search

Nitrokey / heads

A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops and servers.
http://osresearch.net/
GNU General Public License v2.0
15 stars 1 forks source link

v2.5.0 release note comment #50

Closed Ingo-Albrecht closed 3 months ago

Ingo-Albrecht commented 3 months ago

Regarding the v2.5.0 release note outlining the HTOP fix for NK3 devices:

Can users who have been running the flawed previous implementation combo for heads/NK3 reverse-HTOP rely on checking the separate TOTP secret to verify the heads firmware is unaltered to the one they took ownership on? (see https://github.com/Nitrokey/nitrokey-hotp-verification/issues/30#issuecomment-2073971184)

If yes, I suggest to mention TOTP in the first bullet point of the release note explicitly as a trust anchor (e.g. for a recovery shell or usb boot, if deemed necessary).

daringer commented 3 months ago

That's a good point - will update the release note - thanks.