PURISM.md 4.55 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179

Flashing the firmware
=====================

Install the Pre-requisistes
---------------------------

```
$ sudo apt install stm32flash
```

Flash the Firmware
------------------

This only works after a reboot of the phone

```
$ scripts/stm_reflash.sh
```

Smartcard daemons setup
=======================

Automatic setup
---------------

Run the smat card setup script

```
$ scripts/smartcard_setup.sh
```

Manual setup
------------

This just details the setup steps performed by the setup script

Install the Pre-requisistes
---------------------------

```
$ sudo apt install pcscd pcsc_tools stm32flash
```

For the Purism Librem5 (Dogwood and newer)
------------------------------------------

Serial line configuration for Librem5:
 
/etc/reader.conf.d/libccidtwin

```
DEVICENAME        /dev/ttymxc2:SEC1210
FRIENDLYNAME      "TTXS serial"
LIBPATH           /usr/lib/pcsc/drivers/serial/libccidtwin.so
```

Edit ~/.gnupg/scdaemon.conf

```
disable-ccid
```

Edit /lib/systemd/system/pcscd.service and add this line under [Service]

```
ExecStartPre=/bin/bash -c "echo 1 > /sys/class/leds/smc_en/brightness && sleep 2"
```

Testing the smartcard
---------------------

pcsc tools can be used to test the smartcard reader firmware and pcscd. Reader 1 will always show an error as it is a non existant interface.

```
$ pcsc_scan
Using reader plug'n play mechanism
Scanning present readers...
0: TTXS serial 00 00
1: TTXS serial 00 01

Fri Jan 29 15:52:26 2021
 Reader 0: TTXS serial 00 00
  Event number:
  Card state: Card inserted, Exclusive Mode, 
  ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C
ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C
+ TS = 3B --> Direct Convention
+ T0 = DA, Y(1): 1101, K: 10 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
    129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TC(1) = FF --> Extra guard time: 255 (special value)
  TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1
-----
  TD(2) = B1 --> Y(i+1) = 1011, Protocol T = 1
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 75 --> Block Waiting Integer: 7 - Character Waiting Integer: 5
  TD(3) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following
-----
  TA(4) = 03 --> Clock stop: not supported - Class accepted by the card: (3G) A 5V B 3V 
+ Historical bytes: 00 31 F5 73 C0 01 60 00 90 00
  Category indicator byte: 00 (compact TLV data object)
    Tag: 3, len: 1 (card service data byte)
      Card service data byte: F5
        - Application selection: by full DF name
        - Application selection: by partial DF name
        - BER-TLV data objects available in EF.DIR
        - BER-TLV data objects available in EF.ATR
        - EF.DIR and EF.ATR access services: by GET DATA command
        - Card without MF
    Tag: 7, len: 3 (card capabilities)
      Selection methods: C0
        - DF selection by full DF name
        - DF selection by partial DF name
      Data coding byte: 01
        - Behaviour of write functions: one-time write
        - Value 'FF' for the first byte of BER-TLV tag fields: invalid
        - Data unit in quartets: 2
      Command chaining, length fields and logical channels: 60
        - Extended Lc and Le fields
        - RFU (should not happen)
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 1
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 00 (No information given)
      SW: 9000 (Normal processing.)
+ TCK = 1C (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C
	OpenPGP Card V3

 Reader 1: TTXS serial 00 01
  Event number: 
  Card state: Card inserted, Unresponsive card,
```

gnupg will also test the scdaemon configuration

```
$ gpg --card-status
Reader ...........: TTXS serial 00 00
Application ID ...: D276000124010303000500008FF10000
Version ..........: 3.3
Manufacturer .....: ZeitControl
Serial number ....: 00008FF1
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 64 64 64
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: on
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
```

Debugging
---------

Debugging with pcscd:

```
$ killall pcscd
$ LIBCCID_ifdLogLevel=0xffff pcscd -f --debug
```

TODO
====

Turn the stm micro off when ttymxc2 gets closed