Version | Release Notes | Clasification | File | Checksum (SHA256) | ed Signature |
---|
2. | 03. | 2 1-GA | Changelog for AirID firmware 2. | 03. | 21-GA |
Known Limitations - Firmware Update from 1.x.x version to 2.
| 0 | 2 - 1 requires Bluetooth re-pairing for paired devices
| NEW FIDO2 support in V.2.0.2 available for WINDOWS10 devices via BLE only - other platforms will follow.NEW FIDO Support in V2.0.2 supports currently only FIDO2. FIDO U2F will be supported at a later release. As GOOGLE's fido authentication requires today FIDO U2F, GOOGLE fido authentication is not supported in V2.0.2 New Functionality
Improvements & Changes
- Host name is properly read from NVM and used as a fallback if the hostname is not available or transmitted to the device for some reason after a connect
Fixed
- Avoid disconnect for Android workaround on Windows based systems after pairing from system settings / system preferences
Removed Functionality
No functionality removed- on Windows and Android (< SDK v3.0.0)
- Firmware Update from 2.0.x version to 2.3.1 requires Bluetooth re-pairing for paired devices on Windows and Android (< SDK v3.0.0)
Fixed- no device freeze after repeated quick insertion of USB cable
Improvements & Changes- USB mode defaults to card and menu pops up after USB cable is plugged in to allow easy switching
Known Issues- no indication of fido activity via USB
- no led blinking when charging device
| Recommended Update | | 0 | 2 | | 0 | 2 | | 0 | 2 |
2.3.0 | .1 -GA | Changelog for AirID firmware 2 | .0.1 UI Text Box |
---|
|
.3.0-GA
Known Limitations - Firmware Update from 1.x.x version to 2.3.0 requires Bluetooth re-pairing for paired devices on Windows and Android (< SDK v3.0.0)
| Known Limitations for V2.0.1: | 1 | x | .1 - requires Bluetooth re-pairing for paired devices
| NEW FIDO2 support in V.2.0.1 available for WINDOWS10 devices via BLE only - other platforms will follow.NEW FIDO Support in V2.0.1 supports currently only FIDO2. FIDO U2F will be supported at a later release. As GOOGLE's fido authentication requires today FIDO U2F, GOOGLE fido authentication is not supported in V2.0.1 New Functionality
- NEW BLE support for FIDO2, in parallel with the existing Smartcard/PKI service
- Enable parts of FIDO 2.1 needed for some FIDO 2.1 extensions
- FIDO2 User presence test is implemented via display/jogdial for now
- AirID devices without external flash can store up to 12 resident keys. For "-beta1" only internal storage is used
- external flash is now used for storing resident FIDO2 keys rk-store (A2XX HW rev >= 1.1.0 and A2MX >= 1.0.0 only)
- can store up to 200 resident keys
- secured with ccm encryption
- Implemented FIDO2 basic Attestation for AirID devices
- NEW BLE Night Mode
- switches off BLE advertising / connection from 22:00 - 05:00
or outside working time ranges, if set from remote host - new menu item:
- Settings / BLE Night Mode (options: ON / OFF)
- can be temporary disabled from Connection menu
- can be controlled from remote host
- NEW BLE privacy settings (switched off by default):
- battery service can only be accessed if access is authenticated,
- AirID devices now support random resolvable bluetooth mac addresses, according to Bluetooth Core 5.1
- AirID devices now implement anonymous bluetooth advertising according to Bluetooth Core 5.0
- Read BLE Privacy settings from remote host
- NEW Menu items:
- Settings / Random MAC - (options: ON, OFF)
- Settings / Advertising - (options: ANONYMOUS, "WITH NAME")
- Settings / Reset Device Name (only visible if custom device name was configured via BLE, resets to S/N default)
- Debug / Fido2 Buffers - Usage for FIDO2 memory buffers
- Debug / Fido2 Keystore - Shows use of resident FIDO2 keys and max size of keys
- Debug / Reset FIDO2
- AirID Info / Device Name (shows custom device name if configured via BLE)
Improvements & Changes
- Implemented protected pin methods for Secure Remote Settings
- Added "Reset Settings" Menu entry - This allows you to reset your AirID Device Settings but all 'user data' like Bluetooth Pairings, LTK Keys and FIDO2 Keys are NOT removed.
- Renamed "Remove Pairings" menu entry to "Reset BLE"
- Renamed "Reset Keys" menu entry to "Reset LTK Keys"
- Added "Reset FIDO2" menu entry - this allows you to remove all FIDO2 keys from your device. You will asked twice before final removal to prevent accidental removal of FIDO2 keys.
- Changed "Factory Reset" to double confirmation before reset to prevent accidental "Factory Reset"
- Moved all Reset related Menu entries to a improved/more detailed reset menu called "Reset" located under Settings
- Show Connection "OFF" outside working time ranges (during BLE Night mode)
- adapt handling of separate binaries for OTA files
- various resource cleanups to have space for FIDO2
- option to pass USBHID data through RPC 0x17 (if not used, it will be removed again), should not be used simultanously with official FIDO ble service. Purpose is to evaluate virtual usb fido device stuff
- Nostack builds work as fido2 USB token
- Debug menu is now always visible in "-alpha" and "-beta" releases and will be disabled for "-GA" releases
- reduced max apdu lengths: 5000 bytes (A2XX) and 5000 bytes (A2MX)
- option to pass USBHID data through RPC 0x17 (if not used, it will be removed again), should not be used simultanously with official FIDO ble service. Purpose is to evaluate virtual usb fido device stuff
- Enhanced Connected Menu to allow new privacy modes
- OFF
- ON/Waiting (anonymous advertising)
- ON/Pairing (advertising with device name)
- added more information in device descriptor
- Implemented a introspection method (RPC 0) to get the list of supported RPC commands in advance for this FW version
- RPC_SET_SETTING: preferred way to set things now, Indication will be removed in future
- Write new firmware via usb while device is operational
- Implemented a new build mode to allow unattended fido2 tests
- Right justify values in settings menu
Fixed
- Fixed uneven display color on A2MX
- Use und return correct return code for update firmware RPC
- Added 'nix' A2MX bootloader OTA updates
- Working time ranges doesn't switch off advertising if dynamic advertising interval is disabled
- Fix USB-serial-only pattern matching for A2MX20[789]X devices
- fixed a advertising data size error
- NVM error handling fixes
- Factory reset also erases keys on external storage now
- fix AAGUID attribute in included basic attestation certificate
- fix for "battery low" issue reported in
COREFW-707 - fixes regarding BLE cancellation and disabling of notifications
- fixes regarding pairing device list retrieval
Removed Functionality
- on Windows and Android (< SDK v3.0.0)
New Functionality- allow selection of protocols (T=0 vs. T=1) by driver
- FIDO only devices: A2XF and A2MF
- with reduced settings menu
- new usb ids and product strings
- FIDO: Full support for FIDO2 (WebAuthn) and U2F authentication services via USB and BLE
- FIDO: U2F support
- select BLE mode in debug menu: FIDO2 & U2F, FIDO2 only, U2F only
- FIDO: Implemented user presence notifications via buzzer and LED
- FIDO: Indicate fido communication with an icon
- FIDO: Fido activity icon in headline (ble activity only)
- FIDO: Implemented Idle disconnect for BLE (when no fido communication for some time)
- FIDO: advertise CredProt FIDO2 extension, this allows to use our AirID FIDO as a FIDO Token for SSH authentication starting with openssh >= 8.2, makes ssh-keygen option "-O resident" work (non-resident keys worked before)
- BLE: Bluetooth service changed attribute service implemented (avoids future re-pairings on updates)
Fixed- handling of cards with specific mode ATR (TA2 present)
- handling inverse convention cards
- overlong device names
- various card handling bugs discovered during WHQL testing
- Avoid high card baud rates to reduce problems with low slew rates
- FIDO ONLY: AirID NOSCARD tunnel access
- FIDO: FIDO2 icon appears again properly
- BLE: fixed a advertising data size error
- U2F: Fixed several timing issues with regards to the offical U2F conformance tests
- U2F: U2F Version can be read with short and extended APDU Options
- FW: Buzzer settings were not correctly updated
Improvements & Changes- FW: Replaced USB card reader popup during USB connector plug in with USB mode selection config via settings menu.
- FW: USB: Updated USB Mode: For -GA versions we now have CARD, FIDO and "Charge Only" usb mode menu entries with USB default to FIDO
- FW: submenus for Settings and debug menus**
- FW: Further menu cleanup and restructuring
- BLE: We now allow to set several Bluetooth Core 5 features manually via Debug Menu phy settings, extended advertising
- U2F: changed implementation of USBHID User Presence*I*
- FIDO ONLY: fido images for boot screen and menu
Known Issues- no indication of fido activity via USB
- no led blinking when charging device
| Recommended Update | | | | 2.0.3 -GA | Changelog for AirID firmware 2.0.3-GA
Known Limitations - Firmware Update from 1.x.x version to 2.0.2 requires Bluetooth re-pairing for paired devices
- NEW FIDO2 support in V.2.0.2 available for WINDOWS10 devices via BLE only - other platforms will follow.
- NEW FIDO Support in V2.0.2 supports currently only FIDO2. FIDO U2F will be supported at a later release. As GOOGLE's fido authentication requires today FIDO U2F, GOOGLE fido authentication is not supported in V2.0.2
New Functionality Improvements & ChangesFixed- problems with certain CAC cards sending superfluous TCK bytes
Removed Functionality
| Recommended Update | | | |
2.0.2 -GA | Changelog for AirID firmware 2.0.2-GA
Known Limitations - Firmware Update from 1.x.x version to 2.0.2 requires Bluetooth re-pairing for paired devices
- NEW FIDO2 support in V.2.0.2 available for WINDOWS10 devices via BLE only - other platforms will follow.
- NEW FIDO Support in V2.0.2 supports currently only FIDO2. FIDO U2F will be supported at a later release. As GOOGLE's fido authentication requires today FIDO U2F, GOOGLE fido authentication is not supported in V2.0.2
New Functionality Improvements & Changes- Host name is properly read from NVM and used as a fallback if the hostname is not available or transmitted to the device for some reason after a connect
Fixed- Avoid disconnect for Android workaround on Windows based systems after pairing from system settings / system preferences
Removed Functionality | Removed SET_SETTINGS indication (replaced by a RPC)Remove MobDev Finder artifacts from firmware (no function)
| Recommended Update | | 1 | | 1 | | 1 |
2.0. | 0 1 -GA | Changelog for AirID firmware 2.0. | 01 UI Text Box |
---|
| Known Limitations for V2.0. |
| 01: - Firmware Update from 1.x.x version to 2.0.
|
| 0 - 1 requires Bluetooth re-pairing for paired devices
- NEW FIDO2 support in V.2.0.
|
| 0 - 1 available for WINDOWS10 devices via BLE only - other platforms will follow.
- NEW FIDO Support in V2.0.
|
| 0 - 1 supports currently only FIDO2. FIDO U2F will be supported at a later release. As GOOGLE's fido authentication requires today FIDO U2F, GOOGLE fido authentication is not supported in V2.0.
|
| 0 | New Functionality- NEW BLE support for FIDO2, in parallel with the existing Smartcard/PKI service
- Enable parts of FIDO 2.1 needed for some FIDO 2.1 extensions
- FIDO2 User presence test is implemented via display/jogdial for now
- AirID devices without external flash can store up to 12 resident keys. For "-beta1" only internal storage is used
- external flash is now used for storing resident FIDO2 keys rk-store (A2XX HW rev >= 1.1.0 and A2MX >= 1.0.0 only)
- can store up to 200 resident keys
- secured with ccm encryption
- Implemented FIDO2 basic Attestation for AirID devices
- NEW BLE Night Mode
- switches off BLE advertising / connection from 22:00 - 05:00
or outside working time ranges, if set from remote host - new menu item:
- Settings / BLE Night Mode (options: ON / OFF)
- can be temporary disabled from Connection menu
- can be controlled from remote host
- NEW BLE privacy settings (switched off by default):
- battery service can only be accessed if access is authenticated,
- AirID devices now support random resolvable bluetooth mac addresses
| , according to Bluetooth Core 5.1 - AirID devices now implement anonymous bluetooth advertising
| according to Bluetooth Core 5.0 - Read BLE Privacy settings from remote host
- NEW Menu items:
- Settings / Random MAC - (options: ON, OFF)
- Settings / Advertising - (options: ANONYMOUS, "WITH NAME")
- Settings / Reset Device Name (only visible if custom device name was configured via BLE, resets to S/N default)
- Debug / Fido2 Buffers - Usage for FIDO2 memory buffers
- Debug / Fido2 Keystore - Shows use of resident FIDO2 keys and max size of keys
- Debug / Reset FIDO2
- AirID Info / Device Name (shows custom device name if configured via BLE)
| Improvements & Changes- Implemented protected pin methods for Secure Remote Settings
- Added "Reset Settings" Menu entry - This allows you to reset your AirID Device Settings but all 'user data' like Bluetooth Pairings, LTK Keys and FIDO2 Keys are NOT removed.
- Renamed "Remove Pairings" menu entry to "Reset BLE"
- Renamed "Reset Keys" menu entry to "Reset LTK Keys"
- Added "Reset FIDO2" menu entry - this allows you to remove all FIDO2 keys from your device. You will asked twice before final removal to prevent accidental removal of FIDO2 keys.
- Changed "Factory Reset" to double confirmation before reset to prevent accidental "Factory Reset"
- Moved all Reset related Menu entries to a improved/more detailed reset menu called "Reset" located under Settings
- Show Connection "OFF" outside working time ranges (during BLE Night mode)
- adapt handling of separate binaries for OTA files
- various resource cleanups to have space for FIDO2
- option to pass USBHID data through RPC 0x17 (if not used, it will be removed again), should not be used simultanously with official FIDO ble service. Purpose is to evaluate virtual usb fido device stuff
- Nostack builds work as fido2 USB token
- Debug menu is now always visible in "-alpha" and "-beta" releases and will be disabled for "-GA" releases
- reduced max apdu lengths: 5000 bytes (A2XX) and 5000 bytes (A2MX)
- option to pass USBHID data through RPC 0x17 (if not used, it will be removed again), should not be used simultanously with official FIDO ble service. Purpose is to evaluate virtual usb fido device stuff
- Enhanced Connected Menu to allow new privacy modes
- OFF
- ON/Waiting (anonymous advertising)
- ON/Pairing (advertising with device name)
- added more information in device descriptor
- Implemented a introspection method (RPC 0) to get the list of supported RPC commands in advance for this FW version
- RPC_SET_SETTING: preferred way to set things now, Indication will be removed in future
- Write new firmware via usb while device is operational
- Implemented a new build mode to allow unattended fido2 tests
- Right justify values in settings menu
| Fixed- Fixed uneven display color on A2MX
- Use und return correct return code for update firmware RPC
- Added 'nix' A2MX bootloader OTA updates
- Working time ranges doesn't switch off advertising if dynamic advertising interval is disabled
- Fix USB-serial-only pattern matching for A2MX20[789]X devices
- fixed a advertising data size error
- NVM error handling fixes
- Factory reset also erases keys on external storage now
- fix AAGUID attribute in included basic attestation certificate
- fix for "battery low" issue reported in
COREFW-707 - fixes regarding BLE cancellation and disabling of notifications
- fixes regarding pairing device list retrieval
| Removed Functionality- Removed SET_SETTINGS indication (replaced by a RPC)
- Remove MobDev Finder artifacts from firmware (no function)
| Recommended Update | | 0 | | 0 | | 0 |
1.4.1-GA | Fixed- A regression was fixed which resulted in a wrong display of bootloader version in device -> info -> Board version.
| | New Functionality (API/SDK)- No new functionality added.
| | Recommended Update | | | |
1.4.0-GA | Fixed- ensure that local changed settings are sent back to the host side.
- Don't switch to update mode @ BLE indication "0x0A System Suspend".
- Improve USB bootloader mode (HW version < 1.1.0) selection
- Switch off JTAG pins if JTAG is fused
| Improvements- Disable dynamic connection interval. Otherwise we might see BLE supervision timeouts.
- Fix BLE disconnect after pairing and no communication for 3s. Some Android devices keep the BLE connection after pairing and blocks the communication between AirID app and AirID device.
- Update BLE stack to version 2.13.6 and replace usage of deprecated BLE API methods.
- Set 2M PHY as preferred PHY (BLE5)
- Do all BLE related settings before advertising starts
- A2XX: Switch off BLE when low battery limit is reached (~3.4V). This should prevent from smartcard errors at low battery conditions
| New Functionality (API/SDK)- new RPC method 0x16 to switch to bootloader mode from host side
- Prepare OTA functionality (only for A2MX and A2XX with HW version >= 1.1.0)
| Removed Functionality- migrate NVM parameters from old NVM implementation. Note update from FW <= 1.1.1 are no longer supported!
- Remove BLE indications to trigger update modes (0x04 and 0x0B)
- Remove "Force 256 Bit" setting. "Force 256 Bit" is always enabled and cannot be disabled anymore.
- Remove no longer needed settings: Contrast, Signal Strength and Limited Advertising
- Add connection parameters to BLE event logging and distinguish between A2XX and A2MX timer handles
| Recommended Update | | | |
1.3.2-GA | Fixed - Shut up USB IRQ noises with older AirID2 hardware revisions -> speed fixes
| Added - Disconnect after Bluetooth Pairing when there is no write to AirID service for 3s afterwards
- Added watchdog to switch off Bluetooth when Battery gets below 3,4V (-0%) to avoid SC failures for power consuming tasks, RSA Keypair generation or other heavy duty operations
- Added event logging capability for the last ~100 events to AirID2 firmware
- To get an insight view what happens in the BLE stack @ a disconnect, we gather some debug infos:
- Read last ble disconnect reason in debug menu
- Information about connection parameters
- New logging data struct for BLE stack events:
- size ~100 last events
- stop logging @ disconnect
- read data from new RPC command
- restart logging after read
- This feature is currently only available from the DEBUG menu of the AirID2 device and not exposed to any SDK / Driver
| Recommended Update | airid-all-firmware-1.3.2.zip | airid-all-firmware-1.3.2.zip.sha2_256 |
|
1.3.1-GA | Improved: - added intelligent flasher "winusb-flash-device.exe" and "flash-airid.command" on MacOS
- added support for new bootloader signing keys
|
| | |
|