Unable to load OnlyKey app bootloader on Qubes OS

Hello, I am having an issue loading new firmware and wiping the firmware on my onlykey color. I am doing this on a linux computer. First of all I wiped my onlykey by purposely typing in the wrong pin 10 times. The light on my onlykey goes white and the onlykey app says " WORKING… please wait" It says this forever(1+ hours) basically untill I unplug it. I cant seam to get past this issue.

Before I wiped it, It was working fine as in the onlykey app would detect it and load the onlykey app and can input passwords correctly into web sites. I believe it might have something to do with the black vault bootloader not detecting the onlykey. I also have the UDEF rule set up as per https://docs.crp.to/linux.html

I have tryed doing this on a windows 10 computer and it works fine there but would like to get it to work on linux.

If the device is white this means its in bootloader mode, if this happened after entering 10 incorrect pins you must have had full wipe enabled:

image1024×596 97.5 KB

So yes you can now load the OnlyKey firmware in the app. However, if UDEV is incorrectly set the OnlyKey can’t communicate with the app. Can you try running lsusb or try another computer (Windows/Mac)

I typed in lsusb in my terminal and i didnt see the onlykey in my devices. I can see and use the onlykey once the firmware is installed on my onlykey though. So I believe UDEV is working atleast partially.

I am still having this Issue although I do have a workaround. Onlykey doesnt recognize the onlykey device(with the udev rule applied) until the firmware is installed on the Onlykey. After the firmware is installed everything works fine. So to get it working from a wiped onlykey(firmware wiped also) I had to plug it into my windows 10 PC to put the firmware on(since my Linux Qubes OS PC does’nt recognize it) and then move it back over to my Qubes OS PC which now recognizes the onlykey to finish the setup.

I only know about KVM, but Qubes Xen Hypervisor is similar.
Create Udev rules in the administrative domain (Dom0) and activate the USB stick in the working domain (Dom1)
Qubes-os usb-devices

I believe Mango_Mungo might be right about putting the UDEV Rule in Dom0.

I am having an issue trying to copy this udev rule to dom0. I was refering to How to copy from dom0 | Qubes OS for the commands. I have also tryed adding sudo in front of the command and that didnt work eather.

[user@dom0 ~]$ qvm-run --pass-io personal ‘cat ~/Downloads/49-onlykey.rules’ > /etc/udev/rules.d/49-onlykey.rules

Bash: /etc/udev/rules.d/49-onlykey.rules: Permission denied

It seams that as soon as I start a firmware update when my onlykey is attached to sys-usb, It disconnects the usb device instantly and doesnt connect back. Doesnt show up in the terminal using lsusb in sys-usb(It showed up before trying to load firmware). The onlykey light is also white and the onlykey app just hangs waiting.

Last message received: SUCCESSFULL FW LOAD REQUEST, REBOOTING…

This ONLY happens when I am trying to load firmware other then that everything else is working on the onlykey.

would like to solve this so I dont have to use a windows pc to put firmware on.

It reads as if the firmware has been loaded successfully.
What if you remove and insert¹ the key after rebooting? Is the new firmware then on it?
¹Emergency locking technique by gerlos

Is your old firmware newer than beta7 release? Because OnlyKey uses Teensy VID/PID up to beta7 release and then you have to adjust your UDEV rules:

# OnlyKey uses own VID/PID since beta7 release:
ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc", ENV{ID_MM_DEVICE_IGNORE}="1"
ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc", ENV{MTP_NO_PROBE}="1"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc", MODE:="0666"
KERNEL=="ttyACM*", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc", MODE:="0666"
#
# OnlyKey uses Teensy VID/PID up to beta7 release:
ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"
ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666"
KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666"

Another GNU/Linux or * BSD can also be used if necessary if it doesn’t work with Qubes.

Ok so I currently have 0.2-beta.8c firmware installed. I am trying to install the latest firmware. I tryed the emergency locking technique and unplugging it just restarts the onlykey including I have to put my pin in again to unlock my key. Also after doing this I still have 0.2-beta.8c firmware installed on the onlykey.

For the UDEV RULE, I have the first one you inputed above in sys-usb since mine is above beta7. This is an older onlykey, I believe I got this when onlykey color first came out on kickstarter.

Are you able to upgrade your device on a Linux, Mac, or Windows system?

https://docs.crp.to/upgradeguide.html

Yes I can do it on a windows system which is what I am currently using. I was just hoping to be able to do it on Qubes OS since that is my Primary OS I use.

It would be interesting to talk/see if anybody has successfully upgrading there firmware on Qubes OS since right now I believe it cant be done.

An Idea:
Might have something to do with the Onlykey changing partitions and unmounting the partition when upgrading firmware but the physical onlykey is still plugged into the computer the entire time this is done so qubes doesnt understand there is a change unless the onlykey is physically disconnected. This is just an idea I could be totally wrong here. This is above my knowledge.

I am trying on Ubuntu 21.10 and no luck… So I think no firmware upgrade for me…