- Tag the commit to be released with the next firmware version
- Build the firmware using Docker
- Sign the binary firmware
- Upload signed binary to the Github releases
- Bump ./STABLE_RELEASE file with the latest version
- Run update script on the update server (if needed)
To sign the firmware it suffices to call pynitrokey like this:
nitropy fido2 util sign VERIFYING_KEY APP_HEX OUTPUT_JSON
During the firmware signing the smaller MCU version has to be indicated during signing with the --pages switch, like:
nitropy fido2 util sign --pages 64 ....
The rest of the invocation is the same, e.g.:
nitropy fido2 util sign --pages 64 VERIFYING_KEY APP_HEX OUTPUT_JSON