Require PIN to use CS Factory Reset
- Change suggested by the red4sec audit report - require PIN to execute Factory Reset.
Without this, the SafeKey could be maliciously cleared anytime from its data, assuming the user would confirm the disguised request by touching the device. Now the PIN is required for clearing (by requiring authenticated session).
V1.8.2 Correct Windows issues, improve UX
Correct Windows issues, improve UX
- Disable buffers clearing immediately after successful read (fixes Windows communication issue)
- Add missing error code checks where required.
V1.8.0 Improved security and stability
V1.7.1 FIDO2 PIN bruteforce protection improvement, DOS protection
This release brings:
- FIDO2 PIN store protected with PBKDF2 to achieve the same strength as CS PIN hash;
- non-intrusive to CS communication fuzzing recommendations applied.
The FIDO2 PIN storage will be upgraded on the first power-up cycle of the device without any friction.
V1.6.1 Disable debug-adapter access
V1.5.0 Fix FIDO2 access for the latest Chrome
V1.4.0 Protect from Windows 10 doubled requests
v1.3.0 Extended UP period
Desktop application can be used for the update - see https://github.com/JurgenSchouppe/Desktop_Firmware_Updates/releases project.
See https://github.com/JurgenSchouppe/SafeKey_Firmware/releases/tag/1.1.0.safetech for the previous update details.
Note now the button press during switching to the bootloader is not required. Bootloader request time-outs after 10 seconds.
Attached binary to sign. After doing so please upload it here - I will test the update with the real bootloader key, as a final release test.