Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 5:47 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Tue Feb 03, 2009 9:07 pm 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
I've got the question several times now what was really changed between the 1.3.2 and the 1.3.3 version ?

In the USB device descriptor which is read at startup/enumeration time, there is a flag specifying if the USB device is a boot device. In the pre-1.3.3 Yubikeys, this flag is not set and therefore the BIOS simply rejects it and the Yubikey goes into dormant mode until the OS starts up.

Under Windows, this can be checked by firing up the Device Manager. Locate the Yubikey under "Human Interface Devices" and open the properties dialog. Under the Details tab, locate the "Compatible Ids" and you'll find USB\Class_03&SubClass_01&Prot_01 for the 1.3.3 Yubikey. This means that it is a HID device (3), Boot Interface Subclass (1) and Keyboard protocol (1).

A simple fix indeed and one could ask why that was not done in the first place. I actually did not see any reason to fire up the key until the OS was started as it did not make sense to have it enabled until there is a service available that could verify the OTP. That was certainly true before we introduced static OTPs but I could not simply envision the pre-boot usage.

A good reason not to enable the Yubikey unless necessary is that it then stays in dormant mode and consumes virtually no power.

With the best regards,

Jakob E
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Feb 05, 2009 11:20 am 
Offline

Joined: Thu Feb 05, 2009 10:09 am
Posts: 1
So if my "Compatible Ids" for my newly purchased YubiKeys is:

USB\Class_03&SubClass_00&Prot_00
USB\Class_03&SubClass_00
USB\Class_03

they wont work with pre-boot authentication?

Pre-boot authentication with TrueCrypt full disk encryption was one of my intended uses.

This would be unfortunate as I only received my keys today.

--
znark


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 05, 2009 4:11 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
It seems that you received a YubiKey with the firmware version 1.3.2. The YubiKey requires firmware version 1.3.3 to work at the pre-boot environment.

To check the firmware version of the YubiKey, please visit the following forum post:

viewtopic.php?f=2&t=85&p=804&hilit=yubikey+version#p804

If the YubiKey firmware version is older that the version 1.3.3, please send an email to "support@yubico.com" with the purchasing details. Yubico will arrange for a replacement.

We hope this answers your question.

Feel free to write back to us in case you face any problems.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group