Hello, I have newly acquired Nitrokey 3A NFC & mini. I wanted to test the OpenPGP functionality of the alpha firmware, but I cannot force the update to an older version.
Is there a nitropy flag to force downgrade?
Both my keys are on 1.3.1 FW, if I try to update with the alpha archive:
Command line tool to interact with Nitrokey devices 0.4.36
Current firmware version: v1.3.1
Updated firmware version: v1.3.0-alpha.20230320
The firmware image is older than the firmware on the device.
As an update to this, I rebooted the device in bootloader more, and ran the update:
Perform firmware update: 0%| | 0.00/417k [00:05<?, ?B/s]
Failed to perform firmware update
Exception encountered: NordicSemiException('Extended Error 0x05: The firmware version is too low. For an application, the version must be greater than or equal to the current application. For a bootloader, it must be greater than the current version. This requirement prevents downgrade attacks.')
So I guess this is a security feature, which is cool. Is there a register or something to switch the device in developer mode, reset it, and be able to play around with it more? Or should we expect an update of the alpha FW to match the minimum required version?
This is indeed a security feature. You can only switch between firmware images with the same major, minor and patch version (i. e. the first three numeric components). There is no way to disable this protection for regular devices. If you want a dedicated developer device, you can order a Nitrokey 3A NFC Hacker device without this downgrade protection (and without secure boot) from firstname.lastname@example.org.