Skip to content
Portada » Blog » Pico Fido 6.6

Pico Fido 6.6

We’re excited to announce the release of Pico-FIDO v6.6, a major update packed with fixes, enhancements, and support for even more hardware. This version builds on the work from previous releases, tightening the system, fixing compatibility quirks, and adding critical security functionality.

Let’s dive into what’s new and improved.

🔧 Key Enhancements

🧪 Automated EdDSA Builds

A streamlined build process now automates EdDSA test generation and deployment. This not only saves developer time but helps ensure consistent test coverage across builds.

🧷 Secure Boot Support

All boards are now built with secure boot public keys, enhancing firmware authenticity and trust for devices in the wild.

🧭 Commissioner-Compatible Updates

We’ve made sure updates are compatible with Pico Commissioner, even if it means breaking backward compatibility. The result: a smoother experience for future-proofing your devices.

🔐 More Reliable Silent Authentication

Silent credentials now work correctly even with resident keys. A new internal format was added, so note: existing silent credentials must be reissued.

🛠 Bug Fixes

  • CCID & USB Interface Fixes: Older PCSC versions and some Linux distros were incorrectly showing multiple interfaces. That’s resolved.
  • Keyboard Descriptor Fix (Windows): A subtle bug prevented the USB keyboard from being recognized. Fixed.
  • Challenge-Response Stability: Issues with challenge lengths, HMAC-SHA1, and OTP logic (especially on Linux) have been fixed.
  • Smartphone Compatibility: Disabling the OTP interface now also disables the USB keyboard interface to avoid weird behavior on mobile platforms.

⚙️ Protocol & Extension Improvements

  • CTAP2 responses are now cleaned (zeroed) before sending, avoiding data leaks between calls.
  • Extensions are only returned if explicitly requested or active.
  • epAtt is only sent when true, fixing a regression that broke credential creation in Firefox on Linux.
  • Improved handling of getInfo when multiple curves are used, ensuring accurate capability reporting.

🔁 Better Emulation & ESP32 Support

  • Emulation mode now defines the correct MCU and includes secp256k1 only if explicitly enabled.
  • Fixes to ESP32 endpoint enumeration resolve issues with USB keyboard sending.
  • Only pin to core on ESP32-S3, which supports multicore threading.

🎛 Other Improvements

  • Touch requirements for Challenge-Response OTP slots are now supported.
  • EdDSA is disabled by default for broader compatibility but can be re-enabled using Pico Commissioner.
  • Multiple fixes to LED mode persistence, configuration sequence handling, and internal dynamic file swapping ensure robustness across sessions.

📝 TL;DR

This release focuses on:

  • Security: secure boot, safe silent credentials, proper response formatting
  • Stability: lots of bug fixes, especially around USB, OTP, and platform quirks
  • Compatibility: Firefox/Linux, PCSC, ESP32-S3, and more
  • Developer Experience: better emulation, automated EdDSA, dynamic configuration improvements

🔗 View full changelog on GitHub »

If you’re building secure authentication hardware or experimenting with FIDO2 on microcontrollers like the RP2040 or ESP32, this is a great time to upgrade. As always, contributions, bug reports, and feedback are welcome!

As usual, go to Download page for an upgrade!

Tags: