Skip to content

Releases: Nitrokey/nitrokey-pro-firmware

v0.15: Support HW5

25 May 14:31
@szszszsz szszszsz
v0.15
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
5164178
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.15: Support HW5 Latest
Latest

Support HW5.
Maintenance release. No need for an update for other hardwares.
No changes except refactoring since HW5 RC1.

$ gpg --verify nitrokey-pro-firmware-v0.15.tar.gz.sig-lennard nitrokey-pro-firmware-v0.15.tar.gz
gpg: Signature made Wed 25 May 2022 04:24:52 PM CEST
gpg:                using RSA key 1A1A32875348A792ADA7BD6D878F36EEEA6A8D00
gpg: Good signature from "lennard boediger <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1A1A 3287 5348 A792 ADA7  BD6D 878F 36EE EA6A 8D00
$ gpg --verify nitrokey-pro-firmware-v0.15.tar.gz.sig-szczepan nitrokey-pro-firmware-v0.15.tar.gz
gpg: Signature made Tue 23 May 2023 10:24:08 AM CEST
gpg:                using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22
gpg: Good signature from "Szczepan Zalega <[email protected]>" [ultimate]
gpg:                 aka "Szczepan Zalega (Nitrokey) <[email protected]>" [ultimate]

Edit 23.05.2023: Added second signature (using 868184069239FF65DE0BCD7DD9BAE35991DE5B22), and uploaded original signature's key (1A1A32875348A792ADA7BD6D878F36EEEA6A8D00) to keyserver.
Note: Github for some reason renames nitrokey-pro-firmware-v0.15.tar.gz.sig-lennard to nitrokey-pro-firmware-v0.15.tar.gz.sig-lennard.sig after upload.

Assets 5
Loading

v0.15 RC: Support HW5

25 May 14:27
@szszszsz szszszsz
v0.15-RC1
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
de6aa65
Compare
Choose a tag to compare
v0.15 RC: Support HW5 Pre-release
Pre-release

Support HW5. No need for an update for other hardwares.
Tests attached.

Loading

v0.14: stack protection, local HWRNG access and more

25 Oct 10:55
@szszszsz szszszsz
v0.14
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
1d867fc
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.14: stack protection, local HWRNG access and more

Update is recommended.

Tasks worked on in this release:

  • Activate stack protection #86
  • Correct HWRNG access
  • Swap LED colors for HW4 #88
  • Firmware update password handling correction

Update guide (draft):

Automatic update with pynitrokey is planned to be added in the future.

This release was tested on:

OS GnuPG
Windows 10 Pro 21H1 2.2.28
macOS Big Sur 11.2.3 (20D91) 2.3.2
Linux 20.04.3LTS 2.2.19

Full Changelog: v0.13...v0.14

Known issues found during the RC tests of this release:

Archive is signed with GnuPG. Verification:

$ gpg2 --verify nitrokey-pro-firmware-v0.14.tar.gz.sig
gpg: assuming signed data in 'nitrokey-pro-firmware-v0.14.tar.gz'
gpg: Signature made Mon 25 Oct 2021 12:55:41 PM CEST
gpg:                using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22
gpg: Good signature from "Szczepan Zalega <[email protected]>" [ultimate]
gpg:                 aka "Szczepan Zalega (Nitrokey) <[email protected]>" [ultimate]
Loading

v0.14 RC4: swap LEDs

22 Oct 09:15
@szszszsz szszszsz
v0.14-RC4
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
1d867fc
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.14 RC4: swap LEDs Pre-release
Pre-release

RC. Test release for evaluating changes regarding the stack protection, firmware update password and RNG error handling.
LEDs are swapped for HW4.

Loading

v0.14 RC3: activate stack protection, error handling

03 Sep 11:46
@szszszsz szszszsz
v0.14-RC3
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
5a16a09
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.14 RC3: activate stack protection, error handling Pre-release
Pre-release

RC. Test release for evaluating changes regarding the stack protection, firmware update password and RNG error handling.

Loading

v0.14 RC: activate stack protection, error handling

23 Aug 13:01
@szszszsz szszszsz
v0.14-RC2
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
46f2017
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.14 RC: activate stack protection, error handling Pre-release
Pre-release

Test release for evaluating changes regarding the stack protection and RNG error handling

Loading

v0.14 RC: activate stack protection

31 Jul 20:34
@szszszsz szszszsz
v0.14-RC1
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
ff8631f
Compare
Choose a tag to compare
v0.14 RC: activate stack protection Pre-release
Pre-release

Test release for evaluating stack protection

Loading

HSM: support new hardware platform

22 Jun 09:31
@szszszsz szszszsz
hsm-3
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
7fed590
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
HSM: support new hardware platform

Single firmware for the all hardware: revisions HW1-4.
Maintenance release - no need to update.
Details about build environment, as well as hash sums and signature, are inside the archive.

Tested against SCSH 3.15.359 test suite using v3.4 smart card.

Loading

v0.13 Multi-hardware firmware

21 Jun 16:18
@szszszsz szszszsz
v0.13
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
7872ea6
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.13 Multi-hardware firmware

Single firmware for the all hardware: revisions HW1-4.
Maintenance release - no need to update.

Details about build environment, as well as hash sums and signature, are inside the archive.
Update through bootloader tested and confirmed to be working.
Tested with libnitrokey and GNUK test suite (for smart card communication test) on both HW3 and HW4 hardware revisions, using both OPC2 and OPC3.

2021.06.23: Correct archive to contain update binary in the proper format (previous archive suffixed with the original word).

Loading

HSM-3 RC2

19 Jun 12:54
@szszszsz szszszsz
hsm-3-RC2
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Verified
Learn about vigilant mode.
71f7455
Compare
Choose a tag to compare
HSM-3 RC2 Pre-release
Pre-release

Nitrokey HSM supporting HW4 (BGA) - test firmware, production ready.
Tested on both hardwares.
Waiting with the final release until repository cleanup - before that marking as pre-release.

Loading