Releases: fido-device-onboard/release-fidoiot
v1.1.9
v1.1.9
This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.
It includes the below components:
-
Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
- Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
- Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
- Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
- COSE Signature Types: ES256, ES384, RS2048.
-
Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
- Key Exchanges: ECDH256, and ECDH384
- Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
- Public Key Encoding: X509.
- COSE Signature Types: ES256, and ES384.
-
EPID Verification Service: epid-verification-service is a wrapper service written on top of the EPID SDK to assist the FDO Rendezvous service and FDO Owner service to perform device signature verification for EPID based devices.
New Features
client-sdk-fidoiot: Support for sending device MAC addresses as part of Device Mfg Info.
Fixed Issues
client-sdk-fidoiot, epid-verification-service, pri-fidoiot: The version of third-party dependencies have been updated, few defect fixes.
Known Issues
client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause.
This is tracked through the GitHub issue client-sdk-fidoiot#226.
SHA256 checksum for release binaries
Following SHA256 checksum is calculated using sha256sum tool
69e2e5a589bb7892a11e88e28452e5f223b6ed013449dbb6e9f2f15486c40132 - client-sdk-fidoiot-v1.1.9.tar.gz
5a45136fa1a59ef4da2e2db3f748e4c6ac9591cfd7cf629b2a6ae202a05c5210 - epid-verification-service-v1.1.9.tar.gz
1c8bf63fc13f9780839b3a733f0b42b7befa78e285d97c10c1ad1c42be4e9346 - pri-fidoiot-v1.1.9.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.9.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz
Documentation
https://fido-device-onboard.github.io/docs-fidoiot/1.1.9
Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.
v1.1.8
v1.1.8
This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.
It includes the below components:
-
Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
- Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
- Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
- Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
- COSE Signature Types: ES256, ES384, RS2048.
-
Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
- Key Exchanges: ECDH256, and ECDH384
- Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
- Public Key Encoding: X509.
- COSE Signature Types: ES256, and ES384.
-
EPID Verification Service: epid-verification-service is a wrapper service written on top of the EPID SDK to assist the FDO Rendezvous service and FDO Owner service to perform device signature verification for EPID based devices.
New Features
client-sdk-fidoiot: Support for FIDO Service Info Module (FSIM) added.
Changes to existing features
client-sdk-fidoiot: Storage of credentials in TPM has been modified to be compliant with the TPM spec. Please note that the FIDO Alliance specification "Securing FDO Credentials in the TPM" has been published as a Review Draft by the FIDO Alliance, and is still subject to comment and change. With respect to section 4.2, Handles for FDO Credentials, Trusted Computing Group (TCG) has allocated the NVRAM addresses referenced, and is moving towards approval of the persistent object handles.
client-sdk-fidoiot, epid-verification-service, pri-fidoiot: Updated the required third party dependencies to be complaint with FIPS. The PRI FIDO IOT component uses Bouncy Castle FIPS as the primary security provider for all cryptographic operations within the project with the exception of the KDF. The KDF implementation is compliant with the FIDO specification and is not based on the Bouncy Castle FIPS.
pri-fidoiot: Added REST API support to update the replacement RV information.
Fixed Issues
client-sdk-fidoiot, epid-verification-service, pri-fidoiot: The version of third-party dependencies have been updated.
Known Issues
client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause.
This is tracked through the GitHub issue client-sdk-fidoiot#226.
SHA256 checksum for release binaries
Following SHA256 checksum is calculated using sha256sum tool
83aaad1b0c941b26c55cdc502036cc23df36ecf84094820fbb7dbfa110e5feba - client-sdk-fidoiot-v1.1.8.tar.gz
d45404f8a5bf57c44781f97b45cf2558902f4baa4c8a068ab5fc3514ad08e211 - epid-verification-service-v1.1.8.tar.gz
3f5c8d2eba14275b0a145a6c06aef9c8877845267a2bd4480e811797af51092e - pri-fidoiot-v1.1.8.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.8.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz
Documentation
https://fido-device-onboard.github.io/docs-fidoiot/1.1.8
Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.
V1.1.7
v1.1.7
This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.
It includes the below components:
-
Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
- Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
- Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
- Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
- COSE Signature Types: ES256, ES384, RS2048.
-
Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
- Key Exchanges: ECDH256, and ECDH384
- Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
- Public Key Encoding: X509.
- COSE Signature Types: ES256, and ES384.
New Features
client-sdk-fidoiot: Option to update manufacturer address through command line argument during DI added.
client-sdk-fidoiot: Compile time option to fetch serial number of the device from BIOS added.
pri-fidoiot: Support for FIDO Service Info Module (FSIM) added. This is only a preview release.
Changes to existing features
client-sdk-fidoiot, pri-fidoiot: Changes to Owner Exec, Fetch now fetches file and enables saving on owner.
Fixed Issues
pri-fidoiot: The version of third-party dependencies have been updated.
Known Issues
client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause.
This is tracked through the GitHub issue client-sdk-fidoiot#226.
pri-fidoiot: Given this is a preview release of FSIM, we recommend enabling either FSIM or FDO_SYS at any time.
SHA256 checksum for release binaries
Following SHA256 checksum is calculated using sha256sum tool
87b2f0aebfe9fd3745945b5dc1247a72301b03cda8acdf6569b7aaa7a6a7b1c8 - client-sdk-fidoiot-v1.1.7.tar.gz
231439d8a3fddf33dd2f88eb12cd68fb3df99eae28deb6d649bf5e7e803623bb - pri-fidoiot-v1.1.7.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.7.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz
Documentation
https://fido-device-onboard.github.io/docs-fidoiot/1.1.7
Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.
v1.1.6
v1.1.6
This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.
It includes the below components:
-
Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
- Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
- Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
- Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
- COSE Signature Types: ES256, ES384, RS2048.
-
Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
- Key Exchanges: ECDH256, and ECDH384
- Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
- Public Key Encoding: X509.
- COSE Signature Types: ES256, and ES384.
-
EPID Verification Service: epid-verification-service is a wrapper service written on top of the EPID SDK to assist the FDO Rendezvous service and FDO Owner service to perform device signature verification for EPID based devices.
New Features
client-sdk-fidoiot, pri-fidoiot: Support for http2 has been added.
pri-fidoiot: Support added for Java 17.
Changes to existing features
client-sdk-fidoiot: SNI is now enabled by default and can be disabled based on compile time option.
Fixed Issues
epid-verification-service, pri-fidoiot: The version of third-party dependencies have been updated.
Known Issues
client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause.
This is tracked through the GitHub issue client-sdk-fidoiot#226.
SHA256 checksum for release binaries
Following SHA256 checksum is calculated using sha256sum tool
3a9ab8550b0d633b39d1c1cc289c8f9cbab598bac2821b33219477bf0ca60537 - client-sdk-fidoiot-v1.1.6.tar.gz
7e9a697805ccf815b660799631bba93c4179242e52a9d02fe989ca07ea11ec3e - pri-fidoiot-v1.1.6.tar.gz
edb8d6db725fa84cc646099539b3016f51bb9ea4706493bf953cc6091d9a92d3 - epid-verification-service-v1.1.6.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.6.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz
Documentation
https://fido-device-onboard.github.io/docs-fidoiot/1.1.6
Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.
v1.1.5.1
v1.1.5.1
This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.
It includes the below components:
-
Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
- Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
- Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
- Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
- COSE Signature Types: ES256, ES384, RS2048.
-
Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
- Key Exchanges: ECDH256, and ECDH384
- Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
- Public Key Encoding: X509.
- COSE Signature Types: ES256, and ES384.
New Features
client-sdk-fidoiot, pri-fidoiot: Documentation updated to refer to FDO GitHub - https://github.com/fido-device-onboard.
client-sdk-fidoiot: Support to enable SNI based on compile time option has been added.
pri-fidoiot: Support to include serial number in voucher management APIs has been added.
Fixed Issues
pri-fidoiot: The version of third-party dependencies have been updated.
Known Issues
client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause.
This is tracked through the GitHub issue client-sdk-fidoiot#226.
SHA256 checksum for release binaries
Following SHA256 checksum is calculated using sha256sum tool
1f33e3b3332d24fd3b322ca2546f26ab871553526cb5a1f89acc00b0563f5055 - client-sdk-fidoiot-v1.1.5.1.tar.gz
fcf0af695462f56a19ea4b0468695c09ef256811fbb6144499b93db42d03afb8 - pri-fidoiot-v1.1.5.1.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.5.1.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz
Documentation
https://fido-device-onboard.github.io/docs-fidoiot/1.1.5
Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.
v1.1.5
v1.1.5
This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.
It includes the below components:
-
Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
- Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
- Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
- Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
- COSE Signature Types: ES256, ES384, RS2048.
-
Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
- Key Exchanges: ECDH256, and ECDH384
- Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
- Public Key Encoding: X509.
- COSE Signature Types: ES256, and ES384.
New Features
client-sdk-fidoiot: client-sdk-fidoiot now supports OpenSSL 3.x.
Fixed Issues
pri-fidoiot: The version of third-party dependencies have been updated.
Known Issues
client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause.
This is tracked through the GitHub issue client-sdk-fidoiot#226.
SHA256 checksum for release binaries
Following SHA256 checksum is calculated using sha256sum tool
c52e6f2964ec42a5fe306fa5f199f57dfdb956f9530f6b94ee3b79bcd067289a - client-sdk-fidoiot-v1.1.5.tar.gz
7c1c2a747a7b98096e0a29d7837f674f78b8244e75ecd18ccee1fdfa6a2350a6 - pri-fidoiot-v1.1.5.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.5.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz
Documentation
https://secure-device-onboard.github.io/docs-fidoiot/1.1.5
Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.
v1.1.4.1
v1.1.4.1
New Features
client-sdk-fidoiot: Support for Intel® CSE implementation has been added in addition to the existing clients.
SHA256 checksum for release binaries
Following SHA256 checksum is calculated using sha256sum tool
8bed5511872c4f08f8e5e4d52d64c6b016927ec452ef6b6e9c3da69e69aa826b - client-sdk-fidoiot-v1.1.4.1.tar.gz
59b44861642df6f93c88582f014bf874424b1755bfde3f6508f61649632e00b3 - NOTICES-v1.1.4.1.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz
Documentation
https://secure-device-onboard.github.io/docs-fidoiot/1.1.4
Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.
v1.1.4
v1.1.4
This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.
It includes 4 components:
-
Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
- Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
- Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
- Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
- COSE Signature Types: ES256, ES384, RS2048.
-
Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
- Key Exchanges: ECDH256, and ECDH384
- Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
- Public Key Encoding: X509.
- COSE Signature Types: ES256, and ES384.
-
EPID Verification Service: epid-verification-service is a wrapper service written on top of the EPID SDK to assist the FDO Rendezvous service and FDO Owner service to perform device signature verification for EPID based devices.
-
Test: test-fidoiot implements a test-suite that gets executed as part of continuous integration pipeline.
New Features
pri-fidoiot: Support for additional databases - MySQL, PostgreSQL - have been implemented.
Security Enhancement
pri-fidoiot: pri-fdo-rv doesn't allow replacing redirect entry with a different owner key.
Known Issues
pri-fidoiot: Read permission needs to be added to server-key.pem file while configuring database secrets.
This is tracked through the GitHub issue pri-fidoiot#551.
pri-fidoiot: RVDelaySec is currently not considered during TO0 and TO1.
This is tracked through the GitHub issue pri-fidoiot#468.
pri-fidoiot: Proxy settings for owner to be set explicitly when using a proxy.
This is tracked through the GitHub issue pri-fidoiot#476.
SHA256 checksum for release binaries
Following SHA256 checksum is calculated using sha256sum tool
87af7e5d1f257b509981b08e5dd5ed670e3278e52d3060acc94036ae14ed1c9e - client-sdk-fidoiot-v1.1.4.tar.gz
a147d5ae8606ca894ec5bc10c141517066e82adf151f01dd68a7979e36d2ac31 - pri-fidoiot-v1.1.4.tar.gz
59b44861642df6f93c88582f014bf874424b1755bfde3f6508f61649632e00b3 - NOTICES-v1.1.4.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz
Documentation
https://secure-device-onboard.github.io/docs-fidoiot/1.1.4
Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.
v1.1.3.1
This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.
Fixed Issues
client-sdk-fidoiot : Curl installation instructions are updated in linux.md and tpm.md to fix the issue with accessing hosted RV servers (https connections).
epid-verification-service : The versions of third-party dependencies are updated.
Known Issues
pri-fidoiot: Read permission needs to be added to server-key.pem file while configuring database secrets.
This is tracked through the GitHub issue pri-fidoiot#551.
pri-fidoiot: Starting a component with an invalid port number or with a port already in use gives an exception.
This is tracked through the GitHub issue pri-fidoiot#467.
pri-fidoiot: RVDelaySec is currently not considered during TO0 and TO1.
This is tracked through the GitHub issue pri-fidoiot#468.
pri-fidoiot: Proxy settings for owner to be set explicitly when using a proxy.
This is tracked through the GitHub issue pri-fidoiot#476.
SHA256 checksum for release binaries
Following SHA256 checksum is calculated using sha256sum tool
94952b31877343254febfb2920300437e61437ea933274254ed47587dabe2887 client-sdk-fidoiot-v1.1.3.1.tar.gz
b4f0f026bda5aad2a0238f410c389f2d5a8ad01df1a001006a7ce73c90a65e03 epid-verification-service-v1.1.3.1.tar.gz
d058130cf45ea84728b6a5a3824d1cccd53c0ab9f5247e982c40070b91a16177 NOTICES-v1.1.3.tar.gz
5cf498b0d5ef3972bd645ed5e984ced08268e6220d5eead6652cd038405f5503 third-party-components.tar.gz
Documentation
https://secure-device-onboard.github.io/docs-fidoiot/1.1.3
Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.
v1.1.3
This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.
It includes 4 components:
-
Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
- Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
- Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
- Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
- COSE Signature Types: ES256, ES384, RS2048.
-
Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.
- Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
- Key Exchanges: ECDH256, and ECDH384
- Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
- Public Key Encoding: X509.
- COSE Signature Types: ES256, and ES384.
-
EPID Verification Service: epid-verification-service is a wrapper service written on top of the EPID SDK to assist the FDO Rendezvous service and FDO Owner service to perform device signature verification for EPID based devices.
-
Test: test-fidoiot implements a test-suite that gets executed as part of continuous integration pipeline.
New Features
client-sdk-fidoiot, pri-fidoiot: Support for full X5 Chain public key support has been implemented
client-sdk-fidoiot, pri-fidoiot: Support for Mutual TLS has been implemented.
pri-fidoiot: There is an option for the users to create an Alpine image for the docker in addition to Ubuntu image
Changes to existing features
client-sdk-fidoiot, pri-fidoiot: The key stores can now be stored in database and file system. APIs are documented in the readme.
client-sdk-fidoiot, pri-fidoiot: The default database is now configured to be MariaDB. Users can switch to H2 with the steps provided in the readme.
client-sdk-fidoiot, pri-fidoiot: The solution is secure by default and allows only CA signed certificates by default. Workaround to enable self signed certificate has been documented in readme.
Known Issues
pri-fidoiot: Read permission needs to be added to server-key.pem file while configuring database secrets.
This is tracked through the GitHub issue pri-fidoiot#551.
pri-fidoiot: Starting a component with an invalid port number or with a port already in use gives an exception.
This is tracked through the GitHub issue pri-fidoiot#467.
pri-fidoiot: RVDelaySec is currently not considered during TO0 and TO1.
This is tracked through the GitHub issue pri-fidoiot#468.
pri-fidoiot: Proxy settings for owner to be set explicitly when using a proxy.
This is tracked through the GitHub issue pri-fidoiot#476.
SHA256 checksum for release binaries
Following SHA256 checksum is calculated using sha256sum tool
06fa4c6b7aa74160d3c2fb70e7ea60cc28d9fff71b51a60dd91b6c1182599776 - client-sdk-fidoiot-v1.1.3.tar.gz
22473ea112225928541307ae9766fa739c9a39b70502bfea85f4f269ad134587 - pri-fidoiot-v1.1.3.tar.gz
d058130cf45ea84728b6a5a3824d1cccd53c0ab9f5247e982c40070b91a16177 - NOTICES-v1.1.3.tar.gz
5cf498b0d5ef3972bd645ed5e984ced08268e6220d5eead6652cd038405f5503 - third-party-components.tar.gz
Documentation
https://secure-device-onboard.github.io/docs-fidoiot/1.1.3
Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.