`solo key version` incorrectly reporting unlocked on version 3.0.1

solokeys / solo1-cli

Solo 1 library and CLI in Python

https://pypi.org/project/solo-python

Apache License 2.0

183 stars 69 forks source link

`solo key version` incorrectly reporting unlocked on version 3.0.1 #56

Closed DistractionRectangle closed 4 years ago

DistractionRectangle commented 4 years ago

I updated two somu keys, one with bundle-secure-non-solokeys-3.0.1.hex and one with bundle-hacker-3.0.1.hex. solo key version reports "3.0.1 unlocked" for both keys, though one is definitely secured as it can no longer boot to dfu.

nickray commented 4 years ago

I think this is correct behaviour. You cannot fully convert a hacker key into a secure key: The attestation certificate for secure keys is non-public. What flashing the secure bundle does is turn off DFU, and reject further firmware updates that do not have a signature.