Update NK3 not working

Daniel · March 8, 2022, 8:40am

Hallo,

ich wollte meinen Nitrokey3 mal updaten und wieder testen. Vorher schön “pip3 install --upgrade pynitrokey” laufen lassen, danach “nitropy nk3 update” mit folgendem Fehler:

Nitrokey tool for Nitrokey FIDO2, Nitrokey Start, Nitrokey 3 & NetHSM
Current firmware version:  v1.0.0
Latest firmware version:   v1.0.2
Do you want to download the firmware version v1.0.2? [Y/n]: y
Download v1.0.2: 100%|███████████████████████████████████████████████████████████████| 304k/304k [00:00<00:00, 5.33MB/s]

Please do not remove the Nitrokey 3 or insert any other Nitrokey 3 devices during the update. Doing so may damage the Nitrokey 3.
Do you want to perform the firmware update now? [y/N]: y

Please press the touch button to reboot the device into bootloader mode ...
[Press]

Critical error:
Failed to connect to Nitrokey 3 bootloader
Are the Nitrokey udev rules installed and active?
    Exception encountered: McuBootConnectionError()
Traceback (most recent call last):
  File "/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/__init__.py", line 105, in main
    nitropy()
  File "/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/click/decorators.py", line 27, in new_func
    return f(get_current_context().obj, *args, **kwargs)
  File "/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/nk3/__init__.py", line 377, in update
    raise CliException(*msgs, exc)
pynitrokey.cli.exceptions.CliException: Failed to connect to Nitrokey 3 bootloader
Are the Nitrokey udev rules installed and active?
MBoot: Connection issue -> Unable to open device 'b'/dev/hidraw5'' VID=8352 PID=17117 SN=''

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/daniel/.local/lib/python3.8/site-packages/spsdk/mboot/interfaces/usb.py", line 153, in open
    self.device.Open(self.path)
  File "/home/daniel/.local/lib/python3.8/site-packages/libusbsio/libusbsio.py", line 1322, in Open
    self.logger.info("HID device %d is now open" % self._h)
TypeError: %d format: a number is required, not NoneType

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/daniel/.local/bin/nitropy", line 8, in <module>
    sys.exit(main())
  File "/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/__init__.py", line 107, in main
    e.show()
  File "/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/exceptions.py", line 25, in show
    local_critical(
  File "/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/helpers.py", line 202, in local_critical
    nitropy.commands["list"].callback()
  File "/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/__init__.py", line 90, in list
    _list()
  File "/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/__init__.py", line 84, in _list
    nk3.commands["list"].callback()
  File "/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/nk3/__init__.py", line 110, in list
    with device as device:
  File "/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/nk3/bootloader.py", line 47, in __enter__
    self.device.open()
  File "/home/daniel/.local/lib/python3.8/site-packages/spsdk/mboot/mcuboot.py", line 258, in open
    self._device.open()
  File "/home/daniel/.local/lib/python3.8/site-packages/spsdk/mboot/interfaces/usb.py", line 156, in open
    raise McuBootConnectionError(
spsdk.mboot.exceptions.McuBootConnectionError: MBoot: Connection issue -> Unable to open device 'b'/dev/hidraw5'' VID=8352 PID=17117 SN=''

Habt Ihr eine Lösung?

Viele Grüße
Daniel

szszszsz · March 8, 2022, 4:36pm

Hi!

You need udev rules installed (its mentioned here before the error messages show up and clutter the view). For details please take a look at:
- Firmware Update — Nitrokey Documentation (see Troubleshooting)
Somehow the errors slipped through - we will take a look to make the output more human readable.

Registered as:

Uncaught exception on connection issues · Issue #207 · Nitrokey/pynitrokey · GitHub

Daniel · March 9, 2022, 7:43am

Hello,

i does udev installed.

daniel@Daniel-Desktop:/etc/udev/rules.d$ ls -lha
insgesamt 80K
drwxr-xr-x 2 root root 4,0K Jan 19 15:25 .
drwxr-xr-x 4 root root 4,0K Jan 13 10:01 …
-rw-r–r-- 1 root root 1,8K Jan 19 15:25 20-hw1.rules
-rw-r–r-- 1 root root 2,6K Dez 13 16:36 41-nitrokey.rules
-rw-r–r-- 1 root root 59K Dez 12 13:02 70-snap.snapd.rules
-rw-r–r-- 1 root root 2,5K Aug 19 2021 70-snap.snap-store.rules

what can i do more?
Daniel

szszszsz · March 9, 2022, 3:11pm

Can you refresh it just in case? I see yours is dated December last year, while the last update was in January, and it contains the NK3 bootloader entry correction.
Links:

Daniel · March 10, 2022, 7:44am

Hello,
thank you for your Post. I did update the rules file from GitHub, than reboot, but still not working again:

Nitrokey tool for Nitrokey FIDO2, Nitrokey Start, Nitrokey 3 & NetHSM
Current firmware version: v1.0.0
Latest firmware version: v1.0.2
Do you want to download the firmware version v1.0.2? [Y/n]: y
Download v1.0.2: 100%|███████████████████████████████████████████████████████████████| 304k/304k [00:00<00:00, 7.18MB/s]

Please do not remove the Nitrokey 3 or insert any other Nitrokey 3 devices during the update. Doing so may damage the Nitrokey 3.
Do you want to perform the firmware update now? [y/N]: y

Please press the touch button to reboot the device into bootloader mode …

Critical error:
Failed to connect to Nitrokey 3 bootloader
Are the Nitrokey udev rules installed and active?
Exception encountered: McuBootConnectionError()
Traceback (most recent call last):
File “/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/init.py”, line 105, in main
nitropy()
File “/usr/lib/python3/dist-packages/click/core.py”, line 764, in call
return self.main(*args, **kwargs)
File “/usr/lib/python3/dist-packages/click/core.py”, line 717, in main
rv = self.invoke(ctx)
File “/usr/lib/python3/dist-packages/click/core.py”, line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File “/usr/lib/python3/dist-packages/click/core.py”, line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File “/usr/lib/python3/dist-packages/click/core.py”, line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File “/usr/lib/python3/dist-packages/click/core.py”, line 555, in invoke
return callback(*args, **kwargs)
File “/usr/lib/python3/dist-packages/click/decorators.py”, line 27, in new_func
return f(get_current_context().obj, *args, **kwargs)
File “/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/nk3/init.py”, line 377, in update
raise CliException(*msgs, exc)
pynitrokey.cli.exceptions.CliException: Failed to connect to Nitrokey 3 bootloader
Are the Nitrokey udev rules installed and active?
MBoot: Connection issue → Unable to open device ‘b’/dev/hidraw5’’ VID=8352 PID=17117 SN=‘’

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/home/daniel/.local/lib/python3.8/site-packages/spsdk/mboot/interfaces/usb.py”, line 153, in open
self.device.Open(self.path)
File “/home/daniel/.local/lib/python3.8/site-packages/libusbsio/libusbsio.py”, line 1322, in Open
self.logger.info(“HID device %d is now open” % self._h)
TypeError: %d format: a number is required, not NoneType

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File “/home/daniel/.local/bin/nitropy”, line 8, in
sys.exit(main())
File “/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/init.py”, line 107, in main
e.show()
File “/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/exceptions.py”, line 25, in show
local_critical(
File “/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/helpers.py”, line 202, in local_critical
nitropy.commands[“list”].callback()
File “/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/init.py”, line 90, in list
_list()
File “/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/init.py”, line 84, in _list
nk3.commands[“list”].callback()
File “/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/cli/nk3/init.py”, line 110, in list
with device as device:
File “/home/daniel/.local/lib/python3.8/site-packages/pynitrokey/nk3/bootloader.py”, line 47, in enter
self.device.open()
File “/home/daniel/.local/lib/python3.8/site-packages/spsdk/mboot/mcuboot.py”, line 258, in open
self._device.open()
File “/home/daniel/.local/lib/python3.8/site-packages/spsdk/mboot/interfaces/usb.py”, line 156, in open
raise McuBootConnectionError(
spsdk.mboot.exceptions.McuBootConnectionError: MBoot: Connection issue → Unable to open device ‘b’/dev/hidraw5’’ VID=8352 PID=17117 SN=‘’

Thank you
Daniel

Daniel · March 10, 2022, 7:53am

oh, i tryed the same on a second PC. There ist now working. I have 1.0.2 right now on my Nitrokey

Thank’s a lot!
Daniel

f0x · March 10, 2022, 8:56am

I can confirm this behavior. Same thing happens on my computer

szszszsz · March 10, 2022, 9:28am

Please check the udev setup description:

Firmware Update — Nitrokey Documentation

After copying the udev rules file either reboot is required, or executing the following commands:

udevadm control --reload-rules && udevadm trigger

f0x · March 10, 2022, 3:52pm

I had to update nitropy to get it working. Seems to have been the issue here.

However I’m wondering why I still can login to my Nextcloud with the same Nitrokey. Doesn’t it say in the docs that the firmware update will delete all user data?

szszszsz · March 11, 2022, 2:36pm

Thank you for sharing. We plan to notify about nitropy updates, so it could be done before the firmware is updated, as this seems to be a common problem to use old version of the tool.
FIDO2 responses were modified in the last releases, and registrations done with it stopped working due to the changed key identifiers. This could happen to FIDO U2F registrations in the future too (see “Google” issue). Technically the actual user data are retained, but are differently interpreted. Nextcloud does communicate over FIDO U2F AFAIR which was not modified recently, hence it works.

f0x · April 8, 2022, 1:13pm

Sorry for the late reply.

To 1) I think thats quite a good idea. Maybe it would also help to show which command the user should run to update nitropy if the version is outdated. I imagine not everyone is used to pip.

To 2) Just to be sure: Is it still necessary to introduce the NK3 to my Nextcloud again or can I be sure that it will keep working also after other upcoming firmware updates?

mrwsl · April 10, 2022, 6:38am

Does this explain why unlocking LUKS and pam modules doesn’t work after updating?

If true a warning would have been nice that one might need to update their unlocking methods.