Yubico Forum https://forum.yubico.com/ |
|
What was really changed in 1.3.3 ? https://forum.yubico.com/viewtopic.php?f=16&t=249 |
Page 1 of 1 |
Author: | Jakob [ Tue Feb 03, 2009 9:07 pm ] |
Post subject: | What was really changed in 1.3.3 ? |
I've got the question several times now what was really changed between the 1.3.2 and the 1.3.3 version ? In the USB device descriptor which is read at startup/enumeration time, there is a flag specifying if the USB device is a boot device. In the pre-1.3.3 Yubikeys, this flag is not set and therefore the BIOS simply rejects it and the Yubikey goes into dormant mode until the OS starts up. Under Windows, this can be checked by firing up the Device Manager. Locate the Yubikey under "Human Interface Devices" and open the properties dialog. Under the Details tab, locate the "Compatible Ids" and you'll find USB\Class_03&SubClass_01&Prot_01 for the 1.3.3 Yubikey. This means that it is a HID device (3), Boot Interface Subclass (1) and Keyboard protocol (1). A simple fix indeed and one could ask why that was not done in the first place. I actually did not see any reason to fire up the key until the OS was started as it did not make sense to have it enabled until there is a service available that could verify the OTP. That was certainly true before we introduced static OTPs but I could not simply envision the pre-boot usage. A good reason not to enable the Yubikey unless necessary is that it then stays in dormant mode and consumes virtually no power. With the best regards, Jakob E Hardware- and firmware guy @ Yubico |
Author: | znark [ Thu Feb 05, 2009 11:20 am ] |
Post subject: | Re: What was really changed in 1.3.3 ? |
So if my "Compatible Ids" for my newly purchased YubiKeys is: USB\Class_03&SubClass_00&Prot_00 USB\Class_03&SubClass_00 USB\Class_03 they wont work with pre-boot authentication? Pre-boot authentication with TrueCrypt full disk encryption was one of my intended uses. This would be unfortunate as I only received my keys today. -- znark |
Author: | network-marvels [ Thu Feb 05, 2009 4:11 pm ] |
Post subject: | Re: What was really changed in 1.3.3 ? |
It seems that you received a YubiKey with the firmware version 1.3.2. The YubiKey requires firmware version 1.3.3 to work at the pre-boot environment. To check the firmware version of the YubiKey, please visit the following forum post: viewtopic.php?f=2&t=85&p=804&hilit=yubikey+version#p804 If the YubiKey firmware version is older that the version 1.3.3, please send an email to "support@yubico.com" with the purchasing details. Yubico will arrange for a replacement. We hope this answers your question. Feel free to write back to us in case you face any problems. |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |