Firmware Update Nitrokey Pro 2

I choose between Nitrokey Storage 2 and Nitrokey Pro 2. For me, flash memory is not important. Nitrokey Pro 2 would suit me, but there is no firmware update there. Why? What is the reason for this? Isn’t it necessary to fix vulnerabilities on Nitrokey Pro 2?

As far as I know, the Nitrokey team is working on a new version of the Nitrokey Pro that will support firmware updates, see nitrokey-pro-firmware issues #66 and #69:

1 Like

I confirm that. Work is still in progress though, without schedule specified. We do have working implementation available in the repository already, but might decide to add a few features more.
If you would like to have a Nitrokey with firmware update possibility now, please choose Nitrokey Storage 2.

Any new information will be posted on the mentioned ticket pages:

Just out of curiosity… what would you say is the risk/reward analysis of being able to upgrade the firmware? Specifically (and I know that the storage key already allows this, as just mentioned, so this isn’t a “new” concept or anything), doesn’t adding the ability to change the firmware add security circumvention implications? This discussion makes me think of the same issues that HEADS + NK are now solving with EFI and the dreaded Evil Maid exploit. Now, clearly, one should have his/her NK on their person or in a safe place; but are the concerns at least similar?

…just wanting to understand more and more about my beloved NK!

Yes. Therefore firmware update with Nitrokey Storage (and soon Nitrokey Pro) will be password protected. So you/users can protect the firmware and decide which firmware to install.

For Nitrokey FIDO2 only firmware updates signed by us are possible.

@jan Are only signed updates possible for other models as well?

Yes for Nitrokey 3. We may provide a Nitrokey 3 hacker-edition in the future which can freely be flashed.