Invalid hash for start GitHub firmware blobs

resnarf · June 28, 2021, 6:25pm

nitropy start update
Nitrokey tool for Nitrokey FIDO2, Nitrokey Start & NetHSM
Nitrokey Start firmware update tool
Platform: Linux-4.19.0-17-amd64-x86_64-with-debian-10.10
System: Linux, is_linux: True
Python: 3.7.3
…

FirmwareType.REGNUAL: 4504, hash: …b’65ac82a1’ invalid (from …built/RTM.11/regnual.bin)
– FirmwareType.GNUK: 131072, hash: …b’b5885c73’ invalid (from …prebuilt/RTM.11/gnuk.bin)

No RTM.11 hashes here

https://raw.githubusercontent.com/Nitrokey/nitrokey-start-firmware/gnuk1.2-regnual-fix/prebuilt/checksums.sha512

The validate_hash function in upgrade_by_passwd.py should crash&burn if the hash is invalid !

szszszsz · June 29, 2021, 10:25am

Hi!

Thank you for the report! Corrected - I have used this time wrong filename for the hashes for some reason. Now the automatic update passes.
Aborting idea registered as:

Idea: abort update if hash sum does not match · Issue #91 · Nitrokey/pynitrokey · GitHub

Just a heads-up: RTM.11 is just maintenance release, without any new features or corrections. It is safe to skip it, if you are using RTM.10 already.