[gelöst] Nitrokey 3A NFC Anfänger braucht Hilfe

Hallo zusammen,
ich habe gerade einen Nitrokey 3A NFC geschenkt bekommen und wollte das Teil mal ausprobieren (Linux Mint 20.3).

Aber, ich kenne mich mit dem ganzen Zeug noch nicht so gut aus und bin deshalb auf ein bisschen Hilfe angewiesen.

Hier mein Problem: Als Erstes möchte ich die Firmware updaten:

stefan@Acer-Aspire-E5-571G:~$ nitropy list
Command line tool to interact with Nitrokey devices 0.4.36
:: 'Nitrokey FIDO2' keys
:: 'Nitrokey Start' keys:
:: 'Nitrokey 3' keys
/dev/hidraw3: Nitrokey 3 Bootloader (LPC55) 8D8BC974A25BCB5ABC4AD7F110553DC6
stefan@Acer-Aspire-E5-571G:~$

→ der Nitrokey wird erkannt. Freude!

stefan@Acer-Aspire-E5-571G:~$ nitropy nk3 status
Command line tool to interact with Nitrokey devices 0.4.36
Critical error:
No Nitrokey 3 device found

--------------------------------------------------------------------------------
Critical error occurred, exiting now
Unexpected? Is this a bug? Would you like to get support/help?
- You can report issues at: ht tp s://s upport.nitrokey. com/
- Writing an e-mail to support@nitrokey.com is also possible
- Please attach the log: '/tmp/nitropy.log.uxn0cklh' with any support/help request!
- Please check if you have udev rules installed: ht tp s://d ocs.nitrokey. com/nitrokey3/linux/firmware-update.html#troubleshooting

stefan@Acer-Aspire-E5-571G:~$

Frust. Na gut, fangen wir mit dem einfacheren Teil an:

stefan@Acer-Aspire-E5-571G:/etc/udev/rules.d$ ls -alh
insgesamt 16K
drwxr-xr-x 2 root   root   4,0K Mai  9 22:56 .
drwxr-xr-x 4 root   root   4,0K Apr 11 23:14 ..
-rw-rw-r-- 1 stefan stefan 3,0K Mai  9 22:24 41-nitrokey.rules
-rw-r--r-- 1 root   root    294 Mär 27  2021 79-udev-epson.rules
stefan@Acer-Aspire-E5-571G:/etc/udev/rules.d$
stefan@Acer-Aspire-E5-571G:/etc/udev/rules.d$ cat 41-nitrokey.rules 
#
# Copyright (c) 2015-2022 Nitrokey GmbH
#
# This file is part of libnitrokey.
#
# libnitrokey is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
#
# libnitrokey is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with libnitrokey. If not, see <ht tp://ww w.gnu.org/licenses/>.
#
# SPDX-License-Identifier: LGPL-3.0
#

# Here rules in new style should be provided. Matching devices should be tagged with 'uaccess'.
# File prefix number should be lower than 73, to be correctly processed by the Udev.
# Recommended udev version: >= 188.
#
ACTION!="add|change", GOTO="u2f_end"

# Nitrokey U2F
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess"
# Nitrokey FIDO U2F
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287", TAG+="uaccess"
# Nitrokey FIDO2
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42b1", TAG+="uaccess"
# Nitrokey 3A Mini/3A NFC/3C NFC
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42b2", TAG+="uaccess"
# Nitrokey 3A NFC Bootloader/3C NFC Bootloader
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42dd", TAG+="uaccess"
# Nitrokey 3A Mini Bootloader
ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42e8", TAG+="uaccess"

LABEL="u2f_end"


SUBSYSTEM!="usb", GOTO="gnupg_rules_end"
ACTION!="add", GOTO="gnupg_rules_end"

# USB SmartCard Readers
## Crypto Stick 1.2
ATTR{idVendor}=="20a0", ATTR{idProduct}=="4107", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg", TAG+="uaccess"
## Nitrokey Pro
ATTR{idVendor}=="20a0", ATTR{idProduct}=="4108", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg", TAG+="uaccess"
## Nitrokey Pro Bootloader
ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42b4", TAG+="uaccess"
## Nitrokey Storage
ATTR{idVendor}=="20a0", ATTR{idProduct}=="4109", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg", TAG+="uaccess"
## Nitrokey Storage Bootloader
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2ff1", TAG+="uaccess"
## Nitrokey Start
ATTR{idVendor}=="20a0", ATTR{idProduct}=="4211", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg", TAG+="uaccess"
## Nitrokey HSM
ATTR{idVendor}=="20a0", ATTR{idProduct}=="4230", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg", TAG+="uaccess"

LABEL="gnupg_rules_end"


# Nitrokey Storage dev Entry
KERNEL=="sd?1", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4109", SYMLINK+="nitrospace"
stefan@Acer-Aspire-E5-571G:/etc/udev/rules.d$ 

stefan@Acer-Aspire-E5-571G:~$ cat /tmp/nitropy.log.uxn0cklh
540        INFO pynitrokey.cli Timestamp: 2023-05-09 22:55:25.352305
540        INFO pynitrokey.cli OS: uname_result(system='Linux', node='Acer-Aspire-E5-571G', release='5.15.0-71-generic', version='#78~20.04.1-Ubuntu SMP Wed Apr 19 11:26:48 UTC 2023', machine='x86_64')
540        INFO pynitrokey.cli Python version: 3.9.16
548        INFO pynitrokey.cli pynitrokey version: 0.4.36
553        INFO pynitrokey.cli cryptography version: 36.0.2
558        INFO pynitrokey.cli ecdsa version: 0.18.0
564        INFO pynitrokey.cli fido2 version: 1.1.1
568        INFO pynitrokey.cli pyusb version: 1.2.1
572        INFO pynitrokey.cli spsdk version: 1.7.1
1810       INFO  libusbsio Loading SIO library: /tmp/_MEIWFA7L6/libusbsio/libusbsio.so
1814       INFO  libusbsio HID enumeration[25651120]: initialized
1815      DEBUG  libusbsio HID enumeration[25651120]: device #0: MCU HID GENERIC DEVICE
1818      DEBUG  libusbsio HID enumeration[25651120]: device #1: USB Optical Mouse 
1818       INFO  libusbsio HID enumeration[25651120]: finished, total 2 devices
1901      DEBUG fido2.hid.linux Failed opening device /dev/hidraw1
Traceback (most recent call last):
  File "fido2/hid/linux.py", line 98, in list_descriptors
  File "fido2/hid/linux.py", line 55, in get_descriptor
PermissionError: [Errno 13] Permission denied: '/dev/hidraw1'
1902      DEBUG fido2.hid.linux Failed opening device /dev/hidraw0
Traceback (most recent call last):
  File "fido2/hid/linux.py", line 98, in list_descriptors
  File "fido2/hid/linux.py", line 55, in get_descriptor
PermissionError: [Errno 13] Permission denied: '/dev/hidraw0'
1903      DEBUG       root print: Critical error:
1903      DEBUG       root print: No Nitrokey 3 device found
1903      DEBUG       root listing all connected devices:
1961      DEBUG       root :: 'Nitrokey FIDO2' keys
1961      DEBUG       root :: 'Nitrokey Start' keys:
1981      DEBUG       root :: 'Nitrokey 3' keys
1985       INFO  libusbsio HID enumeration[25639184]: initialized
1985      DEBUG  libusbsio HID enumeration[25639184]: device #0: MCU HID GENERIC DEVICE
1985      DEBUG  libusbsio HID enumeration[25639184]: device #1: USB Optical Mouse 
1985       INFO  libusbsio HID enumeration[25639184]: finished, total 2 devices
2065       INFO spsdk.mboot.mcuboot Connect: MCU HID GENERIC DEVICE (0x20A0, 0x42DD)
2065      DEBUG spsdk.mboot.interfaces.usb Open Interface
2066       INFO libusbsio.hidapi.dev Opening HID device at path: 'b'/dev/hidraw3''
2130       INFO libusbsio.hidapi.dev HID device 31940944 is now open
2130       INFO spsdk.mboot.mcuboot CMD: GetProperty('UniqueDeviceIdent', index=0)
2131      DEBUG spsdk.mboot.mcuboot TX-PACKET: Tag=GetProperty, Flags=0x00, P[0]=0x00000012, P[1]=0x00000000
2131      DEBUG spsdk.mboot.interfaces.usb OUT[16]: 01, 00, 0C, 00, 07, 00, 00, 02, 12, 00, 00, 00, 00, 00, 00, 00
2131      DEBUG libusbsio.hidapi.dev HID device 31940944 writing[16]: 0x01000c00070000021200000000000000
2133      DEBUG libusbsio.hidapi.dev HID device 31940944 wrote 59 bytes
2134      DEBUG libusbsio.hidapi.dev HID device 31940944 read[60]: 0x03001800a7000005000000008d8bc974a25bcb5abc4ad7f110553dc60000000000000000000000000000000000000000000000000000000000000000
2134      DEBUG spsdk.mboot.interfaces.usb IN [60]: 03, 00, 18, 00, A7, 00, 00, 05, 00, 00, 00, 00, 8D, 8B, C9, 74, A2, 5B, CB, 5A, BC, 4A, D7, F1, 10, 55, 3D, C6, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00
2134      DEBUG spsdk.mboot.mcuboot RX-PACKET: Tag=GetPropertyResponse, Status=Success, v0=0x74C98B8D, v1=0x5ACB5BA2, v2=0xF1D74ABC, v3=0xC63D5510
2134      DEBUG       root /dev/hidraw3: Nitrokey 3 Bootloader (LPC55) 8D8BC974A25BCB5ABC4AD7F110553DC6
2135       INFO spsdk.mboot.mcuboot Closing: MCU HID GENERIC DEVICE (0x20A0, 0x42DD)
2135      DEBUG spsdk.mboot.interfaces.usb Close Interface
2135       INFO libusbsio.hidapi.dev HID device 31940944 closed
2136      DEBUG       root print: --------------------------------------------------------------------------------
2136      DEBUG       root print: Critical error occurred, exiting now
2136      DEBUG       root print: Unexpected? Is this a bug? Would you like to get support/help?
2137      DEBUG       root print: - You can report issues at: ht tp s://s upport.nitrokey. com/
2137      DEBUG       root print: - Writing an e-mail to support@nitrokey. com is also possible
2137      DEBUG       root print: - Please attach the log: '/tmp/nitropy.log.uxn0cklh' with any support/help request!
2137      DEBUG       root print: - Please check if you have udev rules installed: ht tp s://d ocs.nitrokey. com/nitrokey3/linux/firmware-update.html#troubleshooting
stefan@Acer-Aspire-E5-571G:~$

Wer kann mir hier weiterhelfen?

Vielen Dank!

P. S. Ich musste die Links kaputt-editieren, weil das Forum sonst meckert.

Ich habe die “troubleshooting”-Prozedur mal angewendet: Nitrokey raus, sudo udevadm control --reload-rules && sudo udevadm trigger

zur Sicherheit neu gestartet und

stefan@Acer-Aspire-E5-571G:~$ nitropy nk3 status
Command line tool to interact with Nitrokey devices 0.4.36
UUID:               8D8BC974A25BCB5ABC4AD7F110553DC6
Firmware version:   v1.2.2
stefan@Acer-Aspire-E5-571G:~$ nitropy nk3 update
Command line tool to interact with Nitrokey devices 0.4.36
Do you want to download the firmware version v1.4.0? [Y/n]: y
Download v1.4.0: 100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 894k/894k [00:00<00:00, 1.50MB/s]
Current firmware version:  v1.2.2
Updated firmware version:  v1.4.0

Please do not remove the Nitrokey 3 or insert any other Nitrokey 3 devices during the update. Doing so may damage the Nitrokey 3.
Do you want to perform the firmware update now? [y/N]: y

Please press the touch button to reboot the device into bootloader mode ...

Critical error:
An unhandled exception occurred
	Exception encountered: RuntimeError("generator didn't stop after throw()")

--------------------------------------------------------------------------------
Critical error occurred, exiting now
Unexpected? Is this a bug? Would you like to get support/help?
- You can report issues at: htt ps:/ / support.  nitrokey. com/
- Writing an e-mail to support@nitrokey. com is also possible
- Please attach the log: '/tmp/nitropy.log.ta1f19nd' with any support/help request!
- Please check if you have udev rules installed: htt p s :/ / doc s.nitrokey. com/nitrokey3/linux/firmware-update.html#troubleshooting

stefan@Acer-Aspire-E5-571G:~$ cat /tmp/nitropy.log.ta1f19nd
586        INFO pynitrokey.cli Timestamp: 2023-05-09 23:06:10.058362
586        INFO pynitrokey.cli OS: uname_result(system='Linux', node='Acer-Aspire-E5-571G', release='5.15.0-71-generic', version='#78~20.04.1-Ubuntu SMP Wed Apr 19 11:26:48 UTC 2023', machine='x86_64')
586        INFO pynitrokey.cli Python version: 3.9.16
593        INFO pynitrokey.cli pynitrokey version: 0.4.36
599        INFO pynitrokey.cli cryptography version: 36.0.2
605        INFO pynitrokey.cli ecdsa version: 0.18.0
611        INFO pynitrokey.cli fido2 version: 1.1.1
616        INFO pynitrokey.cli pyusb version: 1.2.1
622        INFO pynitrokey.cli spsdk version: 1.7.1
1599       INFO  libusbsio Loading SIO library: /tmp/_MEIj6zs3i/libusbsio/libusbsio.so
1602       INFO  libusbsio HID enumeration[38989904]: initialized
1602      DEBUG  libusbsio HID enumeration[38989904]: device #0: Nitrokey 3
1604      DEBUG  libusbsio HID enumeration[38989904]: device #1: USB Optical Mouse 
1604       INFO  libusbsio HID enumeration[38989904]: finished, total 2 devices
1684      DEBUG fido2.hid.linux Failed opening device /dev/hidraw1
Traceback (most recent call last):
  File "fido2/hid/linux.py", line 98, in list_descriptors
  File "fido2/hid/linux.py", line 55, in get_descriptor
PermissionError: [Errno 13] Permission denied: '/dev/hidraw1'
1685      DEBUG fido2.hid.linux Failed opening device /dev/hidraw0
Traceback (most recent call last):
  File "fido2/hid/linux.py", line 98, in list_descriptors
  File "fido2/hid/linux.py", line 55, in get_descriptor
PermissionError: [Errno 13] Permission denied: '/dev/hidraw0'
1766       INFO pynitrokey.nk3.updates Firmware version before update: v1.2.2
1770      DEBUG urllib3.connectionpool Starting new HT TPS connection (1): api.github.com:443
2456      DEBUG urllib3.connectionpool htt ps : / /api.github. com:443 "GET /repos/Nitrokey/nitrokey-3-firmware/releases/latest HTT P/1.1" 200 2328
2460       INFO pynitrokey.nk3.updates Latest firmware version: v1.4.0
2460       INFO pynitrokey.nk3.updates Current firmware version: v1.2.2
2460       INFO pynitrokey.nk3.updates Updated firmware version: v1.4.0
5489       INFO pynitrokey.nk3.updates Trying to download firmware update from URL: ht tp s: /   / github. com/Nitrokey/nitrokey-3-firmware/releases/download/v1.4.0/firmware-nk3-v1.4.0.zip
5492      DEBUG urllib3.connectionpool Starting new HT TPS connection (1): github.com:443
5866      DEBUG urllib3.connectionpool htt ps:/ /github. com:443 "GET /Nitrokey/nitrokey-3-firmware/releases/download/v1.4.0/firmware-nk3-v1.4.0.zip HTT P/1.1" 302 0
5869      DEBUG urllib3.connectionpool Starting new HT TPS connection (1): objects.githubusercontent.com:443
6257      DEBUG urllib3.connectionpool htt ps  :/ /objects.githubusercontent. com:443 "GET /github-production-release-asset-2e65be/366410832/e2a619b2-eb8c-4953-8f1e-74ce7a8e0728?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230509%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230509T210615Z&X-Amz-Expires=300&X-Amz-Signature=6ff247028245ee4877a6c14c79b4b3f22609e22f0aa7d7a6538352be505efd30&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=366410832&response-content-disposition=attachment%3B%20filename%3Dfirmware-nk3-v1.4.0.zip&response-content-type=application%2Foctet-stream HTT P/1.1" 200 893995
6864      DEBUG       root print: Current firmware version:  v1.2.2
6864      DEBUG       root print: Updated firmware version:  v1.4.0
6864      DEBUG       root print: Please do not remove the Nitrokey 3 or insert any other Nitrokey 3 devices during the update. Doing so may damage the Nitrokey 3.
10341     DEBUG       root print: Please press the touch button to reboot the device into bootloader mode ...
16219     DEBUG pynitrokey.nk3.device./dev/hidraw2 ignoring OSError after reboot
Traceback (most recent call last):
  File "pynitrokey/nk3/device.py", line 92, in reboot
  File "pynitrokey/nk3/device.py", line 133, in _call
  File "fido2/hid/__init__.py", line 191, in call
  File "fido2/hid/base.py", line 80, in read_packet
OSError: [Errno 5] Input/output error
16220     DEBUG pynitrokey.nk3.updates Trying to connect to bootloader (try 1 of 3)
16220     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 1 of 30)
16235      INFO  libusbsio HID enumeration[46958816]: initialized
16235     DEBUG  libusbsio HID enumeration[46958816]: device #0: USB Optical Mouse 
16235      INFO  libusbsio HID enumeration[46958816]: finished, total 1 devices
16257     DEBUG pynitrokey.cli.nk3 No Nitrokey 3 bootloader device found, continuing
16759     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 2 of 30)
16766      INFO  libusbsio HID enumeration[44672224]: initialized
16767     DEBUG  libusbsio HID enumeration[44672224]: device #0: MCU HID GENERIC DEVICE
16769     DEBUG  libusbsio HID enumeration[44672224]: device #1: USB Optical Mouse 
16770      INFO  libusbsio HID enumeration[44672224]: finished, total 2 devices
16801     DEBUG fido2.hid.linux Failed opening device /dev/hidraw3
Traceback (most recent call last):
  File "fido2/hid/linux.py", line 98, in list_descriptors
  File "fido2/hid/linux.py", line 55, in get_descriptor
PermissionError: [Errno 13] Permission denied: '/dev/hidraw3'
16801      INFO spsdk.mboot.mcuboot Connect: MCU HID GENERIC DEVICE (0x20A0, 0x42DD)
16801     DEBUG spsdk.mboot.interfaces.usb Open Interface
16802      INFO libusbsio.hidapi.dev Opening HID device at path: 'b'/dev/hidraw3''
16802     ERROR libusbsio.hidapi.dev HID device 'b'/dev/hidraw3'' opening failed.
20108     DEBUG pynitrokey.nk3.updates Starting firmware update
20108      INFO spsdk.mboot.mcuboot CMD: ReceiveSBfile(data_length=451152)
20108      INFO spsdk.mboot.mcuboot CMD: GetProperty('MaxPacketSize', index=0)
20108     DEBUG spsdk.mboot.mcuboot TX-PACKET: Tag=GetProperty, Flags=0x00, P[0]=0x0000000B, P[1]=0x00000000
20108     DEBUG spsdk.mboot.interfaces.usb OUT[16]: 01, 00, 0C, 00, 07, 00, 00, 02, 0B, 00, 00, 00, 00, 00, 00, 00
20109    WARNING spsdk.mboot.mcuboot CMD: Unable to get MAX PACKET SIZE, using: 32
20109      INFO spsdk.mboot.mcuboot CMD: Max Packet Size = 32
20113     DEBUG spsdk.mboot.mcuboot TX-PACKET: Tag=ReceiveSBFile, Flags=0x01, P[0]=0x0006E250
20113     DEBUG spsdk.mboot.interfaces.usb OUT[12]: 01, 00, 08, 00, 08, 01, 00, 01, 50, E2, 06, 00
20114      INFO spsdk.mboot.mcuboot Closing: MCU HID GENERIC DEVICE (0x20A0, 0x42DD)
20114     DEBUG spsdk.mboot.interfaces.usb Close Interface
20114     DEBUG pynitrokey.nk3.updates Received connection error
Traceback (most recent call last):
  File "spsdk/mboot/interfaces/usb.py", line 214, in write
  File "libusbsio/libusbsio.py", line 1357, in wrapper
  File "libusbsio/libusbsio.py", line 1342, in _check_device_open
libusbsio.libusbsio.LIBUSBSIO_Exception: LIBUSBSIO: HID DEVICE is not open.

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "pynitrokey/nk3/updates.py", line 362, in _perform_update
  File "pynitrokey/nk3/bootloader/lpc55.py", line 106, in update
  File "spsdk/mboot/mcuboot.py", line 655, in receive_sb_file
  File "spsdk/mboot/mcuboot.py", line 117, in _process_cmd
  File "spsdk/mboot/interfaces/usb.py", line 217, in write
spsdk.mboot.exceptions.McuBootConnectionError: MBoot: Connection issue -> LIBUSBSIO: HID DEVICE is not open.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "pynitrokey/nk3/updates.py", line 340, in _get_bootloader
  File "pynitrokey/nk3/updates.py", line 215, in update
  File "pynitrokey/nk3/updates.py", line 364, in _perform_update
pynitrokey.cli.exceptions.CliException: Failed to perform firmware update
MBoot: Connection issue -> LIBUSBSIO: HID DEVICE is not open.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "spsdk/mboot/interfaces/usb.py", line 170, in close
  File "libusbsio/libusbsio.py", line 1357, in wrapper
  File "libusbsio/libusbsio.py", line 1342, in _check_device_open
libusbsio.libusbsio.LIBUSBSIO_Exception: LIBUSBSIO: HID DEVICE is not open.

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "pynitrokey/nk3/updates.py", line 341, in _get_bootloader
  File "pynitrokey/nk3/base.py", line 25, in __exit__
  File "pynitrokey/nk3/bootloader/lpc55.py", line 73, in close
  File "spsdk/mboot/mcuboot.py", line 276, in close
  File "spsdk/mboot/interfaces/usb.py", line 173, in close
spsdk.mboot.exceptions.McuBootConnectionError: MBoot: Connection issue -> Unable to close device 'b'/dev/hidraw3'' VID=8352 PID=17117 SN=''
20615     DEBUG pynitrokey.nk3.updates Trying to connect to bootloader (try 2 of 3)
20615     DEBUG pynitrokey.cli.nk3 Searching Nitrokey 3 bootloader device (try 1 of 30)
20618      INFO  libusbsio HID enumeration[47012176]: initialized
20618     DEBUG  libusbsio HID enumeration[47012176]: device #0: MCU HID GENERIC DEVICE
20619     DEBUG  libusbsio HID enumeration[47012176]: device #1: USB Optical Mouse 
20619      INFO  libusbsio HID enumeration[47012176]: finished, total 2 devices
20689      INFO spsdk.mboot.mcuboot Connect: MCU HID GENERIC DEVICE (0x20A0, 0x42DD)
20689     DEBUG spsdk.mboot.interfaces.usb Open Interface
20689      INFO libusbsio.hidapi.dev Opening HID device at path: 'b'/dev/hidraw3''
20748      INFO libusbsio.hidapi.dev HID device 47005312 is now open
20748    WARNING pynitrokey.cli An unhandled exception occurred
Traceback (most recent call last):
  File "spsdk/mboot/interfaces/usb.py", line 214, in write
  File "libusbsio/libusbsio.py", line 1357, in wrapper
  File "libusbsio/libusbsio.py", line 1342, in _check_device_open
libusbsio.libusbsio.LIBUSBSIO_Exception: LIBUSBSIO: HID DEVICE is not open.

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "pynitrokey/nk3/updates.py", line 362, in _perform_update
  File "pynitrokey/nk3/bootloader/lpc55.py", line 106, in update
  File "spsdk/mboot/mcuboot.py", line 655, in receive_sb_file
  File "spsdk/mboot/mcuboot.py", line 117, in _process_cmd
  File "spsdk/mboot/interfaces/usb.py", line 217, in write
spsdk.mboot.exceptions.McuBootConnectionError: MBoot: Connection issue -> LIBUSBSIO: HID DEVICE is not open.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "pynitrokey/nk3/updates.py", line 340, in _get_bootloader
  File "pynitrokey/nk3/updates.py", line 215, in update
  File "pynitrokey/nk3/updates.py", line 364, in _perform_update
pynitrokey.cli.exceptions.CliException: Failed to perform firmware update
MBoot: Connection issue -> LIBUSBSIO: HID DEVICE is not open.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "pynitrokey/cli/__init__.py", line 129, in main
  File "click/core.py", line 1130, in __call__
  File "click/core.py", line 1055, in main
  File "click/core.py", line 1657, in invoke
  File "click/core.py", line 1657, in invoke
  File "click/core.py", line 1404, in invoke
  File "click/core.py", line 760, in invoke
  File "click/decorators.py", line 38, in new_func
  File "pynitrokey/cli/nk3/__init__.py", line 447, in update
  File "pynitrokey/cli/nk3/update.py", line 140, in update
  File "pynitrokey/nk3/updates.py", line 215, in update
  File "contextlib.py", line 169, in __exit__
RuntimeError: generator didn't stop after throw()
20750     DEBUG       root print: Critical error:
20750     DEBUG       root print: An unhandled exception occurred
20750     ERROR       root generator didn't stop after throw()
Traceback (most recent call last):
  File "spsdk/mboot/interfaces/usb.py", line 214, in write
  File "libusbsio/libusbsio.py", line 1357, in wrapper
  File "libusbsio/libusbsio.py", line 1342, in _check_device_open
libusbsio.libusbsio.LIBUSBSIO_Exception: LIBUSBSIO: HID DEVICE is not open.

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "pynitrokey/nk3/updates.py", line 362, in _perform_update
  File "pynitrokey/nk3/bootloader/lpc55.py", line 106, in update
  File "spsdk/mboot/mcuboot.py", line 655, in receive_sb_file
  File "spsdk/mboot/mcuboot.py", line 117, in _process_cmd
  File "spsdk/mboot/interfaces/usb.py", line 217, in write
spsdk.mboot.exceptions.McuBootConnectionError: MBoot: Connection issue -> LIBUSBSIO: HID DEVICE is not open.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "pynitrokey/nk3/updates.py", line 340, in _get_bootloader
  File "pynitrokey/nk3/updates.py", line 215, in update
  File "pynitrokey/nk3/updates.py", line 364, in _perform_update
pynitrokey.cli.exceptions.CliException: Failed to perform firmware update
MBoot: Connection issue -> LIBUSBSIO: HID DEVICE is not open.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "pynitrokey/cli/__init__.py", line 129, in main
  File "click/core.py", line 1130, in __call__
  File "click/core.py", line 1055, in main
  File "click/core.py", line 1657, in invoke
  File "click/core.py", line 1657, in invoke
  File "click/core.py", line 1404, in invoke
  File "click/core.py", line 760, in invoke
  File "click/decorators.py", line 38, in new_func
  File "pynitrokey/cli/nk3/__init__.py", line 447, in update
  File "pynitrokey/cli/nk3/update.py", line 140, in update
  File "pynitrokey/nk3/updates.py", line 215, in update
  File "contextlib.py", line 169, in __exit__
RuntimeError: generator didn't stop after throw()
20751     DEBUG       root listing all connected devices:
20751     DEBUG       root :: 'Nitrokey FIDO2' keys
20751     DEBUG       root :: 'Nitrokey Start' keys:
20766     DEBUG       root :: 'Nitrokey 3' keys
20768      INFO  libusbsio HID enumeration[46962272]: initialized
20768     DEBUG  libusbsio HID enumeration[46962272]: device #0: MCU HID GENERIC DEVICE
20768     DEBUG  libusbsio HID enumeration[46962272]: device #1: USB Optical Mouse 
20768      INFO  libusbsio HID enumeration[46962272]: finished, total 2 devices
20783      INFO spsdk.mboot.mcuboot Connect: MCU HID GENERIC DEVICE (0x20A0, 0x42DD)
20783     DEBUG spsdk.mboot.interfaces.usb Open Interface
20783      INFO libusbsio.hidapi.dev Opening HID device at path: 'b'/dev/hidraw3''
20783      INFO libusbsio.hidapi.dev HID device 44709584 is now open
20783      INFO spsdk.mboot.mcuboot CMD: GetProperty('UniqueDeviceIdent', index=0)
20783     DEBUG spsdk.mboot.mcuboot TX-PACKET: Tag=GetProperty, Flags=0x00, P[0]=0x00000012, P[1]=0x00000000
20783     DEBUG spsdk.mboot.interfaces.usb OUT[16]: 01, 00, 0C, 00, 07, 00, 00, 02, 12, 00, 00, 00, 00, 00, 00, 00
20783     DEBUG libusbsio.hidapi.dev HID device 44709584 writing[16]: 0x01000c00070000021200000000000000
20784     DEBUG libusbsio.hidapi.dev HID device 44709584 wrote 59 bytes
20785     DEBUG libusbsio.hidapi.dev HID device 44709584 read[60]: 0x03001800a7000005000000008d8bc974a25bcb5abc4ad7f110553dc60000000000000000000000000000000000000000000000000000000000000000
20786     DEBUG spsdk.mboot.interfaces.usb IN [60]: 03, 00, 18, 00, A7, 00, 00, 05, 00, 00, 00, 00, 8D, 8B, C9, 74, A2, 5B, CB, 5A, BC, 4A, D7, F1, 10, 55, 3D, C6, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00
20786     DEBUG spsdk.mboot.mcuboot RX-PACKET: Tag=GetPropertyResponse, Status=Success, v0=0x74C98B8D, v1=0x5ACB5BA2, v2=0xF1D74ABC, v3=0xC63D5510
20787     DEBUG       root /dev/hidraw3: Nitrokey 3 Bootloader (LPC55) 8D8BC974A25BCB5ABC4AD7F110553DC6
20787      INFO spsdk.mboot.mcuboot Closing: MCU HID GENERIC DEVICE (0x20A0, 0x42DD)
20787     DEBUG spsdk.mboot.interfaces.usb Close Interface
20787      INFO libusbsio.hidapi.dev HID device 44709584 closed
20787     DEBUG       root print: --------------------------------------------------------------------------------
20788     DEBUG       root print: Critical error occurred, exiting now
20788     DEBUG       root print: Unexpected? Is this a bug? Would you like to get support/help?
20788     DEBUG       root print: - You can report issues at: htt ps :/  /s upport.nitrokey. com/
20788     DEBUG       root print: - Writing an e-mail to sup port@ nitrokey.com is also possible
20788     DEBUG       root print: - Please attach the log: '/tmp/nitropy.log.ta1f19nd' with any support/help request!
20788     DEBUG       root print: - Please check if you have udev rules installed: htt p s: / /do cs.nitrokey. com/nitrokey3/linux/firmware-update.html#troubleshooting
20789      INFO spsdk.mboot.mcuboot Closing: MCU HID GENERIC DEVICE (0x20A0, 0x42DD)
20789     DEBUG spsdk.mboot.interfaces.usb Close Interface
20789      INFO libusbsio.hidapi.dev HID device 47005312 closed
stefan@Acer-Aspire-E5-571G:~$

P. S. Auch hier meckert die Forensoftware wieder wegen der zu vielen Links… daher ein paar eingefügte Leerzeichen, weil ich nicht weiß, warum das einfach immer nocht nicht geht.

Für mich sieht es so aus, als hängt der im Bootloader fest und hat gar nicht das eigentliche OS in seinen Innereien geladen. Wenn der so gekommen ist, würde ich den gleich beim Kundendienst reklamieren.

Das Update-Problem ist uns bekannt und wird gerade untersucht. In der Zwischenzeit kannst du es vermeiden, indem du vor dem Update manuell in den Bootloader-Modus wechselst:

$ nitropy nk3 reboot --bootloader
$ nitropy nk3 update
1 Like

Danke, das war die Lösung. :slight_smile:

stefan@Acer-Aspire-E5-571G:~$ nitropy nk3 reboot --bootloader
Command line tool to interact with Nitrokey devices 0.4.36
Please press the touch button to reboot the device into bootloader mode ...
stefan@Acer-Aspire-E5-571G:~$ nitropy nk3 update
Command line tool to interact with Nitrokey devices 0.4.36
Do you want to download the firmware version v1.4.0? [Y/n]: y
Download v1.4.0: 100%|███████████████████████| 894k/894k [00:00<00:00, 1.13MB/s]
Current firmware version:  [unknown]
Updated firmware version:  v1.4.0

Please do not remove the Nitrokey 3 or insert any other Nitrokey 3 devices during the update. Doing so may damage the Nitrokey 3.
Do you want to perform the firmware update now? [y/N]: y
Perform firmware update: 100%|███████████████| 451k/451k [00:05<00:00, 77.7kB/s]
Finalize upgrade: 100%|████████████████████████| 100/100 [00:06<00:00, 14.61%/s]
stefan@Acer-Aspire-E5-571G:~$ nitropy nk3 status
Command line tool to interact with Nitrokey devices 0.4.36
UUID:               8D8BC974A25BCB5ABC4AD7F110553DC6
Firmware version:   v1.4.0
Init status:        ok
Free blocks (int):  60
Free blocks (ext):  478
stefan@Acer-Aspire-E5-571G:~$

Jetzt kommt das 2. Problem: :frowning:

stefan@Acer-Aspire-E5-571G:~$ nitropy nk3 test
Command line tool to interact with Nitrokey devices 0.4.36
Found 1 Nitrokey 3 device(s):
- Nitrokey 3 at /dev/hidraw2

Running tests for Nitrokey 3 at /dev/hidraw2

[1/5]	uuid         	UUID query              	SUCCESS  	8D8BC974A25BCB5ABC4AD7F110553DC6
[2/5]	version      	Firmware version query  	SUCCESS  	v1.4.0
[3/5]	status       	Device status           	SUCCESS  	Status(init_status=<InitStatus.0: 0>, ifs_blocks=60, efs_blocks=478)
[4/5]	provisioner  	Firmware mode           	FAILURE  	No smartcard with UUID 8D8BC974A25BCB5ABC4AD7F110553DC6 found
Please press the touch button on the device ...
Please press the touch button on the device ...
[5/5]	fido2        	FIDO2                   	SUCCESS  	

5 tests, 4 successful, 0 skipped, 1 failed

Summary: 1 device(s) tested, 0 successful, 1 failed

Critical error:
Test failed for 1 device(s)

--------------------------------------------------------------------------------
Critical error occurred, exiting now
Unexpected? Is this a bug? Would you like to get support/help?
- You can report issues at: https://support.nitrokey.com/
- Writing an e-mail to support@nitrokey.com is also possible
- Please attach the log: '/tmp/nitropy.log.p6cfvfk4' with any support/help request!
- Please check if you have udev rules installed: https://docs.nitrokey.com/nitrokey3/linux/firmware-update.html#troubleshooting

stefan@Acer-Aspire-E5-571G:~$ cat /tmp/nitropy.log.p6cfvfk4 
350        INFO pynitrokey.cli Timestamp: 2023-05-10 14:03:08.116558
350        INFO pynitrokey.cli OS: uname_result(system='Linux', node='Acer-Aspire-E5-571G', release='5.15.0-71-generic', version='#78~20.04.1-Ubuntu SMP Wed Apr 19 11:26:48 UTC 2023', machine='x86_64')
350        INFO pynitrokey.cli Python version: 3.9.16
354        INFO pynitrokey.cli pynitrokey version: 0.4.36
357        INFO pynitrokey.cli cryptography version: 36.0.2
360        INFO pynitrokey.cli ecdsa version: 0.18.0
363        INFO pynitrokey.cli fido2 version: 1.1.1
366        INFO pynitrokey.cli pyusb version: 1.2.1
369        INFO pynitrokey.cli spsdk version: 1.7.1
392        INFO pynitrokey.cli.nk3.test platform: Linux-5.15.0-71-generic-x86_64-with-glibc2.31
392        INFO pynitrokey.cli.nk3.test uname: uname_result(system='Linux', node='Acer-Aspire-E5-571G', release='5.15.0-71-generic', version='#78~20.04.1-Ubuntu SMP Wed Apr 19 11:26:48 UTC 2023', machine='x86_64')
929        INFO  libusbsio Loading SIO library: /tmp/_MEIzbaVpb/libusbsio/libusbsio.so
932        INFO  libusbsio HID enumeration[16304352]: initialized
932       DEBUG  libusbsio HID enumeration[16304352]: device #0: Nitrokey 3
932       DEBUG  libusbsio HID enumeration[16304352]: device #1: USB Optical Mouse
933        INFO  libusbsio HID enumeration[16304352]: finished, total 2 devices
999       DEBUG fido2.hid.linux Failed opening device /dev/hidraw1
Traceback (most recent call last):
  File "fido2/hid/linux.py", line 98, in list_descriptors
  File "fido2/hid/linux.py", line 55, in get_descriptor
PermissionError: [Errno 13] Permission denied: '/dev/hidraw1'
1000      DEBUG fido2.hid.linux Failed opening device /dev/hidraw0
Traceback (most recent call last):
  File "fido2/hid/linux.py", line 98, in list_descriptors
  File "fido2/hid/linux.py", line 55, in get_descriptor
PermissionError: [Errno 13] Permission denied: '/dev/hidraw0'
1072      DEBUG       root print: Found 1 Nitrokey 3 device(s):
1072      DEBUG       root print: - Nitrokey 3 at /dev/hidraw2
1072      DEBUG       root print: Running tests for Nitrokey 3 at /dev/hidraw2
1080      DEBUG       root print: [1/5]	uuid         	UUID query              SUCCESS  	8D8BC974A25BCB5ABC4AD7F110553DC6
1087      DEBUG       root print: [2/5]	version      	Firmware version query  SUCCESS  	v1.4.0
1095       INFO pynitrokey.cli.nk3.test Device status: Status(init_status=<InitStatus.0: 0>, ifs_blocks=60, efs_blocks=478)
1096      DEBUG       root print: [3/5]	status       	Device status           SUCCESS  	Status(init_status=<InitStatus.0: 0>, ifs_blocks=60, efs_blocks=478)
1369      ERROR pynitrokey.cli.nk3.test An exception occured during the execution of the test provisioner:
Traceback (most recent call last):
  File "pynitrokey/cli/nk3/test.py", line 365, in run_tests
  File "pynitrokey/cli/nk3/test.py", line 226, in test_firmware_mode
  File "pynitrokey/cli/nk3/test.py", line 212, in find_smartcard
Exception: No smartcard with UUID 8D8BC974A25BCB5ABC4AD7F110553DC6 found
1369      DEBUG       root print: [4/5]	provisioner  	Firmware mode           FAILURE  	No smartcard with UUID 8D8BC974A25BCB5ABC4AD7F110553DC6 found
1412      DEBUG fido2.server Fido2Server initialized for RP: PublicKeyCredentialRpEntity(name='Example RP', id='example.com')
1413      DEBUG fido2.server Starting new registration, existing credentials: 
1415      DEBUG       root print: Please press the touch button on the device ...
1421      DEBUG fido2.client Register a new credential for RP ID: example.com
1452      DEBUG fido2.ctap2.base Calling CTAP2 make_credential
1619      DEBUG  fido2.hid Got keepalive status: 02
1871      DEBUG  fido2.hid Got keepalive status: 02
2119      DEBUG  fido2.hid Got keepalive status: 02
2367      DEBUG  fido2.hid Got keepalive status: 02
2619      DEBUG  fido2.hid Got keepalive status: 02
2867      DEBUG  fido2.hid Got keepalive status: 02
3119      DEBUG  fido2.hid Got keepalive status: 02
3367      DEBUG  fido2.hid Got keepalive status: 02
3615      DEBUG  fido2.hid Got keepalive status: 02
3867      DEBUG  fido2.hid Got keepalive status: 02
4115      DEBUG  fido2.hid Got keepalive status: 02
4367      DEBUG  fido2.hid Got keepalive status: 02
4668      DEBUG fido2.server Verifying attestation of type packed
4668       INFO fido2.server New credential registered: a30058980e111f6257d45baf616e3d67b3f18e4a96df9c67166f0b2345063827c93a8fa0b57e3b53f03d2d4b12ca1b12b2ee60a6bf9dfb24629cb7b512ce1c6ff37453b1e42102c68f2a1ebd5227a35723a4212c5f6c13d12d9205e2919a724d2f79049899736ca3e497aba03b4e6a7d161c02b23467080f9e7b3b9b90ed02d362812c877cc98ae7a7b84ed874434c6b8c8e4e7b2f3e96438f4004b7014c45437c3b6416d4766d6193300250bfde2a1eb11f29450f11d9fef362e897
4670      DEBUG fido2.server Starting new authentication, for credentials: a30058980e111f6257d45baf616e3d67b3f18e4a96df9c67166f0b2345063827c93a8fa0b57e3b53f03d2d4b12ca1b12b2ee60a6bf9dfb24629cb7b512ce1c6ff37453b1e42102c68f2a1ebd5227a35723a4212c5f6c13d12d9205e2919a724d2f79049899736ca3e497aba03b4e6a7d161c02b23467080f9e7b3b9b90ed02d362812c877cc98ae7a7b84ed874434c6b8c8e4e7b2f3e96438f4004b7014c45437c3b6416d4766d6193300250bfde2a1eb11f29450f11d9fef362e897
4671      DEBUG       root print: Please press the touch button on the device ...
4674      DEBUG fido2.client Assert a credential for RP ID: example.com
4701      DEBUG fido2.ctap2.base Calling CTAP2 get_assertion
4883       INFO fido2.server Credential authenticated: a30058980e111f6257d45baf616e3d67b3f18e4a96df9c67166f0b2345063827c93a8fa0b57e3b53f03d2d4b12ca1b12b2ee60a6bf9dfb24629cb7b512ce1c6ff37453b1e42102c68f2a1ebd5227a35723a4212c5f6c13d12d9205e2919a724d2f79049899736ca3e497aba03b4e6a7d161c02b23467080f9e7b3b9b90ed02d362812c877cc98ae7a7b84ed874434c6b8c8e4e7b2f3e96438f4004b7014c45437c3b6416d4766d6193300250bfde2a1eb11f29450f11d9fef362e897
4883      DEBUG       root print: [5/5]	fido2        	FIDO2                   SUCCESS
4884      DEBUG       root print: 5 tests, 4 successful, 0 skipped, 1 failed
4884      DEBUG       root print: Summary: 1 device(s) tested, 0 successful, 1 failed
4884      DEBUG       root print: Critical error:
4885      DEBUG       root print: Test failed for 1 device(s)
4885      DEBUG       root listing all connected devices:
4891      DEBUG       root :: 'Nitrokey FIDO2' keys
4891      DEBUG       root :: 'Nitrokey Start' keys:
4902      DEBUG       root :: 'Nitrokey 3' keys
4903       INFO  libusbsio HID enumeration[15505456]: initialized
4903      DEBUG  libusbsio HID enumeration[15505456]: device #0: Nitrokey 3
4904      DEBUG  libusbsio HID enumeration[15505456]: device #1: USB Optical Mouse
4904       INFO  libusbsio HID enumeration[15505456]: finished, total 2 devices
4935      DEBUG       root /dev/hidraw2: Nitrokey 3 8D8BC974A25BCB5ABC4AD7F110553DC6
4936      DEBUG       root print: --------------------------------------------------------------------------------
4936      DEBUG       root print: Critical error occurred, exiting now
4936      DEBUG       root print: Unexpected? Is this a bug? Would you like to get support/help?
4936      DEBUG       root print: - You can report issues at: https://support.nitrokey.com/
4936      DEBUG       root print: - Writing an e-mail to support@nitrokey.com is also possible
4936      DEBUG       root print: - Please attach the log: '/tmp/nitropy.log.p6cfvfk4' with any support/help request!
4936      DEBUG       root print: - Please check if you have udev rules installed: https://docs.nitrokey.com/nitrokey3/linux/firmware-update.html#troubleshooting
stefan@Acer-Aspire-E5-571G:~$ 

Das zweite Problem kannst du guten Gewissens ignorieren: Der provisioner-Test ist eigentlich nur für die Produktion relevant und nicht für Endnutzer, daher wird er auch in der nächsten pynitrokey-Version standardmäßig deaktiviert. Bis dahin kannst du ihn entweder ignorieren oder mit --exclude provisioner deaktivieren.

1 Like

Danke :slight_smile:

Morgen werde ich dann versuchen, meinen Test-Account auf dem Rechner mit dem Nitrokey zu verknüpfen.