Some more research on initializing RP2040 with Pico-HSM v6.4 firmware (pico_hsm_pico-6.4.uf2)

[rrottmann]

I support the upstream project by purchasing a license and I really like it, but I'm also glad there's an alternative way to initialize the Pico-HSM that doesn't rely on a web service for the PKI (in the past, this API also had some glitches). Moreover, I appreciate the emerging ecosystem developing in true FOSS style.

Inspired by excellent research (a good read for understanding the initialization process and starting with PH's Python code), I decided to experiment using some Waveshare RP2040 zero boards I had on hand. While these lack security features, they provide an affordable option for running and testing the firmware. Depending on the threat model, they might even be enough.

I've documented the entire process in a gist.

(Note: I needed to modify the code by Disappear9 slightly to use a different curve with the RP2040 - even though stating secp256k1 as curve parameter, it only works with ec.SECP256R1())