This is a major release that brings support to PicoKey App, adds support to freshly new RP2354 MCU, adds enhancements to rescue interface and bug fixes.

New

• Add reboot bootsel command
• Add read secure boot status
• Add support for reading memory status
• Add support for PHY read
• Add support for RP2354
• Add set of secure functions to derive keys using OTP and pico_serial
• Add pico_serial_hash as 32-byte unique source
• Add OTP chaff to avoid PVC attacks
• Add hash functions feeding from OTP
• Add dummy LED driver for unsupported boards
• Add support for LED driver in PHY
• Add app_exists() to check if an AID is loaded
• Add ESPICOHSMCA00002 to docs
• Add autobuild for RP2350
• Flash size determined dynamically instead of at build time

Enhancements

• Upgrade to mbedtls v3.6.5
• Upgrade tinycbor to 0.6.1
• ESP32 optimization
• NK compatibility improvements
• Add compatibility for non-pico boards
• Upgrade to Pico SDK v2.2.0

Bug Fixes

• Fix on AID selection with shorter AIDs
• Fix key generation for RP2040
• Fix bug in FIDO+OpenPGP+CCID mixed use
• Fix VIDPID PHY read
• Add casts to fix warnings
• Fix Windows build
• Add Windows compatibility
• Add strlcpy when necessary
• Add const to OTP functions
• Migrate keys to another OTP page to mitigate PVC attack
• Fix OTP programming alignment
• Fix uint16 endianness in chained RAPDU
• Fix crash when response buffer is not 16-bit aligned
• Fix interface descriptor when HID is disabled
• Fix phy_data idVendor/idProduct when unset
• Fix conditional builds for non-pico platforms
• Fix HID processing only for CTAP_HID
• Fix version setup for non-pico platforms
• Fix non-pico build (several occurrences)
• Fix descriptor logic when interfaces are disabled
• Remove leftover 64-byte packet-size workaround
• Fix test case with newer OpenSSL
• Fixed MSOS/BOS descriptor

Changed

• Do not use secboot in PHY
• Relicense project under AGPLv3 + add Enterprise/Commercial license
• Remove 64-byte packet multiple tweak (handled by USB stack)
• Merge PR #108 (ESP32 optimization)
• Merge PR #102 (BIP32 operations)
• Update sdkconfig.defaults

What's Changed

• implement bip32 operations in pico-hsm-tool by @eliasnaur in https://github.com/polhenarejos/pico-hsm/pull/102
• ESP32 Optimization by @MageDelfador in https://github.com/polhenarejos/pico-hsm/pull/108

New Contributors

• @eliasnaur made their first contribution in https://github.com/polhenarejos/pico-hsm/pull/102
• @MageDelfador made their first contribution in https://github.com/polhenarejos/pico-hsm/pull/108

Full Changelog: https://github.com/polhenarejos/pico-hsm/compare/v5.6...v6.0