v0.0.3

Improvements ✨

This release improves the flash storage implementation on STM32H533. The improved implementation guarantees atomicity during storage erase (authenticatorReset). It uses a single version and delete marker for the whole storage.

Additionally, this release also removes the testing-only/unused dependencies/code from the STM32H533 target, reducing the firmware size.

Upgrade Note! ❗

Flashing this version of firmware to the STM32H533s that currently run LionKey v0.0.2 or v0.0.1 results in a reinitialization of the flash storage because the new version uses a slightly different flash storage format (layout). In other words, all credentials and PIN state will be erased (as if an authenticatorReset CTAP2 command was used).

Flash Storage Limitations

The flash storage implementation on STM32H533 is still experimental (work in progress). During normal operation, it works as expected. ✅ However, when some specific write failure sequences occur, or when an unexpected double error is detected by the flash-built-in error correction code (ECC) mechanism, the flash storage can end up in an unrecoverable broken state. We plan to address those edge cases in future releases. If you happen to come across them now, use the workaround below.

How to recognize an unrecoverable broken state:

• Using only the LD2 Green LED status indicator (located next to the black RESET button):
  The LD2 LED is periodically blinking with the following special pattern: 25 ms ON, 455 ms OFF (period 500 ms) AND resetting the STM32H533 using the black RESET button does not help.

• With the ST-Link virtual COM port (serial console) connected:
  If the init done in X ms message does not appear on the serial output after the STM32H533 is reset (by pressing the RESET button), it indicates that the STM32H533 is stuck in the flash initialization logic.

How to recover from the unrecoverable broken state (applicable to v0.0.3+):

Use the ST-Link's USB mass storage interface to flash the invalidate-storage.hex HEX file that will invalidate (erase) the flash storage. Upon successful flashing, the STM32H533 should automatically reset (reboot) (if not, you can reset it by pressing the RESET button). Upon reset, LionKey will detect the invalidated flash memory and will perform a clean flash storage initialization sequence. _Note that all credentials and PIN state will be erased (as if an authenticatorReset CTAP2 command was used).

Artifacts

The artifacts were produced by the following CI run: 2025-06-17-13-41-commit-51b1b58-run-15706244798.

v0.0.2

Adds compatibility with Windows 10 by declaring CTAP 2.0 support. See d8bab5a for more information.

The artifacts were produced by the following CI run: 2025-06-17-08-24-commit-d8bab5a-run-15699796505.

v0.0.1

The first firmware version that was publicly distributed to alpha testers.

The artifacts were produced by the following CI run: 2025-06-06-11-19-commit-c6cbe4a-run-15413482425.