-
Notifications
You must be signed in to change notification settings - Fork 5
Firmware Updates
Binary releases are available
for the Armory Drive firmware, all releases include the armory-drive-install tool which provides
interactive upgrade of all installation modes.
The installer and firmware work together through a combination of Secure Boot and Firmware Transparency frameworks to authenticate firmware updates.
Secure boot allows firmware authentication with burned in read-only public keys, as well as confidential configuration storage with device specific hardware keys.
Firmware Transparency allows tamper-evident firmware authentication by the installer as well as the device firmware when receiving the update.
The following table summarizes the firmware authentication options supported by the installer.
| Secure Boot | Firmware Transparency |
|---|---|
| disabled | Yes |
| with F-Secure keys | Yes |
| with user own keys | No |
The installer, as well as the device itself when receiving an update of F-Secure signed releases, authenticates all updates through tamper-evident logs powered by Google transparency framework.
The armory-drive-install tool is the recommended way to upgrade the Armory
Drive firmware, alternatively only users of F-Secure signed releases or
unsigned releases can upgrade without the need for any tools using the
following procedure.
The firmware version is represented by 7 hexadecimal digits (e.g. efeb733).
To check the current firmware version set Armory Drive firmware in pairing mode (see
next section). An "F-Secure" disk volume should appear. The firmware
version can be found in the VERSION.TXT file.
Ensure the installed firmware version corresponds to the value for the REV
variable specified in the Go build ID section of the release notes for the
latest binary release,
if not a firmware update is recommended.
To set the Armory Drive firmware in pairing mode, which is required to perform firmware updates, simply use it, attached to your host, without a micro SD card inserted.
In case a firmware installation or upgrade is suddenly interrupted (e.g. power loss) it might be necessary to perform an emergency recovery.
To do so launch the armory-drive-install tool with the -R flag and follow instructions.