[Cryptech Tech] cryptech_upload

[Michael]

On 05/03/2018 10:14 PM, Rob Austein wrote:
> On Thu, 03 May 2018 21:31:59 -0400, Michael wrote:
>> I'm getting this message on both of my alphas...can anyone tell me
>> what I'm doing wrong? I've double checked the PIN.... same one I use
>> to log into the console
>>
>> Firmware tarball /usr/share/cryptech-alpha-firmware.tar.gz content:
>> -rw-r--r-- root/root    5324179 2017-12-15 09:31:00 alpha_fmc.bit
>> -rwxr-xr-x root/root      60644 2017-12-15 09:31:53 bootloader.bin
>> -rwxr-xr-x root/root    1455424 2017-12-15 09:31:53 bootloader.elf
>> -rwxr-xr-x root/root     494344 2017-12-15 09:31:55 hsm.bin
>> -rwxr-xr-x root/root    2465640 2017-12-15 09:31:55 hsm.elf
>> -rw-r--r-- root/root       2529 2017-12-14 17:32:43 tamper.hex
>> -rw-r--r-- root/root       3340 2017-12-15 09:32:01 MANIFEST
>> Uploading hsm.bin from /usr/share/cryptech-alpha-firmware.tar.gz
>> Initializing management port and synchronizing with HSM, this may take
>> a few seconds
>> wheel PIN:
>> Device does not seem to be ready for a file transfer (got
>> '\r\n\r\nAccess denied\r\n\r\nUsername: ')
>> Access denied
> Make sure it's the right username ("wheel", not "user" or "so").
I will double check.
>
> You may be running a version of the bootloader old enough that it
> doesn't understand the current keystore format, and therefore gets
> confused when looking up the PIN.  If so, it will think there is no
> PIN set and will therefore fall back to the compiled-in last gasp PIN,
> an annoying string which you can find in the source.
Yes , I considered upgrading the bootloader. I assume you are referring 
to the very long PIN...
> If none of that works, you can re-flash via a programmer, or you can
> try wiping the keystore to put it into a known state in which
> everything will use the compiled-in last gasp PIN, then re-flash.
I have the STLink installed and used it to verify the .bin file.(part of 
the acceptance test)  I have not used it yet to reflash. Good call on 
the keystore, i dont really have anything I can always rebuild.
> If you have keystore content you want to preserve across such an
> operation, you can use cryptech_backup in "soft-backup" mode.
>
> There's newer packaged firmware than the above on apt.cryptech.is if
> you don't feel like building the current firmware yourself.
One curious thing, if I use the "firmware upload" command while in 
cryptech_console, I see the blue LED flash as described in the 
documentation indicating the bootloader is being accessed. Calling 
cryptech_upload from the terminal does not seem to reset to the 
bootloader (no flashing blue LED)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cryptech.is/archives/tech/attachments/20180503/6a948a90/attachment.html>