migration process
This commit is contained in:
parent
0dfa9478df
commit
ebb9ded5f9
14
DSLR.md
Normal file
14
DSLR.md
Normal file
@ -0,0 +1,14 @@
|
||||
#DSLR
|
||||
Kameratasche Pacsafe V9 Black Banane schwarz (x)
|
||||
Graufilter (ND Filter)
|
||||
Stativ
|
||||
Quick strap hama
|
||||
Festbrennweite 85mm 1.8
|
||||
Teleobjekt
|
||||
Nikon CF-N3000: Kamera-Einschlagtuch (-)
|
||||
Polfilter Haida Pro II Digital Slim Polfilter Zirkular MC (x)
|
||||
Gegenlichtblende/Sonnenblende PROFOX LH-73D 67mm (x)
|
||||
Reinigungsutensilien (x)
|
||||
Objektivbeutel
|
||||
Bohnensack
|
||||
Blitzschuhabdeckung (x)
|
149
gnuk.md
Normal file
149
gnuk.md
Normal file
@ -0,0 +1,149 @@
|
||||
##Gnuk
|
||||
Passport-opensc: https://javacardos.com/tools/passport
|
||||
Black pill pin : https://user-images.githubusercontent.com/13839872/43411278-5f35afd8-9432-11e8-9385-cdd8d3db298d.png
|
||||
SECG/Koblitz https://github.com/yinheli/koblitz
|
||||
|
||||
https://hackaday.io/project/162597/logs
|
||||
the page mentioning a single free PA pin, the PA5. All other Pins seems to be PBs.
|
||||
However, chopstx defines the boards and the ack-button. That leads to two places where to patch things. Within the boards definition where is a comments segment, afterwards somehow a pin definition.
|
||||
* PA5 - input with pull-up: switch output
|
||||
#define VAL_GPIO_LED_ODR 0xFFFFE6FF <--need fix
|
||||
|
||||
ackbtn-stm32f103.c <--need fix
|
||||
case BOARD_ID_ST_DONGLE:
|
||||
/* PA5 can be connected to a hall sensor or a switch */
|
||||
afio_exticr_index = 0;
|
||||
afio_exticr_extiX_pY = AFIO_EXTICR2_EXTI5_PA;
|
||||
irq_num = EXTI9_5_IRQ;
|
||||
pin_config = 0x0020; /* EXTI_PR_PR5 == EXTI_IMR_MR5 == EXTI_RTSR_TR5 */
|
||||
pin_config |= PINCFG_EDGE_RISING;
|
||||
break;
|
||||
|
||||
|
||||
|
||||
Black Pill change for LED, maybe backport to gnuk
|
||||
https://github.com/gl-sergei/u2f-token/issues/9#issuecomment-408945987
|
||||
schematics
|
||||
https://s14-eu5.startpage.com/cgi-bin/serveimage?url=https:%2F%2Fembdev.net%2Fwikifiles_en%2Fthumb%2F0%2F09%2FStlink-clone-pinout.JPG%2F800px-Stlink-clone-pinout.JPG&sp=d29ef3816d5c329afdec6221d7c4c7ca
|
||||
[new] https://gist.github.com/rot42/cd6ff46be45f0b7d7cd461a7bcc14d79
|
||||
|
||||
----------mailgroup questions----------------
|
||||
firmware upgrade with public RSA --> lost of all data?
|
||||
upgrade manual?
|
||||
get random data from gnuk more than 32byte?
|
||||
https://raw.githubusercontent.com/comio/comio-overlay/master/app-crypt/scdtools/files/scdrand.service
|
||||
https://github.com/vletoux/OpenPGP-CSP/issues
|
||||
https://incenp.org/dvlpt/scdtools.html
|
||||
HID feature for more identities?
|
||||
button backports?
|
||||
KDF settings?
|
||||
usb c
|
||||
polarssl further used?
|
||||
|
||||
IC40UP5K (Fomu)
|
||||
|
||||
echo scd random 32 | gpg-connect-agent | xxd
|
||||
-----------------
|
||||
Nutzer PIN erst mit Zertifikat
|
||||
adminless Modus mit PIN über 8 Zeichen, User Pin min 6 Zeichen PIN
|
||||
|
||||
---------UPGRADE-------------
|
||||
koelner ~/src/gnuk/tool $./upgrade_by_passwd.py ../regnual/regnual.bin ../src/build/gnuk.bin
|
||||
Admin password:
|
||||
../regnual/regnual.bin: 4432
|
||||
../src/build/gnuk.bin: 111616
|
||||
CRC32: b548ca7b
|
||||
|
||||
Device:
|
||||
Configuration: 1
|
||||
Interface: 0
|
||||
./upgrade_by_passwd.py:160: DeprecationWarning: tostring() is deprecated. Use tobytes() instead.
|
||||
main(wait_e, keyno, passwd, data_regnual, data_upgrade[4096:])
|
||||
20002a00:20005000
|
||||
Downloading flash upgrade program...
|
||||
start 20002a00
|
||||
end 20003b00
|
||||
Run flash upgrade program...
|
||||
Waiting for device to appear:
|
||||
Wait 1 second...
|
||||
Wait 1 second...
|
||||
Wait 1 second...
|
||||
Wait 1 second...
|
||||
Wait 1 second...
|
||||
Device:
|
||||
08001000:0bfffc00
|
||||
Downloading the program
|
||||
start 08001000
|
||||
end 0801b400
|
||||
Protecting device
|
||||
Finish flashing
|
||||
Resetting device
|
||||
Update procedure finished
|
||||
|
||||
koelner ~/src/gnuk/tool $./usb_strings.py
|
||||
Vendor: Free Software Initiative of Japan
|
||||
Product: Gnuk Token
|
||||
Serial: FSIJ-1.2.13-87123119
|
||||
Revision: release/1.2.13-1-g3d06051-modified
|
||||
Config: ST_DONGLE:dfu=no:debug=no:pinpad=no:certdo=yes:factory_reset=yes
|
||||
Sys: 3.0
|
||||
|
||||
|
||||
-------
|
||||
https://github.com/gl-sergei/u2f-token
|
||||
https://riseup.net/en/security/message-security/openpgp/best-practices
|
||||
------
|
||||
gnuk root key station
|
||||
|
||||
rpi zero WH 1.1, CPU-Kühler, USB-A Mod, USB Hub Hat, 1.44 LCD with Buttons
|
||||
Optional hardware: NeuG as TRNG, keyboard, RTC
|
||||
|
||||
OS: DietPi
|
||||
additional installed software: vim.tiny, vim, stress, gnupg, libccid, opensc, scdaemon, pinentry-tty, rng-tools [http://webhome.phy.duke.edu/~rgb/General/dieharder.php, pam-poldi, keysafe]
|
||||
|
||||
activate timedatectl 4
|
||||
register i2c-rtc and usb-serial, login with dietpi:dietpi
|
||||
|
||||
-------------
|
||||
root@gnupg-root:~# cat hwmon-ds3231.sh
|
||||
#!/usr/bin/env bash
|
||||
rtctemp=$(cat /sys/class/i2c-adapter/i2c-1/1-0068/hwmon/hwmon0/temp1_input)
|
||||
rtctemp=$(bc -l <<< "$rtctemp / 1000")
|
||||
echo "RTC temp = $rtctemp"
|
||||
-----------
|
||||
|
||||
First run
|
||||
Check for RNG pool
|
||||
create encrypted storage for the gpg folder [on a removable device]
|
||||
-with long passphrase
|
||||
-with the master key and PIN (afterwards)
|
||||
init gpg settings
|
||||
create master key
|
||||
-export as QR-Code for printing (on a SDcard, USB Stick)
|
||||
-copy it to GNUK token
|
||||
-N-of-M sharing
|
||||
-USB-Stick
|
||||
create hash over gpg folder and sign it
|
||||
remount as read-only
|
||||
|
||||
regulary base
|
||||
Unmount encrypted storage before update
|
||||
update only via terminal/(ssh)
|
||||
|
||||
|
||||
--------------
|
||||
[GUI] Main task are:
|
||||
-unlock encrypted storage
|
||||
-copy revocation certificate to unencrypted storage
|
||||
-renew the sub key
|
||||
-copy subkey to GNUK
|
||||
-lock encrypted storage
|
||||
-renew disable date
|
||||
[GUI DEBUG]
|
||||
-upgrade GNUK firmware
|
||||
-git update
|
||||
-git verify
|
||||
-configure
|
||||
-make
|
||||
-upgrade via publickey
|
||||
-reinit GNUK token with saved openpgp data
|
4
recharblepowerdevices.md
Normal file
4
recharblepowerdevices.md
Normal file
@ -0,0 +1,4 @@
|
||||
## (recharchable) power units
|
||||
# remotes
|
||||
# PC hardware
|
||||
-
|
Loading…
Reference in New Issue
Block a user