-
Version 4.0 Stable
released this
2025-12-06 03:40:58 +08:00 | 37 commits to main since this releaseThis is a major release that brings support to PicoKey App, adds support to freshly new RP2354 MCU, adds enhancements to rescue interface and bug fixes.
New
- Add reboot bootsel command
- Add read secure boot status
- Add support for reading memory status
- Add support for PHY read
- Add support for RP2354
- Add autobuild for RP2350
- Add compatibility for non-pico boards
- Add dummy LED driver for unsupported boards
- Add support for LED driver in PHY
- Add set of secure functions to derive keys using OTP + pico_serial
- Add pico_serial_hash (unique 32-byte source)
- Add OTP chaff to mitigate PVC attacks
- Add hash functions using OTP as feed
- Add app_exists() to validate AID loading
- Add support for EdDSA/Ed448
- Add card personalize v2 tests
- Add template for pull requests
Enhancements
- Upgrade to mbedtls v3.6.5
- Upgrade to Pico SDK 2.2
- Upgrade tinycbor to 0.6.1
- Use max frequency on ESP32
- Flash size obtained dynamically at runtime
- Major OTP security improvements
- Improve touch policy handling
- Improve VendorConfig support
- Improve NK compatibility
- Update license model (dual licensing)
- Move PRODUCT definition to dedicated file
- Rename scan_files → scan_files_openpgp
- Rename commands for clarity (cmd_version_openpgp, wait_button_pressed_fid)
- Update README and add Pico Fido link
Bug Fixes
- Fix AID selection (supports shorter matches)
- Fix startup test script
- Fix cross-build issues
- Fix PIV default keys indication
- Fix touch policy on management key change (#38)
- Fix data checks
- Fix reset retry when OTP enabled
- Fix change PIN with no previous PIN (#32)
- Fix key generation on RP2040
- Fix bug in FIDO+OpenPGP+CCID combined usage
- Fix VID/PID PHY read
- Fix OTP alignment programming
- Fix phy_data idVendor/idProduct missing
- Fix conditional build for non-pico platforms
- Fix HID processing only for CTAP_HID
- Fix descriptor description with disabled interfaces
- Fix uint16 endianness affecting chained RAPDUs
- Fix crash on unaligned 16-bit response buffers
- Fix silent authentication with resident keys
- Fix APDU crash with CBOR
- Fix build for rp2350
- Fix interface descriptor when HID disabled (#95)
- Fix ESP32 build regressions
- Fix change in debug messages / remove debug
- Fix conditional interfaces logic
- Fix silent authentication with new resident key system
- Fix missing header / missing files
- Fixed MSOS/BOS descriptor
- Fixed GET_DATA response depending on the client (GnuPG or ykman)
Changed
- Relicense to AGPLv3 + add Enterprise/Commercial license
- Do not use secboot in PHY
- Revert card personalize v2 tests (then re-added)
- Remove workaround for packet multiples of 64 bytes
- Merge remote-tracking branches
- Update license model
- Update scan file naming
What's Changed
- ESP32 Optimization by @MageDelfador in https://github.com/polhenarejos/pico-openpgp/pull/43
New Contributors
- @MageDelfador made their first contribution in https://github.com/polhenarejos/pico-openpgp/pull/43
Full Changelog: https://github.com/polhenarejos/pico-openpgp/compare/v3.6...v4.0
Downloads