Remove keystring with BY_ADMIN when it's becomming admin-less mode.

2018-01-22 11:02:02 +09:00
parent de24655920
commit 55781cb7bb
3 changed files with 27 additions and 5 deletions
--- a/6
+++ b/6
@@ -11,6 +11,12 @@ agreement to USB Forum.  Now, we have new file named gnuk-vidpid.elf
 for flashing.  The file gnuk.elf can be used to generate
 gnuk-vidpid.elf and we can check if it is reproducible or not.

+** Remove access with BY_ADMIN
+
+For admin-less mode, access by OPENPGP_CARD_INITIAL_PW3 remained on
+flash ROM.  This could be considered a backdoor, if some other person
+had or kept access to the flash ROM.  Now, the entry is cleared by
+zero when the token is set to admin-less mode.

 ** Upgrade of Chopstx
 We use Chopstx 1.8.