Hey, I have a Nitrokey Fido2, and awhile back I tried to upgrade the firmware with pynitrokey on Linux, however, the upgrade failed despite me having the appropriate udev rules set on my machine. Here is the log output:
Later I found out about https://update.nitrokey.com, however, that also fails to help me update, and thus unbrick, my Nitrokey Fido2. It stops at this screen:
The default udev rules lack MODE="0664"so if the system umask is tightened (e.g. disallowing access by other users by default), it does not get set properly by udev and you might not have access to /dev/hidraw* as is also indicated by the error message. Without access, the update cannot continue.
My root user’s umask is 0022, at least that is what the output is when I type umask as root. Also, I am unfamiliar with udev in Linux to be honest, so I don’t know how to set that rule. I do not even understand what it does - much less what it is. I downloaded the udev rules from https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules, and put them in my udev directory at /etc/udev/rules.d/
That is a rather default umask and should work. Also read the rules you mentioned and it uses uaccess which is another mechanism to provide access to hidraw devices besides user and group permissions.
Then I guess that pynitrokey does not properly resume update. Someone from Nitrokey might have some insights about the Nitrokey FIDO2 update whether it can be resumed like e.g. Nitrokey 3. You could write to support@nitrokey.com.
The Nitrokey Fido2 erases the firmware before installing the new firmware. Also it stays in bootloader mode until a valid firmware image gets flashed. This is per the Nitrokey Fido2 Documentation. Also, I did write to Nitrokey support before coming to the forum, but I have yet to receive a reply from them.
Here is a picture of the webupdate page. Additionally, I am using whatever version of PyNitrokey I had installed via pip on Arch Linux. I do not have access to that computer at the moment so I cannot check.