PURISM.md 4.55 KB
Newer Older


Flashing the firmware
=====================

Install the Pre-requisistes
---------------------------

```
$ sudo apt install stm32flash
```

Flash the Firmware
------------------

This only works after a reboot of the phone

```
$ scripts/stm_reflash.sh
```

Smartcard daemons setup
=======================

Automatic setup
---------------

Run the smat card setup script

```
$ scripts/smartcard_setup.sh
```

Manual setup
------------

This just details the setup steps performed by the setup script

Install the Pre-requisistes
---------------------------

```
$ sudo apt install pcscd pcsc_tools stm32flash
```

For the Purism Librem5 (Dogwood and newer)
------------------------------------------

Serial line configuration for Librem5:
 
/etc/reader.conf.d/libccidtwin

```
DEVICENAME        /dev/ttymxc2:SEC1210
FRIENDLYNAME      "TTXS serial"
LIBPATH           /usr/lib/pcsc/drivers/serial/libccidtwin.so
```

Edit ~/.gnupg/scdaemon.conf

```
disable-ccid
```

Edit /lib/systemd/system/pcscd.service and add this line under [Service]

```
ExecStartPre=/bin/bash -c "echo 1 > /sys/class/leds/smc_en/brightness && sleep 2"
```

Testing the smartcard
---------------------

pcsc tools can be used to test the smartcard reader firmware and pcscd. Reader 1 will always show an error as it is a non existant interface.

```
$ pcsc_scan
Using reader plug'n play mechanism
Scanning present readers...
0: TTXS serial 00 00
1: TTXS serial 00 01

Fri Jan 29 15:52:26 2021
 Reader 0: TTXS serial 00 00
  Event number:
  Card state: Card inserted, Exclusive Mode, 
  ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C
ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C
+ TS = 3B --> Direct Convention
+ T0 = DA, Y(1): 1101, K: 10 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
    129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TC(1) = FF --> Extra guard time: 255 (special value)
  TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1
-----
  TD(2) = B1 --> Y(i+1) = 1011, Protocol T = 1
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 75 --> Block Waiting Integer: 7 - Character Waiting Integer: 5
  TD(3) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following
-----
  TA(4) = 03 --> Clock stop: not supported - Class accepted by the card: (3G) A 5V B 3V 
+ Historical bytes: 00 31 F5 73 C0 01 60 00 90 00
  Category indicator byte: 00 (compact TLV data object)
    Tag: 3, len: 1 (card service data byte)
      Card service data byte: F5
        - Application selection: by full DF name
        - Application selection: by partial DF name
        - BER-TLV data objects available in EF.DIR
        - BER-TLV data objects available in EF.ATR
        - EF.DIR and EF.ATR access services: by GET DATA command
        - Card without MF
    Tag: 7, len: 3 (card capabilities)
      Selection methods: C0
        - DF selection by full DF name
        - DF selection by partial DF name
      Data coding byte: 01
        - Behaviour of write functions: one-time write
        - Value 'FF' for the first byte of BER-TLV tag fields: invalid
        - Data unit in quartets: 2
      Command chaining, length fields and logical channels: 60
        - Extended Lc and Le fields
        - RFU (should not happen)
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 1
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 00 (No information given)
      SW: 9000 (Normal processing.)
+ TCK = 1C (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C
	OpenPGP Card V3

 Reader 1: TTXS serial 00 01
  Event number: 
  Card state: Card inserted, Unresponsive card,
```

gnupg will also test the scdaemon configuration

```
$ gpg --card-status
Reader ...........: TTXS serial 00 00
Application ID ...: D276000124010303000500008FF10000
Version ..........: 3.3
Manufacturer .....: ZeitControl
Serial number ....: 00008FF1
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 64 64 64
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: on
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
```

Debugging
---------

Debugging with pcscd:

```
$ killall pcscd
$ LIBCCID_ifdLogLevel=0xffff pcscd -f --debug
```

TODO
====

Turn the stm micro off when ttymxc2 gets closed