[onerng talk] Invalid firmware signature
Paul Campbell
paul at taniwha.com
Sun Jun 14 02:46:16 BST 2015
On Sun, 14 Jun 2015 00:56:11 dotpyfe wrote:
> I just got in my OneRNG V2.0 and I'm getting a "firmware verification
> failed" message when I attempt to use it that the firmware verification
> failed. I'm using the onerng_3.3.orig.tar.gz and have all of the
> dependencies installed on Arch.
>
> The specific line I get from `systemctl status atd` is: OneRNG[2353]:
> firmware verification failed: Invalid firmware signature. At that point,
> the orange LED will go out on the board.
>
> Any suggestions on troubleshooting?
If you have used the programmer to load your own code into your OneRNG this is
expected (you have to trust yourself .... and I can't give you my private key
to sign your own firmware images) you can turn off the check in
/etc/onerng.conf
Did your OneRNG come without a cover (tin foil hat) I've had a couple of
reports of people who got boards like this, one of who is seeing the same
symptoms you are - I think I understand how this might have happened (the
missing hats), but not the badly signed firmware - I spent a whole day during
manufacturing doing nothing other than checking firmware integrity
It is of course possible (but unlikely) that some third party state actor has
messed with your board in the mail - this is what the firmware check is
intended to detect ....(we'll be releasing a secondary way to detect this
soon).
You can debug the issue by throwing logging in the python firmware checking
code: /sbin/onerng_verify.py - see why it's failing ....
Having said all that I'll happily replace your board, drop me a note through
kickstarter's messages from your kickstarter account so I can connect up with
the bookkeeping there
Paul
More information about the Discuss
mailing list