Hey,
still have problems with Qubes to update Nitrokey3(a).
udev rules are up to date and restarted.
pipx and pynitrokey are installed.
I get “no module named pynitrokey” while “nitropy nk3 update”
cheers
nitrop
Tried to update it via the NitrokeyApp2 and I suppose I bricked it. Now it shows me this message and the key can not be recognized by the service (f.e. paypal):
302 INFO nitrokeyapp.logger Timestamp: 2024-11-08 16:34:41.513642
302 INFO nitrokeyapp.logger OS: uname_result(system=‘Linux’, node=‘XYZ’, release=‘6.11.2-1.qubes.fc37.x86_64’, version=‘#1 SMP PREEMPT_DYNAMIC Mon Oct 7 22:08:10 GMT 2024’, machine=‘x86_64’)
302 INFO nitrokeyapp.logger Python version: 3.11.10
303 INFO nitrokeyapp.logger nitrokeyapp version: 2.3.2
303 INFO nitrokeyapp.logger nitrokey version: 0.2.0
303 INFO nitrokeyapp.logger cryptography version: 43.0.1
304 INFO nitrokeyapp.logger ecdsa version: 0.19.0
304 INFO nitrokeyapp.logger fido2 version: 1.1.3
459 DEBUG fido2.hid.linux Failed opening device /dev/hidraw0
Traceback (most recent call last):
File “/app/lib/python3.11/site-packages/fido2/hid/linux.py”, line 98, in list_descriptors
devices.append(get_descriptor(hidraw))
^^^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/fido2/hid/linux.py”, line 55, in get_descriptor
with open(path, “rb”) as f:
^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: ‘/dev/hidraw0’
512 INFO nitrokeyapp.gui nk3 connected: [<nitrokeyapp.device_data.DeviceData object at 0x73f8c52a3e50>]
5884 INFO nitrokeyapp.update path: 4-3:1.0
5884 WARNING nitrokey.trussed._device No CTAPHID device at path 4-3:1.0
Traceback (most recent call last):
File “/app/lib/python3.11/site-packages/nitrokey/trussed/_device.py”, line 102, in open
device = open_device(path)
^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/fido2/hid/init.py”, line 269, in open_device
descriptor = get_descriptor(path)
^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/fido2/hid/linux.py”, line 55, in get_descriptor
with open(path, “rb”) as f:
^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: ‘4-3:1.0’
5884 INFO nitrokey.trussed._bootloader.lpc55_upload.mboot.mcuboot Connect: identifier=‘usb’, device= (0x20A0, 0x42DD)path=b’4-3:1.0’
5884 DEBUG nitrokey.trussed._bootloader.lpc55_upload.utils.interfaces.device.usb_device Opening the Interface: (0x20A0, 0x42DD)path=b’4-3:1.0’
5884 INFO nitrokeyapp.device_data Nitrokey 3 failed to update - SPSDK: Unable to open device ’ (0x20A0, 0x42DD)path=b’4-3:1.0’’
12171 DEBUG fido2.hid.linux Failed opening device /dev/hidraw1
Traceback (most recent call last):
File “/app/lib/python3.11/site-packages/fido2/hid/linux.py”, line 98, in list_descriptors
devices.append(get_descriptor(hidraw))
^^^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/fido2/hid/linux.py”, line 55, in get_descriptor
with open(path, “rb”) as f:
^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: ‘/dev/hidraw1’
20065 INFO nitrokeyapp.update path: /dev/hidraw1
20083 WARNING nitrokey.trussed._bootloader.lpc55 No HID device at /dev/hidraw1
20091 INFO nitrokey.nk3.updates Firmware version before update: v1.7.0
20092 DEBUG urllib3.connectionpool Starting new HTTPS connection (1): api.github.com:443
20635 DEBUG urllib3.connectionpool https://api.github.com:443 “GET /repos/Nitrokey/nitrokey-3-firmware/releases/latest HTTP/11” 200 1997
20637 INFO nitrokey.nk3.updates Latest firmware version: v1.7.2
20637 INFO nitrokey.nk3.updates Current firmware version: v1.7.0
20637 INFO nitrokey.nk3.updates Updated firmware version: v1.7.2
22643 INFO nitrokeyapp.update OK clicked (confirm download)
22643 INFO nitrokey.nk3.updates Trying to download firmware update from URL: https://github.com/Nitrokey/nitrokey-3-firmware/releases/download/v1.7.2/firmware-nk3-v1.7.2.zip
22644 DEBUG urllib3.connectionpool Starting new HTTPS connection (1): github.com:443
22825 DEBUG urllib3.connectionpool https://github.com:443 “GET /Nitrokey/nitrokey-3-firmware/releases/download/v1.7.2/firmware-nk3-v1.7.2.zip HTTP/11” 302 0
22828 DEBUG urllib3.connectionpool Starting new HTTPS connection (1): objects.githubusercontent.com:443
23399 DEBUG urllib3.connectionpool https://objects.githubusercontent.com:443 “GET /github-production-release-asset-2e65be/366410832/1ac1c61d-8a27-47ad-bb07-b220bde51882?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241108%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241108T153330Z&X-Amz-Expires=300&X-Amz-Signature=be5ef29a2688602b83e833b36eac996a0683cfbe714cafcf56b87fbd8056bd90&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dfirmware-nk3-v1.7.2.zip&response-content-type=application%2Foctet-stream HTTP/11” 200 1019935
25129 INFO nitrokeyapp.update OK clicked (confirm update)
25129 INFO nitrokeyapp.update requesting bootloader confirmation
26579 DEBUG nitrokey.trussed._device./dev/hidraw1 ignoring OSError after reboot
Traceback (most recent call last):
File “/app/lib/python3.11/site-packages/nitrokey/trussed/admin_app.py”, line 194, in reboot
self._call(AdminCommand.UPDATE)
File “/app/lib/python3.11/site-packages/nitrokey/trussed/admin_app.py”, line 165, in _call
return self.device._call(
^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/_device.py”, line 76, in _call
response = self.device.call(command, data=data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/fido2/hid/init.py”, line 191, in call
recv = self._connection.read_packet()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/fido2/hid/base.py”, line 80, in read_packet
return os.read(self.handle, self.descriptor.report_size_in)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
OSError: [Errno 5] Input/output error
27580 INFO nitrokeyapp.update Bootloader mode enabled. Repeat to update
27580 DEBUG nitrokey.nk3.updates Trying to connect to bootloader (try 1 of 3)
27580 DEBUG nitrokeyapp.update Searching Nitrokey 3 bootloader device (try 1 of 90)
27641 INFO nitrokey.trussed._bootloader.lpc55_upload.mboot.mcuboot Connect: identifier=‘usb’, device= (0x20A0, 0x42DD)path=b’4-3:1.0’
27641 DEBUG nitrokey.trussed._bootloader.lpc55_upload.utils.interfaces.device.usb_device Opening the Interface: (0x20A0, 0x42DD)path=b’4-3:1.0’
27642 INFO nitrokeyapp.device_data Nitrokey 3 failed to update - SPSDK: Unable to open device ’ (0x20A0, 0x42DD)path=b’4-3:1.0’’
48622 ERROR nitrokeyapp.gui Unhandled exception
Traceback (most recent call last):
File “/app/lib/python3.11/site-packages/nitrokeyapp/gui.py”, line 203, in
button.clicked.connect(lambda: self.show_device(data))
^^^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokeyapp/gui.py”, line 282, in show_device
self.info_box.set_device(data.name)
^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokeyapp/device_data.py”, line 33, in name
return f"Nitrokey 3: {self.uuid_prefix}"
^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokeyapp/device_data.py”, line 80, in uuid_prefix
return str(self.uuid)[:5]
^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokeyapp/device_data.py”, line 70, in uuid
self._uuid = self._device.uuid()
^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/_device.py”, line 64, in uuid
return self.admin.uuid()
^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/admin_app.py”, line 230, in uuid
uuid = self._call(AdminCommand.UUID)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/admin_app.py”, line 165, in _call
return self.device._call(
^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/_device.py”, line 76, in _call
response = self.device.call(command, data=data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/fido2/hid/init.py”, line 176, in call
self._connection.write_packet(packet.ljust(self._packet_size, b"\0"))
File “/app/lib/python3.11/site-packages/fido2/hid/linux.py”, line 47, in write_packet
super().write_packet(b"\0" + packet)
File “/app/lib/python3.11/site-packages/fido2/hid/base.py”, line 76, in write_packet
if os.write(self.handle, packet) != len(packet):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
OSError: [Errno 19] No such device
278731 ERROR nitrokeyapp.gui Unhandled exception
Traceback (most recent call last):
File “/app/lib/python3.11/site-packages/nitrokeyapp/gui.py”, line 318, in home_button_pressed
self.hide_device()
File “/app/lib/python3.11/site-packages/nitrokeyapp/gui.py”, line 302, in hide_device
self.hide_navigation()
File “/app/lib/python3.11/site-packages/nitrokeyapp/gui.py”, line 263, in hide_navigation
btn.unfold()
File “/app/lib/python3.11/site-packages/nitrokeyapp/nk3_button.py”, line 74, in unfold
self.setText(self.data.name)
^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokeyapp/device_data.py”, line 33, in name
return f"Nitrokey 3: {self.uuid_prefix}"
^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokeyapp/device_data.py”, line 80, in uuid_prefix
return str(self.uuid)[:5]
^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokeyapp/device_data.py”, line 70, in uuid
self._uuid = self._device.uuid()
^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/_device.py”, line 64, in uuid
return self.admin.uuid()
^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/admin_app.py”, line 230, in uuid
uuid = self._call(AdminCommand.UUID)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/admin_app.py”, line 165, in _call
return self.device._call(
^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/_device.py”, line 76, in _call
response = self.device.call(command, data=data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/fido2/hid/init.py”, line 176, in call
self._connection.write_packet(packet.ljust(self._packet_size, b"\0"))
File “/app/lib/python3.11/site-packages/fido2/hid/linux.py”, line 47, in write_packet
super().write_packet(b"\0" + packet)
File “/app/lib/python3.11/site-packages/fido2/hid/base.py”, line 76, in write_packet
if os.write(self.handle, packet) != len(packet):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
OSError: [Errno 19] No such device
283947 ERROR nitrokeyapp.gui Unhandled exception
Traceback (most recent call last):
File “/app/lib/python3.11/site-packages/nitrokeyapp/gui.py”, line 203, in
button.clicked.connect(lambda: self.show_device(data))
^^^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokeyapp/gui.py”, line 282, in show_device
self.info_box.set_device(data.name)
^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokeyapp/device_data.py”, line 33, in name
return f"Nitrokey 3: {self.uuid_prefix}"
^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokeyapp/device_data.py”, line 80, in uuid_prefix
return str(self.uuid)[:5]
^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokeyapp/device_data.py”, line 70, in uuid
self._uuid = self._device.uuid()
^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/_device.py”, line 64, in uuid
return self.admin.uuid()
^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/admin_app.py”, line 230, in uuid
uuid = self._call(AdminCommand.UUID)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/admin_app.py”, line 165, in _call
return self.device._call(
^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/nitrokey/trussed/_device.py”, line 76, in _call
response = self.device.call(command, data=data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/app/lib/python3.11/site-packages/fido2/hid/init.py”, line 176, in call
self._connection.write_packet(packet.ljust(self._packet_size, b"\0"))
File “/app/lib/python3.11/site-packages/fido2/hid/linux.py”, line 47, in write_packet
super().write_packet(b"\0" + packet)
File “/app/lib/python3.11/site-packages/fido2/hid/base.py”, line 76, in write_packet
if os.write(self.handle, packet) != len(packet):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
OSError: [Errno 19] No such device
Why not just boot a Live ISO image of Debian or Debian installed on a USB flash drive, install pipx and nitropy and install the firmware update there?
Running this on Qubes with virtualization layer, and USB abstraction adds to the complexity.
sure, it could be the way, but there is even some official info regarding QubesOS on Nitrokey Docs, so it should work. But it doesn’t.
Anyway. Some ideas how can I ‘unbrick’ my NK3?
My experience from firmware update in VMs is that the NK3 is quite robust and most likely in a bootloader mode. Nitropy would detect this and continue the flashing. The bootloader mode looks like it is a different device and Qubes or a VM needs to have that new device also attached.
When running on a different OS and try to experiment with new NK3 releases, I used vagrant to spawn a VM for upgrading. In my configuration are the different USB IDs that are possible.
I made kind of second sys-usb in Qubes for that purpose, so everything is automatically attached now. NitroKeyApp2 starts the update process and breakes then with the error I posted above.
If I download the nitropy binary and use it, I get: “Error detecting the version of libcrypto”
According to the error message, it looks for a NXP Composite Device (20a0:42dd). Did you also attach it?
The shell commands should allow an install with the correct libcrypto:
sudo install -d -m755 -o $(id -u) -g $(id -g) /nix
sudo apt install -y curl
curl -L https://nixos.org/nix/install | sh
.~/.nix-profile/etc/profile.d/nix.sh
export NIXPKGS_ALLOW_UNFREE=1
nix-shell -p pynitrokey
sudo /nix/store/vqsk5296ivzynfp315iq8bsirg6l6g25-pynitrokey-0.4.40/bin/nitropy nk3 update```aahmm… what is “NXP composit device”?
I just mounted the Stick in sys-usb, so it should mount everything, what is inserted.
.~/.nix-profile/etc/profile.d/nix.sh
no such file or directory
There is a space missing . to source the nix.sh for the current shell.
as it seems, I’m not so deep into that topic 
“space missing .”?
echo $PATH shows
/home/user/.nix-profile/bin:/home/user/.local/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/user/.local/bin:/home/user/.local/bin
Just added /home/user/.nix-profile/etc/profile.d
just went to the profile.d and used “. nix.sh” directly, I suppose it’s the same
I must enter some input > after sudo /nix/store/vqsk5296ivzynfp315iq8bsirg6l6g25-pynitrokey-0.4.40/bin/nitropy nk3 update
The missing space after "sh " broke it:
curl -L https://nixos.org/nix/install | sh .~/.nix-profile/etc/profile.d/nix.sh
sh: .~/.nix-profile/etc/profile.d/nix.sh: No such file or directory
somebody an idea?
Can not update NK3a (from 1.7.0 to 1.7.2) not even in macOS. NK3a mini had no problems.
If I just
curl -L https://nixos.org/nix/install | sh .nix-profile/etc/profile.d/nix.sh
in the home directory, I get: Failure writing output to destination
On MacOS the Nitrokey App 2 should work and nitropy should not be required.
No, updating on MacOS via app does not work yet, see Release v2.3.2 · Nitrokey/nitrokey-app2 · GitHub
But nitropy should be installable on MacOS. @nitrog, do a search in this forum for MacOS, I remember there were some topics covering it.
nitropy runs on Mac, but I can not update the NK3a even there
Unfortunate, for this user the update worked on MacOS, but it does not have many details.
You might need to open a support ticket then and attach the log file with the error, or reference the log in your thread here and send support a link in the ticket.