Skip to content

Version 4.0

Latest
Latest

Choose a tag to compare

View all tags
@polhenarejos polhenarejos released this 05 Dec 19:57
· 3 commits to main since this release
v4.0
This tag was signed with the committer’s verified signature.
polhenarejos Pol Henarejos
GPG key ID: C0095B7870A4CCD3
Verified
Learn about vigilant mode.
90e77f7
This commit was signed with the committer’s verified signature.
polhenarejos Pol Henarejos
GPG key ID: C0095B7870A4CCD3
Verified
Learn about vigilant mode.

This is a major release that brings support to PicoKey App, adds support to freshly new RP2354 MCU, adds enhancements to rescue interface and bug fixes.

New

  • Add reboot bootsel command
  • Add read secure boot status
  • Add support for reading memory status
  • Add support for PHY read
  • Add support for RP2354
  • Add autobuild for RP2350
  • Add compatibility for non-pico boards
  • Add dummy LED driver for unsupported boards
  • Add support for LED driver in PHY
  • Add set of secure functions to derive keys using OTP + pico_serial
  • Add pico_serial_hash (unique 32-byte source)
  • Add OTP chaff to mitigate PVC attacks
  • Add hash functions using OTP as feed
  • Add app_exists() to validate AID loading
  • Add support for EdDSA/Ed448
  • Add card personalize v2 tests
  • Add template for pull requests

Enhancements

  • Upgrade to mbedtls v3.6.5
  • Upgrade to Pico SDK 2.2
  • Upgrade tinycbor to 0.6.1
  • Use max frequency on ESP32
  • Flash size obtained dynamically at runtime
  • Major OTP security improvements
  • Improve touch policy handling
  • Improve VendorConfig support
  • Improve NK compatibility
  • Update license model (dual licensing)
  • Move PRODUCT definition to dedicated file
  • Rename scan_files → scan_files_openpgp
  • Rename commands for clarity (cmd_version_openpgp, wait_button_pressed_fid)
  • Update README and add Pico Fido link

Bug Fixes

  • Fix AID selection (supports shorter matches)
  • Fix startup test script
  • Fix cross-build issues
  • Fix PIV default keys indication
  • Fix touch policy on management key change (#38)
  • Fix data checks
  • Fix reset retry when OTP enabled
  • Fix change PIN with no previous PIN (#32)
  • Fix key generation on RP2040
  • Fix bug in FIDO+OpenPGP+CCID combined usage
  • Fix VID/PID PHY read
  • Fix OTP alignment programming
  • Fix phy_data idVendor/idProduct missing
  • Fix conditional build for non-pico platforms
  • Fix HID processing only for CTAP_HID
  • Fix descriptor description with disabled interfaces
  • Fix uint16 endianness affecting chained RAPDUs
  • Fix crash on unaligned 16-bit response buffers
  • Fix silent authentication with resident keys
  • Fix APDU crash with CBOR
  • Fix build for rp2350
  • Fix interface descriptor when HID disabled (#95)
  • Fix ESP32 build regressions
  • Fix change in debug messages / remove debug
  • Fix conditional interfaces logic
  • Fix silent authentication with new resident key system
  • Fix missing header / missing files
  • Fixed MSOS/BOS descriptor
  • Fixed GET_DATA response depending on the client (GnuPG or ykman)

Changed

  • Relicense to AGPLv3 + add Enterprise/Commercial license
  • Do not use secboot in PHY
  • Revert card personalize v2 tests (then re-added)
  • Remove workaround for packet multiples of 64 bytes
  • Merge remote-tracking branches
  • Update license model
  • Update scan file naming

What's Changed

New Contributors

Full Changelog: v3.6...v4.0

Contributors

MageDelfador
Assets 135
Loading