-
Version 7.0 Stable
released this
2025-12-03 23:37:43 +08:00 | 49 commits to main since this releaseThis is a major release that brings support to PicoKey App, adds support to freshly new RP2354 MCU, adds enhancements to rescue interface and bug fixes.
New
- Add reboot bootsel command
- Add read secure boot status
- Add support for reading memory status
- Add support for PHY READ
- Add support for RP2354 (multiple commits)
- Add dummy LED driver for unsupported boards
- Add support for dynamic LED driver
- Add set of secure functions to derive keys using OTP + pico_serial
- Add pico_serial_hash (unique 32-byte source)
- Add OTP chaff to mitigate PVC attacks
- Add hash functions fed from OTP
- Add 4 pseudorandom bytes for RP entities indexing
- Add compatibility for old resident key system
- Add support for Brainpool curves and Ed448
- Add support for dynamic AID
- Add support for hmac-secret-mc extension
- Add support for persistentPinUvAuthToken
- Add support for FIDO 2.2
- Add VendorConfig: PIN POLICY URL
- Add VendorConfig upload EA command to get_info()
- Add enterprise attestation enabling subcommand
- Add other PHY commands to get_info()
- Add memory leak checker
- Add OTP security enhancements
- Add app_exists() to verify AID presence
- Add missing files / missing header
- Add template for pull requests
- Add support for RP2350 (CI/CD)
Enhancements
- Upgrade to mbedtls v3.6.5
- Upgrade tinycbor to 0.6.1 (multiple commits)
- Upgrade tests to python-fido2 v2.0.0
- Use new PIN system: seeded via OTP when available
- Migrate secure key derivation to new unified system
- NK compatibility improvements
- Flash size determined dynamically at runtime
- ESP32 optimization (PR #193, #189)
- Major refactor of resident keys: shorter fixed-length IDs
- Improve compatibility of old vs new resident key system
- Improve VendorConfig handling
- Move PRODUCT definition to its own file
Bug Fixes
- Fix AID selection (supports shorter matching AIDs)
- Fix OATH AID test
- Fix build for ESP32 / ESP / emulation / dependencies
- Fix key generation for RP2040
- Fix curious bug in FIDO+OpenPGP+CCID
- Fix VID/PID PHY read
- Fix spec compliance: vendor commands < 0x8000000000000000
- Fix OTP alignment issues
- Fix uint16 endianness impacting chained RAPDU
- Fix crash when response buffer not 16-bit aligned
- Fix HID processing for CTAP_HID only
- Fix descriptor descriptions with disabled interfaces
- Fix phy_data idVendor/idProduct when unset
- Fix resident key silent authentication
- Fix CMD_CONFIG VendorCmd
- Fix OpenPGP/PIV dynamic detection
- Fix forced 8-digit serial number (#149)
- Fix build regressions across merges
- Remove WindowsClient from imports
- Remove leftover packet-multiple-of-64 workaround (#95)
- Fixed OTP button press (#208)
- Fixed MSOS/BOS descriptor
Changed
- Do not use secboot in PHY
- Do not call pico_sdk_init (later re-added in SDK)
- Relicense to AGPLv3 + introduce Enterprise/Commercial license model
- Migration to new secure key derivation system replacing MKEK
- Move to new PIN format, seeded via OTP
- Update sdkconfig.defaults
- VendorConfig: some VIDs do not support values (#172)
What's Changed
- Remove WindowsClient from imports by @sylvainpelissier in https://github.com/polhenarejos/pico-fido/pull/181
- ESP32 Optimization by @MageDelfador in https://github.com/polhenarejos/pico-fido/pull/193
New Contributors
- @MageDelfador made their first contribution in https://github.com/polhenarejos/pico-fido/pull/193
Full Changelog: https://github.com/polhenarejos/pico-fido/compare/v6.6...v7.0
Downloads