低成本硬件密钥解决方案title
2022-09-05date
description
canokey出了一个nrf52的支持,不过作正经用途还是不能用这个,安全性自然也比不上商业产品。
with import <nixpkgs> { };
pkgs.stdenv.mkDerivation {
name = "envForCanokey";
nativeBuildInputs =
let
mach-nix = import
(builtins.fetchGit {
url = "https://github.com/DavHau/mach-nix";
ref = "refs/tags/3.5.0";
})
{ };
in
[
# nrf-command-line-tools
(
mach-nix.mkPython {
requirements = ''
adafruit-nrfutil
intelhex
'';
}
)
gcc-arm-embedded
cmake
pkg-config
newlib-nano
pyocd
];
buildInputs = [
zeromq
newlib-nano
nrf5-sdk
];
}
- Click on the ‘+’ next to each download you want, and we’ll .zip them into one archive for you.
unzip tocanokey-nrf52/nrf_sdk
export NRF5_SDK_DIR=/home/riro/Projects/canokey-nrf52/nrf_sdk/nRF5_SDK_17.1.0_ddde560
Create & enter ./build dir
ls /nix/store | rg gcc-arm-embedded
replace path in:
$ cmake -DCROSS_COMPILE=<path-to-toolchain>/bin/arm-none-eabi- \
-DCMAKE_TOOLCHAIN_FILE=../toolchain.cmake \
-DCMAKE_BUILD_TYPE=Release ..
finally seen as:
$ cmake -DCROSS_COMPILE=/nix/store/5kvc19hsy58fba2jzl4d06x7zz9l3jnn-gcc-arm-embedded-10.3.1/bin/arm-none-eabi- \
-DCMAKE_TOOLCHAIN_FILE=../toolchain.cmake \
-DCMAKE_BUILD_TYPE=Release ..
$ nrfutil pkg generate --hw-version=52 --sd-req=0 --application-version=1 --application-version=1 --application=canokey.hex --key-file opensk/opensk.key canokey_signed.zip
nrfutil dfu usb-serial --package=canokey_signed.zip -p /dev/ttyACM0
./deploy.py --board=nrf52840_dongle_dfu --programmer=nordicdfu --no-app --clear-storage
deploy complete.
WARNING
之前刷过OpenSK之类其它软件的可能需要使用调试器清除全部缓存,再重新刷bootloader进行全部步骤。不然canokey刷入后初始化会失败。