Gnuk Extractor

NIIBE Yutaka gniibe at fsij.org
Wed May 29 02:59:33 CEST 2019 

Simon Josefsson wrote:
> Does this apply to the FST-01, FST-01G, or FST-01SZ?  Does it depend on
> how Gnuk was installed on the device?  How would I protect them?

For FST-01, FST-01G and FST-01SZ, when it is distributed with Gnuk by
me, this does not apply.  I distribute Gnuk Token with protection,
always.

Yes, it depends on how the firmware is installed on a device.  The MCU
has a configuration: the internal flash ROM can be protected against
JTAG/SWD access.

When the protection is not enabled, the internal flash ROM can be
accessed by JTAG/SWD debugger.

When it is an end user who does install Gnuk on FST-01/G/SZ through USB
firmware upgrade, by neug/tool/neug_upgrade.py (for the one of NeuG
installed device) or by gnuk/tool/upgrade_by_passwd.py (for the one of
Gnuk installed device), it does the protection in its procedure, just
after the flash ROM upgrade.

For enabling protection after flash ROM installation by JTAG/SWD
debugger, please have a look at the README, "How to protect flash ROM"
section:

    https://git.gniibe.org/gitweb/?p=gnuk/gnuk.git;a=blob;f=README

			*	*	*

For FST-01 as a NeuG standalone device, it was distributed with
protection.

For FST-01G as a NeuG standalone device, there were two cases:
distributed with no protection or distributed with protection.

For FST-01SZ as a NeuG standalone device, it is distributed with no
protection.

I distribute FST-01G/SZ as a NeuG standalone device, with no protection,
because of reasons:

    (1) There are no private data on the device.

    (2) I (or an end user) may want to examine the content of flash ROM
        (the first 4KiB of ROM cannot be changed by the flash ROM
        upgrade, once protection done, no way to examine).

    (3) The protection will be enabled when another firmware will be
        installed.

In the past, for FST-01's factory installation with Gnuk 1.0.1 (in
2012), I was careless about the fact of (2).  In fact, the factory
installation process of FST-01 was not that good and strict; I just
prepared a tool set: ST-Link/V2 and USB-memory which included
gnuk/tool/stlinkv2.py and Python USB (it was for Windows machine in a
factory), and sent it to the factory.  So, there were possibility where
something bad was installed in the first 4KiB on FST-01, and it was kept
unexamined.  For FST-01 users, if this matters, it is recommended to
install Gnuk by JTAG/SWD debugger to update the first 4KiB.

When I asked the manufacturing of FST-01G in 2017, I defined more strict
procedure:

    FST-01G Test Plan:
    https://www.gniibe.org/memo/development/fst-01/fst-01g-testplan.html

In the procedure, I ask no protection, because of (2).

When I asked the manufacturing of FST-01SZ for 2019 (in 2018), I defined
this procedure:

    FST-01SZ Test Plan:
    https://www.gniibe.org/memo/development/fst-01/fst-01sz-testplan.html

It's the same in the procedure, I ask no protection.  And I have an
explanation:

    https://www.gniibe.org/memo/development/fst-01/fst-01sz-testplan.html#locking-flash-access-by-swd


When I did firmware upgrade of FST-01G to newer NeuG, I enabled the
protection.  That's why there were FST-01G with protection (while it is
no protection at the factory).  Well, to respect an end user's computing
freedom, it would be better for a NeuG standalone device to have no
protection when shipped.
--

More information about the Gnuk-users mailing list