USB Guard stops firmware update. #515
Description
File: [components/nitrokeys/nitrokey3/usbguard.rst] https://docs.nitrokey.com/components/nitrokeys/nitrokey3/usbguard.html
Hi there,
On at least Debian 13 (Trixie), if you have usbguard installed and active, you can not use 'nitropy nk3 update'. It will download the firmware, ask if you want to update, tell you to touch the device to put it in bootloader mode and .. stop.
The quick answer is this:
Edit /etc/usbguard/usbguard-daemon.conf
Change
ImplicitPolicyTarget=block
To
ImplicitPolicyTarget=allow
Save
Restart usbguard. Run the firmware update. Restore the setting in /etc/usbguard/usbguard-daemon.conf to 'block' and restart usbguard.
I think the issue is that the Nitrokey is somehow presenting itself differently enough that usbguard is blocking it once it is in bootloader mode. This is the only way I found to be able to update it, it did not help recreating the usbguard rules and restarting it once the key was in bootloader mode. The update would fail.