Closed Peacekeeper2000 closed 3 years ago
Hi! Firmware password is by design not cleared with a factory reset. This was introduced around Nitrokey Storage v0.38 AFAIR. You need to change it by hand to a default one.
Closing as done. In case of further questions please do not hesitate to continue in this thread.
To elaborate on this: Factory reset was introduced because we needed an authentication which couldn't be circumvented by a factory reset. Otherwise an attacker could 1) factory reset the device 2) Install his malicious firmware.
Hmm, while I understand that you made it by design ( your decision) , I can't follow the arguments of Jan: To do a factory reset, I need first the FW passwd and then do the update. After that I can implement something strange, but I still don't know the origin FW passwd. So the wrong FW passwd would get my attention (as owner). If the attacker would know the FW password, your "by design" would not make a difference. From my POV there is a logic break.
The owner is supposed to set the FW password initially. Subsequently, if he leaves the Nitrokey unattended, this prevents an attacker from installing a malicious firmware.
Yes, but also from Factory Reset. Remember we are talking about the process of a planed factory reset. So in case you want to do a factory reset it will only be the owner - noone else could do it anyhow as they don't have the FW. During this planned factory reset, you reset the User Pin and the Admin Pin - but you left the FW Pin. So this is IMHO not a complete factory reset . It is more a Usage-Reset. In the current setup, you could re-use the key , but it is not like a brand-new key. Anyhow, it is at the end your decision. At least I would describe it in the FAQ or in the app , that the keys ar partial reset
I did first a FW update on the Nitrokey Storage following the instructions und FAQ so that I do have the newest FW installed. After that I wanted to do a factory reset. It worked also as described, but the the Firmware PIN/Password was not reset !
V1.32- Operating system: [macOS , Big Sur , 64 bits, ]
Expected behaviour
Expectation was also a reset of the FW Pin
Current behaviour
No change of the FW Pin
Steps for reproduction
Just do a factory reset after you had changed all Pins. User and Admin will be reset to defaults, but FW will stay untouched
Logs
No logs available