This is a major release that brings multiple improvements. Support for OTP for RP2350 and ESP32-S3 MCUs is added, which is used to store the MKEK for further security. It also enables Secure Boot and Secure Lock optionally. It also brings the new Pico Commissioner to initialize and configure the Pico HSM without external tools, just directly through the browser.
New
- Add command to enable secure boot and secure lock via rescue.
- Add function to enable secure boot and secure lock.
- Add macro to make checks.
- Add product and mcu to info in rescue mode.
- Add DEV key to OTP.
- Add rescue app to communicate via webUSB.
- Add OTP read raw.
- Add flags to enable secure boot and secure boot lock via firmware on boot.
- Add parse phy byte string.
- Add new led module to use colors whenever possible.
- Add support for led dimming and max brightness.
- Add support for LED management.
- Add optional bootkey index param for secure_boot.
- Add support for OTP raw read/write.
- Add secure_boot enable.
- Add SHA256_ALT to use SHA256 hardware in RP2350 (other boards use mbedtls).
- Add nightly builds workflow.
- Add parse and set binary version.
- Add signature and copy_to_ram if supported.
- Add OTP extra command to read/write OTP without bootmode.
- Add OTP command to Pico HSM Tool.
Enhancements
- Refactor PHY to support more flexible and scalable architecture.
- Upgrade MbedTLS 3.6.2.
- Use non-guarded OTP reads to avoid bus faults.
- Use the correct shifting value in LED mode.
- Use sha256 hardware if available.
- Use internal TRNG of Pico.
- Specify led driver for each board.
- Fix USB descriptor in case only HID is enabled.
- Update Dockerfile with latest versions.
- Upgrade codeaction to v3.
- Autobuild ESP32.
- Upgrade upload-artifact.
Changes
- Rename CCID_ codes to PICOKEY_.
- Do not request dev cert when performing tests.
- Do not use pico patcher script anymore.
- Merge pull request #5 from benallard/led.
- Merge branch 'development'.
- Update README.
- Increase number of hosted apps to 8.
- Added ESP32 OTP support.
- Use macros in extras.
- Fix sc-hsm test.
- Use BOOTKEY instead of reading json.
Bugfixes
- Fix secure otp build for non RP2350.
- Fix PHY missing headers.
- Fix ESP32 build with WCID.
- Fix version header.
- Fix float casting, otherwise it is always 0.
- Fix HID report descriptors.
- Fix usb initialization for emulation.
- Fix PHY for LED neopixel.
- Fix indent getting version.
- Fix ESP32 GPIO led number.
- Fix BOOT press with RP2350.
- Fix OTP write length check.
- Fix OTP data check size.
- Fix emulation alignment.
- Fix header in Linux. Fixes #63.
- Fix build for WS2812 boards.
- Fix build for boards with WS2812.
- Fix nightly build for master branch.
- Fix length and headers.
- Fix LED blink when ON/OFF.
- Fix maxPower and dwProtocols (recover T=0).
- Fix version header.
- Fix USB descriptor in case only HID is enabled.
- Fix initialization and terminal certificate generation.
- Fix artifacts version.
- Fix sc-hsm test.
What's Changed
- Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows by @dependabot in #52
New Contributors
- @dependabot made their first contribution in #52
Full Changelog: v4.2...v5.0