26 Releases 32 Tags

RSS Feed

• v6.0 f4df9766b6

  Compare

  Version 6.0 Stable

  polhenarejos released this 2025-12-04 03:12:56 +08:00 | 30 commits to master since this release

  This is a major release that brings support to PicoKey App, adds support to freshly new RP2354 MCU, adds enhancements to rescue interface and bug fixes.

  New

  • Add reboot bootsel command
  • Add read secure boot status
  • Add support for reading memory status
  • Add support for PHY read
  • Add support for RP2354
  • Add set of secure functions to derive keys using OTP and pico_serial
  • Add pico_serial_hash as 32-byte unique source
  • Add OTP chaff to avoid PVC attacks
  • Add hash functions feeding from OTP
  • Add dummy LED driver for unsupported boards
  • Add support for LED driver in PHY
  • Add app_exists() to check if an AID is loaded
  • Add ESPICOHSMCA00002 to docs
  • Add autobuild for RP2350
  • Flash size determined dynamically instead of at build time

  Enhancements

  • Upgrade to mbedtls v3.6.5
  • Upgrade tinycbor to 0.6.1
  • ESP32 optimization
  • NK compatibility improvements
  • Add compatibility for non-pico boards
  • Upgrade to Pico SDK v2.2.0

  Bug Fixes

  • Fix on AID selection with shorter AIDs
  • Fix key generation for RP2040
  • Fix bug in FIDO+OpenPGP+CCID mixed use
  • Fix VIDPID PHY read
  • Add casts to fix warnings
  • Fix Windows build
  • Add Windows compatibility
  • Add strlcpy when necessary
  • Add const to OTP functions
  • Migrate keys to another OTP page to mitigate PVC attack
  • Fix OTP programming alignment
  • Fix uint16 endianness in chained RAPDU
  • Fix crash when response buffer is not 16-bit aligned
  • Fix interface descriptor when HID is disabled
  • Fix phy_data idVendor/idProduct when unset
  • Fix conditional builds for non-pico platforms
  • Fix HID processing only for CTAP_HID
  • Fix version setup for non-pico platforms
  • Fix non-pico build (several occurrences)
  • Fix descriptor logic when interfaces are disabled
  • Remove leftover 64-byte packet-size workaround
  • Fix test case with newer OpenSSL
  • Fixed MSOS/BOS descriptor

  Changed

  • Do not use secboot in PHY
  • Relicense project under AGPLv3 + add Enterprise/Commercial license
  • Remove 64-byte packet multiple tweak (handled by USB stack)
  • Merge PR #108 (ESP32 optimization)
  • Merge PR #102 (BIP32 operations)
  • Update sdkconfig.defaults

  What's Changed

  • implement bip32 operations in pico-hsm-tool by @eliasnaur in https://github.com/polhenarejos/pico-hsm/pull/102
  • ESP32 Optimization by @MageDelfador in https://github.com/polhenarejos/pico-hsm/pull/108

  New Contributors

  • @eliasnaur made their first contribution in https://github.com/polhenarejos/pico-hsm/pull/102
  • @MageDelfador made their first contribution in https://github.com/polhenarejos/pico-hsm/pull/108

  Full Changelog: https://github.com/polhenarejos/pico-hsm/compare/v5.6...v6.0

  Downloads

  • pico_hsm_pico-6.0.uf2
    560 KiB

    2025-12-12 03:07:03 +08:00
  • pico_hsm_pico2-6.0.uf2
    492 KiB

    2025-12-12 03:07:05 +08:00
  • Source Code (ZIP)
  • Source Code (TAR.GZ)