Closed legioner0 closed 1 year ago
I think the issue is in the script inject_key.py which replace section flash_storage and set devicekey at position 0x0 (0x0F400 in flash) while the correct position is 0x400 (0x0F800 in flash).
When devicekey is set the firmware think the attestation key is already initialized and return error.
I used the script inject_key_bin.py (python3 inject_key_bin.py --key key.der --ctr 100 --bin build/u2f.bin
) which don't replace section flash_storage but patch the exaction position, so the attestation cert remain 0xff (-1) and when certtool init is invoked attestation cert is set.
@yashikada thank you. Indeed, inject_key.py
produced broken flash layout. https://github.com/gl-sergei/u2f-token/pull/50 should fix it. Unfortunately, I don't have any devices around to test it. Can you please check if it works OK?
@gl-sergei sorry wrong test, doesn't works. I tested on demo site, report timeout, I tested on google report wrong key.
I removed patch of files src/cert/dump-der.py and src/u2f-apdu.c, works, so inject_key.py inject correctly the device key now.
@yashikada thank you for your test. I was finally able to set up stand and verify and fix it on stm32. Now it works for me. I'll close this issue. Feel free to reopen it if there are still any problems.
for me is working, thank you for the improvement.
I've tried to use u2f with injected key:
on step "Initialize device" I've got:
After some investigation I found that the problem with attestation certificate -
empty-attestation-cert.c
conflicts with injected key. Workaround:rm -f cert/certificates.c && make TARGET=... CUSTOM_ATTESTATION_CERT=1