YubiKey Firmware 5.4 Changes
For a description of the FIPS-specific aspects of the YubiKey 5 FIPS Series with the 5.7.4 firmware, see FIPS 140-3 Changes.
The table below lists the YubiKey 5 FIPS Series with the 5.4 firmware configuration changes that are set at programming. These are in addition to the configuration options available in the YubiKey 5 FIPS Series.
| Configuration Change | Description | ||
|---|---|---|
| Functional | Enforce power-up self-test (firmware integrity and algorithm testing) | ||
Minimum PIN length
for FIDO2
|
6 alphanumeric characters | |
Identification
(FIDO)
|
Unique AAGUIDs for the FIDO Attestation.
|
|
| Attestation (FIDO) | Attestation certificates for FIDO include a FIPS OID (1.3.6.1.4.1.41482.12) | |
FIDO GETINFO |
Command returns a listing of FIPS certificates applicable to the specific authenticator.
|
|
| Attestation (PIV) | Attestation certificates for PIV include the FIPS Form Factor identifier in the
Form Factor OID (1.3.6.1.4.1.41482.3.9)
|
|
| YubiKey Manager | Form factor identifies FIPS Series devices. See FIPS Form Factors. | |