Export & verify firmware


#1

Hi guys,

it is announced that i can export and verify the firmware but I did not find any further explanation. I would like to know the procedure.
thx in advance.


#2

This applies to Nitrokey Storage only:

  • Start Nitrokey App
  • Select Configuration / Export Firmware
  • Enter the Admin PIN
  • You find the exported firmware.bin at the unencrypted volume

#3

Thanks for the instruction, but there is no “Export Firmware” in the app. I can just change the pins and the otp.
I am using Ubuntu and downloaded the nitrokey-app from the website.

Edit: Does the export feature just apply the nitro-key storage? Then the webpage would advertise the stick in a very misleading manner

Edit 2: ok it was my fault, cause I did not read the table with the features carefully, I misunderstood all the announcements on the webpage. So impossible to verify the firmware. But to be honest, why is the stick with this feature announced all over the page, when it is not possible to purchase it?


#4

I have a one week-old NK storage, I do this, I indeed get the message “firmware exported”, but nothing appears on the unencrypted volume.
This volume is in the ‘read-only’ status : is that the reason?
(because, here on Linux Ubuntu 16.04 I just cannot turn it read/write, all other actions and passes are OK : which PIN exactly allows me to turn it R/W?)
Thank you!
Hervé


#5

Hi,

having the unencrypted volume read-only should be the reason, indeed. You may need to use a newer version of the App to being able to change the status to r/w. Unfortunately, this function didn’t work so well in the past. What App version do you use? You may try the AppImage on GitHub/on the unencrypted volume.

Kind regards
Alex


Verifying that a Nitrokey has not been compromised
#6

Hi!
To be specific, for Storage v0.52+ only App v1.3.1+ allows to change the RO/RW state of the Unencrypted Volume, due to protocol change - elevated PIN requirement (it needs Admin PIN now). See release notes of v0.52 for details.


#7

OK, my NK storage is new and my firmware version indeed is 0.52. As I managed to switch the unencrypted volume to RW on the PC, I just retried and it works. Consider case closed :slight_smile:
I’d advise to update the dialog in the app to reflect this, like ‘firmware can only be exported to WRITABLE unencrypted volume, please check’


#8

That would be helpful indeed. Registered issues: Storage#69 NitrokeyApp#382


#9

This thread is another example for how hard it is to fiddle with that command-line upgrade method. The proper way to do firmware updates on Linux would be to use LVFS, with one-click updates and proper system update integration:

Unfortunately, it is not really supported by Nitrokey (yet?).


#10

For completeness, here is the documentation how to verify Nitrokey Storage’s firmware.