This release fixes a FIDO authentication issue with Google.
This release candidate fixes the FIDO2 authentication with Google.
For all operating systems except for QubesOS this firmware update is not necessary! Please be aware that installing this update will replace the graphical dialogues with text-only dialogues.
To update your existing Nitropad T430 or X230 use the .npf files only! If the .npf is not accepted by Heads, this means your Heads version is not 1.3.1, so either update to this version first or simply unzip the .npf file and use the .rom inside.
The -maximized images include a reduced ME and therefore the original, graphical HEADS menu. It is not possible to update your Nitropad from the running system using a -maximized image. If you try to update your Nitropad from a running system using a -maximized image, YOU WILL BRICK YOUR NITROPAD. The -maximized image must only be used with an external flasher device.
Please read the documentation for further details.
SignatureVerify the detached signature using:
gpg --verify sha256sum.sig sha256sumYou expect an output like this one:
❯ gpg --verify sha256sum.sig sha256sum gpg: Signature made Wed 23 Mar 2022 02:55:11 PM CET gpg: using RSA key C7E32619E2F71736F5910BB144CB2D868DD16BDA gpg: Good signature from "Markus Meissner <meissner@nitrokey.com>" [ultimate] gpg: aka "Markus Meissner <coder@safemailbox.de>" [ultimate]Edit: note, using smaller CredentialID is a breaking change, which will make all FIDO2 registrations invalid. Please make sure you have backup 2FA method set on the account.
Please find the documentation to update your Nitrokey 3 here:
Output under Linux:
$ nitropy nk3 update firmware-nk3xn-lpc55-v1.0.1.sb2 Nitrokey tool for Nitrokey FIDO2, Nitrokey Start, Nitrokey 3 & NetHSM Current firmware version: v1.0.1 Updated firmware version: v1.0.1 The version of the firmware image is the same as on the device. Do you want to continue anyway? [y/N]: y Please do not remove the Nitrokey 3 or insert any other Nitrokey 3 devices during the update. Do you want to perform the firmware update now? [y/N]: y Please press the touch button to reboot the device into bootloader mode ... [\] Performing firmware update (may take several minutes) ... done Successfully updated the firmware to version v1.0.1.Edit 19.01.22 (sz): Redundant files have been removed from the assets list.
UI. Catch uncaught exceptions during devices listing. Correct wording.
Update guide:
Use of nitrokey-storage-V0.57.hex firmware file should be preferred.
This is a release with the free space of the image filled with random data (taken from the attached random.bin). The other hex file with the reproducible suffix contains only the compiler produced output, without this extension. Both should work identically. The difference is, that the random data will show up in the results of the firmware image export for the former, which by design should make harder to hide a malicious code in the firmware.
This firmware requires Nitrokey App v1.4 to fully operate. Otherwise the OTP slot writing and configuration update will not work.
Known limitations:
- Write to the 15th TOTP slot is disabled (until the next firmware) due to a bug - #91;
- Write to OTP slots in Nitrokey Apps v1.3.2 and older is silently (without a warning to user) disabled due to a modified authorization method (#22). At the moment only Nitrokey App v1.4 can handle it. Other features works as usual.
Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22
(valid until 2023-01-11). ID can be confirmed to be the same with one on the main download site - https://www.nitrokey.com/download.
Built with optimizations disabled (-O0), using GCC 4.3.3 (AVR_Toolchain_3.0_124).
avr32-gcc (AVR_Toolchain_3.0_124) 4.3.3
Firmware changes:
Development:
Tested on Linux Fedora 34:
Maintenance note: firmware built locally, using known to work compiler version from the previous releases. New compiler will be introduced on the next release.
…ve unused commands. Correct firmware export.
Some of the Nitrokey Storage's features are now available through pynitrokey.
For the alternative approach please check nitrocli:
This release should improve handling on Windows.
v1.0.2 (2022-01-22) BugfixesPlease find the documentation to update your Nitrokey 3 here:
This is a quick release, correcting the main device listing command.
Note: Windows installer does not execute correctly, complaining about missing Python libraries. To be corrected. Removed for now.
Please use standalone binary for the time being.
Update process on Windows is still marked as experimental, however this should change in the next versions. The update process is now significantly faster, reaching less than 10 seconds in execution.
Note: Windows installer might not execute correctly, complaining about missing Python libraries. To be corrected.
Please use standalone binary for the time being.
Add support for the HW5 to the unified firmware.
Maintenance release - no need to update.
Update from the previous firmware releases on HW4 might result in non-working LED.
"Green" branch firmware (an upgrade from RTM.1) is not provided in this release.
Detailed description:
Binaries available in prebuilt/RTM.12/ directory:
Built in isolated Docker environment with:
All tests pass on HW3-5.
Nitrokey 3 update validation, corrected UI for missed confirmation and speed up (updated spsdk). Remove obsolete dependencies.
…d speed up (updated spsdk). Remove obsolete deps.
Maintenance release done to support smaller MCU flash #67 #68 . No functional changes.
No need to update for the regular users.
Edit: reuploaded the signed Nitrokey FIDO2 firmware from the previous release for pynitrokey. See:
@szszszsz 2-2-2022 : Adding 2.4.1 firmware signed.
