Skip to content
  • Pico HSM
Portada » Blog » Pico HSM 4.0

Pico HSM 4.0

Announcing Version 4.0: Major Release with ESP32-S3 Support!

We are thrilled to announce the release of Pico HSM version 4.0! This major update brings significant enhancements and new features, with the highlight being the support for ESP32-S3 boards. Here’s a detailed look at what’s new, enhanced, and fixed in this release.

What’s New

  • ESP32-S3 Board Support: In addition to Raspberry Pico boards, Pico HSM can now be flashed onto ESP32-S3 boards, which come with native secure boot and flash encryption capabilities.
  • Dynamic VID & PID Management: Change VID & PID on-the-fly using
  • Rescue Pico HSM: The now includes a rescue function that can communicate with a Pico HSM not recognized by the OS due to incorrect VID & PID values.
  • Web CCID Interface: Added support for a web-based CCID interface.
  • Advanced AES Support: Added support for multiple AES modes including AES-ECB, AES-CBC with custom IV, AES-OFB, AES-CFB, AES-GCM, AES-CCM, AES-CTR, and AES-XTS.
  • CMAC Support: Added support for CMAC authentication.
  • APDU Chaining: Enhanced support for APDU chaining.


  • OpenSC 0.25.1 Support: Now compatible with OpenSC version 0.25.1.
  • Build with Known VID/PID: Added -DVIDPID=value flag to build with known VID/PID from recognized vendors.
  • Key Generation for X25519 and X448: Added key generation commands for X25519 and X448 to
  • On-the-Fly Web CCID Interface Management: Enable or disable the Web CCID interface dynamically.


  • MbedTLS 3.6: Upgraded to MbedTLS version 3.6.
  • BOOTSEL Button Management: Enable or disable the BOOTSEL button only by physically clicking it (Pull request #40).
  • ASN.1 Parsing and Structs: Improved ASN.1 parsing and data structures.
  • New DKEK Return Format: Updated format for DKEK return.
  • Increased Memory Handling: Enhanced memory management to handle more files simultaneously.


  • Key Listing Fix: Resolved issue #43 related to listing keys if multiple of 12.
  • Windows Emulation: Fixed issues with Windows emulation.
  • CVC Outer Signature Length: Corrected the outer signature length for CVC.
  • APDU LE Computation: Fixed LE computation with wrapped APDU in secure channels.
  • Asymmetric Key Exchange: Fixed issues with asymmetric key exchange.
  • Chained Response APDU: Fixed byte override issue with chained response APDU.
  • Secure Channel Response Handling: Fixed issues with SM wrap for large response APDU.
  • ATR Overwrite: Corrected ATR overwrite issues.
  • Key Unwrap PRKD: Fixed PRKD issue on key unwrap.
  • Apple Emulation: Fixed issues related to Apple emulation.
  • Chained Responses: Fixed issues with chained responses.

We invite you to download version 4.0 from our GitHub repository and explore these exciting new features and improvements. As always, we appreciate your feedback and support in making Pico HSM better with each release.

Download Version 4.0

Stay tuned for more updates and enhancements!