diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index c55ee85..1ff1a9e 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -19,13 +19,20 @@ jobs:
         with:
           ref: ${{ matrix.refs }}
           submodules: 'recursive'
+      - name: Restore private key
+        run: |
+          echo "${{ secrets.PRIVATE_KEY_B64 }}" | base64 -d > private.pem
+          chmod 600 private.pem
       - name : Build
         env:
           PICO_SDK_PATH: ../pico-sdk
+          SECURE_BOOT_PKEY: ../private.pem
         run: |
            ./workflows/autobuild.sh pico
            ./build_pico_openpgp.sh --no-eddsa
            ./workflows/autobuild.sh esp32
+      - name: Delete private key
+        run: rm private.pem
       - name: Update nightly release
         uses: pyTooling/Actions/releaser@main
         with:
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 37fe6fb..c601804 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -45,6 +45,13 @@ else()
     add_executable(pico_openpgp)
 endif()
 
+set(USB_ITF_CCID 1)
+set(USB_ITF_WCID 1)
+include(pico-keys-sdk/pico_keys_sdk_import.cmake)
+
+if(NOT ESP_PLATFORM)
+    set(SOURCES ${PICO_KEYS_SOURCES})
+endif()
 set(SOURCES ${SOURCES}
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/openpgp.c
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/files.c
@@ -70,10 +77,6 @@ set(SOURCES ${SOURCES}
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/defs.c
 )
 
-set(USB_ITF_CCID 1)
-set(USB_ITF_WCID 1)
-include(pico-keys-sdk/pico_keys_sdk_import.cmake)
-
 SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/openpgp/version.h" 1)
 
 if(ESP_PLATFORM)
diff --git a/build_pico_openpgp.sh b/build_pico_openpgp.sh
index 9ffde94..46ea1b6 100755
--- a/build_pico_openpgp.sh
+++ b/build_pico_openpgp.sh
@@ -23,12 +23,13 @@ fi
 cd build_release
 
 PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}"
+SECURE_BOOT_PKEY="${SECURE_BOOT_PKEY:-../../ec_private_key.pem}"
 board_dir=${PICO_SDK_PATH}/src/boards/include/boards
 for board in "$board_dir"/*
 do
     board_name="$(basename -- "$board" .h)"
     rm -rf -- ./*
-    PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=../../ec_private_key.pem
+    PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=${SECURE_BOOT_PKEY}
     make -j`nproc`
     mv pico_openpgp.uf2 ../release/pico_openpgp_$board_name-$SUFFIX.uf2
 done
@@ -40,7 +41,7 @@ if [[ $NO_EDDSA -eq 0 ]]; then
     do
         board_name="$(basename -- "$board" .h)"
         rm -rf -- ./*
-        PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=../../ec_private_key.pem -DENABLE_EDDSA=1
+        PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=${SECURE_BOOT_PKEY} -DENABLE_EDDSA=1
         make -j`nproc`
         mv pico_openpgp.uf2 ../release_eddsa/pico_openpgp_$board_name-$SUFFIX-eddsa1.uf2
     done
diff --git a/pico-keys-sdk b/pico-keys-sdk
index 580b0ac..113e720 160000
--- a/pico-keys-sdk
+++ b/pico-keys-sdk
@@ -1 +1 @@
-Subproject commit 580b0acffa8e685caee4508fb656b78247064248
+Subproject commit 113e720fcaaa6b9ca74d114bee1923bb2619ba3b
diff --git a/src/openpgp/CMakeLists.txt b/src/openpgp/CMakeLists.txt
index a0fff70..3dff49c 100644
--- a/src/openpgp/CMakeLists.txt
+++ b/src/openpgp/CMakeLists.txt
@@ -1,6 +1,6 @@
 idf_component_register(
     SRCS ${SOURCES}
     INCLUDE_DIRS . ../../pico-keys-sdk/src ../../pico-keys-sdk/src/fs ../../pico-keys-sdk/src/rng ../../pico-keys-sdk/src/usb ../../pico-keys-sdk/tinycbor/src
-    REQUIRES bootloader_support esp_partition esp_tinyusb zorxx__neopixel mbedtls efuse
+    REQUIRES mbedtls efuse
 )
 idf_component_set_property(${COMPONENT_NAME} WHOLE_ARCHIVE ON)