This post is from Rob Austein:
The Cryptech Project is pleased to announce that version 3 of our
firmware and software package is now available. Like version 2, this
runs on the Alpha board. For those who have been following, this is
the code that until last week was the “ksng” branch.
Major new features:
* New keystore implementation which supports thousands of keys instead
of six. 🙂
* Support for multiple clients (eg, the OpenDNSSEC “enforcer” and
“signer” daemons) talking to the HSM in parallel.
* Key backup.
* Verilog support for (much) faster key generation and signing on the
ECDSA P-256 and P-384 curves.
See https://wiki.cryptech.is/wiki/ReleaseNotes for more details.
See https://wiki.cryptech.is/wiki/BinaryPackages and
https://wiki.cryptech.is/wiki/Upgrading for information on how to
download the new packages and upgrade the HSM firmware.
Please read the upgrade instructions BEFORE attempting to update the
firmware. The upgrade is a multi-step process, and the keystore
format change triggers a bug in the old bootloader which can brick
your HSM if you perform the upgrade steps in the wrong order.
If you ignored the above or managed to brick your HSM anyway, see
https://wiki.cryptech.is/wiki/DisasterRecovery and
https://wiki.cryptech.is/wiki/UsingSTLink .
Thank you for your patience with how long this has taken. We spent
far more time than we would have liked in a twisty maze of RTOS bugs
(eventually solved by removing the RTOS, see the release notes).
Special thanks to Yuri Schaeffer for help testing both the upgrade
process and the multi-client support with OpenDNSSEC.
One thought on “CrypTech version 3 firmware and software now available”
Comments are closed.