dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

ykman application compatibility issues #124

New Issue
Closed
opened 2025-03-19 17:22:35 +08:00 by IsayIsee · 6 comments
IsayIsee commented 2025-03-19 17:22:35 +08:00 (Migrated from github.com)
Copy Link

Waveshare 2350 One Hardware, Firmware Version: Development [cb99b8f]

  1. OTP Slot Swapping Issue:
    When executing ykman otp swap command, the following error is returned:

    ERROR: Failed to write to the YubiKey. Make sure the device does not have restricted access (see "ykman otp --help" for more info).

    However, the slot swap operation has actually been successfully executed, despite the system failing to correctly acknowledge the operation status.

  2. OTP Settings Configuration Issue:
    When executing ykman otp settings -A 576bc54882f3 2 command, the following error is returned:

    ERROR: Failed to write to the YubiKey. Make sure the device does not have restricted access (see "ykman otp --help" for more info).

    Despite the error message, the password was successfully set, but the original data in slot 2 has been corrupted(Challenge).

Command execution status inconsistent with actual results, potentially leading to device management confusion and data integrity issues.

## Waveshare 2350 One Hardware, Firmware Version: Development [cb99b8f] 1. **OTP Slot Swapping Issue**: When executing `ykman otp swap` command, the following error is returned: ``` ERROR: Failed to write to the YubiKey. Make sure the device does not have restricted access (see "ykman otp --help" for more info). ``` However, the slot swap operation has actually been successfully executed, despite the system failing to correctly acknowledge the operation status. 2. **OTP Settings Configuration Issue**: When executing `ykman otp settings -A 576bc54882f3 2` command, the following error is returned: ``` ERROR: Failed to write to the YubiKey. Make sure the device does not have restricted access (see "ykman otp --help" for more info). ``` Despite the error message, the password was successfully set, but the original data in slot 2 has been corrupted(Challenge). Command execution status inconsistent with actual results, potentially leading to device management confusion and data integrity issues.
IsayIsee commented 2025-03-19 17:45:51 +08:00 (Migrated from github.com)
Copy Link

During testing, I confirmed that yubico OTP, HOTP and Static Password functions work correctly after setting passwords.

Prior to setting a password for Challenge-Response, I could successfully create and decrypt a new database using KeePassXC. However, after setting a password for slot 2, I am no longer able to decrypt the database

Additionally, I specifically configured only slot 2 for Challenge-Response mode. Yet when setting up KeePassXC, both slots appear as available options. In reality, slot 1 is using Static Password mode.

During testing, I confirmed that yubico OTP, HOTP and Static Password functions work correctly after setting passwords. Prior to setting a password for Challenge-Response, I could successfully create and decrypt a new database using KeePassXC. However, after setting a password for slot 2, I am no longer able to decrypt the database Additionally, I specifically configured only slot 2 for Challenge-Response mode. Yet when setting up KeePassXC, both slots appear as available options. In reality, slot 1 is using Static Password mode.
IsayIsee commented 2025-03-19 17:56:11 +08:00 (Migrated from github.com)
Copy Link

If I set a password for slot 2 and then execute the swap command, slot 2 adopts the previous settings of slot 1. However, slot 1 does not inherit the previous settings of slot 2 - instead, it becomes empty. The password does not provide the expected protection.

If I set a password for slot 2 and then execute the swap command, slot 2 adopts the previous settings of slot 1. However, slot 1 does not inherit the previous settings of slot 2 - instead, it becomes empty. The password does not provide the expected protection.
polhenarejos commented 2025-03-19 18:22:20 +08:00 (Migrated from github.com)
Copy Link

There's a problem with swap from 1 -> 2. After making the swap, it appears as empty. Therefore, if you program slot 2 again, it puts slot 2 twice and, from the filesystem perspective, is like you are having two slots 2. First delete every slot and reset after deletion. If multiple files are stored in that slot, the slot will appear as configured again after the reset. Do it until appears as empty after reset.
In the meantime I am looking for the fix, reset your board after slot each config/update/swap/deletion to force the filesystem to reload.

There's a problem with swap from 1 -> 2. After making the swap, it appears as empty. Therefore, if you program slot 2 again, it puts slot 2 twice and, from the filesystem perspective, is like you are having two slots 2. First delete every slot and reset after deletion. If multiple files are stored in that slot, the slot will appear as configured again after the reset. Do it until appears as empty after reset. In the meantime I am looking for the fix, reset your board after slot each config/update/swap/deletion to force the filesystem to reload.
IsayIsee commented 2025-03-31 09:55:28 +08:00 (Migrated from github.com)
Copy Link

i flash 0a2ee65, swap slot is ok. but #123 has reappeared @polhenarejos

i flash [0a2ee65](https://github.com/polhenarejos/pico-fido/commit/0a2ee6523fbd97877e57b09c07c5ec3ee82ac114), swap slot is ok. but #123 has reappeared @polhenarejos
polhenarejos commented 2025-04-07 16:44:04 +08:00 (Migrated from github.com)
Copy Link

What is exactly broken? I cannot reproduce it.

What is exactly broken? I cannot reproduce it.
IsayIsee commented 2025-04-07 17:52:13 +08:00 (Migrated from github.com)
Copy Link

The question in the previous post is as follows(The screenshot is the interface I simulated at the time, because I didn’t take a screenshot at the time)

Image

Image

now i use c8dbc21 it ok, so I don't know why

The question in the previous post is as follows(The screenshot is the interface I simulated at the time, because I didn’t take a screenshot at the time) ![Image](https://github.com/user-attachments/assets/578da75c-9da4-4c4a-8b05-5bfeeb913153) ![Image](https://github.com/user-attachments/assets/90f0dfe2-4e13-488b-8c95-af06adec7660) now i use [c8dbc21](https://github.com/polhenarejos/pico-fido/commit/c8dbc213a0ca5fe78a5f9fc225afa12a7916d200) it ok, so I don't know why
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
dearsky
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dearsky/pico-fido#124
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?