gniibe at fsij.org
Wed May 29 02:59:33 CEST 2019
Simon Josefsson wrote:
> Does this apply to the FST-01, FST-01G, or FST-01SZ? Does it depend on
> how Gnuk was installed on the device? How would I protect them?
For FST-01, FST-01G and FST-01SZ, when it is distributed with Gnuk by
me, this does not apply. I distribute Gnuk Token with protection,
Yes, it depends on how the firmware is installed on a device. The MCU
has a configuration: the internal flash ROM can be protected against
When the protection is not enabled, the internal flash ROM can be
accessed by JTAG/SWD debugger.
When it is an end user who does install Gnuk on FST-01/G/SZ through USB
firmware upgrade, by neug/tool/neug_upgrade.py (for the one of NeuG
installed device) or by gnuk/tool/upgrade_by_passwd.py (for the one of
Gnuk installed device), it does the protection in its procedure, just
after the flash ROM upgrade.
For enabling protection after flash ROM installation by JTAG/SWD
debugger, please have a look at the README, "How to protect flash ROM"
* * *
For FST-01 as a NeuG standalone device, it was distributed with
For FST-01G as a NeuG standalone device, there were two cases:
distributed with no protection or distributed with protection.
For FST-01SZ as a NeuG standalone device, it is distributed with no
I distribute FST-01G/SZ as a NeuG standalone device, with no protection,
because of reasons:
(1) There are no private data on the device.
(2) I (or an end user) may want to examine the content of flash ROM
(the first 4KiB of ROM cannot be changed by the flash ROM
upgrade, once protection done, no way to examine).
(3) The protection will be enabled when another firmware will be
In the past, for FST-01's factory installation with Gnuk 1.0.1 (in
2012), I was careless about the fact of (2). In fact, the factory
installation process of FST-01 was not that good and strict; I just
prepared a tool set: ST-Link/V2 and USB-memory which included
gnuk/tool/stlinkv2.py and Python USB (it was for Windows machine in a
factory), and sent it to the factory. So, there were possibility where
something bad was installed in the first 4KiB on FST-01, and it was kept
unexamined. For FST-01 users, if this matters, it is recommended to
install Gnuk by JTAG/SWD debugger to update the first 4KiB.
When I asked the manufacturing of FST-01G in 2017, I defined more strict
FST-01G Test Plan:
In the procedure, I ask no protection, because of (2).
When I asked the manufacturing of FST-01SZ for 2019 (in 2018), I defined
FST-01SZ Test Plan:
It's the same in the procedure, I ask no protection. And I have an
When I did firmware upgrade of FST-01G to newer NeuG, I enabled the
protection. That's why there were FST-01G with protection (while it is
no protection at the factory). Well, to respect an end user's computing
freedom, it would be better for a NeuG standalone device to have no
protection when shipped.
More information about the Gnuk-users