Releases: keepkey/keepkey-firmware
Release v7.9.3
- Add support for arbitrary denominations in Mayachain msgSend messages.
Release v7.9.1
New Features
- MAYAChain support
Release v7.8.0
New Features
- OP, BNB, xDAI, MATIC chain support
Bug Fixes / Other Changes
- Fixes denomination on Osmosis tx confirmation screens
- Removes support for deprecated EVM testnets
Release 7.7.0
New Features
- Osmosis support. You can now natively sign send, delegate, undelegate, redelegate, join-pool, exit-pool, withdrawDelegationReward, transfer, and swap-exact-amount-in messages on the device.
Bug Fixes / Other Changes
- Removed obsolete contract signing code.
Release 7.6.0
New Features
- KeepKey Authenticator feature. You can now use a KeepKey device as a one-time passcode (OTP) generator for two-factor authentication (2FA). In conjunction with the KeepKey Desktop App (KeepKey.com), the KeepKey can scan 2FA authenticator seeds and generate OTP codes as a hardware authenticator device. There is also a useable prototype authenticator client available in the python client at keepkey/python-keepkey/authenticator available.
Bug Fixes / Other Changes
- Updated the KeepKey security policy in SECURITY.md
Release 7.5.2
Bug Fixes / Other Changes
- This release is functionally the same as 7.5.1, it fixes a version synchronization problem between shapeshift and keepkey desktop.
Release v7.5.1
Bug Fixes / Other Changes
- There were two fixes/improvements to typed data verification based on real-world message signing.
- Webusb prompt now directs to keepkey.com
- Now verifies the general ExecTransaction function in ethereum contract data
Release v7.5.0
New Features
- Enables full Ethereum typed data verification and signing (EIP-712) using JSON format messages. This version supports full verification of typed data on the KeepKey screen, computation of domain and message hash digests and signing.
Release v7.4.0
New Features
- Support for Ethereum EIP-712 message signing. This is basic message hash signing with no verify. Verification will be supported in an upcoming release.
Bug Fixes / Other Changes
- Litecoin and Digibyte xpubs should now be correct for segwit and p2sh_segwit
Release v7.3.2 / Bootloader v2.1.4
New Features
-
Cosmos staking and delegation messages are now supported. (6aa5cd9)
-
Cosmos IBC transfers are now supported. (6aa5cd9)
-
The duration of the auto-lock timeout is now reported as part of the Features message. (93afdd1)
Bug Fixes / Other Changes
-
The WebUSB descriptors have been updated to refer to app.shapeshift.com rather than beta.shapeshift.com. (ed2604f)
-
The mechanism the bootloader updater uses to put the bootloader back into firmware update mode has been made more reliable during updates from a 2.x-series bootloader to another 2.x-series bootloader. (18da57f)
Security Improvements
-
Several improper bounds checks existed in the bootloader's flash write and erase handlers. While effective in normal operation against accidental errors, they could have been bypassed by malicious or compromised firmware. These issues been addressed by improving the bounds checks. (447c1f0)
Any attacker who could take advantage of these issues would first have to have exploited a separate vulnerability severe enough on its own to allow theft of your seed phrase, had physical access to your device, or convince you to load malicious unofficial firmware and ignore the associated warnings. Such an attacker, however, could exploit these issues to implant malware in the bootloader which could survive even a complete device wipe and firmware reset.
These bounds-check vulnerabilities were responsibly disclosed to us by Christian Reitter in a comprehensive and professional report, and MITRE has assigned it CVE-2022-30330. We have no evidence that it has been exploited in the wild. Still, this issue is serious, and we recommend that all users update their bootloader and firmware.
-
The U2F login and registration flow required that the button be held down, but not that it be pressed during the confirmation process. This meant that under particular circumstances an attacker could potentially confuse a user into confirming a U2F login or registration when they intended to confirm a different action, like a transaction, instead. This issue has been addressed by improved the handling of button state in the U2F confirmation flow. (da8b101)
This issue was responsibly disclosed to us by Christian Reitter. We have no evidence that it has been exploited in the wild. Still, we recommend that users who use KeepKey as a U2F authenticator update their firmware.
-
The MPU was not active while executing interrupt handler code. The bootloader now opts-in to MPU protection for interrupt handlers as a defense-in-depth measure. (f8fd1fb)
Thanks to Christian Reitter for suggesting this improvement.
Notes
- Version numbers sometimes get skipped so that they don't overlap with the numbering of internal release-candidate test builds. In this case, firmware versions 7.3.0 and 7.3.1 and bootloader versions 2.1.0, 2.1.1, 2.1.2, and 2.1.3 were used for internal builds and skipped for the production release.