How can I install Gnuk on FST-01 with NeuG 1.0.5?

Q: I got another FST-01 with NeuG 1.0.5 installed. As I need Gnuk Token, I want to reflash. How can I install Gnuk without SWD debugger?

Answer

SWD debugger is not the absolute requirement, since NeuG supports firmware upgrade.

However, please note that the feature of firmware upgrade is somewhat experimental. When you will get some failure during your firmware installation, you will need SWD debugger. YOU HAVE BEEN WARNED. It is best to try firmware upgrade after you get SWD debugger.

Here, I describe the firmare upgrade feature of NeuG and reflash FST-01.

It requires both of Gnuk source code distribution and NeuG source code distribution.

The firmare upgrade feature of NeuG

NeuG supports firmware upgrade by reGNUal (It is mostly same implementation in Gnuk). It works in following steps.

  1. When User wants firmware upgrade, user sends the special control message to NeuG Device from host PC. It authenticates with password, which is defined as a factory (or user can change the password).
  2. When NeuG Device receives the special control message, NeuG finishes its normal operation and goes to enter mode of loading special program onto RAM.
  3. Host PC sends reflashing program (reGNUal) to NeuG Device.
  4. NeuG clears up all content of flash ROM (but first 4KiB of system) at the end of receiving special program and transfers its control to reGNUal.
  5. reGNUal on NeuG Device receives new firmware image from host PC and writes to each page.
  6. Done.

Note that this procedure requires root privilege to disable driver in kernel.

Bulding reGNUal

You need to compile reGNUal in Gnuk source code.

$ pwd
/home/user/src/gnuk
$ cd src
$ ./configure --vidpid=234b:0000
$ cd ../regnual
$ make

Then, you should have regnual.bin.

Invoking configure with FSIJ's USB ID (234b:0000) means that you are using FSIJ's USB ID (for reGNUal in this case). Please note that FSIJ only allows use of its USB ID for specific situations. Please read README of Gnuk about that.

neug_upgrade.py

In the source code distribution of NeuG 1.0.5 (or current development version), there is a tool named 'neug_upgrade.py'.

This is an easy tool to hide lengthy steps from user and allow user firmware upgrade.

Before running the script, you need to be root:

$ sudo -s

How to run the script:

# pwd
/home/gniibe/gnuk/neug
# cd tool
# ./neug_upgrade.py -f ../../../gnuk/regnual/regnual.bin ../../../gnuk/src/build/gnuk.bin

Then, the script on your host PC invoke the steps described above, and you will get Gnuk installed.

Note that you need proper configuration for permission of Gnuk Token (udev setting). It should have lines something like:

# Gnuk Token by FSIJ

SUBSYSTEMS=="usb", ACTION=="add", \
  ATTRS{idVendor}=="234b", ATTRS{idProduct}=="0000", \
  ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"

I have those lines in /etc/udev/rules.d/69-gnuk.rules.

The option '-f' means that assuming factory setting password. Remove that option to enter your own password (other than factory setting).

Example Session

Please make sure you don't insert another Gnuk Token on your system.

If any, because reGNUal uses same VID:PID as Gnuk Token, the procedure might fail.

After inserting NeuG Device, you need make it run as NeuG mode; After inserting NeuG Device, it usually runs Fraucheky (the USB Mass Storage program) to show GPL and README. Please mount the storage and umount the storage, then, it runs NeuG, the random number generator.

Followng steps assumes it runs NeuG 1.0.5, as the random number generator mode.

gniibe@iwagami:~/work/gnuk/neug105$ cd tool/
gniibe@iwagami:~/work/gnuk/neug105/tool$ sudo -s
[sudo] password for gniibe:
root@iwagami:/home/gniibe/work/gnuk/neug105/tool# ./neug_upgrade.py -f ../../gnuk124/regnual/regnual.bin ../../gnuk124/src/build/gnuk.bin
../../gnuk124/regnual/regnual.bin: 4412
../../gnuk124/src/build/gnuk.bin: 111616
CRC32: b49436bb

Device:
Configuration: 1
Interface: 1
20000e00:20005000
Downloading flash upgrade program...
start 20000e00
end   20001f00
# 20001f00: 31 : 64
Run flash upgrade program...
Wait 3 seconds...
Device:
08001000:08020000
Downloading the program
start 08001000
end   0801b400
root@iwagami:/home/gniibe/work/gnuk/neug105/tool# lsusb -d 234b:0000
Bus 001 Device 043: ID 234b:0000
root@iwagami:/home/gniibe/work/gnuk/neug105/tool# exit
gniibe@iwagami:~/work/gnuk/neug105/tool$