Firmware Overview

The firmware version on a YubiKey or a Security Key determines whether or not a feature or a capability is available to that device. The quickest and most convenient way to determine your device’s firmware version is to use either the Yubico Authenticator with its intuitive and easy-to-use (GUI) interface or ykman the lightweight command line (CLI) software package installable on many OSs.

Note

Yubico periodically updates its firmware to take advantage of features and capabilities introduced into the ecosystem. YubiKeys are programmed in Yubico’s facilities with the latest available firmware. Once programmed, YubiKeys cannot be updated to another version. The firmware cannot be altered or removed from a YubiKey.

Form Factors Available per Firmware Version

Form Factors	Firmware Versions
	5.7.x	5.5.x	5.4.x	5.3.x	5.2.x	5.0.x
USB-A	Yes	Yes	Yes	Yes	Yes	Yes
USB-A + NFC	Yes	Yes	Yes	Yes	Yes	Yes
USB-A Nano	Yes	Yes	Yes	Yes	Yes	Yes
USB-C	Yes	Yes	Yes	Yes	Yes	Yes
USB-C + NFC	Yes	Yes	Yes	Yes	Yes
USB-C Nano	Yes	Yes	Yes	Yes	Yes	Yes
Lightning + USB-C	Yes	Yes	Yes	Yes

YubiKey 5 Series

The features, capabilities, and enhancements of the YubiKey 5 Series that are dependent on firmware version are listed below in the Firmware Capability Matrix.

5.7.4 Firmware - FIPS Series

The 5.7.4 new features include:

• Submission to submitted to NIST’s Cryptographic Module Validation Program for FIPS 140-3 validation.
• Enterprise Attestation to support use cases such as derived FIDO credentials
• FIDO2, PIV and OpenPGP minimum PIN length is now 8
• PIN complexity is on by default to adhere to NIST Special Publication 800-63B (and 800-63B-4)
• Larger keys sizes provide better protection than smaller key sizes until Post-Quantum-Cryptography is mature.

5.7 and 5.6 Firmware Prior to 5.7.4

The 5.7 and 5.6 new features include:

• The NFC function with firmware 5.7 is off by default. Plugging the YubiKey into the device in activates the NFC function. For more detail on this specific feature, see Restricted NFC.
• The 5.7. firmware for the YubiKey 5 Series has a number of features that are available for the first time on the multi-protocol YubiKey 5.

Firmware Capability Matrices

For form factors released with which firmware versions, see Introduction to the YubiKey Series.

YubiKey 5 Series

Features and Form Factors Available per Firmware Version

Features and Form Factors	Firmware Versions
	5.7.x	5.5.x	5.4.x	5.3.x	5.2.x	5.0.x
Features
AlwaysUV	Yes
Attestation Enterprise	Yes
Blob Storage	Yes
Serial Number	Yes	Yes	Yes	Yes	Yes	Yes
YubiHSM Auth	Yes	Yes
FIDO
FIDO U2F	Yes	Yes	Yes	Yes	Yes	Yes
FIDO2/WebAuthn	Yes	Yes	Yes	Yes	Yes	Yes
FIDO2 Credential Storage	100	25	25	25	25	25
FIDO2 PIN Mgmt	Yes
Protocols
OATH	Yes	Yes	Yes	Yes	Yes	Yes
OATH Credential Storage	64	32	32	32	32	32
OpenPGP version	3.4	3.4	3.4	3.4	2.1	2.1
OTP	Yes	Yes	Yes	Yes	Yes	Yes
PIV/Smart Card	Yes	Yes	Yes	Yes	Yes	Yes
SCP03	Yes	Yes	Yes
SCP11	5.7.4+

YubiKey 5 FIPS Series

Features and Form Factors Available per Firmware Version

Features and Form Factors	Firmware Versions
	5.7.4	5.4.3	5.4.2
Features
AlwaysUV
Attestation Enterprise
Blob Storage
Serial Number	Yes	Yes	Yes
YubiHSM Auth	Yes	Yes
FIDO
FIDO U2F	Yes	Yes	Yes
FIDO2/WebAuthn	Yes	Yes	Yes
FIDO2 Credential Storage	100	25	25
FIDO2 PIN Mgmt
Protocols
OATH	Yes	Yes	Yes
OATH Credential Storage
OpenPGP version	3.4	3.4
OTP	Yes	Yes	Yes
PIV/Smart Card	Yes	Yes	Yes
SCP03	Yes	Yes	Yes
SCP11	Yes

YubiKey 5 Series - Enhanced PIN

Features and Form Factors Available per Firmware Version

Features and Form Factors	Firmware Versions
	5.7.4
Features
AlwaysUV	Yes
Attestation Enterprise	Yes
Blob Storage	Yes
Serial Number	Yes
YubiHSM Auth	Yes
FIDO
FIDO U2F	Yes
FIDO2/WebAuthn	Yes
FIDO2 Credential Storage	100
FIDO2 PIN Mgmt	Yes
Protocols
OATH	Yes
OATH Credential Storage	64
OpenPGP version	3.4
OTP	Yes
PIV/Smart Card	Yes
SCP03	Yes
SCP11	Yes

YubiKey 5 CCN Series

Features and Form Factors Available per Firmware Version

Features and Form Factors	Firmware Versions
	5.7.4
Features
AlwaysUV	Yes
Attestation Enterprise	Yes
Blob Storage	Yes
Serial Number	Yes
YubiHSM Auth	Yes
FIDO
FIDO U2F	Yes
FIDO2/WebAuthn	Yes
FIDO2 Credential Storage	100
FIDO2 PIN Mgmt	Yes
Protocols
OATH	Yes
OATH Credential Storage	64
OpenPGP version	3.4
OTP	Yes
PIV/Smart Card	Yes
SCP03	Yes
SCP11	Yes

YubiKey Bio Series

The listed firmware versions apply to both YubiKey Bio Series and YubiKey Bio Series - Multi-Protocol editions, unless indicated.

Features and Form Factors Available per Firmware Version

Features and Form Factors	Firmware Versions
	5.7.x	5.6.x	5.5.x
Features
AlwaysUV
Attestation Enterprise
Blob Storage
Serial Number	Yes	Yes	Yes
YubiHSM Auth
FIDO
FIDO U2F	Yes	Yes	Yes
FIDO2/WebAuthn	Yes	Yes	Yes
FIDO2 Credential Storage	100	25	25
FIDO2 PIN Mgmt
Protocols
OATH	Yes	Yes	Yes
OATH Credential Storage
OpenPGP version	3.4	3.4
OTP	Yes	Yes	Yes
PIV/Smart Card	Multi- Protocol
SCP03	Multi- Protocol	Multi- Protocol
SCP11	Multi- Protocol 5.7.2+

SCP03, SCP11, and PIV Support

SCP03, SCP11, and Smart Card/PIV support is only available on the YubiKey Bio Multi-protocol Edition.

Security Key Series

The listed firmware versions apply to both Security Key Series and Security Series Enterprise editions.

Features and Form Factors Available per Firmware Version

Features and Form Factors	Firmware Versions
	5.7.x	5.4.x	5.0.x-5.2.x
Features
AlwaysUV	Yes
Attestation Enterprise	Enterprise Edition
Blob Storage	Yes
Serial Number	Enterprise Edition	Enterprise Edition
YubiHSM Auth
FIDO
FIDO U2F	Yes	Yes	Yes
FIDO2/WebAuthn	Yes	Yes	Yes
FIDO2 Credential Storage	100	25	25
FIDO2 PIN Mgmt	Yes
Protocols
OATH	Yes	Yes	Yes
OATH Credential Storage
OpenPGP version	3.4	3.4
OTP	Yes	Yes	Yes
PIV/Smart Card
SCP03	Enterprise Edition
SCP11	Enterprise Edition 5.7.4+

SCP03, SCP11, Enterprise Attestation, Serial Number Support

SCP03 is only available on the Security Key Series Enterprise Edition.