Closed AlexKapustin closed 5 years ago
After I compiled:
make TARGET=TOMU ENFORCE_DEBUG_LOCK=0 CUSTOM_ATTESTATION_CERT=1
it seems work ok now. This parameter is a bit confusing. (Maybe we should update readme.md file ?)
ifeq ($(CUSTOM_ATTESTATION_CERT),1)
GENCERT_CMD = cd cert && ./gen.sh && ( python dump-der.py > certificates.c || ( rm certificates.c && exit 1 ) ) && cd ..
else
GENCERT_CMD = cp empty-attestation-cert.c cert/certificates.c
endif
The very first of the binaries you produced was OK. The "initialize device" step is necessary after flashing with dfu-util (https://github.com/gl-sergei/u2f-token#initialize-device). Instead of building with CUSTOM_ATTESTATION_CERT=1, you supposed to use the one which comes pre-generated. And you could use certtool
to upload it.
So, in general, the whole procedure of building and flashing should look like: make TARGET=TOMU (or download the binary from the releases page) dfu-util -D ./certtool init
in this case you avoid embedding any secrets in your binary which I am all for.
Other options like injecting the custom secret key or certificate into the binary are for those who feel adventurous and can dig into the source code like you did .
If you feel that readme needs to be improved and know how exactly, pull requests are welcome :)
Thank you for your reply! I will prepare MR next week.
Hello!
I'm trying to use my Tomu (v.0.4) as an U2F-Token There are few cases which produce different errors:
Case #1 I compile firmware by command:
make TARGET=TOMU ENFORCE_DEBUG_LOCK=0
and than flash it by command:sudo dfu-util -v -d 1209:70b1 -D build/u2f.bin
BTW: phrase from readme.mdis confusing.
Then I use https://github.com/mdp/u2fcli to test my token. When I insert dongle I can see in logs:
when I run:
./u2fcli reg --challenge complexChallengeGoesHere12345671 --appid https://mdp.im
I have next response:Registering, press the button on your U2F device #1 [unknown U2F-token (EFM32)]Error registering with device: u2ftoken: unexpected error 27014 during registration
Dongle does not react on command at all. After some investigations I can see in
src/cert/certificates.c
I guess it's not expected
Case #2 I compile firmware with next command:
make TARGET=TOMU ENFORCE_DEBUG_LOCK=0
then I generate certificate and inject it to firmware:then, I flash it .
When insert in logs:
Testing:
Dongle starts to blink by red led with impulse pattern. When I touch it changes blink by solid red light. In console I can see:
Error registering with device: u2fhid: error reading response, read timed out