We are excited to announce the release of Pico HSM version 5.2, a maintenance update packed with new features, enhancements, and bug fixes to improve performance and usability. Here’s an overview of what this version brings:
New Features
- Rollback Version Support: Boards with the RP2350 MCU now support rollback versions, allowing safer firmware updates.
- SET_DATA_RET_AND_CLOCK CCID Command: Added support for this advanced command for improved device interaction.
- Variable Timeout for Push Button Press: Timeout durations for the push button press are now adjustable.
- Variable USB Product Name: Customize the USB product name to suit your application requirements.
- Flash Memory Statistics: Gain insights into flash memory usage with the new statistics feature.
- Reboot Command: Introduced a command to reboot the device programmatically.
- Flash Statistics via pico-hsm-tool: View flash memory statistics directly using the pico-hsm-tool.
Enhancements
- Increased ESP32 Stack Size: Expanded stack size for improved stability on ESP32 boards.
- TinyUSB 0.17 Support: Added compatibility with TinyUSB 0.17 for ESP32 boards.
- Optimized Footprint: Packed structures for reduced memory footprint.
- Dynamic ESP32 Stack Sizing: The stack size now adapts to the number of enabled interfaces.
- Updated CCID Descriptor: Reflects the maximum USB packet size accurately.
- Optimized Flash Partitioning: Reduced the data partition to 2K, starting at half of the flash memory.
- Customizable Flash Memory Bounds: Computed based on the partition if available.
- Customizable LED PIO Number: Now supports WS2812, Pico, and Cyw43 LEDs with configurable LED PIO numbers.
- MKEK Mask Validation: Accepts MKEK mask only if secure lock is enabled.
- Secure Initialization Restrictions: Initialization is allowed only if secure lock is disabled or a valid MKEK mask is present.
Bug Fixes
- Pico SDK 2.1.0 Build Issues: Resolved build compatibility issues with Pico SDK 2.1.0.
- Secure Authentication Disable: Fixed an issue preventing secure authentication from being disabled via pico-hsm-tool.
- Stack Overflow: Addressed stack overflow when unlocking the device.
- Persistent DEV Options: Ensured DEV options persist correctly, as they impact MKEK stored persistently.
- MKEK Masking Order: Fixed the order of MKEK masking for accurate operation.
- Aligned TX/RX Buffers: Adjusted TX/RX buffers to align with USB buffers, avoiding overflows.
- MKEK Storage on Specific Devices: Corrected MKEK storage handling for devices with OTP_1 (ESP32 and RP2350).
Pico HSM version 5.2 continues our commitment to providing a robust and versatile hardware security module. With these updates, users can enjoy better performance, enhanced flexibility, and improved reliability. We recommend all users update to this version to take advantage of the new features and fixes.
For detailed instructions on upgrading and using these new capabilities, please visit our Downloads page.