

DFU Requirements

  • Download the .hex file you want to flash e.g. look at the releases section or build it yourself (see above).
  • You may use STM32 Flash Loader Demonstrator (Windows only) or the open source command line tool stm32flash. Note: the terminal commands below are based on the command line tool.
  • If your computer doesn't has a RS232 port (most modern laptops don't have it) you would need a USB-to-RS232/TTL adapter. Sparkfun BOB-00718 should work (untested) and you can find even cheaper adapters online. Previously we built our own adapter which hardware layout you can download.
  • You would need a simple USB adapter to bridge Nitrokey's USB plug to the USB-to-RS232 adapter.

Your adapter should consist of a USB socket which four pins are connected to your serial/TTL connector. The pinout is as follows.

Nitrokey USB Plug <-> Serial/TTL adapter

Pin 1, VCC <-> VCC
Pin 2, D-  <-> TX
Pin 3, D+  <-> RX
Pin 4, GND <-> GND

This diagram represents the pinout of the USB socket which you are going to solder:

  ###################
  #                 #
  # ############### #
  #                 #
  #                 #
  ###################
     #   #   #   #   
     #   #   #   #    

     1   2   3   4

The following picture shows the adapter/USB-to-TTL connection. USB-to-TTL adapter and USB socket

To flash the firmware you need to bridge the two contact holes and only then connect (and power) the PCB to your adapter. The bridge triggers the hardware to boot into DFU mode. You can use a jumper with 2.0 mm pitch or just prepare/solder a wire. The following picture shows a bridge for the Nitrokey.

Nitrokey bridged with a jumper

Flashing via DFU

While the jumper is plugged in, connect the Nitrokey to the USB-serial adapter on your computer. The jumper is only required during the first moment of connection and can be removed afterwards.

You can check if the Nitrokey got successfully into DFU mode by typing in the following into a terminal:

$ sudo stm32flash /dev/ttyUSB0

stm32flash 0.5

http://stm32flash.sourceforge.net/

Error probing interface "serial_posix"
Cannot handle device "/dev/ttyUSB0"
Failed to open port: /dev/ttyUSB0

Now we have to disable the read protection first by typing

sudo stm32flash -k /dev/ttyUSB0 # read unprotecting

You may need to reconnect the device, before you can proceed. Do not forget to bridge the holes again. Now we do the actual flashing:

sudo stm32flash -w nitrokey-pro-firmware.hex /dev/ttyUSB0

Enabling the read/write protection again:

sudo stm32flash -j /dev/ttyUSB0 # read protection

More Repositories

1

nitrokey-app

Nitrokey's Application (Win, Linux, Mac)
C++
283
star
2

nitrokey-3-firmware

Nitrokey 3 firmware
Rust
188
star
3

pynitrokey

Python client for Nitrokey devices
Python
90
star
4

nitrokey-pro-hardware

Hardware design of the Nitrokey Pro device
80
star
5

nitrokey-app2

Graphical application to manage and use Nitrokey 3 devices
Python
62
star
6

libnitrokey

Communicate with Nitrokey devices in a clean and easy manner
C++
60
star
7

nitrokey-storage-firmware

Firmware for the Nitrokey Storage device
C
54
star
8

nitrokey-start-firmware

A mirror of Gnuk's 1.0.x and 1.2.x branches.
C
54
star
9

opcard-rs

OpenPGP card implementation
Rust
40
star
10

nitrokey-storage-hardware

Hardware project of the Nitrokey Storage device
38
star
11

nethsm

Nitrokey NetHSM system software and firmware
OCaml
34
star
12

nitrokey-documentation

User documentation of Nitrokey's products
CSS
32
star
13

nitrokey-encryption-tool

Command line interface application which uses on-device RSA keys (through OpenSC and PKCS#11) to encrypt/decrypt AES key used in turn to perform operation on user data
Python
32
star
14

nextbox

NextBox
Python
30
star
15

nethsm-pkcs11

PKCS#11 driver for NetHSM
Rust
26
star
16

nitrokey-websmartcard

Nitrokey WebSmartCard Specification and Documentation
Makefile
26
star
17

chopstx

Unofficial mirror of GNUK's submodule: Chopstx
C
14
star
18

coreboot-builder

Builder Repository for Coreboot with Tianocore Firmware
C
13
star
19

wiki

11
star
20

nitrokey-fido2-hardware

Hardware layout of the Nitrokey FIDO2
11
star
21

nitrokey-hotp-verification

A command line C app to validate HOTP codes on Heads
C++
11
star
22

openpgp-card

Sample code of the OpenPGP Card
VBA
10
star
23

nitrokey-keepass-plugin

Nitrokey's plugin for KeePass
C#
10
star
24

gnupg-docker

Build and use specific GnuPG version using Ubuntu image within Docker's container
Shell
9
star
25

qubes-oem

Shell
9
star
26

ubuntu-oem

Shell
9
star
27

nitrokey-fido-u2f-hardware

Hardware for Nitrokey FIDO U2F
XSLT
9
star
28

nitrokey-update-tool

A GUI tool for Windows and macOS for updating Nitrokey Storage firmware
C++
7
star
29

trussed-secrets-app

Secrets App: OTP and PWS application for the Nitrokey 3
Rust
7
star
30

nitrokey-mozilla-plugins

Firefox and Thunderbird plugins for Nitrokey
JavaScript
5
star
31

serde-byte-array

Rust
5
star
32

debian-oem

Automated Installation ISO for Debian
Makefile
5
star
33

drupal-sendy

Drupal module to integrate with Sendy for sending newsletter and subscribing visitors
PHP
4
star
34

opensc-build

Quick builds of OpenSC for Ubuntu and Debian
Shell
4
star
35

odoo-modules

Custom modules for Odoo
Python
4
star
36

nitrokey-start-hardware

4
star
37

nitrokey-3-tests

Automated tests for the Nitrokey 3
Python
3
star
38

nitrokey-3c-nfc-lpc55-hardware

Nitrokey 3 USB-C NFC LPC55 hardware
3
star
39

nethsm-sdk-rs

Client-side Rust SDK for NetHSM
Rust
3
star
40

nitrokey-3a-mini-nrf52-hardware

Nitrokey 3 USB-A Mini NRF52 hardware
3
star
41

nitrokey-3a-nfc-lpc55-hardware

Nitrokey 3 USB-A NFC LPC55 hardware
3
star
42

nitroinit

Nitrokey Initialization Tool
Python
2
star
43

nitrokey-lora-hardware

2
star
44

nitrokey-storage-update-boot

An Alpine-based bootable image for activating Storage's update mode
C
2
star
45

vpicc-rs

Rust
2
star
46

nitrokey-storage-cli

A C CLI tool for Nitrokey Storage access, targeted for Heads use.
C++
2
star
47

opensc-docker

Run OpenSC via Docker
Shell
2
star
48

nextbox-app

Nextcloud NextBox App
Vue
2
star
49

nethsm-sdk-py

Client-side Python SDK for NetHSM
Python
2
star
50

transmet-authenticator-firmware

Rust
2
star
51

nitrokey-trng-rs232-firmware

Firmware for Nitrokey TRNG RS232
Makefile
2
star
52

nextbox-debian

NextBox Debian Package Building Repository
Makefile
2
star
53

nitrokey-test-suite

BDD Python 3 tests of GnuPG functionality (using CLI) in connection with OpenPGP v2.1+ compatible smartcard
Gherkin
1
star
54

nitrokey-webcrypt-tests

A Python test suite for Nitrokey Webcrypt features
Python
1
star
55

nextbox-daemon

The Nextbox System Daemon
Python
1
star
56

nextbox-board

1
star
57

nitrokey-presentation-template

Nitrokey Presentation Template based on reveal.js
CSS
1
star
58

nitrokey-snippets

Python
1
star
59

nitrokey-trng-rs232-hardware

Nitrokey TRNG RS232 Hardware
1
star
60

gnuk

Mirror of Gnuk, including a modified test suite for testing the Nitrokey 3 OpenPGP card implementation
C
1
star