Hi Nitrokey forum users,
I received my NitrokeyPro a few days ago, and I have noticed that there is a greasy stain on its surface, as it had been touched by someone on its way to me. As the packaging is not tamper-proof (plastic bag can be opened and closed without leaving trace, with the envelope it happens to be just about the same) I’d prefer to check the stick’s integrity. (I read a thread in this forum about tamper-proof packaging ideas, but it seems that those have not been implemented yet.) So, before even connecting the stick, I need a way to check that there has been no tampering with regard to my NitroKey Pro and particularly, its firmware. How do I do this?
The research I have done so far:
- In the feature comparison table on the Nitrokey homepage, it is indicated that verifiable and updatable firmware is a feature of NitroKey Storage but not NitroKey Pro. Anyway, is there a way I can check the firmware’s integrity or make sure that there has been no tampering with the stick?
- I have read a blog-post from its makers (cannot locate it right now) in which they explained to someone that he may flash the firmware or source it to them. So, is the flashing of the firmware the only way to exclude/prevent the possibility of a tampering?
- I have downloaded the master branch from github with the flashing instructions. Even though, I haven’t done this before and would need a more detailed step-by-step HowTo. I haven’t found any.
Please feel free to answer in German or English.
Thanks in advance.