Changelog
Hardware Crypto (ATECC608)
- Added
esp-cryptoauthlibcomponent, enabling ATECC608A/B integration for on-chip key operations - Full hardware ECDH + HKDF — private key generation and shared-secret derivation; the shared secret goes directly to TempKey and never touches RAM. Key derivation using the ATECC608's on-chip KDF command (
atcab_kdf), with the PRK staying in TempKey throughout. - Dual crypto paths — compile-time
USE_SOFTWARE_CRYPTOguard selects between PSA/mbedTLS (software) and ATECC608 (hardware) for keygen, ECDH, and HKDF; a log line at startup identifies which mode is active
Performance
- LRU slot manager (
SlotManager) — tracks which ATECC EEPROM slots are in use with a least-recently-used eviction policy, supporting up to 5 paired devices. Keys are reserved before ECDH completes and only committed once the peer public key is known. - Heap reduction — minimised dynamic allocations in the crypto and BLE paths
- Logging — migrated from
Serial.printtoESP_LOGxthroughout, giving per-tag log level control and timestamps
BLE
- Large BLE refactor — split responsibilities across
ble.cpp,ble_auth.cpp, andble_taskexec.cppfor clarity
Build System & CI
- GitHub Actions workflow (
firmware-release.yml) — matrix build producing 4 merged firmware binaries (8MB_MBEDTLS,8MB_ATECC,4MB_MBEDTLS_LED48,4MB_MBEDTLS_LED10); releases created automatically on version tags - Kconfig options under a single
ToothPastemenuconfig menu —TOOTHPASTE_SOFTWARE_CRYPTO(selects crypto path) andTOOTHPASTE_RGB_LED_PIN(configurable LED GPIO); both driven through CMake compile definitions - Per-variant
sdkconfig.defaultsfiles replace the committedsdkconfigfor CI builds;sdkconfig.defaults(fromsave-defconfig) serves as the shared base - Response file support (
CMAKE_C/CXX_USE_RESPONSE_FILE_FOR_INCLUDES) added toCMakeLists.txtto work around Windows command-line length limits
Full Changelog: v1.1.0...v2.0.0