Release_Notes_ADK_4.7.43

Last updated: 25-Feb-2025

Release Notes ADK 4.7.43

Released: 2025-02-24

CONFIDENTIAL INFORMATION:
This document contains confidential information that is the property of Verifone Inc. No part of this document may be copied, distributed, stored in a retrieval system, translated into any human or computer language, or transmitted in any form or by any means, without the prior written consent of Verifone.

IMPORTANT NOTICE
Verifone, the Verifone logo, is a registered
trademark of Verifone. Other brand names or trademarks associated with Verifone products and services are trademarks
of Verifone, Inc. All other brand names and trademarks appearing in this manual are the property of their respective
holders.

NO WARRANTY
No warranty although Verifone has attempted to ensure
the accuracy of the contents of this manual. This manual may contain errors or omissions. This manual is supplied
"as-is," without warranty of any kind, either expressed or implied, including the implied warranties of
merchantability and fitness for a particular purpose.

LIMITED LIABILITY
Limited Liability in no event shall Verifone be
liable for any indirect, special, incidental, or consequential damages including damages for loss of business,
profits, or the like, even if Verifone or its representatives have been advised of the possibility of such damages.

Verifone, Inc.
817 Broadway, Suite 1100
New York, NY 10003 USA
www.verifone.com

No part of this publication may be copied, distributed, stored in a retrieval system, translated into any human or
computer language, transmitted in any form or by any means without prior written consent of Verifone, Inc.

Introduction

This document describes the content and changes in the ADK 4.7.43 release. It includes details about supported hardware,
components used, major changes and bug fixes as well as known issues and updates to procedures.

A summary of planned or implemented incompatible changes, which may require changes to applications, are provided as an annex.

Please check the installations section, to understand restrictions on downgrading to older ADK versions.

Content

This release provides files as follows:

Product Name	Package Name	Component identifies as
ADK Middleware SDK and system load files	adk-full-ext-4.7.43-1902.zip	SLP ADK-4.7.43
ADK Middleware Documentation	adk-overview-programmers_guide-4.7.43-1902.zip	N/A
ADK Middleware Components Release Notes	adk-component-release-notes-4.7.43-1902.zip	N/A
ADK System Upgraders	adk-upgrader-4.7.43-1902.zip	N/A
ADK V/OS	31345600	31345600
ADK V/OS SDK	vos-sdk-winx86-release-31345600.zip	31345600
ADK V/OS2	31345600	31345600
ADK V/OS2 SDK (combined ADK+OS SDK)	adk-sdk-vos2-4.7.43-1902.zip	N/A
ADK VHQ sys config remove package	dl.VHQconfig-remove-prod.tgz	N/A

Installation

Important note: On any Engage device with battery, please calibrate the battery after installing the
new version. Go through a complete discharge-charging power cycle at least once.

Secure Installer note:

To update previous releases to ADK 4.7.43, please follow the instructions below:

Engage:
- Please read the section in the programmers guide and in the appendix of this document before use on Engage devices. You may not be able to uninstall user applications otherwise.
- Field update
  - Field update: All payment and base devices need be updated to ADK 4.4.5 first when using standard packages.
    By default differential updaters are provided with the release.
- Deployment
  - Prerequisite: Update device to ADK 4.4.5 or a newer release.
  - Please use dl.adk-4.7.43-1902-vos2-engage-prod.tgz to update to this ADK version.
    - Please use the SDI and related packages for other types of devices.
- Important note: We advise to not cut the power during software updates.
V/OS on Ux:
- Important note: Downgrading the SBI boot loader will tamper your device.
- For ADK 4.7 there are two types of buildall file for Ux.
  - Original buildall (with SBI included) and no_SBI (new additional buildall). If you use the original buildall file the latest SBI, 3.17.1 will be installed. If you try to downgrade to a build with an older SBI your device will tamper. If you want to keep the old SBI, pre 3.17.1, please use the no_SBI buildall file.
  - The Ux diff update package will not update the SBI file.
- Field update
  - The following upgraders below are sample updater files for updating UX devices in the field.

- Important note:
  - For better behavior of software installs in case of unexpected power failures, we strongly advice to install software in form of compressed tar download files '.tgz' instead of '.tar' files. This note only applies to the top most layer, the download file, no other changes are required.
  - We advise to not cut the power during software updates.

Solution Package Overview

ADK 4.7.43 provides solution files, which combine the operating system, middleware components and EMV kernel in one single loading image.

Please review the supported kernel version list and update your desired file accordingly. You must only
enable kernel versions, which are certified for your device, country and customer.
In some cases, due
to included user components, solutions might need to be resigned before loading into a unit.

For more details, please check the ADK programmers guide, chapter "ADK Packages and Update Procedure", in
particularly "System Installation Download Files".

Documentation

For detailed information on using any of the ADK features, please refer to comprehensive documentation at
adk-overview-programmers_guide-4.7.43-1902.zip.

Prerequisites/Requirements

Hardware Requirements

This ADK release is for use on production hardware terminal units specified in section "Supported Platforms".

Software Requirements

No special software is required for use with this ADK release. This release provides all required software to operate
a terminal, except a payment application.

The use of Verifone Development Environment (VDE) is recommended when creating new applications.

Release Overview

ADK-4.7.43 is a cadence release on the ADK 4.7 maintenance branch.

Release is focused on battery related improvements & bug fixes on mobile devices.

The release is in full parity with ADK 4.6.43 and 4.4.33.

Branch maintenance policy: ADK 4.7 is in passive maintenance and receives updates only upon request. Requested changes may be bug fixes, minor features and middle-ware component changes. Please consider moving to ADK 4.10 to pick up latest features and support for the newest Verifone models when updating customer solutions.

Supported Platforms

Support for Carbon 8 and Carbon 10 is discontinued with ADK-4.7.10. It's only supported on ADK 4.6. Please use the ADK 4.6 based version.

Devices no longer supported:

Trident: MX915, MX925, Vx V/OS
Verix eVo: All devices
Carbon8, Carbon 10

This ADK release targets the following Verifone products:

Engage: P200, P200 Plus, P400, P400 Plus, V200, M400, V400c, V400c Plus
Engage Portable: V200t, V205c, V210, V240m, V240m Camera, V400m, E280 Speaker, E285
Engage: CM5, M440, M424 and P400 Dual MSR
Trident: UX300, UX301 and UX410

Important note: Use CM5, M440 and M424 only in combination with an approved Android OS version. The same requirement applies to Carbon 8 and Carbon 10 using ADK 4.6.

Component Versions

This ADK Release provides following component versions:

Abstraction
- Crypto Abstraction 1.4.1
- Reader Abstraction 1.7.8
- Reader Synchronous Cards 1.0.5
ADK Fonts 1.1.0
Agent - System remote management (e.g. VHQ):
- AGT 5.0.5.2 - System Remote Agent
- AGT-SUBDEV 4.3.40.2 - System Remote Agent for Android Subdevices (e.g. CM5, M424 and M440)
AST 1.9.3 - Anti Skimming Tool
Base Updater 1.0.2 - Updating base software
CCP 1.75.0 - Communication Control Panel
COM 2.129.0 - Communication service
CPL 2.8.4 - Commerce Platform Library
EMV CT, CTLS and MSR Card Services
- CRD 5.2.140 - EMV service
- CRD-SYNC 1.2.0 CRD-SYNC service
- MSR 2.8.4 - MSR service
- TEC 2.8.17 - Technology selection service
CTLS L1 Library 1.2.51
EVT 2.6.12 - Event service
FPS 1.3.3 - Fingerprint Sensor Library
GDA 1.0.5 - Global Diagnostic Application
GUIPRT 2.58.2 - Graphical User Interface service
INF 1.16.3 - Information Database service
- SQLITE 1.3.6
- EXPAT 1.1.7
IPC 1.29.0 - Inter Process Communication
- IPC-CFG 1.0.17
ISO8583 1.6.0 - ISO8583 protocol Communication
LOG 2.19.12 - Logging service
NAV 1.1.0 - Navigator Gateway
NAVLib 1.6.11 - Navigator Library
NFC 1.21.1
- NFC VAS 1.11.1
- NFC Applepay 1.13.2
- NFC VWI 1.14.1
REGEX 8.41.3
PACKMAN 1.7.2 - Tool for managing archives
PP1000 1.3.0.3 - Pinpad communication library
PRX 3.0.60 - Cloud proxy
SBI 3.17.1 - Secure Boot Image
Secure Data Interface - SDI:
- SDI 4.30.12-253-P2PE-1.6.36 - Secure Data Interface
- SDI-CLIENT 1.33.4 - Compatibilty layer
SEC 2.5.5 - Security service
SKIMMERDETECT 1.0.3 - Anti Skimming Tool Library
SLP ADK-4.7.43 - Solution package version
SOUND 1.2.5 - Sound library
SYSTEM SERVICES components
- SYSINFO 3.106.5 - System Services
- SYSMAC 3.85.14 - Multi application controller
- SYSPM 1.44.16 - ADK Power management

V/OS:

OS and SDK 31345600

V/OS2:

OS and SDK 31345600

CTLS:

V/OS
- VOS_CTLS-4-01.30.03
  - Subversion A4/A5/A6: With Visa MSD and Interac (suitable for the Americas and Europe)
  - With ExpressPay 3.0 / 3.1 and PayPass 3.0.2 / MCL 3.1.1 - Combinations according to release notes
- VOS_CTLS-4.01.16.13
  - Subversion A4: With Visa MSD and Interac (suitable for the Americas and Europe) - With ExpressPay 3.0 and PayPass 3.0.2
  - Subversion B4: With Visa AP and ePAL (suitable for Asia-Pacific) - With ExpressPay 3.0 and PayPass 3.0.2

V/OS2 - CTLS L1
- ctls-l1-full-1.2.51-1.zip CTLS level 1 library for Engage

Tools:

Windows USB driver (for Trident, Engage) 5.0.5.2 Build 7
Windows USB driver (for PP, Qx, Nurit) 1.0.0.21 Build 2

Dependencies

ADKTMS 5.0.5.2 is compatible with the VHQ Server 3.27.01.19

VHQ XSD version 04.01.0009 is used in this Agent

Important Notes

No important notes

New Features

New features in ADK 4.7.43:

Battery: Improve/Refine battery capacity % reporting and removed some redundant charger settings
- Battery: Charging mode changed to meet specification of power management chip on e235 (applicable only on releases it is supported).
- Battery: Improved error debugging when dealing with battery temperature.

New features in ADK 4.7.42:

Battery logs: Reduced unneeded log printing
Sysmode: Added diagnostic menu for battery
Battery: Improved battery charging management (charging level display)
Battery related changes:
- e235 battery charging maximum temperature updated to reflect value in updated battery cell data sheet.
- Force reset of reported battery % to fuel gauge device value if repeated short resume periods do not allow S/W derivation for 20 minutes.
- Fault battery status logged in tamper log to help with fault diagnosis.
- Improved charging management on depleted battery.
SYS: Add four new ADK-SYS properties (dual chip devices only) for Gateway, prefix length, DNS1, DNS2

New features in ADK 4.7.41:

No new features

New features in ADK 4.7.40:

No new features

New features in ADK 4.7.39:

SEC: Hardened the key storage implementation. Data in the key store will be re-encrypted when upgrading to this version or later ones. The key storage is not compatible with older releases and you may lose keys when downgrading
SDI: Setting the contrast is now supported for printing bitmaps via SDI

New features in ADK 4.7.38:

SEC: Hardened the implementation of file access and use of compression libraries when used by system services; removed telnet library from the default solution
Contact EMV: You can now configure the version of the EMV contact L1 driver, in case your device supports multiple versions. Please check the EMV documentation for details and make sure, that the version matches to what you have referenced in other certifications.
Secure Installer: VOS2 now allows targeting for lists of serial numbers

New features in ADK 4.7.37:

Contact versions: the IFM version is now reported in sysmode and control panels, if available
SDI: the number of digits after the decimal point is now currency specific and supports 3 digits

New features in ADK 4.7.36:

SDI: SDI now allows to force a custom currency text on the PIN entry screen. Please check the programmers guide of SDI for details
CP: The CP downloader is no longer part of the standard download package. Please add it as a separate dl file to your solution, if needed
COM, SYS: added support for terminals to work in device mode when connected to iOS products

New features in ADK 4.7.35:

curl: updated libcurl to version 8.4
BAT: refine the battery configuration, calibration and operation
COM: new options in com_USBGadgetMode, see ADK COM programmers guide for details
COM: Send new WLAN disconnect event + reason code
COM: added an event for WiFi roaming, when AP changes, COM_EVENT_WLAN_AP_CONNECT

New features in ADK 4.7.34:

EMV: All Ux, added Gemalto Pure kernel GK 1.1.0

Fixed Issues

Fixed Issues in ADK 4.7.43:

All platforms
- NFC SDK: Fixed an undefined reference to `_NFC_PT_SetBaudRate' in the SDK, when compiling applications.
All Engage
- EMV: Improved handling of the tag DFA13A of EMV_ADK_FETCHTAGS_GET_DATA. Please check the programmers guide for details.
- EMV: Configuration files for terminal and application settings, keys, etc. are now restored in case an application deleted them.
Portable and Mobile
- Fixed a bug that has prevented to receiving event on low battery on mobile devices.
PinPad
- Mifare: Enabled to reading block 63 on Mifare Classic card.
Unattended
- NFC: Extended baud rate support on communication with MIFARE Plus card

Fixed Issues in ADK 4.7.42:

All Engage
- SYS: ADK SYS now allows to read out the sponsor using the SYS_PROP_TERMINAL_SPONSOR again.
- EMV: Fixed the falllback handling for EMV_CTLS_GetCandidateData() in case IIN(E) is not provided by candidate
Portable and Mobile
- BAT: Descriptive battery levels (low, critical etc.) now correctly aligned with numerical % ranges. Also capacity reporting improved for short resume periods during repeated suspend-resume cycles.
- RADIO: added support for new radio firmware version EC200AAUHAR01A13M16_01.200.01.200
Multi-lane
- MAC: Fix sporadic issue with MAC init that resulted in UI styling errors including very large button icons

Fixed Issues in ADK 4.7.41:

All platforms
- DOC: Fixed issue with VHQ section of Programmers Guide
All Engage
- VHQ Agent: now reports keys similar to sysmode application in the below format to VHQ Server. Key types include MS, ADE, DUKPT, VSS DUKPT including the KSN.
- VHQ: Added reporting for AES and 3DES DUKPT online keys to VHQ
- VHQ: Agent will send AgentReboot only once and subsequent reboots are considered as SystemReboot
- VHQ: Fixed issue where Agent not handling SIG TERM signal in all cases.
- VHQ: Fixed issue where scheduling an installation at a later time from download wasn't working.
- BT: To prevent implicit pairing, the retry mechanism for missing keys is now disabled.
All Trinity
- SDI: Add check for minPanLength and maxPanLength when loading cardranges.json.
All VOS3 and Android 10
- SDI: SDI now allows to encrypt card data also for manual card data entry when using VCL
- SDI: Add check for minPanLength and maxPanLength when loading cardranges.json.
Portable and Mobile
- VHQ: Fixed issue where Agent not handling SIG TERM signal in all cases.
- VHQ: Older payloads now get rejected if, a usr1 package with a newer DID is already installed
- BAT: Fixed the battery health display in the MAC control panel.
- SYS: Updated the version of libssh2.so to 1.10.0
Unattended
- VHQ: Remove watchdog timer to eliminated reported deadlock situation
- VHQ: Fixed an intermittent VHQ agent issue, where heartbeats were skipped for several minutes.
Multi-lane
- VHQ: Fixed issue where Agent not handling SIG TERM signal in all cases.
- VCL: Fixed an issue with the Global Stop File to disable VSP encryption.

Fixed Issues in ADK 4.7.40:

All platforms
- SDI : updated error code when trying to remove a plugin while plugin directory not exist yet.
Carbon:
- SEC: Updated ADK SEC to a version, which is compatible with the integrated SDI server. If you have issues with SDI server on previous ADK releases, please update to this version.
Portable and Mobile
- Base: Fixed an intermittent issue with ethernet staying down after wake up from standby, while the terminal is placed on a docking station
Unattended
- CTLS/NFC: Fixed an issue where Mifare and CTLS payments only works for one time.
- SYS: MX downloader is now able to sync date/time of UX300/301 with a PC again. A new MX downloader version is not required
Multi-lane
- VCL: Fixed an issue with the Global Stop File to disable VSP encryption.
- SEC: Updated ADK SEC to a version, which is compatible with the integrated SDI server. If you have issues with SDI server on previous ADK releases, please update to this version.

Fixed Issues in ADK 4.7.39:

All platforms
- Fixed an issue when VAS is enabled, terminal is unable to perform Contact and MSR transactions
All Engage
- Documentation: The missing content in the ADK COM part of the ADK programmers guide is now added again
Portable and Mobile
- Low power modes: Fixed a sporadic hang condition when trying to update the status bar after waking up from deep sleep mode
- CRT reset: Fixed a error -213 issue when executing Cert resets through VHQ
- Radio: Issue with SIM from carrier Orange fixed for mobile devices. Power-up sequence adapted as per Quectel radio module specification.
- COM: Issue with serial Bluetooth connection to POS fixed.
PinPad
- COM: Fixed an issue where web-sockets cannot be connected, if the set-up of a socket is cancelled, while the connection is being established
Multi-lane
- USB: Improved mechanism for USB cable connect/disconnect detection for devices connected to the Engage side for mixed Android and Engage devices

Fixed Issues in ADK 4.7.38:

All platforms
- SDI: Support EMV Contact Read Card Data Transactions with Online PIN
Portable and Mobile
- NFC: Fixed an issue with MiFare support on e280
- Mifare: Fixed a card reading issue for some cards in Mifare encryption state
- EHS6 cellular radio: Run SIM status check again in SIM switch in case a SIM BUSY status is returned, to ensure the SIM status is shown correctly
- NFC: Added FeliCa-LiteS support
- GPRS connection failures (radio: PDP context 1 is not updated in some cases)
PinPad
- NFC: Added FeliCa-LiteS support
Desktop
- NFC: Added FeliCa-LiteS support
Multi-lane
- NFC: Unsupported cards were not handled correctly, polling results analysis has been improved. "Card Not found" case has been reimplemented
- GUI: Added second timeout for remote rendering service (ARRS) for M440

Fixed Issues in ADK 4.7.37:

All Trinity
- SDI: harmonization of error codes between SDI Server running in headless or standard mode so both return 0x6405 in case of Card Removal at PIN Entry
Portable and Mobile
- Radio: fix crash issue with the IMEI reading mechanism on devices with a Telit radio module.
- Radio: added support for radio FW EG21GGBR07A11M1G 30.201.30.201
- WIFI: improve buffer overflow management, allow to remove low RSSI APs from the scan buffer in case there are too many.
- Display: The touch configuration for V240m with display adc_val 1235 has been changed to eliminate "ghost touches"
- EMV: Added Visa VK3.0.2r support for M424, V400M and V400C for L1 3.1a.
PinPad
- COM: Previously CCP synchronizes database updates with libcom only for eth0, wlan0 and gprs0 interfaces. Updated to include IP over USB.
- SDI: harmonization of error codes between SDI Server running in headless or standard mode so both return 0x6405 in case of Card Removal at PIN Entry
Desktop
- Radio: fix crash issue with the IMEI reading mechanism on devices with a Telit radio module.
Multi-lane
- COM: updated interface priorities so they are correctly reported

Fixed Issues in ADK 4.7.36:

All Engage
- Wifi: extended maximum length of scanned wifi network list
- BAT: fixed an issue with deeply depleted batteries refusing to charge
Portable and Mobile
- SI: Fixed a sporadic installation issue in combination with large packages and slow communication lines
- VHQ: fixed the use of hardcoded IP addresses in the VHQ agent when used with newer curl libraries
- VHQ: Fixed a sporadic DNS failure if IP and port was already provided
PinPad
- Display: Fix P400 display with LCD_ID 741 which failed to initialise after wakeup from hibernate
- SYS: SYS_PROP_USB_HIGH_POWER_MODE property was fixed to set/get USB powering options: 2 - High power mode, 1 - Medium power mode, 0 - Low power mode

Fixed Issues in ADK 4.7.35:

All Engage
- SYS: Add missing usbh1 option to sysmenu->administration->communication->ethernet
- COM: added an event for WiFi roaming, when AP changes, COM_EVENT_WLAN_AP_CONNECT
Carbon:
- CM5: Fixed an intermittent problem of connection failures to Android
Portable and Mobile
- COM: fix for radio certification in Brazil
- BAT: Fix battery issues
- CCP: Extend EAP Identity size to 64 char
Unattended
- VHQ: Update the VHQ Agent for VOS devices using ADK operating mode.
- COM: Update USB Gadget/Mode flags

Fixed Issues in ADK 4.7.34:

Carbon:
- SDI: update currency list to support Jamaica Dollar and Aruba Florin
Portable and Mobile
- BAT: now enable charger when voltage from fuel gauge is unreadable.
- BAT: If device is suspended for more than an hour update (reseed) battery capacity with fuel gauge value.
- COM: Added missing MAC OUI to resolve issue with Engage Full Feature Bases
Multi-lane
- COM: Fix issue with selecting Baud rate on M400

Known Issues, Limitations and Restrictions

Known Issues:

No known issues

Restrictions:

Hardware support: Please check the official PCI web page for support of any given hardware.
This is a new release line and certifications may still be in progress.
From ADK 4.10.0 and 4.8.24 onwards, if you downgrade to any older ADK 4.8, 4.7 or 4.6 version you will lose any keys on your device.
VHQ Agent 3.4.1 or above should be used with VHQ server 3.19.01.18 or higher.
VHQ Agent 3.4.2 or above should be used with VHQ server 3.21.0.14 or higher.
VHQ Agent 3.4.3.x or above should be used with VHQ server 3.23.01.01 or higher.
VHQ Agent 5.0.4.x or above should be used with VHQ server 3.26.01.07 or higher.
VHQ Agent 5.0.5.x or above should be used with VHQ server 3.27.01.19 or higher. Please
- Check server version before recommending device software updates (especially on-premise clients).
- Check version of Agent that will be included in any device software update.
- Check version of software embedded on any devices before distributing to clients.
V200t: You must use the latest PVT-3 battery. Low power modes cannot be used on V200t. The unit may hang
sporadically and needs to be rebooted.
Reboot when updating applications: When updating user package, the device will now always
reboot. The only exception from this behavior are user data files.
"When upgrading to ADK-4.4.17/ADK-4.6.4/ADK-4.7.x/later versions from older versions, it is recommended
to go through a complete discharge-charge power cycle atleast once after the SW update.
For later updates,
example moving from ADK-4.6.12 to ADK-4.7.6 this step is not required.
If battery is removed and
re-inserted, it is recommended to go through a complete discharge-charge power cycle atleast once.

Please follow the update procedure above strictly. There are several limitations in older releases regarding the update of units:

For releases earlier than ADK 4.4.0 and ADK Portable, do not use combined Engage download packages. Device specific download packages must be used for ADK 4.3.x, ADK for Carbon and ADK for M400 and older releases.
Engage automated update: In some cases, the unit may not automatically restart after an install. Please reboot the unit manually in that case.

Appendix:

General notes:

For all Base devices:
- Devices without user signed VHQ Config - in the field:
- Devices without user signed VHQ Config - out of the box scenario:
- Devices with user signed VHQ Config package:
VOS2:

Radio auto-start must be used if the radio needs to be turned off for any reason. Auto-start is the default and it should be retained in this release.

SW Update Capabilities

Buildall
1. Surgical removal - removed OS+sys apps - but not usr apps or keys or OS config; however, network
  settings will be reverted to default (package "cdgnetcfg").
2. Loaded via USB or as a package i.e. downloadable file via VHQ, netloader, etc...
3. Used at deployment center to change factory VOS into that required by customer.
4. VHQ:
  1. In the past, VHQ device-specific session key was deleted, but fixed in Agent R6 and later.
  2. Currently
    1. Using the normal build all will erase all settings for VHQ.
    2. However, we can technically generate a “upgrader”, (see below) which only erases
      downgraded components. This should be reviewed in advance for any security breaches
      (usually there is none), and then be used in VHQ.
    3. However, this is a one off process, i.e. a usual updater request.
5. In most cases, can downgrade, i.e. change to earlier VOS release. Note on MX9, downgrading from
  release-3014 to something earlier requires special magic, contact i_mx_T3SW for details.
6. This does NOT wipe Warrantied Keys / VRK key.
7. VCL:
  1. in the past, VCL Keys, Configuration Data, and the BIN Table file was deleted with a build-all.
  2. Starting with VCL 9.1.001S (in OS release-31040101) VCL now stores the VCL Keys, Configuration Data, and the Bin Table file into a new folder location so the build-all will not delete these files.

Removeall
1. Remove file in a bundle - list off what you want to remove. Can remove everything that was loaded via a
  bundle (anything part of manifest) i.e. not anything that apps created.
2. Secure Installer API - remove bundle names, users (same limitations as remove file via bundle).
3. Never do a removeall on its own of OS (without OS as part of buildall) because then you'd have no OS.
Crtreset
1. Tool that uses customer signer card to be able to remove customer app sponsor. Required when device is
  no longer being used by customer.
2. this is used by customers for their devices (works with customer specific app sponsor only).
3. Passwords are set to pre-expired such that user is forced to enter new passwords.
Upgraders
1. Use a script to determine if upgrade applicable, based on current software installed, e.g. VOS
  release/build string.
2. "Upgrades", so changes nothing if already on final VOS build, or applied accidentially to a
  later VOS release/build, i.e. "upgrade to release-30250600" downloaded when release-30410400
  running on device.
3. Script can remove specific files or packages if no longer relevant. E.g. MX9 VOS ADK 2 and ADK 3, FLTK
  and Nano-X were optional packages in their own bundle. For release-3041 it was moved into the core.
4. During upgrade, a package can be replaced with more-recent version, or altered using
  bsdiff (does binary patching of package). However, bsdiff requires a
  specific package version to start with.
5. Overhead is (at least) one extra reboot that a build-all does not need. This is when the upgrader
  script runs to decide what to do.
6. MX9 Upgraders must not change VCL, VHQ and its certificates, CTLS, and not touch vos-syslog-flash
  package.
Tamper / VCL Key

Note about VCL keys specifically and key versus config in bold below

In AES DUKPT mode the keys are now handled and stored by the OS so the keys shouldn't be
lost during a buildall. But the other VCL configuration settings would be lost temporarily
disabling encryption until another VCL config package is installed on the device.

As documented above in the VCL section, configuration data and the keys used in DDK mode have
been moved to a new location under VOSCOR-21681 which will be
integrated into the OS after QA completes testing. The new location will persist keys and data
after a build-all.
- Permanent Tamper
  - AKA: TANC (tampered and not cleared) is a tamper that is still physically active e.g. a normally closed tamper switch is open, or a security mesh is broken.
    The source of the tamper must first be fixed in hardware before the terminal can be detampered.
- Transient Tamper
  - AKA: TAC (tampered and cleared) is a tamper that was physically active e.g. a normally closed tamper switch opened and then closed, or a security mesh was temporarily open but is now closed.
    By definition, for a transient tamper the source of the tamper has first been fixed in hardware, so the terminal can be detampered.
- Tamper Handling
  - Tamper detection and response are done entirely by the hardware, when a tamper event occurs
    the vault code that deals with the tamper events manages the tampering logs messages and deliver these log messages to the public world.
    A tamper will always reboot the terminal. All secret or private keys, or the key that is encrypting them, are deleted.
    On every boot up, the software determines the tamper status.
    There are two ways the terminal
    software can respond if the terminal is tampered:
    - Not run any third party applications.
    - Run third party applications but disable all payment interfaces such that payment (or
      processing of cards MSR, Contact, Contactless, or card data) is not possible.

A terminal may support either one or both of these methods. The configuration of which
methods are supported is done at manufacture time by setting a signed Secure Installer variable.

- Detamper device

There are two methods to detamper a device, it may support either one or both of these methods.

Detamper with passwords / direct key load operation.
Detamper with SST (Secure Service Tool TRSM) / Keyloading via KLD.

The configuration of which methods are supported is done at manufacture time in a MIB (Message Information Block) file. This configuration cannot be changed once set.

Tables:

Key Wiping Scenarios

Symbol	Meaning
✅	The keys will not be affected in this scenario
❌	The keys will either be deleted or rendered unreadable and unusable
⚠️	The keys will be replaced with new versions

Key/SW vs Scenario	Warranty Keys	Customer Key IPP	Customer Key ADE 3*	Customer Key VSP	Customer Key AES DUKPT	VSS Script Key	Apple/ Google Wallet Key 2*	App	ADK (USR)	ADK (SYS)	OS config	OS	VSS Scripts	Passwords
Buildall	✅	✅	✅	✅ 1*	✅	✅	✅	✅	✅	❌	❌	❌	✅	✅
Buildall + Remove all User	✅	❌	❌	❌ 1*	❌	❌	❌	❌	❌	❌	❌	❌	❌	✅
Remove all	✅	✅	✅	✅	✅	✅	✅	❌	❌	✅	✅	✅	❌	✅
Remove all users	✅	✅	✅	✅ 1*	✅	❌	❌	❌	❌	✅	✅	✅	❌	✅
CrtReset	✅	❌	❌	✅	❌	❌	❌	❌	✅	✅	✅	✅	❌	❌
O/S Upgrade	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	⚠️	✅	✅
ADK Upgrade	✅	✅	✅	✅	✅	✅	✅	✅	⚠️	⚠️	✅	✅	✅	✅
Application Upgrade	✅	✅	✅	✅	✅	✅	✅	⚠️	✅	✅	✅	✅	✅	✅
Tamper Event	❌	❌	❌	❌	❌	❌	❌	✅ 4*	✅	✅	✅	✅	✅ 4*	✅
CP Dev	Replaced with test keys	❌	❌	❌	❌	❌	❌	❌				Replaced with test keys	❌

Notes:

In the past VHQ device-specific session key was deleted, but fixed in Agent R6 and later.
This is a app key transported via VSS key.
Note that ADE requires a FeatureEnablement license token to enable it (in addition to an ADE key).
For Brazil ABECS it is a requirement to delete the applications on tamper.
Diagnostic counters are always maintained as long as coincell is good (they are in Battery Backed sram).

ADK re-packaging

Status of change
Type of change	Repackaging of full-ext zip archive
New behavior available	ADK 5.0
Planned Deprecation version	ADK 5.1
ADK components	ADK integration and packaging
Changes	The ADK-full-ext zip archive is replaced by SDK archives, a doc archive and platform specific load archives.
Impacts	As a solution provider you may need to update build scripts to use the new zip archives instead of the full-ext zip archive. Transition: The original full-ext zip archive is still available and can be used to simplify the transition.
Reasons for change	With the introduction of VOS3, the size of the ext-full bundle becomes unmanageable large. As some parts are already provided separately, the remaining files will be split, too.
References	Packaging documentation in the programmers guide.

PCI version check

Status of change
Type of change	Add ability verify consistency of PCI versions from sysmode and via API
New behavior available	ADK 4.10 / ADK 4.9
Planned Deprecation version	N/A
ADK components	Installer and sysmode for VOS1 and VOS2
Changes	A new API was added to verify, if the combination of installed components match the expected and certified combination and reported a "tainted" status, if they do not match. The same check is added to sysmode and the PCI version splash screen shown during start up. In addition a NAG screen is implemented on devices with color screens, which will be shown during regular operation, indicating a tainted state.
Impacts	Terminal users should check for tainted status of terminals in the field in a similar way as checking PCI versions. Solution providers must use a full ADK stack to not risk a tainted device or loss of functionality. Application developers can check the status and report to servers or show the status on application status screens. This is particularly important for headless devices like UX300, UX301 or UX410, if operated without UX100.
Reasons for change	Security: Although installations are password protected and should prevent installation of unwanted combinations, the tainted state mechanism was added to counter the increasing complexity of the system and simplify verification of certified version combination.
References	Secure installer interface documentation

secRSAPrivate() / SDI Remote Key Service - will no longer accept RSA keys with key usage 'K3' "Asymmetric Key Pair for Key Wrapping/Key Agreement".

Status of change
Type of change	Added restriction on key usage.
New behavior available	K81 FW: SPFW_01.05.xx.xx (release line: 1.4.x)
Planned Deprecation version	K81 FW: SPFW_01.05.xx.xx (release line: 1.4.x)
ADK components	VOS3 / VAOS10
Changes	secRSAPrivate() / SDI Remote Key Service will no longer work with RSA keys with key usage 'K3'.
Impacts	No impact is expected as the ADK provides signing and data decryption functions, but not key wrapping / agreement. Key usages 'D1', 'S0', and 'S2' will continue to be supported. Besides, VRK key profiles reports confirm that no keys with key usage 'K3' were created for that purpose.
Reasons for change	Security: Turkey Custom RKL to be implemented in the planned deprecated version, requires loading an RSA key with key usage 'K3' for decrypting the payloads. This RSA key is accessible to apps that can potentially use it with secRSAPrivate() / SDI Remote Key Service to decrypt payloads on the non-secure side.
References

Packages trying to install files to /mnt/flash via their /home subdirectories would fail to install

Status of change
Type of change	Restrictions enforced on installation packages to make those comply with the Secure Installer specification from the ADK programmer's guide.
New behavior available	All major ADK branches.
Planned Deprecation version
ADK components	VOS/VOS2
Changes	During installation, Secure Installer prevents installation of files outside the directory tree of a package, even when using symlinks and enforces the behavior described in the installer documentation. This applies specifically to user home directories like /home/usr1 and affects files in /mnt/flash, even if they are accessible via a symlink from the user home directory. Secure installer allows the use of symlinks even during installation, as long as all files for usr1 will be extracted to - and only to - the /home/usr1/ subtree. To install files to /mnt/flash, a dedicated SI installation package with "userflash" type must be used. This means, that the usage of the "flash" directory is not allowed in regular user packages. Please consult the secure installer documentation for more details Packages not complying with this rule fail to install.
Impacts	Customers using packages that contradict Secure installer specification.
Reasons for change	Reduce the attack surface.
References	dl files can be verified with packman, starting version 1.4 with the validate command "packman.py validate -t vos2 -rd dl.file.tgz"

Remove "Unsigned packages" from VOS/VOS2

Status of change
Type of change	Remove support for installing "Unsigned packages"
New behavior available	ADK 4.10
Planned Deprecation version	N/A
ADK components	VOS/VOS2
Changes	Remove support for installing "Unsigned packages" Installation packages that do not require signature, used for installing media files to device, will no longer be supported.
Impacts	Customers using "Unsigned packages" will require to use alternative methods for dowloading media files to their application.
Reasons for change	Reduce the attack surface.
References

Old internal CWK APIs marked as deprecated for the compiler

Status of change
Type of change	Old internal CWK APIs marked as deprecated for the compiler
New behavior available	ADK 4.10
Planned Deprecation version	ADK 4.7
ADK components	VOS/VOS2
Changes	Following VOS/VOS2 internal APIs marked as deprecated for the compiler cryptoRead cryptoWrite cryptoReadWrite
Impacts	Users compiling their applications against old CWK APIs. This should not be done, starting with ADK 4.7. ADK-SEC public APIs must be used instead: secEncryptData secDecryptData
Reasons for change	Gradual deprecation of replaced internal OS CWK APIs.
References

Remove 'voltagesecurity' library from VOS1 build

Status of change
ADK components	VOS1
Type of change	Remove 'voltagesecurity' library from VOS1 build
Changes	Remove 'voltagesecurity' library from VOS1 build
Impacts	No one.
Reasons for change	During upgrade to openssl3 dependencies in 'voltagesecurity' library on VOS1 were identified. No users for the library were identified.
New behavior available	ADK 4.10
Planned Deprecation version
References

VOS2 VRK "key name" length limited to 32 chars

Status of change
Type of change	VOS2 VRKv1/VRKv2 "key name" length limited to 32 chars
New behavior available	ADK 4.9
Planned Deprecation version	ADK 4.9
ADK components	VOS2
Changes	User will be able to load only VRKv1/VRKv2 payloads with "key name" field length < 32 chars.
Impacts	VRKv1/VRKv2 payloads.
Reasons for change	Internal legacy OS structures do not allow handling longer key names. This soluiton resolves bugs related to handling of longer key names.
References

MSR Service removed

Status of change
Type of change	MSR Service removed
New behavior available	ADK 4.9
Planned Deprecation version	ADK 4.9
ADK components	VOS1, VOS2
Changes	MSR is now a middleware component. Using "libvfimsr" is now deprecated, the "libvfimsrwrap" should be used instead.
Impacts	Applications that use msr_svc calls have to substitute these witht he new library. You must use the ADK package to load the SW or lose some of the functionality.
Reasons for change	MSR driver and decoder enhancements
References

Sysmode file browser removed

Status of change
Type of change	Sysmode file browser removed
New behavior available	ADK 4.9, 4.8, 4.7
Planned Deprecation version
ADK components	VOS2
Changes	Sysmode file browser exposed files to user that can be used in the vulnerability exploit. Sysmode file browser removed.
Impacts	Sysmode file browser
Reasons for change	Device security
References

Deprecate ADK-EVENT APIs

Status of change
Type of change	Deprecate ADK-EVENT API on ADK 4.9
New behavior available
Planned Deprecation version	ADK 5.1
ADK components	ADK-EVENT
Changes	ADK-EVENT component functionality is covered by ADK-IPC API. See the ADK-IPC Programmer's Guide for detailed information.
Impacts	Access to ADK-EVENT API
Reasons for change	Obsolete functionality
References

Access to the sysmode-www for Bases removed

Status of change
Type of change	sysmode-www removal, new menus on the handset's sysmode to configure a connected base
New behavior available	ADK 4.8.14, ADK 4.9
Planned Deprecation version
ADK components	VOS2
Changes	access to the sysmode-www removed from bases new menus on the handset's sysmode added (only Engage handset's): new menu "Base Config" under the ''Administration'' if the handset is docked and paired with a base sub-menu "Date/Time" to configure the date and time on the base sub-menu "Static IP" to configure the static IP on the base sub-menu "Unpair all handsets" to unpair all handsets that are connected to the base that is connected to the current handset
Impacts	sysmode-www removed from V400m base, V240m base, V210 base, CM5 base, T650p base new menus on Engage handsets only.
Reasons for change	Vulnerabilities on the sysmode-www
References

OpenSSL upgraded from 1.0.2 to 3.0

Status of change
Type of change	OpenSSL upgrade
New behavior available	ADK 4.10
Planned Deprecation version	ADK 4.10 Attention: This change will not be back ported to existing branches
ADK components	VOS1 & VOS2
Changes	OpenSSL version on the device will be upgraded to 3.0
Impacts	All Engage and Ux users
Reasons for change	OpenSSL 1.0.2 reached end of life. OpenSSL 3.0 adds TLS 1.3 support
References

The minimal sysmode password length now is 7 digits on all Engage and Ux

Status of change
Type of change	Sysmode password length validation
New behavior available	ADK 4.9
Planned Deprecation version	Attention: This change will be not backported to existing branches
ADK components	VOS1 & VOS2
Changes	If the current sysmode password value on a device is less than 7 digits long, then, during the next login the user will be prompted to enter a new password value that is at least 7 digits long. This change affects only users who change the password by password update/reset packages and set the new password that is less than 7 digits.
Impacts	All Engage and Ux users
Reasons for change	PCI and security requirements
References

Drop networkapps service

Status of change
Type of change	Remove library from default integration
New behavior available	ADK 4.8
Planned Deprecation version	Attention: This change will be backported to existing branches
ADK components	ADK SYS on VOS1 & VOS2
Changes	Remove library integration of "libsvc_networkapps.so" This library was delivered as part of "vfiservices" package in "svcmgrstk" bundle
Impacts	No impact, as not used
Reasons for change	reduce RAM usage, download size and maintenance
References

Remove extra packages from V/OS1 integration

Status of change
Type of change	Remove packages from default integration:
New behavior available	ADK 4.8
Planned Deprecation version
ADK components	VOS1 ADK integration
Changes	Remove packages from default Ux integration: skimmerdetect - there is no AST support for Ux units (Mx units are not supported in branches higher than ADK 4.4) libcpr- commerce platform is disable by default on V/OS1 units libfps - no finger print scanner on V/OS1 units libcpapp - commerce platform is disable by default on V/OS1 units The packages libcpr and libcpapp can be loaded with an application, if required
Impacts	Installations on ADK 4.8.x
Reasons for change	reduce RAM usage on UX units
References

Drop bzip2 compression support for dlfiles/bundles/packages

Status of change
Type of change	Remove of packaging format Bzip2 compressed (extensions: tar.bz, tbz, tbz2) Use Gzip instead (extensions: tar.gz, tgz)
New behavior available	ADK 4.4 and previous releases support tgz and tar
Planned Deprecation version	Attention: This change will be backported to existing branches
ADK components	VOS-SI
Changes	Secure Installer on VOS2 will not support the Bzip2 decompression (extensions: tar.bz, tbz, tbz2) methodology in future for: dlfile bundles packages Use the existing compression methods Gzip (extensions: tar.gz, tgz) instead.
Impacts	Installations on ADK 4.8.x
Reasons for change	Installation time and RAM usage reduction
References

glib-2 to be removed

Status of change
Type of change	Shared libraries removal. Gnome Input Output (libgio) will no longer be part of ADK release .
New behavior available	ADK 4.9.x
Planned Deprecation version
ADK components	VOS-SYS
Changes	The complete glib-2 bundle will no longer be provided in adk release. Backwards incompatible changes: Any application linking statically or dynamically to one of the following will break: libglib-2.0.so.0 libgobject-2.0.so libgio-2.0.so libgmodule-2.0.so libgthread-2.0.so
Impacts	Upgrade to ADK 4.9.0
Reasons for change	DL file size reduction to ease migrations
References

ICWK-encrypted data will be lost on downgrade

Status of change
Type of change	ICWK encryption scheme will change. Downgrade from ADK 4.9 to older release would lead to loss of ICWK-encrypted data.
New behavior available	ADK 4.9.0, ADK 4.8.24, ADK 4.7.39
Planned Deprecation version
ADK components	VOS-SEC
Changes	Backwards incompatible changes: ICWK-protected data will be re-encrypted upon upgrade ICWK-protected data will be lost upon downgrade to older version Warrantied keys (System keys) AES DUKPT keys
Impacts	Upgrade to ADK 4.9.0
Reasons for change	Vulnerability closed in ICWK
References

Weak keys, weak certificate hashes prohibited by default for SSL/TLS

Status of change
Type of change	Default configuration became more strict
New behavior available	ADK 4.8
Planned Deprecation version	ADK 4.8.x
ADK components	VOS-SEC, ADK-COM
Changes	ADK-COM default SSL_POLICY will be updated to reject SSL/TLS connection with server authentication certificates: With weak key sizes (e.g. RSA certificates<2048bits). Minimum RSA key size is 2048. Signed using a weak hash (e.g. SHA1, MD5). Only algorithms from the SHA2 and SHA3 family are allowed. Ciphers relying on SHA1, MD5 for MAC removed from OpenSSL default cipher list. OpenSSL 1.0.2 X509_verify_cert() call behavior on VOS and VOS2 will now resemble the behavior for the same call from OpenSSL 1.1.1: Following error codes were added from the upstream OpenSSL 1.1.1: X509_V_ERR_CA_KEY_TOO_SMALL, error message "CA certificate key too weak" X509_V_ERR_CA_MD_TOO_WEAK, error message "CA signature digest algorithm too weak"
Impacts	SSL/TSL connection. Certificate verification with OpenSSL.
Reasons for change	PCI requirements.
References	PCI PTS 6 requirement: TD9.2 In the case when certificates are used for server authentication, the tester shall execute tests to verify device behavior when receiving incorrect certificates, including: a) Expired certificates b) Self-signed (un-authenticatable) certificate c) Certificate with weak key size⎯e.g., RSA less than 2048 bits d) Certificate signed using a weak hash e.g., SHA1 or MD5 e) Chaining error in certificate for cases a, b, c, or d SSL_POLICY: Please check the SSL policy chapter in the ADK programmers guide, section ADK COM for details.

VOS2: "Fixed key" PIN encryption no longer allowed, single DES disabled by default

Status of change
Type of change	Functionality removed
New behavior available	ADK 4.8
Planned Deprecation version	ADK 4.8.x
ADK components	VOS-SEC
Changes	In VOS2 IPP M/S the following changes apply: Loading a master key with KeyUsage P0 is no longer allowed. P0 was required for 'Fixed Key' as the master key encrypts the PIN but now all master keys should have usage 'K0'. M/S PIN encryption no longer supports 'Fixed Key'/ 'Zero GISKE session key'. So Bit5 of the IPP KMM no longer has any effect in IPP Packet Z60. Using a single DES GISKE key for PIN encryption is no longer allowed. The session key must be 2key or 3key 3DES, otherwise Packet Z60 will return error '2', work key error. Using a 'Key Only Format' (KOF) loaded key for PIN encryption is also no longer allowed. Again error '2', work key error, will be returned. The default KMM for M/S is now 3DES.
Impacts	Key loading and key use for PIN encryption: Fixed key and single DES (see changes above for details)
Reasons for change	PCI 6 requirement
References

Deprecated open source library headers: Fribidi

Status of change
Type of change	Removal of depricated fribidi library
New behavior available	ADK 4.6.0
Planned Deprecation version	ADK 4.7.0
ADK components	Open source library
Changes	Use of the private library fribidi is depricated since ADK 4.6. The header files have been added back in ADK 4.7 for compatibility reasons, but are still considered private. The library will be removed in a future version, including all header files without further notice,
Impacts	ADK 4.7.0
Reasons for change	The library is private It is replaced with a different open source library in most components
References

Limiting access to diagnostic API

Status of change
Type of change	Limit access to OS API
New behavior available	ADK 4.8.0
Planned Deprecation version	ADK 4.8.0
ADK components	ADK-SYS, VOS-SEC, VOS-SYS
Changes	Access to the OS diagnostic API ''diag_counter_get_info'' for regular users (usr1-15) is now restricted. Only system users (sys1-15) can access this information. Use ADK-SYS APIs as an alternative to query system properties. Values that are restricted: Exposed by ADK: DIAG_COUNT_MSR_READS_ATTEMPTED DIAG_COUNT_MSR_READS_WITH_ERRORS_TRACK_1 DIAG_COUNT_MSR_READS_WITH_ERRORS_TRACK_2 DIAG_COUNT_MSR_READS_WITH_ERRORS_TRACK_3 DIAG_COUNT_MSR2_READS_WITH_ERRORS_TRACK_1 DIAG_COUNT_MSR2_READS_WITH_ERRORS_TRACK_2 DIAG_COUNT_MSR2_READS_WITH_ERRORS_TRACK_3 DIAG_COUNT_SMARTCARD_INSERTIONS DIAG_COUNT_SMARTCARD_ERRORS Not exposed by ADK: [DIAG_COUNT_ID] = { "ID & Ver Maj,Min",OS,HEX,0,0 } [DIAG_COUNT_APPLICATION_FIRST ... DIAG_COUNT_APPLICATION_LAST] = { "App Counter",0,RESERVED,0,0 } [DIAG_COUNT_APPLICATION_LAST+1 ... DIAG_COUNTERS_ALLOCATED-1] = { "OS Counter",0,RESERVED,0,0 }, [DIAG_COUNT_NAND_FLASH_ECC_ERRORS] = { "ECC Error",FLASH,SECRET,0,0 }, [DIAG_COUNT_NAND_FLASH_ECC_CORRECTED] = { "ECC Corrected",FLASH,SECRET,0,0 }, [DIAG_COUNT_NAND_FLASH_BAD_BLOCKS] = { "Bad Block",FLASH,SECRET,0,0 }, [DIAG_COUNT_HARD_KEYPAD_PRESSES] = { "Key Press",KPAD,0,0,0 }, [DIAG_COUNT_LAST_PIN_ENTRY_START_TIME_STAMP] = { "PIN Entry Start",PIN,TIME,0,0 }, [DIAG_COUNT_LAST_PIN_ENTRY_END_TIME_STAMP] = { "PIN Entry End",PIN,TIME,0,0 }, [DIAG_COUNT_PIN_ENTRY_ERRORS] = { "PIN Entry Error",KPAD,0,0,0 }, [DIAG_COUNT_POWER_CYCLES_OR_REBOOTS] {"Pwr Cyc / Reboot",SYS,0,0,0 }, [DIAG_COUNT_SYSTEM_MODE_ENTERED] = { "Sys Mode Entry",SYS,0,0,0 }, [DIAG_COUNT_SYSTEM_MODE_ENTRY_FAILED] = { "Sys Mode Fail",SYS,0,0,0 }, [DIAG_COUNT_SYSTEM_MODE_PASSWORD_CHANGE_TIME] = { "Pwd Change Time",SYS,TIME,0,0 }, [DIAG_COUNT_PROCESSED_DOWNLOAD_FILES_OR_PACKAGES] = { "Dnld Processed",SYS,0,0,0 }, [DIAG_COUNT_EMF_ENCOUNTERED] = { "EMF Encountered",MSR,0,0,0 } [DIAG_COUNT_CONTACTLESS_READS] = { "Contactless Read",CTLS,0,0,0 }, [DIAG_COUNT_CONTACTLESS_ERRORS] = { "Contactless Err",CTLS,0,0,0 } [DIAG_COUNT_TOUCHPANEL_CALIBRATIONS] = { "Touch Cal",TOUCH,0,0,0 }, [DIAG_COUNT_TOUCHPANEL_CALIBRATION_TIME_STAMP] = { "Touch Cal Time",TOUCH,TIME,0,0 }, [DIAG_COUNT_SIGNATURE_CAPTURES_PERFORMED] = { "Signature Cap",TOUCH,0,0,0 }, [DIAG_COUNT_USB_SERIAL_DISCONNECTS] = { "USB Serial Disc",USB,0,0,0 }, [DIAG_COUNT_TAILGATE_NAKS_SENT] = { "ECR NAK Sent",ECR,0,0,0 } [DIAG_COUNT_TAILGATE_NAKS_RECEIVED] = { "ECR NAK Recv",ECR,0,0,0 } [DIAG_COUNT_TOUCHPANEL_DATA_SAMPLES] = { "Touch Samples",TOUCH,0,0,0 } [DIAG_COUNT_UBI_MAX_ERASE_COUNT] = { "UBI Max Erase Cnt",FLASH,0,0,0 } [DIAG_COUNT_TOUCHPANEL_SCALING_CALC] = { "Touch Scale Cnt",TOUCH,0,0,0 } [DIAG_COUNT_TOUCHPANEL_SCALING_CALC_TIME_STAMP] = { "Touch Scale Time",TOUCH,TIME,0,0 }, [DIAG_COUNT_TAILGATE_POLL_ADDRESS] = { "ECR Poll Addr",ECR,HEX,0,0 } [DIAG_COUNT_CUMULATIVE_UPTIME] = { "Cumulative Uptime",OS,HEX,0,0 }, [DIAG_COUNT_HIGH_TEMP_SHUT_STATE_NORMAL] {"HiTemp Normal",SYS,0,0,0 }, [DIAG_COUNT_HIGH_TEMP_SHUT_STATE_WARN] {"HiTemp Warning",SYS,0,0,0 }, [DIAG_COUNT_HIGH_TEMP_SHUT_STATE_DANGER] {"HiTemp Danger",SYS,0,0,0 }, [DIAG_COUNT_MCR_MTR_RUNTIME] = { "Motor Run Time",MCR,HEX,0,0 }, [DIAG_COUNT_MCR_MTR_ERROR] = { "Motor Error",MCR,0,0,0 }, [DIAG_COUNT_MCR_SHTR_ERROR] = { "Shutter Error",MCR,0,0,0 }, [DIAG_COUNT_MCR_SW_ERROR] = { "Sensors Error",MCR,0,0,0 }, [DIAG_COUNT_MCR_EJECT_CNT] = { "Eject Cnt",MCR,0,0,0 }, [DIAG_COUNT_MCR_MAX_CURRENT] = { "Max. Current(mA)",MCR,0,0,0 }, [DIAG_COUNT_PRINTER_VP_INIT_ERROR] = {"Vp init error", PRINT, 0,0,0 }, [DIAG_COUNT_PRINTER_CUT_ERROR_1] = {"Cutter error 1", PRINT, 0,0,0 }, [DIAG_COUNT_PRINTER_CUT_ERROR_2] = {"Cutter error 2", PRINT, 0,0,0 }, [DIAG_COUNT_PRINTER_CUT_ERROR_3] = {"Cutter error 3", PRINT, 0,0,0 }, [DIAG_COUNT_SYSTEM_FLAGS] = { "System Flags",OS,HEX,0,0 }.
Impacts	access to OS API ''diag_counter_get_info''
Reasons for change	System vulnerabilities regarding usr1-15 access to secure side
References	Please check the ADK programmers guide under sys info for more details

New user signing for V/OS2

Status of change
Type of change	Introduction of new user signer cert tree for VOS2 Licence check for legacy VOS/VOS2 signer cards
New behavior available	ADK 4.8.0
Planned Deprecation version	ADK 4.8.0
ADK components	VOS-SEC
Changes	Introduction of new cert tree for VOS2 user signing Added licence check for legacy VOS/VOS2 signer cards Update 'crtreset' tool to handle new VOS2 user signing certs
Impacts	Installation of legacy signed application packages will fail, until a proper licence package containing the new VOS2 user signing certificate with matching sponsor was installed on the device The licence packge with the new VOS2 user signing certificate has to be installed after upgrading to ADK 4.8 and before installing legacy signed application packages Already installed applications will continue running after upgrade to ADK 4.8 New 'crtreset' tool has to be used with ADK 4.8 The changes only affect VOS2 platform. VOS is not affected.
Reasons for change	Separation of VOS and VOS2 application partition Only clients with an approved Software Licensing Agreement will be able to sign and install applications Future outlook: Enable Online Signing through Verifone Signing Portal Retire physical signing cards after moving customers to Online Signing
References	Please check the ADK programmers guide "Guidance for new user signing feature"

Filter environment variables passed to a process when starting it

Change

Filter environment variables passed to a process when starting it

Status of change

Type of change

Deprecation of unused functionality

New behavior available

ADK 4.8.0

Planned Deprecation version

ADK 4.8.0

ADK components

V/OS

Changes

Added blacklist of dangerous environment variables that can NOT be passed to an app when invoked from another user app
- Blacklist applies to all 'usr' apps
Added whitelist of allowed environment variables that can be passed to an app when invoked from another user
- Whitelist applies to all 'sys' apps

Impacts

usr apps can no longer pass dangerous environment variables from the blacklist to new processes
sys apps can only pass allowed environment variables from the whitelist to new processes

Reasons for change

Security improvement: Implement proper environment variable filtering using sudo. Allows to prevent certain attacks when new process is started with spoofed system environment variables.

References

Blacklist:

Environment variable	Description
IFS
SHELL
HOME	force-reset by -H or sudoers
LD_*
PATH
USER	force-reset by -u or sudoers
USERNAME
OLDPWD
PWD

Whitelist:

Environment	Description
ADK_*	Prefix with the wildcard for future ADK environment variables.
GUI_REGION	ADK-GUI region id, which will be used to render application GUI
GUI_DISPLAY	If ARRS is active, this environment stores ARRS IP address and port for communication with Android unit.
MAC_APPID	Application id from manifest file
GUIPRT_APPNAME	Name of the resource folder from manifest file
SDISERVER	SDI server address

Deprecate 'u' (user) engine keys

Change	Deprecate 'u' (user) engine keys
Status of change
Type of change	Deprecation of unused functionality
New behavior available	ADK 4.8.0
Planned Deprecation version	ADK 4.8.0
ADK components	V/OS
Changes	"u" engine keys can no longer be installed to the VOS/VOS2 device
Impacts	"u" engine keys that can only be installed with VRK No users of "u" engine keys were found
Reasons for change	According to PCI PTS K21 requirement unused and/or unnecessary functionality must be removed from the device.
References

Deprecate legacy Engage 2 piece solution

Change	Deprecate legacy 2 piece solution
Status of change
Type of change	Deprecation of Engage 2 piece solution in favor of using the SDI 2 piece solution
New behavior available	ADK 4.7.6
Planned Deprecation version	ADK 4.8.0
ADK components	ADK EMV
Changes	Support for legacy Engage 2 piece solution on Engage will be removed
Impacts	Users of the legacy implementation need to use ADK 4.6 and ADK 4.7 maintenance releases, and migrate to the SDI based solution in future
Reasons for change	The SDI based solution provides P2Pe certification and is available accross platforms including new Trinity devices
References	Please check the SDI programmers guide for details

ADK functions and OS APIs not used by ADC applications

Change	Remove ADK functions & OS APIs no longer required.
Status of Change
Type of Change	Removal of unused ADK functions and OS APIs from OS/ADK bundles.
New Behaviour	ADK 4.6
Planned Deprecation version	ADK 4.6
ADK Components	All ADK components. This will need to tie in with the other ADK changes on this page. The change also applies to the OS APIs in V/OS2.
Changes	Removal of ADK functions no longer required / used Removal of OS APIs no longer required / used
Impacts	Reduced time spent successfully delivering test scripts as part of the OS Quality Improvement project Smaller OS & ADK bundles - positive benefit to download / boot and extract times for OS/ADK stack in Manufacturing, Deployment & Repair.
Reason for Changes	391 ADK functions not used by ADC applications 2580 Private OS APIs not called directly by ADC applications (care required here as these APIs should only be called internally or by ADK functions) 244 Public OS APIs not called directly by ADC applications (care required here as additional APIs mnay be called indirectly by ADK functions called by ADC applications) Avoid unnecessary effort in creating unit tests for all ADK functions & OS APIs that are no longer in use. Remove unused code from OS/ADK bundles Improve OS/ADK download times Improve OS/ADK extraction times
Next Steps

ADK-SEC-2.0 API changes

Change	Enhancement and restructuring of ADK-SEC
Status of change
Type of change	New features and redesign of API library, configuration and security component
New behavior available	ADK 4.5
Planned Deprecation version	ADK 4.8
ADK components	ADK-SEC
Changes	PIN entry functions removed Changed API to reflect new features More granular error codes New configuration mechanism: flexible configurations by one JSON-formatted file, no dynamic changes (functions Sec_Set/GetSecurityConfig() are omitted) Additional API functions for handling transaction data to provide encryption schemes with supplementary data
Impacts	Users should use API functions with new interface (libsec.h) Compatibility layer with ADK-SEC-1.5-interface (libseccmd.h) is provided for the time of migration. These API functions are not fully compatible to ADK-SEC-1.5 as some error codes and functions (Sec_SetSecurityConfig(), Sec_GetSecurityConfig()) are not supported. Old API functions in compatibility layer are marked with attribute 'deprecated' to generate compiler warning when using the old API functions. Configuration was changed to a JSON-formatted file. ADK-SEC provides a conversion tool (on Windows) to convert legacy host configuration files to the JSON-formatted file.
Reasons for change	Support of new encryption schemes (Voltage, Visa DSP, RSA) Signing of ADK-SEC configuration file Decoupling of Host and VSS script name Extended key set ID for addressing more key sets PIN input flexibility
References	see ADK-SEC Programmers Guide especially section 'Migration Guide'

EMV Client Library

Change	Deliver EMV Client Library only as static library
Status of change
Type of change	Delivery format for EMV CT / CTLS Client Libraries
New behavior available	ADK 4.4.0
Planned Deprecation version	ADK 4.5.0
ADK components	ADK Cards
Changes	Deliver EMV Client Library only as static library Remove EMV client shared libaries from ADK. Two different shared objects (local / client server) are replaced with one static library serving both + a new link shared object. Note: This will only impact EMV CT/CTLS client libs, but no the EMV ADK framework or L2 kernel libraries (still delivered as shared libraries)
Impacts	Applications need to rebuild the application using the static variant for EMV CT and CTLS client libraries Use Config API to drive the static lib in client/server or local mode. Applications that bundled an already existing ADK EMV CT/CLTS client shared lib with their application do not need to recompile immediately, but should upgrade to the static lib variant once they use a new feature of ADK EMV.
Reasons for change	Users installed new ADK EMV client CT/CTLS shared libs with ADK integration packages and experienced incompatibilities. This has been because of the following: ADK EMV guarantees source code compatibility but not binary compatibility. This means any extension to the APIs of ADK EMV CT and CTLS client will not require changes to existing application code, but changing the shared libaries for these client libs will break runtime compatibility. However the compatibility between ADK CT/CTLS client and corresponding framwork shared libries is guaranteed. This means the ADK EMV CT/CLTS framework shared libraries can be changed in the system without recompiling the application that has linked to an older client library. Due to this we recommend users to use only ADK EMV client static library during application binary compilation and linking.
References

EMV Libraries Installation under System User

Change	EMV Libraries Installation under System User
Status of change
Type of change	Install all available EMV kernels under sys and let the user config decide which kernels to use Install the CTLS EMV framework component for VERTEX or VFI-Reader under sys Install the CT EMV framework component under sys
New behavior available	ADK 4.5.0
Planned Deprecation version	ADK 4.5.0
ADK components	ADK Cards
Changes	Remove the requirement to resign the VERTEX EMV kernels with apps signing cards but allow the app to select the needed kernels by config file instead. Move the EMV framework components to sys
Impacts	Reorganization of the apps loading packages since VERTEX kernels can not be freely mixed New linking to be supported by app Providing config file for certified kernels to use is mandatory for the app. Only app knows which of the (now) all available kernels fits to their local certification
Reasons for change	Apps complaints to resign the usr kernels with their apps signing cards and creating usr specific bundles on their own QA requires this process to support apps testing We need to add protection by config files to avoid that apps using wrong or not certified EMV kernels, which turned out difficult with letting themc reate their own apps kernel bundles
References	see Cards Services - EMV ADK Release Notes "How to migrate to system-signed EMV component" see Cards Services - EMV Libraries Installation under System User

EMV Contactless Configuration Interface for Application Data

Change	EMV Contactless Configuration Interface for Application Data
Status of change
Type of change	API deprecation
New behavior available	ADK 4.0
Planned API removal version	ADK 4.5.0
ADK components	ADK Cards
Changes	Replace global AID configuraition with configuration per scheme Remove older application data configuration API EMV_CTLS_SetAppliData()
Impacts	Application AID configuration is now specific for the scheme. Only allowed parameter for the scheme can be used in the APIs. Applications have to use the new API function EMV_CTLS_SetAppliDataSchemeSpecific() instead of EMV_CTLS_SetAppliData()
Reasons for change	configuration data from more than 15 different CTLS kernels cannot be mapped to a single configuration parameter set anymore old API EMV_CTLS_SetAppliData() has been marked as deprecated since ADK 4.0 already. configuration for new kernels (e.g. Girocard, PagoBancomat, MIR) will no longer be supported with old API function EMV_CTLS_SetAppliData() starting with ADK 4.4.0
References	see ADK EMV programmer's guide for details on the above mentioned configuration functions.

EMV ADK - CTLS LED Handling

Change	EMV ADK - CTLS LED Handling
Status of change
Type of change	Alternative API
New behavior available	ADK 4.3
Planned Deprecation version
ADK components	ADK-EMV, ADK-GUI
Changes	With ADK 4.3 we are introducing an alternative way to show CTLS LEDs on screen.
Impacts	Users should use the new ADK-GUI function to reserve part of the screen for LEDs ( uiShowLEDArea(),uiHideLEDArea() functions) and configure the LEDs layout ( uiConfigLEDs() function) Users should use the existing ADK-EMV callback for LEDs and call the new ADK-GUI function to draw LEDs on screen ( uiSetLED() function )
Reasons for change	Background: On devices w/o physical CTLS LEDs we are emulating those on screen. Due to tight time requirements this cannot be done via the ADK GUI server, but writing straight to the framebuffer to fulfill the timing requirements. So far we had the following options in ADK-EMV A) getting a callback and the application can draw the LEDs itself B) let ADK-EMV draw things on its own with limited styling options for the LEDs (only rectangular and circles). In some applications CTLS LEDs are required to blink outside the payment transaction ("idle blinking") Problem: With introduction of Multi-App Controller (MAC) that allows switching between apps and shows CP apps, the direct framebuffer writing causes issues if the payment application doesn’t turn this off before switching between applications. The net effect is that the LEDs will be drawn into other applications display regions. Solution: we have now implemented a new API in ADK-GUI to reserve a particular part of the screen for direct frame buffer access we have also added APIs to draw LEDs into the defined reserved regions allowing use of PNG image definitions for the LEDs in ON and OFF state. This make things look much nicer in fact. The reserved part of the screen will then not be overwritten with any other application content
References	see ADK GUI reference guide for the LED Area handling

Discontinue ADK Static Libraries

Change	Discontinue Static Libraries
Status of change
Type of change	Remove ADK static libs for Verix and V/OS
New behavior available	ADK 4.2
Planned Deprecation version	ADK 4.5
ADK components
Changes	Remove ADK static libs from delivery and encourage users to use shared libraries
Impacts	VOS users have to link against .so files instead of .a files and install the .so file on the terminal Verix Users have to use Verix VSA-type applications only with ADK link against provide .so files instead of static libraries download VLS-type shared libraries to the terminal set the *VSOPATH to reference the shared libs on the device correctly
Reasons for change	Currently ADK has static libs are provided in the following formats for Verix: no-pic: use with OUT and VSA applications lib-pic: use to link with LIB shared lib files vsl-pic: use to link with VSL shared lib files Also ADK supported VSL-type shared libraries for most of the components With Verix OS QT000500 the Verix OS supports shared usage of code segments across processes with VSL-type shared libraries dlopen/dlsym/dlclose for late binding that had been possible only with LIB-type libraries before Due to this there are no need for static libraries any longer and we will retire them to reduce delivery packages and simplify deployment.
References	see ADK Deployment Overview

PIN Entry Handling via ADK-GUI

Change	PIN Entry Handling via ADK-GUI
Status of change
Type of change	Remove deprecated API
New behavior available	ADK 3.1
Planned Deprecation version	ADK 4.3 (ADK-EMV), ADK 5.0 (ADK-SEC)
ADK components	ADK-EMV, ADK-SEC
Changes	discontinue the support for PIN entry in EMV and SEC ADK components and replace this with a single PIN entry API for both offline and online PIN in ADK-GUI. This ADK-GUI API via html and properties has more flexibility and is more powerful to control PIN entry options and PIN entry prompt style. The ADK-GUI API is available since ADK 3.1.
Impacts	Following functions will be discontinued: ADK EMV: EMV_CT_EnterPIN() and EMV_CTLS_EnterPIN() ADK SEC: EnterAndEncryptPIN() and EnterAndHoldPIN()
Reasons for change	These functions were originally introduced because Verix required to have PIN entry in the same task that later on processes the PIN. This restriction has been lowered in QT400 (in ADK 3.1) already and now we encourage the use of ADK-GUI for offline and online PIN entry. We had put a note in the ADK-EMV / ADK-SECrelease notes since ADK 3.1 that these APIs will be “will be removed after ADK 4.1.
References	see ADK GUI reference guide for PIN entry handling

Product Overview - Branches

PCI Version: The PCI version listed is only the initially approved version. Please check the official PCI webpage for the currently approved version and availability of LOAs

Product	Development branch	Release branch	Production branch	Active Maintenance	Sustain
UX115	ADK latest	Not supported	ADK 5.0 (3241) PCI N/A	ADK 4.8 (3161) PCI N/A	N/A
V210	ADK latest	ADK 5.1	ADK 5.0 (3241) PCI 6	ADK 4.8 (3161) PCI 6	N/A
CM5	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
M440	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
M424	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
e280(v2)	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
V400m 4G	ADK latest	ADK 5.1	ADK 5.0 (3241) PCI 6	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
V240m camera	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
e235	ADK latest	ADK 5.1	ADK 5.0 (3241) PCI 6	ADK 4.8 (3161) PCI 6	N/A
e285	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
M400	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
V240m V205c	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
V240 quectel	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
V400m	ADK latest	ADK 5.1	ADK 5.0 (3241) PCI 6	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
V200t	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
P400 DMSR	ADK latest	ADK 5.1	ADK 5.0 (3241) PCI 6	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
P200/P400/V200c	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
UX410	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
UX410 high mem MDB	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	N/A
UX30x	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	ADK 4.7 (3134) PCI 5
Ux30x high mem	ADK latest	Not supported	ADK 5.0 (3241) PCI 5	ADK 4.8 (3161) PCI 5	N/A
P630	ADK latest	ADK 5.1	ADK 5.0 (Linux 4.9) PCI 6	N/A	N/A
M425 / M450	ADK latest	ADK 5.1	ADK 5.0 (Linux 4.9) PCI 6	N/A	N/A
UX700 AIO / ML	ADK latest	ADK 5.1	ADK 5.0 (Linux 4.9) PCI 6	N/A	N/A
UX302	ADK latest	ADK 5.1	ADK 5.0 (Linux 5.15) PCI 6	N/A	N/A