-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't enable JTAG lockdown #681
Comments
This issue is indeed not well documented. We heard that on the nrf52840 version we worked with, the lock down can be circumvented. Therefore, I made the command error instead of giving a false sense of security, see #620:
became a simple We could re-enable the old behavior so users with a new version of the hardware can benefit from it. @jmichelp Opinions? |
That would need more tweaking because to fix the bypass, Nordic made changes to the way the JTAG lockdown works. |
I think you did the right thing. If it cannot be truly locked, it is correct to report an error.
Sounds good, looking forward to it |
This is not going to happen soon. I'll keep this issue open, steps to fix this include:
|
The Nordic chips currently used is not designed to be secure MCUs such as those used in SIM Bank card. |
Secure elements typically doesn't play well with open-source because of their common criteria certifications. So it's unlikely that we would be able to release a ready to use firmware for such a chip. That being said, the current code should allow you to write an |
Expected Behavior
configure.py --lock-device
info: Device is now locked down!
Actual Behavior
configure.py --certificate=crypto_data/opensk_cert.pem --private-key=crypto_data/opensk.key --lock-device
info: Certificate is valid.
info: Programming OpenSK device
info: Please touch the device to confirm...
error: Failed to configure OpenSK (lockdown conditions not met or hardware error).
Steps to Reproduce the Problem
setup.sh
deploy.py --board=nrf52840_dongle_opensk --opensk --programmer=pyocd
configure.py --certificate=crypto_data/opensk_cert.pem --private-key=crypto_data/opensk.key
configure.py --certificate=crypto_data/opensk_cert.pem --private-key=crypto_data/opensk.key --lock-device
Specifications
893faa5113f47457337ddb826b1a58870f00bc78
)The text was updated successfully, but these errors were encountered: