Nightly Stable

This is a nightly stable automatic build.

Nightly Development

This is a nightly development automatic build.

Version 5.4

This release brings some enhancements and bugfixes.

New

• Added an option to keep LED steady.
• Added support for ESP32-S2.
• Added fastest clock (200 MHz) for RP2040.
• Added support for the following boards: sparkfun_iotnode_lorawan_rp2350, waveshare_pico_cam_a, waveshare_rp2040_ble, waveshare_rp2040_eth, waveshare_rp2040_geek, waveshare_rp2040_matrix, waveshare_rp2040_pizero, waveshare_rp2040_power_management_hat_b, waveshare_rp2040_tiny, waveshare_rp2040_touch_lcd_1.28, waveshare_rp2350_eth, waveshare_rp2350_geek, waveshare_rp2350_lcd_0.96, waveshare_rp2350_lcd_1.28, waveshare_rp2350_one, waveshare_rp2350_plus_4mb, waveshare_rp2350_plus_16mb, waveshare_rp2350_tiny, waveshare_rp2350_touch_lcd_1.28, waveshare_rp2350_zero

Enhancements

• Led blink limits.
• Led driver is taken on build.
• Upgrade to Pico SDK 2.1.1.

Bug Fixes

• Fix multiple CCID displayed interfaces in older PCSC versions and Linux.
• Fix USB keyboard descriptor in Windows.
• Fix potential stack overflow on serializing PHY.

Full Changelog: v5.2...v5.4

Version 5.4 EdDSA 1

This release brings EdDSA to version 5.2.

Important: EdDSA cannot work in ESP32, since Espressif uses its own MbedTLS fork.

This is an experimental release. It adds support for EdDSA with Ed25519 and Ed448 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

Full Changelog: v5.2-eddsa1...v5.4-eddsa1

Version 5.2

This is maintenance release.

New

• Added support for rollback versions in boards with RP2350 MCU.
• Added support for SET_DATA_RET_AND_CLOCK CCID command.
• Added support for variable timeout push button press.
• Added support for variable USB product name.
• Added flash memory statistics.
• Added reboot command.
• Added support for displaying flash memory statistics via pico-hsm-tool.

Enhancements

• Increased ESP32 stack size.
• Added support for TinyUSB 0.17 in ESP32 boards.
• Packed structures for less footprint.
• Set ESP32 stack size depending on the number of enabled interfaces.
• Update CCID descriptor to reflect the max USB packet size.
• Reduce data partition to 2K starting at the half of the flash.
• Compute flash memory bounds depending on the partition if available.
• Use customizable LED PIO number in WS2812, Pico and Cyw43 leds.
• Accept MKEK mask only if secure lock is enabled.
• Only allow initialize if secure lock is disabled or has MKEK mask.

Bug fixes

• Fix build for Pico SDK 2.1.0.
• Fix disable secure authentication via pico-hsm-tool.
• Fix stack overflow when unlocking the device.
• DEV options are persistent, since they affect MKEK which is in turn persistent.
• Fix MKEK masking order.
• Fix TX/RX buffers to align them with USB buffers and avoid overflows.
• Fix MKEK storing on devices with OTP_1 available (ESP32 and RP2350).

Full Changelog: v5.0...v5.2

Version 5.2 EdDSA 1

This release brings EdDSA to version 5.2.

Important: EdDSA cannot work in ESP32, since Espressif uses its own MbedTLS fork.

This is an experimental release. It adds support for EdDSA with Ed25519 and Ed448 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

Full Changelog: v5.0-eddsa1...v5.2-eddsa1

Version 5.0

This is a major release that brings multiple improvements. Support for OTP for RP2350 and ESP32-S3 MCUs is added, which is used to store the MKEK for further security. It also enables Secure Boot and Secure Lock optionally. It also brings the new Pico Commissioner to initialize and configure the Pico HSM without external tools, just directly through the browser.

New

• Add command to enable secure boot and secure lock via rescue.
• Add function to enable secure boot and secure lock.
• Add macro to make checks.
• Add product and mcu to info in rescue mode.
• Add DEV key to OTP.
• Add rescue app to communicate via webUSB.
• Add OTP read raw.
• Add flags to enable secure boot and secure boot lock via firmware on boot.
• Add parse phy byte string.
• Add new led module to use colors whenever possible.
• Add support for led dimming and max brightness.
• Add support for LED management.
• Add optional bootkey index param for secure_boot.
• Add support for OTP raw read/write.
• Add secure_boot enable.
• Add SHA256_ALT to use SHA256 hardware in RP2350 (other boards use mbedtls).
• Add nightly builds workflow.
• Add parse and set binary version.
• Add signature and copy_to_ram if supported.
• Add OTP extra command to read/write OTP without bootmode.
• Add OTP command to Pico HSM Tool.

Enhancements

• Refactor PHY to support more flexible and scalable architecture.
• Upgrade MbedTLS 3.6.2.
• Use non-guarded OTP reads to avoid bus faults.
• Use the correct shifting value in LED mode.
• Use sha256 hardware if available.
• Use internal TRNG of Pico.
• Specify led driver for each board.
• Fix USB descriptor in case only HID is enabled.
• Update Dockerfile with latest versions.
• Upgrade codeaction to v3.
• Autobuild ESP32.
• Upgrade upload-artifact.

Changes

• Rename CCID_ codes to PICOKEY_.
• Do not request dev cert when performing tests.
• Do not use pico patcher script anymore.
• Merge pull request #5 from benallard/led.
• Merge branch 'development'.
• Update README.
• Increase number of hosted apps to 8.
• Added ESP32 OTP support.
• Use macros in extras.
• Fix sc-hsm test.
• Use BOOTKEY instead of reading json.

Bugfixes

• Fix secure otp build for non RP2350.
• Fix PHY missing headers.
• Fix ESP32 build with WCID.
• Fix version header.
• Fix float casting, otherwise it is always 0.
• Fix HID report descriptors.
• Fix usb initialization for emulation.
• Fix PHY for LED neopixel.
• Fix indent getting version.
• Fix ESP32 GPIO led number.
• Fix BOOT press with RP2350.
• Fix OTP write length check.
• Fix OTP data check size.
• Fix emulation alignment.
• Fix header in Linux. Fixes #63.
• Fix build for WS2812 boards.
• Fix build for boards with WS2812.
• Fix nightly build for master branch.
• Fix length and headers.
• Fix LED blink when ON/OFF.
• Fix maxPower and dwProtocols (recover T=0).
• Fix version header.
• Fix USB descriptor in case only HID is enabled.
• Fix initialization and terminal certificate generation.
• Fix artifacts version.
• Fix sc-hsm test.

What's Changed

• Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows by @dependabot in #52

New Contributors

• @dependabot made their first contribution in #52

Full Changelog: v4.2...v5.0

Version 5.0 EdDSA 1

This release brings EdDSA to version 5.0.

Important: EdDSA cannot work in ESP32, since Espressif uses its own MbedTLS fork.

This is an experimental release. It adds support for EdDSA with Ed25519 and Ed448 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

What's Changed

• Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows by @dependabot in #52

New Contributors

• @dependabot made their first contribution in #52

Full Changelog: v4.2-eddsa1...v5.0-eddsa1

Version 4.2

This is a release which solves some bugs and adds enhancements.

New

• Add support to RP2350 MCU.
• Add support to multiple boards with RP2350.

Enhancements

• Add EF.DIR list AID.
• Emulation uses pthread thread synchronization for a reliable integration.
• CCID interface is better thread synchronized.
• Upgrade to Pico SDK 2.0.

Changes

• Rewritten CCID interface to minimize the number of memcpy's. Now, it uses a single internal buffer, which speeds notably the overall performance.
• RP2350 boards use partitions to prevent data space be overwritten by firmware.
• Emulation does not use crt_dbrg since it is not reliable.
• Increased VENDOR_TX buffer.

Bugfixes

• Fix Windows compatibility.
• Fix EF.DIR selection.
• Fix READ BINARY permission.
• Fix potential infinite loop when bad ASN1 is processed.
• Fix idVendor, idProduct allocation for Pico Patcher.
• Fix memory boundary check.
• Fix non-freed context.
• Fix AES key generation with pico-hsm-tool.
• Fix TinyUSB vendor interface numbering.
• Fix thread cancellation in ESP32.
• Fix CCID writes if they are multiple of 64 bytes.

Full Changelog: v4.0...v4.2

Version 4.2 EdDSA 1

This release brings EdDSA to version 4.2.

Important: EdDSA cannot work in ESP32, since Espressif uses its own MbedTLS fork.

This is an experimental release. It adds support for EdDSA with Ed25519 and Ed448 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

Full Changelog: v4.0-eddsa1...v4.2-eddsa1