Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple identity support #33

Merged
merged 5 commits into from
May 19, 2020
Merged

Multiple identity support #33

merged 5 commits into from
May 19, 2020

Conversation

kliment
Copy link
Contributor

@kliment kliment commented May 18, 2020

This PR implements multiple identity support for the NK Start. Identities are changed with ccid command 0x85 (or tool/set_identity.py). The card serial number is different for each identity, each identity has its own keys, data objects, and cert-DOs. All identities are identical in functionality, with the exception of identity 2, where the cert-DO is limited in size to 1 page (1kb) rather than 2kb like in identities 0 and 1. Factory reset currently resets the current identity only. The firmware update key is global to all identities. Changing identity resets the device and causes a USB re-enumeration.

kliment added 5 commits May 14, 2020 23:48
@kliment
Triple storage, add identity selection page to linker script.
3e3c02c
@kliment
Add pointers to all key/data stores and change _START macros to point…
9b31039 
… to selected identity.
@kliment
Add script to set identity, and update gnuk_token.py to support ident…
cb7c4de 
…ity change ccid command.
@kliment
Triple size of cert DO storage. Limit DO storage for identity 2 to 10…
519ffe9 
…20 bytes rather than 1920.
@kliment
Add multiple identity storage and identity change command:
16d0a44 
- Multiple storage locations for keys, DOs, cert-DOs
- Limit cert-DO size for identity 2 to 1k
- Add functions to read and set current identity
- Add command 0x85 INS_SET_IDENTITY
- Set first byte of card serial number to identity number
- Single storage location for firmware update key
- Reboot device on identity change
szszszsz
szszszsz approved these changes May 19, 2020
View reviewed changes
Copy link
Member

@szszszsz szszszsz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High quality contribution, a pleasure to review!

@szszszsz
Copy link
Member

Will be merged and signed manually.

@szszszsz szszszsz merged commit dc3fcd4 into Nitrokey:gnuk1.2-regnual-fix May 19, 2020
@szszszsz szszszsz mentioned this pull request May 19, 2020
Closed
2 tasks
@robin-nitrokey robin-nitrokey mentioned this pull request Sep 2, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@szszszsz szszszsz szszszsz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kliment @szszszsz