HID identity switch capability

Nitrokey / nitrokey-start-firmware

A mirror of Gnuk's 1.0.x and 1.2.x branches.

56 stars 15 forks source link

HID identity switch capability #40

Closed kliment closed 4 years ago

kliment commented 4 years ago

This pull request enables identity switching via the HID interface. The identity switch happens when the host sends a set report command with a particular report id. Id 0x10 sets identity 0, 0x11 sets identity 1 and 0x12 sets identity 2. The report must contain at least one byte (nonzero length). An example script to change identity using pyhidapi is included.

szszszsz commented 4 years ago

Confirmed HID interface does not show up without proper flag in the configuration:

Screenshot from 2020-05-25 18-12-06

szszszsz commented 4 years ago

With the merge of the latest code firmware image overflows by 1024 bytes. It seems we will need to disable the DO support for the last identity to make it working. Builds with cert-do left disabled. Error message:

nitrokey-start-firmware/release$ make build \
GNUK_CONFIG="--target=NITROKEY_START --vidpid=20a0:4211 --enable-factory-reset --enable-certdo --enable-hid-card-change"
# (...)
/usr/lib/gcc/arm-none-eabi/7.3.1/../../../arm-none-eabi/bin/ld: build/gnuk-no-vidpid.elf section `.gnuk_flash' will not fit in region `flash'
/usr/lib/gcc/arm-none-eabi/7.3.1/../../../arm-none-eabi/bin/ld: region `flash' overflowed by 1024 bytes                                                                                                                                                                 
collect2: error: ld returned 1 exit status

Updated branch uploaded as https://github.com/Nitrokey/nitrokey-start-firmware/compare/hid-identity-switch-updated

kliment commented 4 years ago

I managed to replicate the issue - we're overflowing by 32 bytes (the page alignment makes it appear to be 1024). Let's see if we can save 32 bytes somehow. If not, we have to disable certdo for identity 2.

kliment commented 4 years ago

I added a commit that makes it build by omitting the configuration string from the usb descriptor. I think that's a reasonable workaround for now.

jans23 commented 4 years ago

What is this configuration string in detail=

kliment commented 4 years ago

What is this configuration string in detail=

"NITROKEY_START:dfu=no:debug=no:pinpad=no:certdo=yes:factory_reset=yes"

jans23 commented 4 years ago

Infact the string doesn't look important.