Distribution of binary
peter at digitalbrains.com
Mon Dec 10 16:29:53 CET 2018
Hello Gniibe and list,
TL;DR: Is it okay to give people gnuk-no-vidpid.elf along with the
script to insert a VID:PID?
In Debian bug #903163, Guilhem Moulin mentioned he cannot test code for
multi-card-reader GnuPG setups since he has only one reader. Chris Lamb
offered to get him a reader, but I also replied since I know how to
put GnuK on a 3 dollar Maple Mini clone and both Guilhem and I will be
at the 35C3 in two weeks.
In fact, I thought, why not bring ten, for anyone interested. They're
cheap as dirt, might as well hand them out.
The Maple Mini loses a lot of the desirable properties of the FST-01, in
regard to form factor, supply chain trustworthiness etcetera. Guilhem
would not be using it to keep secrets, but just for development. And of
course people only have my word that I myself didn't do bad stuff. I
could write paragraph after paragraph about all the tradeoffs possible,
with ideally people building their own binary and using an SWD- or
JTAG-programmer to flash the Maple Mini. But let's not write that mail
I quickly realized I had for a moment forgotten about the stipulations
regarding the FSIJ VID:PID of 234b:0000. I cannot just hand out GnuK's
fully programmed and functional.
One of the tradeoffs possible is that I put a GnuK with the illegal
VID:PID 0000:0000 on the Maple Mini, and give that to someone. I also
give them a pre-built gnuk-no-vidpid.elf and the shell scripts to put
the proper FSIJ VID:PID in it, and they use reGNUal to flash the Maple
Mini. This works since you can actually upload reGNUal to a Maple Mini
that has GnuK with VID:PID 0000:0000 on Linux, I tested it. GnuPG was
less willing to work with such a GnuK; it reports:
> ccid-driver: usb_open failed: LIBUSB_ERROR_IO
Is it legally OK if I give people gnuk-no-vidpid.elf and the shell
scripts to change the VID:PID? This for people who, after hearing me
explain the pros and cons, decides they want to have that to avoid
having to build the firmware themselves.
PS: Before you reply "you need arm-none-eabi-objdump for
binary-edit.sh", let me point out that 1) x86_64-linux-gnu-objdump works
as well for this purpose and 2) I could edit the script to directly
refer to a binary offset specific to the .elf I hand out.
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Gnuk-users