El día viernes, noviembre 05, 2021 a las 08:32:17a. m. +0100, Werner Koch via
Gnupg-users escribió:
> it is good that things work for you. And thanks for the hint with the
> smartcard. I was probably blind that I didn't noticed it. I put an
> older card into the slot (cut down with a sharp wire cutter) but I have
> not seen the device.
Hello Werner,
To get the OpenPGP card working, please follow the steps in my
attachment OpenPGP-L5.txt. You must flash some firmware into the device.
> Even after an OS update there is still no Bluetooth device (regardless
> of the kill switch position) and the WLAN sometimes needs a reboot. I
> also wonder why there are no easy accessible teardown images - the long
> Youtube video is not very helpful because it shows obvious things,
To solve the Bluetooth / WLAN problems, follow the steps here how to
load again some other firmware. Esp. change also after this in the file
/etc/modprobe.d/librem5-devkit.conf the value dev_oper_mode from 5 to 13
https://forums.puri.sm/t/bluetooth-support-for-librem-5/14965/45
Hope it helps
matthias
--
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
August 13, 1961: Better a wall than a war. And, while the GDR was still
existing,
no German troups and bombs have been killed in Yugoslavia, Afghanistan,
Afrika...
How to setup the OpenPGP card in the Purism L5 phone
g...@unixarea.de, October 2021
https://puri.sm/posts/openpgp-in-your-pocket/
(includes video about inserting the card)
https://source.puri.sm/angus.ainslie/ttxs-firmware/-/blob/purism/PURISM.md
install and get the software:
$ cd ~/guru
$ sudo apt install stm32flash git
$ git clone https://source.puri.sm/angus.ainslie/ttxs-firmware
$ cd ttxs-firmware
Upgrade the smart card reader firmware:
$ ./scripts/stm_reflash.sh
...
stm32flash 0.5
http://stm32flash.sourceforge.net/
Using Parser : Raw BINARY
Interface serial_posix: 57600 8E1
Version : 0x31
Option 1 : 0x00
Option 2 : 0x00
Device ID : 0x0435 (STM32L43xxx/44xxx)
- RAM : Up to 48KiB (12544b reserved by bootloader)
- Flash : Up to 256KiB (size first sector: 1x2048)
- Option RAM : 16b
- System RAM : 28KiB
Write to memory
Erasing memory
Wrote address 0x08002388 (100.00%) Done.
And set up the smart card:
$ ./scripts/smartcard_setup.sh
There have been issues, see also:
https://forums.puri.sm/t/openpgp-card-waiting-for-the-first-reader/15189
https://source.puri.sm/Librem5/OS-issues/-/issues/119
What helped was:
# stty -F /dev/ttymxc2 raw cstopb -parenb cs8 115200
# pcscd -f --debug
The startup of pcscd is to be configured here and start is via systemctl:
# vim /lib/systemd/system/pcscd.service
# systemctl status pcscd
# systemctl stop pcscd
# systemctl start pcscd
Setting up the card
$ gpg --card-status
Reader ...........: TTXS serial 00 00
Application ID ...: D27600012401030400050000A6FE0000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: ZeitControl
Serial number ....: 0000A6FE
Name of cardholder: [not set]
Language prefs ...: de
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 64 64 64
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
$ gpg --change-pin # changed the PIN and Admin PIN
$ gpg --card-edit # generated the keys
$ export GNUPGHOME=/home/guru/.gnupg
$ pass init 'CCID L5'
Password store initialized for g...@unixarea.de
$ pass insert -m test
...
$ gpg --with-keygrip -K
/home/purism/.gnupg/pubring.kbx
-------------------------------
sec> rsa2048 2021-10-30 [SC]
336EB96892FE9FE7F6AD01D6529B7423F3608141
Keygrip = FCBA9E53DF1AF8D6E8D82B0418A01FA33264F704
Card serial no. = 0005 0000A6FE
uid [ultimate] Matthias Apitz (GnuPG CCID L5) <g...@unixarea.de>
ssb> rsa2048 2021-10-30 [A]
Keygrip = EE34E2B1F932D1567A6E21023F4D65B71CF953FF
ssb> rsa2048 2021-10-30 [E]
Keygrip = C544F16750F7F55DCEF781CF57C232015DDF1F90
the '>' means that these keys are on the card;
export the pub key with:
$ gpg --export --armor > ccid-L5-export-key-guru.pub
lock the card again:
$ gpgconf --reload scdaemon
I added this to the pass cmd:
$ tail -8 /usr/bin/pass
# power down the OpenPGP card
# g...@unixarea.de
#
gpgconf --reload scdaemon
sleep 2
exit 0
so the card gets loecked again after each operation with the pass cmd.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
