Version 6.2

This is maintenance release.

New

• Added support for rollback versions in boards with RP2350 MCU.
• Added support for SET_DATA_RET_AND_CLOCK CCID command.
• Added support for variable timeout push button press.
• Added support for variable USB product name.
• Added flash memory statistics display via pico-fido tool.
• Added option to disable power cycle on reset via Commissioner.
• Add support for PIN hash storage and MKEK.

Enhancements

• Increased ESP32 stack size.
• Added support for TinyUSB 0.17 in ESP32 boards.
• Packed structures for less footprint.
• Set ESP32 stack size depending on the number of enabled interfaces.
• Update CCID descriptor to reflect the max USB packet size.
• Reduce data partition to 2K starting at the half of the flash.
• Compute flash memory bounds depending on the partition if available.

Bug fixes

• Fix build for Pico SDK 2.1.0.
• Use customizable LED PIO number in WS2812, Pico and Cyw43 leds.
• Fix credential initialization on register.
• Fix keepalive issue in pure U2F mode.
• Fix NFC references.
• Fix TX/RX buffers to align them with USB buffers and avoid overflows.
• Fix OTP/MKEK secure system.

Full Changelog: v6.0...v6.2

Version 6.2 EdDSA 1

This release brings EdDSA to version 6.2.

Important: EdDSA cannot work in ESP32, since Espressif uses its own MbedTLS fork.

This is an experimental release. It adds support for EdDSA with Ed25519 and Ed448 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

Full Changelog: v6.0-eddsa1...v6.2-eddsa

Nightly Stable

This is a stable nightly build.

Nightly Development

This is a development nightly automatic build.

Version 6.0

Release Notes

This is a major release that brings multiple improvements. Support for OTP for RP2350 and ESP32-S3 MCUs is added, which is used to store the MKEK for further security. It also enables Secure Boot and Secure Lock optionally. It also brings the new Pico Commissioner to initialize and configure the Pico HSM without external tools, just directly through the browser.

New

• Upgrade Pico Keys SDK to v7.0.
• Add compiler flags for optimized builds in ESP32.
• Add PICO_PRODUCT.
• Add command to reset device via management app.
• Add rescue app to communicate via webUSB.
• Added support to configure LED GPIO, LED brightness, and LED dimming.
• Add support to LED_GPIO and LED_BTNESS vendor options.
• Add support for commissioning.
• Add autobuild for ESP32.
• Add support for dynamic VIDPID via PHY.
• Add OTP support and SHA256 hardware acceleration.
• Add command to enable secure boot and secure lock via rescue.
• Add product and MCU information in rescue mode.
• Add DEV key to OTP.
• Enable OTP to store a permanent secret key.
• Add json file to enable Secure Boot in RP2350.
• Add macro to parse version file and set pico_binary_version accordingly.
• Add new LED module for color control when available.

Enhancements

• Refactor PHY for a more flexible and scalable architecture.
• Always enable WCID interface.
• Compact PHY configuration.
• Improve LED driver support.
• Specify LED driver for each board.
• Let detect macOS target.
• Added flags for secure boot and secure lock in firmware.
• Use internal TRNG of Pico.
• Upgrade to MbedTLS 3.6.1.

Changes

• Rename CCID_ codes to PICOKEY_ for naming consistency.
• Remove Secure Boot build flags, now added to rescue mode.
• No options on secure boot and lock in PHY.
• Move debug to dedicated header.
• Harmonize build workflow with other repositories.

Bug Fixes

• Fix esp32 build with WCID.
• Fix USB initialization for emulation.
• Fix version header.
• Fix nightly build.
• Fix emulation build.
• Fix ESP & emulation build.
• Fix autobuild for ESP32.
• Fix permissions.
• Fix nightly build.
• Fix build for WS2812 boards.
• Fix header in Linux. Fixes #63.
• Fix SSH-keygen creation. Fixes #59.
• Fix ESP32 GPIO LED issue.
• Fix HID report descriptors.
• Fix PHY for LED neopixel.
• Fix USB descriptor when only HID is enabled.
• Fix LED blink on ON/OFF.
• Fix BOOT press with RP2350.
• Fix maxPower and dwProtocols (recover T=0).
• Fix float casting.
• Do not pack file_t to avoid misalignments.

Full Changelog: v5.12...v6.0

Version 6.0 EdDSA 1

This release brings EdDSA to version 6.0.

Important: EdDSA cannot work in ESP32, since Espressif uses its own MbedTLS fork.

This is an experimental release. It adds support for EdDSA with Ed25519 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

Version 5.12

This is a release which solves some bugs and adds enhancements.

New

• Add support to ESP32-S3.
• Add support to RP2350 MCU.
• Add support to multiple boards with RP2350.

Enhancements

• Add EF.DIR list AID.
• Emulation uses pthread thread synchronization for a reliable integration.
• CCID interface is better thread synchronized.
• Upgrade to Pico SDK 2.0.

Changes

• Rewritten HID interface to minimize the number of memcpy's. Now, it uses a single internal buffer, which speeds notably the overall performance.
• HID manages thread synchronicity more precisely.
• RP2350 boards use partitions to prevent data space be overwritten by firmware.
• Emulation does not use crt_dbrg since it is not reliable.

Bugfixes

• Fix Windows compatibility.
• Fix potential infinite loop when bad ASN1 is processed.
• Fix idVendor, idProduct allocation for Pico Patcher.
• Fix memory boundary check.
• Fix non-freed context.
• Fix TinyUSB vendor interface numbering.
• Fix thread cancellation in ESP32.
• Fix CBOR encoding.
• Fix OATH selection.
• Fix OTP crash.
• Fix U2F/FIDO app selection.

Full Changelog: v5.10...v5.12

Version 5.12 EdDSA 1

This release brings EdDSA to version 5.12.

Important: EdDSA cannot work in ESP32, since Espressif uses its own MbedTLS fork.

This is an experimental release. It adds support for EdDSA with Ed25519 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

Full Changelog: v5.10...v5.12-eddsa1

v5.10

This release is a maintenance release to fix the following bugs:

Enhancements

• Upgrade to MbedTLS 3.6.
• Increase internal number of memory pages.
• Added support for WebCCID.
• Added support for ESP32 boards.
• Added support for APDU chaining.
• Added -DVIDPID= for easier build.

Bug fixes

• Fix Pico Patcher.
• Fix potential infinite ASN1 loop.
• Fix EF.DIR.
• Fix BCD for Windows.
• Fix potential overflow.
• Add support for PHY file.
• Upgrade internal page buffer.
• Fix X509 generation.
• Added 3DES for compatibility (NOT RECOMMENDED!)
• Fix chained responses.
• Fix ASN1 initialization.
• Fix HID buffer sizes.
• Fix Windows emulation.
• Fix wrapped APDU.
• Fix byte chain for long RAPDU.
• Fix SM verification.
• Fix ATR overwrite.
• Fix Apple emulation.

Full Changelog: v5.8...v5.10

Version 5.8

This release includes the following enhancements:

• Added support for Pico W LED.
• Added backfall compatibility.
• Added Windows/Linux backend for backup/restore python utility.
• Added support for --pin flag in Pico-fido tool.

and fixes:

• Fix FIDO app selection.
• Fix Pico W build.
• Fix memory leak.
• Fix potential crash with button.
• Fix OTP reading through HID.
• Fix config vendor command with python-fido2.
• Fix secure key generation in macOS.
• Use new Pico Keys SDK.
• Fix max length of OTP static passwords.

What's Changed

• Update pico-fido-patch-vidpid.sh by @sylvainpelissier in #26

New Contributors

• @sylvainpelissier made their first contribution in #26

Full Changelog: v5.4...v5.8