deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update readme

Browse Source
This commit is contained in:
Deon Spengler
2022-07-17 22:41:25 +02:00
parent 057920600f
commit a9079e8b5c
1 changed files with 20 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
README.md
View File

@@ -24,7 +24,7 @@ cd gnuk/src
make make
``` ```
Then, we will have "gnuk.bin" under src/build directory. Then, you will have "gnuk.bin" under src/build directory.
***Please read section 'USB vendor ID and product ID' below.*** ***Please read section 'USB vendor ID and product ID' below.***
@@ -70,7 +70,7 @@ You can personalize your token by putting in your information like: Name, Login
The KDF setting needs to be enabled before any keys are imported into the Gnuk token. Once a key has been imported the KDF setting can't be changed until the token has been reset. The KDF setting needs to be enabled before any keys are imported into the Gnuk token. Once a key has been imported the KDF setting can't be changed until the token has been reset.
***Note:*** That the factory user password is "123456" and admin password is "12345678". It is recommended to create your keys on your computer, and import them in to the token. Gnuk supports key generation, but this feature is young and should be considered experimental. ***Note:*** That the factory user password is "123456" and admin password is "12345678". It is recommended to create your keys on your computer, and import them into the token. Gnuk supports key generation, but this feature is young and should be considered experimental.
To configure your Gnuk token use the following command. To configure your Gnuk token use the following command.
``` ```
@@ -85,36 +85,30 @@ See doc/note/firmware-update.
How to debug How to debug
============ ============
First you must compile the Gnuk firmware with --enable-debug option. Gnuk has two interfaces, one is CCID/ICCD device and another is virtual COM port. Open virtual COM port by: Ensure that you have arm-none-eabi-gdb installed and then you must compile the Gnuk firmware with --enable-debug option. After flashing Gnuk debug firmware one will see two interfaces, one is CCID/ICCD device and the another is a virtual COM port.
Open the virtual COM with the following command:
``` ```
cu -l /dev/ttyACM0 picocom /dev/ttyACM0
``` ```
and you will see debug output of Gnuk firmware.
and you will see debug output of Gnuk. You can now use GDB with the following command.
```
arm-none-eabi-gdb src/build/gnuk.elf
We can use GDB. ```
$ arm-none-eabi-gdb gnuk.elf
Inside GDB, we can connect OpenOCD by: Inside GDB, we can connect OpenOCD by:
(gdb) target remote localhost:3333
or
(gdb) target extended-remote localhost:3333
You can see the output of PCSCD:
``` ```
/etc/init.d/pcscd stop (gdb) target remote localhost:3333
LIBCCID_ifdLogLevel=7 /usr/sbin/pcscd --debug --foreground
``` ```
You can observe the traffic of USB using "usbmon". See the file: linux/Documentation/usb/usbmon.txt You can see the output of PCSCD with the following command:
```
/usr/bin/pcscd --debug --foreground
```
You can also observe the traffic of the USB interface using "usbmon".
USB vendor ID and product ID (USB device ID) USB vendor ID and product ID (USB device ID)
============================================ ============================================
@@ -123,17 +117,11 @@ When you have a vendor ID and assign a product ID for Gnuk, edit the file GNUK_U
When you are modifing Gnuk and installing the binary to device, you should replace the vendor string and serial number to yours (in the file GNUK_USB_DEVICE_ID and SERIALNO of the script of src/configure), so that users can see it's not by original vendor, and it is modified version. When you are modifing Gnuk and installing the binary to device, you should replace the vendor string and serial number to yours (in the file GNUK_USB_DEVICE_ID and SERIALNO of the script of src/configure), so that users can see it's not by original vendor, and it is modified version.
FSIJ allows you to use USB device ID of FSIJ (234b:0000) for devices with Gnuk under one of following conditions: FSIJ allows you to use USB device ID of FSIJ (234b:0000) for devices with Gnuk under one of following conditions:
* For everyone for experimental purpose: * For everyone for experimental purpose:
- You must not distribute a binary with FSIJ's USB device ID, but must use the binary by yourself only for your experiment. Note that "Distributing binary" includes distributing a device which holds the binary. - You must not distribute a binary with FSIJ's USB device ID, but must use the binary by yourself only for your experiment. Note that "Distributing binary" includes distributing a device which holds the binary.
* For general individuals: * For general individuals:
- You must use your Gnuk device with a card serial number which is *not* by FSIJ. Easy one would be a card serial number generated by chip unique ID. - You must use your Gnuk device with a card serial number which is *not* by FSIJ. Easy one would be a card serial number generated by chip unique ID.
* For individuals with explicit permission from FSIJ. * For individuals with explicit permission from FSIJ.
- You should have an assigned card serial number by FSIJ, please use that number for your device. - You should have an assigned card serial number by FSIJ, please use that number for your device.
(There a file 'GNUK_SERIAL_NUMBER' in the official release.) (There a file 'GNUK_SERIAL_NUMBER' in the official release.)