Q: I got another FST-01 with NeuG 1.0.5 installed. As I need Gnuk Token, I want to reflash. How can I install Gnuk without SWD debugger?
Answer
SWD debugger is not the absolute requirement, since NeuG supports firmware upgrade.
However, please note that the feature of firmware upgrade is somewhat experimental. When you will get some failure during your firmware installation, you will need SWD debugger. YOU HAVE BEEN WARNED. It is best to try firmware upgrade after you get SWD debugger.
Here, I describe the firmare upgrade feature of NeuG and reflash FST-01.
It requires both of Gnuk source code distribution and NeuG source code distribution.
The firmare upgrade feature of NeuG
NeuG supports firmware upgrade by reGNUal (It is mostly same implementation in Gnuk). It works in following steps.
- When User wants firmware upgrade, user sends the special control message to NeuG Device from host PC. It authenticates with password, which is defined as a factory (or user can change the password).
- When NeuG Device receives the special control message, NeuG finishes its normal operation and goes to enter mode of loading special program onto RAM.
- Host PC sends reflashing program (reGNUal) to NeuG Device.
- NeuG clears up all content of flash ROM (but first 4KiB of system) at the end of receiving special program and transfers its control to reGNUal.
- reGNUal on NeuG Device receives new firmware image from host PC and writes to each page.
- Done.
Note that this procedure requires root privilege to disable driver in kernel.
Bulding reGNUal
You need to compile reGNUal in Gnuk source code.
$ pwd /home/user/src/gnuk $ cd src $ ./configure --vidpid=234b:0000 $ cd ../regnual $ make
Then, you should have regnual.bin.
Invoking configure with FSIJ's USB ID (234b:0000) means that you are using FSIJ's USB ID (for reGNUal in this case). Please note that FSIJ only allows use of its USB ID for specific situations. Please read README of Gnuk about that.
neug_upgrade.py
In the source code distribution of NeuG 1.0.5 (or current development version), there is a tool named 'neug_upgrade.py'.
This is an easy tool to hide lengthy steps from user and allow user firmware upgrade.
Before running the script, you need to be root:
$ sudo -s
How to run the script:
# pwd /home/gniibe/gnuk/neug # cd tool # ./neug_upgrade.py -f ../../../gnuk/regnual/regnual.bin ../../../gnuk/src/build/gnuk.bin
Then, the script on your host PC invoke the steps described above, and you will get Gnuk installed.
Note that you need proper configuration for permission of Gnuk Token (udev setting). It should have lines something like:
# Gnuk Token by FSIJ SUBSYSTEMS=="usb", ACTION=="add", \ ATTRS{idVendor}=="234b", ATTRS{idProduct}=="0000", \ ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
I have those lines in /etc/udev/rules.d/69-gnuk.rules.
The option '-f' means that assuming factory setting password. Remove that option to enter your own password (other than factory setting).
Example Session
Please make sure you don't insert another Gnuk Token on your system.
If any, because reGNUal uses same VID:PID as Gnuk Token, the procedure might fail.
After inserting NeuG Device, you need make it run as NeuG mode; After inserting NeuG Device, it usually runs Fraucheky (the USB Mass Storage program) to show GPL and README. Please mount the storage and umount the storage, then, it runs NeuG, the random number generator.
Followng steps assumes it runs NeuG 1.0.5, as the random number generator mode.
gniibe@iwagami:~/work/gnuk/neug105$ cd tool/ gniibe@iwagami:~/work/gnuk/neug105/tool$ sudo -s [sudo] password for gniibe: root@iwagami:/home/gniibe/work/gnuk/neug105/tool# ./neug_upgrade.py -f ../../gnuk124/regnual/regnual.bin ../../gnuk124/src/build/gnuk.bin ../../gnuk124/regnual/regnual.bin: 4412 ../../gnuk124/src/build/gnuk.bin: 111616 CRC32: b49436bb Device: Configuration: 1 Interface: 1 20000e00:20005000 Downloading flash upgrade program... start 20000e00 end 20001f00 # 20001f00: 31 : 64 Run flash upgrade program... Wait 3 seconds... Device: 08001000:08020000 Downloading the program start 08001000 end 0801b400 root@iwagami:/home/gniibe/work/gnuk/neug105/tool# lsusb -d 234b:0000 Bus 001 Device 043: ID 234b:0000 root@iwagami:/home/gniibe/work/gnuk/neug105/tool# exit gniibe@iwagami:~/work/gnuk/neug105/tool$