Version 4.0
This major release includes several enhancements, with the most important: support for ESP32-S3 boards!
New
- It supports ESP32-S3 boards. Apart from Raspberry Pico boards, Pico HSM can also be flashed onto ESP32-S3 boards, which add natively secure boot and flash encryption.
- VID & PID can be changed on-the-fly with
pico-hsm-tool.py
. pico-hsm-tool.py
implements a rescue Pico HSM, which is able to communicate with a Pico HSM not recognized by OS due to bad VID & PID values.- Added support for Web CCID interface.
- Added support for AES-ECB, AES-CBC with custom IV, AES-OFB, AES-CFB, AES-GCM, AES-CCM, AES-CTR and AES-XTS.
- Added support for CMAC.
- Added support for APDU chaining.
Enhancements
- Added support for OpenSC 0.25.1
- Added
-DVIDPID=value
flag to build with known VID/PID from known vendors. - Added keygen command to
pico-hsm-tool.py
for X25519 and X448 key generation. - Enable/disable Web CCID interface on-the-fly.
- Added support for EF.DIR AID list.
Changes
- MbedTLS 3.6
- Pull request #40 : Enable/disable BOOTSEL button only by clicking the button.
- ASN.1 parsing and structs.
- New DKEK return format.
- Increased memory pages for handling more files at same time.
Bugfixes
- Fix #43 : listing keys if multiple of 12.
- Fix Windows emulation.
- Fix CVC outer signature length.
- Fix LE computation with wrapped APDU (secure channel).
- Fix asymmetric key exchange.
- Fix byte override with chained response APDU.
- Fix SM wrap for large response APDU (secure channel).
- Fix ATR overwrite.
- Fix PRKD on key unwrap.
- Fix Apple emulation.
- Fix chained responses.
- Fix read binary permissions.
- Fix EF.DIR type identification.
What's Changed
- Security fix for issue 39 by @fastchain in #40
- Fix for multiples of 64 bytes on cmd_list_keys by @al-heisner in #43
New Contributors
- @fastchain made their first contribution in #40
- @al-heisner made their first contribution in #43
Full Changelog: v3.6...v4.0