YubiKey Firmware 5.4 Changes
For a description of the FIPS-specific aspects of the YubiKey 5 FIPS Series with the 5.7.4 firmware, see FIPS 140-3 Changes.
The table below lists the YubiKey 5 FIPS Series with the 5.4 firmware configuration changes that are set at programming. These are in addition to the configuration options available in the YubiKey 5 FIPS Series.
| Configuration Change | Description |
|---|---|
| Functional | Enforce power-up self-test (firmware integrity and
algorithm testing)
|
Minimum PIN length
for FIDO2
|
6 alphanumeric characters |
Identification
(FIDO)
|
Unique AAGUIDs for the FIDO Attestation
See AAGUID Values in FIPS AAGUID and Form Factors.
|
| Attestation (FIDO) | Attestation certificates for FIDO include
a FIPS OID (1.3.6.1.4.1.41482.12)
|
FIDO GETINFO |
Command returns a listing of FIPS certificates
applicable to the specific authenticator.
|
| Attestation (PIV) | Attestation certificates for PIV include
the FIPS Form Factor identifier** in the
Form Factor OID (1.3.6.1.4.1.41482.3.9)
|
| YubiKey Manager | Form factor identifies FIPS Series devices.
|