Nightly Stable

This is a nightly stable automatic build.

Nightly Development

This is a nightly development automatic build.

Version 5.0

This is a major release that brings multiple improvements. Support for OTP for RP2350 and ESP32-S3 MCUs is added, which is used to store the MKEK for further security. It also enables Secure Boot and Secure Lock optionally. It also brings the new Pico Commissioner to initialize and configure the Pico HSM without external tools, just directly through the browser.

New

• Add command to enable secure boot and secure lock via rescue.
• Add function to enable secure boot and secure lock.
• Add macro to make checks.
• Add product and mcu to info in rescue mode.
• Add DEV key to OTP.
• Add rescue app to communicate via webUSB.
• Add OTP read raw.
• Add flags to enable secure boot and secure boot lock via firmware on boot.
• Add parse phy byte string.
• Add new led module to use colors whenever possible.
• Add support for led dimming and max brightness.
• Add support for LED management.
• Add optional bootkey index param for secure_boot.
• Add support for OTP raw read/write.
• Add secure_boot enable.
• Add SHA256_ALT to use SHA256 hardware in RP2350 (other boards use mbedtls).
• Add nightly builds workflow.
• Add parse and set binary version.
• Add signature and copy_to_ram if supported.
• Add OTP extra command to read/write OTP without bootmode.
• Add OTP command to Pico HSM Tool.

Enhancements

• Refactor PHY to support more flexible and scalable architecture.
• Upgrade MbedTLS 3.6.2.
• Use non-guarded OTP reads to avoid bus faults.
• Use the correct shifting value in LED mode.
• Use sha256 hardware if available.
• Use internal TRNG of Pico.
• Specify led driver for each board.
• Fix USB descriptor in case only HID is enabled.
• Update Dockerfile with latest versions.
• Upgrade codeaction to v3.
• Autobuild ESP32.
• Upgrade upload-artifact.

Changes

• Rename CCID_ codes to PICOKEY_.
• Do not request dev cert when performing tests.
• Do not use pico patcher script anymore.
• Merge pull request #5 from benallard/led.
• Merge branch 'development'.
• Update README.
• Increase number of hosted apps to 8.
• Added ESP32 OTP support.
• Use macros in extras.
• Fix sc-hsm test.
• Use BOOTKEY instead of reading json.

Bugfixes

• Fix secure otp build for non RP2350.
• Fix PHY missing headers.
• Fix ESP32 build with WCID.
• Fix version header.
• Fix float casting, otherwise it is always 0.
• Fix HID report descriptors.
• Fix usb initialization for emulation.
• Fix PHY for LED neopixel.
• Fix indent getting version.
• Fix ESP32 GPIO led number.
• Fix BOOT press with RP2350.
• Fix OTP write length check.
• Fix OTP data check size.
• Fix emulation alignment.
• Fix header in Linux. Fixes #63.
• Fix build for WS2812 boards.
• Fix build for boards with WS2812.
• Fix nightly build for master branch.
• Fix length and headers.
• Fix LED blink when ON/OFF.
• Fix maxPower and dwProtocols (recover T=0).
• Fix version header.
• Fix USB descriptor in case only HID is enabled.
• Fix initialization and terminal certificate generation.
• Fix artifacts version.
• Fix sc-hsm test.

What's Changed

• Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows by @dependabot in #52

New Contributors

• @dependabot made their first contribution in #52

Full Changelog: v4.2...v5.0

Version 5.0 EdDSA 1

This release brings EdDSA to version 5.0.

Important: EdDSA cannot work in ESP32, since Espressif uses its own MbedTLS fork.

This is an experimental release. It adds support for EdDSA with Ed25519 and Ed448 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

What's Changed

• Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows by @dependabot in #52

New Contributors

• @dependabot made their first contribution in #52

Full Changelog: v4.2-eddsa1...v5.0-eddsa1

Version 4.2

This is a release which solves some bugs and adds enhancements.

New

• Add support to RP2350 MCU.
• Add support to multiple boards with RP2350.

Enhancements

• Add EF.DIR list AID.
• Emulation uses pthread thread synchronization for a reliable integration.
• CCID interface is better thread synchronized.
• Upgrade to Pico SDK 2.0.

Changes

• Rewritten CCID interface to minimize the number of memcpy's. Now, it uses a single internal buffer, which speeds notably the overall performance.
• RP2350 boards use partitions to prevent data space be overwritten by firmware.
• Emulation does not use crt_dbrg since it is not reliable.
• Increased VENDOR_TX buffer.

Bugfixes

• Fix Windows compatibility.
• Fix EF.DIR selection.
• Fix READ BINARY permission.
• Fix potential infinite loop when bad ASN1 is processed.
• Fix idVendor, idProduct allocation for Pico Patcher.
• Fix memory boundary check.
• Fix non-freed context.
• Fix AES key generation with pico-hsm-tool.
• Fix TinyUSB vendor interface numbering.
• Fix thread cancellation in ESP32.
• Fix CCID writes if they are multiple of 64 bytes.

Full Changelog: v4.0...v4.2

Version 4.2 EdDSA 1

This release brings EdDSA to version 4.2.

Important: EdDSA cannot work in ESP32, since Espressif uses its own MbedTLS fork.

This is an experimental release. It adds support for EdDSA with Ed25519 and Ed448 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

Full Changelog: v4.0-eddsa1...v4.2-eddsa1

Version 4.0 EdDSA 1

This release brings EdDSA to version 4.0.

Important: EdDSA cannot work in ESP32, since Espressif uses its own MbedTLS fork.

This is an experimental release. It adds support for EdDSA with Ed25519 and Ed448 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

Full Changelog: v4.0...v4.0-eddsa1

Version 4.0

This major release includes several enhancements, with the most important: support for ESP32-S3 boards!

New

• It supports ESP32-S3 boards. Apart from Raspberry Pico boards, Pico HSM can also be flashed onto ESP32-S3 boards, which add natively secure boot and flash encryption.
• VID & PID can be changed on-the-fly with pico-hsm-tool.py.
• pico-hsm-tool.py implements a rescue Pico HSM, which is able to communicate with a Pico HSM not recognized by OS due to bad VID & PID values.
• Added support for Web CCID interface.
• Added support for AES-ECB, AES-CBC with custom IV, AES-OFB, AES-CFB, AES-GCM, AES-CCM, AES-CTR and AES-XTS.
• Added support for CMAC.
• Added support for APDU chaining.

Enhancements

• Added support for OpenSC 0.25.1
• Added -DVIDPID=value flag to build with known VID/PID from known vendors.
• Added keygen command to pico-hsm-tool.py for X25519 and X448 key generation.
• Enable/disable Web CCID interface on-the-fly.
• Added support for EF.DIR AID list.

Changes

• MbedTLS 3.6
• Pull request #40 : Enable/disable BOOTSEL button only by clicking the button.
• ASN.1 parsing and structs.
• New DKEK return format.
• Increased memory pages for handling more files at same time.

Bugfixes

• Fix #43 : listing keys if multiple of 12.
• Fix Windows emulation.
• Fix CVC outer signature length.
• Fix LE computation with wrapped APDU (secure channel).
• Fix asymmetric key exchange.
• Fix byte override with chained response APDU.
• Fix SM wrap for large response APDU (secure channel).
• Fix ATR overwrite.
• Fix PRKD on key unwrap.
• Fix Apple emulation.
• Fix chained responses.
• Fix read binary permissions.
• Fix EF.DIR type identification.

What's Changed

• Security fix for issue 39 by @fastchain in #40
• Fix for multiples of 64 bytes on cmd_list_keys by @al-heisner in #43

New Contributors

• @fastchain made their first contribution in #40
• @al-heisner made their first contribution in #43

Full Changelog: v3.6...v4.0

Version 3.6

This release includes new features:

New

• 4 new supported boards.
• AES algorithms: ECB, CBC with custom IV, OFB, CFB, XTS, CTR, CCM and GCM.
• mbedTLS 3.5
• BIP and SLIP to support crypto wallets. It supports infinite hierarchical deterministic (HD) key derivation.
• Added support for asymmetric and symmetric (SLIP-0021) deterministic derivations.
• Added support for HD symmetric ciphering.
• Added EdDSA support (see separate branch and releases).
• Added support for Ed25519 and Ed448 (see separate branch and releases).
• Added --silent flag to pico-hsm tool initialization.

Enhancements

• Self-signed CVC during the first initialization.
• Added DV to PUK store.
• CVCA is also uploaded for improve PKA.
• Added support for TokenInfo and StaticTokenInfo files.
• Added PKA tests.
• Added XKEK tests.
• Added key domain tests.
• Added DKEK import in key domain tests.
• If public point is not found, it is automatically calculated.
• Added counters, algorithms and key domain in key generation tests.
• Added key wrapping and unwrapping tests.
• Check bad tag in Chachapoly.
• Added Chachapoly tests.
• Added PRKD for AES too.
• Added AES EXT tests.
• Added AES XTS with and without IV.
• Added BIP and SLIP tests.
• Added HD signature tests.
• Added HD symmetric ciphering tests.
• Added PKCS11 tests.
• Added PKCS11-tool tests.
• Added support for Pico W leds.

Changes

• If no key domain is specified, 0 is used by default.
• If a key does not belong to any key domain, it cannot be wrapped.
• PRKD is generated at every import (it can be replaced afterwards).
• Signatures are allowed using key device.
• Accept arbitrary SO-PIN length on reset retry.
• New format for applet selection.
• User must log in after DKEK import.
• Pico HSM SDK is renamed to Pico Keys SDK.
• If an applet is not selected, it returns NOT_FOUND on every command.

Fixes

• PUK initialization.
• PUK reset.
• PUK enabling.
• PUK status.
• PUK authentication.
• ECDH zeroing.
• Potential crash on deleting file.
• Return error when non-initialized key domain is deleted.
• Before wrapping, check DKEK is configured correctly.
• Check key domain reinitialization.
• Key domain check.
• Wrapping EC points.
• Race condition.
• Fixed #22.
• Chachapoly encryption.
• Overflow when importing AES XTS key.
• Fix key size of terminal CVC.
• PRKD for AES.
• AES EXT encoding.
• AES XTS call.
• Return error on reading binary with bad offset.
• Memory free on error for BIP & SLIP command.
• Deriving nodes with retries.
• AES derivation (HKDF).
• Get RTC with pico-hsm tool.
• Fix G point CVC export.
• Sending binary files when ne=0.
• File chunking.
• Key domain deletion.
• DKEK import when user is not logged.
• Potential freeze.

Version 3.6 EdDSA 1

This is an experimental release. It adds support for EdDSA with Ed25519 and Ed448 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.