From 3d632645fb477faa4a9fd838005a7f1bf514e7b9 Mon Sep 17 00:00:00 2001 From: k9ert <117085+k9ert@users.noreply.github.com> Date: Sun, 22 Mar 2026 12:14:01 +0100 Subject: [PATCH] fix: bump bootloader version to 1.0.2 for key rotation upgrade The bootloader version was 1.0.1, same as the version shipped with v1.9.0. When the v1.10.0 upgrade writes the new bootloader (with rotated signing keys) to the inactive copy slot, the startup code never swaps to it because both copies have version 1.0.1 and ties go to copy 1 (the old one). This causes subsequent upgrades signed with the new keys to fail with "Not enough signatures". Bumping to 1.0.2 ensures the startup code selects the new copy after the v1.10.0 upgrade. See: https://github.com/cryptoadvance/specter-diy/issues/330 Co-Authored-By: Claude Opus 4.6 (1M context) --- platforms/stm32f469disco/bootloader/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platforms/stm32f469disco/bootloader/main.c b/platforms/stm32f469disco/bootloader/main.c index 431ad6e..16906a1 100644 --- a/platforms/stm32f469disco/bootloader/main.c +++ b/platforms/stm32f469disco/bootloader/main.c @@ -26,7 +26,7 @@ typedef enum upy_reset_mode_t { /// Version in the format parced by upgrade-generator static const char version_tag[] BL_ATTRS((used)) = - "0100000199"; + "0100000299"; /// Embedded memory map record // clang-format off