FIDO2 - FW and HW Upgrade?

How will the firmware update done ? USB or the 5 point Debug connection ? Is it possible in HW Rev3 to solder the missing chips U4 and U5 for further feature extension ? I have seen on GIT is Rev 5 already uploaded…

Hi!

  1. Firmware update is planned to be run through the browser using FIDO U2F / FIDO2 calls. Potentially additional tools for offline update would be available.
  2. Debug connection is disabled in the released devices for increased safety. It cannot be turned on due to fuse being burned - this is a one-way setting. We do not plan at the moment to sell devices, which would have this protection not activated. The only ways to update the firmware are currently HID USB / FIDO U2F/FIDO2.
    Just an idea: it should be possible to craft such an update firmware, that would safely subvert the device’s firmware to a development one, with our FIDO private attestation key removed, and accepting user’s F/W, but again this is not planned (yet?).
  3. I guess you mean ATECC and the NFC chips. I think so - this depends on results of further development, namely whether it would be easy to detect the installed chips or not, as it would be best to distribute single firmware binary. NFC chip is detectable AFAIK.
  4. I think rev. 5 H/W is the currently released one (I might be wrong).

Thanks for the clarification ! Glad to see that the FW upgrade will be simplified - and not using the Debug interface.
And yes, I was wondering if a simple extension by soldering the missing chips may be possible, but I do have Rev 3 of the HW and not sure if that is already prepared to recognise and use ATECC and NFC.
At the end it might be easier to wait when you bring a version that has both already soldered and supported :smiley:

It surely should be faster :slight_smile:

Edit: but I agree, hardware upgrade would be a fun hacking project

Yeah, just wondering how many customers use the OpenSource HW to build their own HW and OpenSource for SW adaptions and improve SW for the community. I assume most customers are believing that OpenSource is more secure and less intruded or pollution by spy/ad SW.
… and I would not take e out of this club :smiley: