Closed kliment closed 4 years ago
Confirmed HID interface does not show up without proper flag in the configuration:
With the merge of the latest code firmware image overflows by 1024 bytes. It seems we will need to disable the DO support for the last identity to make it working. Builds with cert-do
left disabled. Error message:
nitrokey-start-firmware/release$ make build \
GNUK_CONFIG="--target=NITROKEY_START --vidpid=20a0:4211 --enable-factory-reset --enable-certdo --enable-hid-card-change"
# (...)
/usr/lib/gcc/arm-none-eabi/7.3.1/../../../arm-none-eabi/bin/ld: build/gnuk-no-vidpid.elf section `.gnuk_flash' will not fit in region `flash'
/usr/lib/gcc/arm-none-eabi/7.3.1/../../../arm-none-eabi/bin/ld: region `flash' overflowed by 1024 bytes
collect2: error: ld returned 1 exit status
Updated branch uploaded as https://github.com/Nitrokey/nitrokey-start-firmware/compare/hid-identity-switch-updated
I managed to replicate the issue - we're overflowing by 32 bytes (the page alignment makes it appear to be 1024). Let's see if we can save 32 bytes somehow. If not, we have to disable certdo for identity 2.
I added a commit that makes it build by omitting the configuration string from the usb descriptor. I think that's a reasonable workaround for now.
What is this configuration string in detail=
What is this configuration string in detail=
"NITROKEY_START:dfu=no:debug=no:pinpad=no:certdo=yes:factory_reset=yes"
Infact the string doesn't look important.
This pull request enables identity switching via the HID interface. The identity switch happens when the host sends a set report command with a particular report id. Id 0x10 sets identity 0, 0x11 sets identity 1 and 0x12 sets identity 2. The report must contain at least one byte (nonzero length). An example script to change identity using pyhidapi is included.