Skip to content
  • Pico HSM
Portada » Blog » Pico HSM 6.0

Pico HSM 6.0

Pico HSM version 6.0 is now available. This is a major release that introduces PicoKey App support, adds compatibility with the new RP2354 MCU, and includes substantial improvements to the rescue interface, security mechanisms, and overall platform compatibility.

Highlights

  • PicoKey App support
    Pico HSM can now be managed and integrated through PicoKey App.
  • New MCU support
    Full support for RP2354, with automated builds for RP2350-based platforms.
  • Security improvements
    • New secure key derivation functions based on OTP and pico_serial
    • Introduction of pico_serial_hash as a 32-byte unique entropy source
    • OTP chaff and key migration to mitigate PVC attacks
    • Hash functions fed directly from OTP data
  • Rescue and PHY enhancements
    • Reboot to BOOTSEL command
    • Secure boot status readout
    • Memory status and PHY read support
    • LED driver support via PHY (with dummy fallback for unsupported boards)
  • Dynamic flash handling
    Flash size is now detected at runtime instead of being fixed at build time.

Library and SDK updates

  • mbedTLS upgraded to v3.6.5
  • TinyCBOR upgraded to v0.6.1
  • Pico SDK upgraded to v2.2.0
  • ESP32-specific optimizations and improved NK compatibility

Bug fixes and stability

This release includes a large number of fixes across multiple platforms, including:

  • Correct AID selection with shorter AIDs
  • Fixes for key generation on RP2040
  • Resolution of issues when mixing FIDO, OpenPGP, and CCID interfaces
  • Multiple USB descriptor fixes (HID, BOS/MSOS, interface enable/disable logic)
  • Endianness, alignment, and crash fixes in RAPDU handling
  • Improved Windows build and runtime compatibility
  • Numerous fixes for non-Pico and cross-platform builds

Several legacy workarounds (such as forced 64-byte packet sizing) have been removed, as they are now correctly handled by the USB stack.

Licensing change

Starting with version 6.0, Pico HSM is now dual-licensed:

  • AGPLv3 for the Community edition
  • Enterprise / Commercial license available for commercial and closed-source use

This change enables clearer licensing terms for both open-source contributors and commercial adopters.

Tags: