Thanks to Paul and Fredrik for help fixing the DFU problems. There were a few bugs in the upgrade script too, mostly race conditions, none particularly difficult to fix once Paul dealt with the rest.
With all that done: I can now offer a Yule present for those who are feeling adventurous: binary packaging of the "ksng" (new keystore architecture) development branch. Because of the DFU bugs (and other factors, but mostly the bugs), the upgrade process for this is a bit tricky. I've attempted to document it at: https://wiki.cryptech.is/wiki/UpgradeToKSNG and have tested this with an Alpha whose firmware I first rolled back to what we were running in Berlin. Given the tricky nature of the upgrade, it would probably be best if the first person other than me to try it were someone who already has (or doesn't mind acquiring) an ST-LINK programmer, just in case something goes horribly wrong and the upgrade bricks the HSM. WARNING: there are several incompatible changes between the software we were running in Berlin and the ksng branch, most notably the keystore itself (totally changed) and some of the RPC calls used by the PKCS #11 library. The PKCS #11 API itself is largely unchanged, so software which worked over PKCS #11 in Berlin should still work. Next up will probably be writing a software driver for Pavel's shiny new Verilog ECDSA point multiplier and packaging that up on another branch. At some point we will of course want to merge all these branches and packages back into a single stream, but I'd like to get a bit more testing of the new stuff before we do that, so providing a binary package to ease testing seemed like the way to go. _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
