The following information is about the firmware of the Nitrokey Pro. For information about the hardware please have a look at the Nitrokey Pro hardware repo.

• Building
• Flashing
  • Versaloon
    • Requirements
    • Flashing
  • STM32flash and DFU Mode
    • Requirements
    • Flashing

make [VID=0x20a0] [PID=0x4108] firmware

Parameters:

• VID: Define Vendor ID
• PID: Define Product ID

The microprocessor can be flashed in one of the following ways, depending on your hardware version:

• SWD is a STM-specific protocol and similar to JTAG allowing programming and debugging. Working adapters are Versaloon or any of the ST-Link V2 (clones). Under Linux you could give a patched OpenOCD a try but in the past it has been very troublesome. This approach requires to solder wires to the contact pads or to use an adapter with pogo pins and some kind of mounting (recommended).
• DFU is a simple protocol via serial port which allows programming but no debugging. On the Nitrokey hardware we expose the appropriate pins over the USB connector but it's not USB! Details are described in the next chapter.

• Download the .hex file you want to flash e.g. look at the releases section or build it yourself (see above).
• You may use a ST-Link V2 programmer or a Versaloon adapter.

The following picture shows the pin pads of the Nitrokey. The red rectangular is only available in newer versions and easier to use as the pads are much bigger. The blue rectangular is present in older and newer devices.

The SWD pins for the red rectangular is as follows:

The SWD pins for the blue rectangular is as follows:

_________________________
 D   x    o    o         |________
VCC GND SWCLK SWIO       |        |
                         |        |
                         |        |
                         |________|
_________________________|

For SWD programming, connect the SWDIO, SWDCLK and GND pads to the respective pins of you ST-Link programmer. The device should be powered externally through USB or a 5V power supply during programming.

1. export OPENOCD_BIN=<path-to-openocd-bin-folder> && ./flash_versaloon.sh or edit the script directly to contain OPENOCD_BIN=<path-to-openocd-bin-folder>
2. make flash-vesaloon

(TODO: For now it has a bug. Run it once, then kill it with Ctrl-C, then re-run it and it should flash the image)

A proper OpenOCD (patched for SWD) seems to be this one: https://github.com/snowcap-electronics/OpenOCD-SWD

or this one which is configured for automake 1.14: https://github.com/ggkitsas/OpenOCD-SWD

Please note, that this approach only works for older Nitrokey Pro device, not Nitrokey Pro 2 (all devices purchased before 04/04/2018).

• Download the .hex file you want to flash e.g. look at the releases section or build it yourself (see above).
• You may use STM32 Flash Loader Demonstrator (Windows only) or the open source command line tool stm32flash. Note: the terminal commands below are based on the command line tool.
• If your computer doesn't has a RS232 port (most modern laptops don't have it) you would need a USB-to-RS232/TTL adapter. Sparkfun BOB-00718 should work (untested) and you can find even cheaper adapters online. Previously we built our own adapter which hardware layout you can download.
• You would need a simple USB adapter to bridge Nitrokey's USB plug to the USB-to-RS232 adapter.

Your adapter should consist of a USB socket which four pins are connected to your serial/TTL connector. The pinout is as follows.

Nitrokey USB Plug <-> Serial/TTL adapter

Pin 1, VCC <-> VCC
Pin 2, D-  <-> TX
Pin 3, D+  <-> RX
Pin 4, GND <-> GND

This diagram represents the pinout of the USB socket which you are going to solder:

  ################### 
  #                 # 
  # ############### # 
  #                 # 
  #                 # 
  ################### 
     #   #   #   #   
     #   #   #   #    

     1   2   3   4

The following picture shows the adapter/USB-to-TTL connection.

To flash the firmware you need to bridge the two contact holes and only then connect (and power) the PCB to your adapter. The bridge triggers the hardware to boot into DFU mode. You can use a jumper with 2.0 mm pitch or just prepare/solder a wire. The following picture shows a bridge for the Nitrokey.

While the jumper is plugged in, connect the Nitrokey to the USB-serial adapter on your computer. The jumper is only required during the first moment of connection and can be removed afterwards.

You can check if the Nitrokey got successfully into DFU mode by typing in the following into a terminal:

$ sudo stm32flash /dev/ttyUSB0

stm32flash 0.5

http://stm32flash.sourceforge.net/

Error probing interface "serial_posix"
Cannot handle device "/dev/ttyUSB0"
Failed to open port: /dev/ttyUSB0

Now we have to disable the read protection first by typing

sudo stm32flash -k /dev/ttyUSB0 # read unprotecting

You may need to reconnect the device, before you can proceed. Do not forget to bridge the holes again. Now we do the actual flashing:

sudo stm32flash -w nitrokey-pro-firmware.hex /dev/ttyUSB0

Enabling the read/write protection again:

sudo stm32flash -j /dev/ttyUSB0 # read protection

Windows user should try COM3 instead of /dev/ttyUSB0 and need to type all commands without sudo.