RPi Pico 2 W on sale for $7

https://www.raspberrypi.com/news/raspberry-pi-pico-2-w-on-sale-now/

Wow! They keep making great (cheap) stuff.

Does anyone have experience with the WIFI versions?

I have some experience with RPi Pico W, previous version. They’re using the same wireless module for this version.

Have you seen this:

@kd7eir That’s a nice board as well. I don’t like it having components on both sides though. You won’t be able to solder it directly onto a PCB.

BTW, Raspberry Pi Pico boards are using Infineon CYW43439 ICs which were originally designed by Cypress. It’s a BGA package, so it may be a bit hard to use. But apparently the module Pimoroni is using is marked as “Raspberry Pi RM2” which is using the same IC, same everything inside the metal can, just in a castellated PCB format. Hopefully it’ll be available by itself soon.

Burning Question:

Is this still the A2 version, or a newer revision of the RP2350 with some of the errata fixed?

Pictures show that it’s the A2 version.

It would surprise me if we get a stepping. From reading a few things they make a ton of RP2040 to hit the price point.

Early on I got the impression they were using the early adopter program to shake out bugs, especially with the delay for public release.

The way E9 was handled gave vibes of “we already made 10 million and it is what it is”. I totally get that, for 12 months we’ve been using an enclosure with a 3D printed plug to cover a late issue

But why aren’t the raw RP2350 available through the regular channels yet?

My guess is they are of limited availability because they stopped manufacturing to implement a stepping to fix Erratum 9. So they use the few ones they have to make Pico 2 boards for the time being instead of opening the floodgates.

Another reason could of course be that they already have made the wafers in the buggy version but didn’t get enough packaging capacity to make them into chips yet. Then we won’t see a stepping for some time or ever.

I of course hope you are right and there will be a stepping. I assumed that too, and I have not purchased any more chips under the early release program because I want to see what happens. So I still have the “faith”.

The realist in me screams that the quote above is true. RP2xxx a tiny thing for RPI and they have to roll how they can. It’s a pretty great chip and sdk, has some issue they can fix over time. Not unlike everything we do here.

I don’t suppose anyone has heard on the grapevine if RPI are still going to make their promise of making the RP2350s available “by the end of the year” ?

A supplier in China said end of year, but they could just be repeating what you’ve heard.

The new OTP security bits / code protection of the RP2350 has been broken with basic voltage glitching:

All the new glitch protectors and stuff they introduced to prevent this can be circumvented.

So I’d say this adds incentive for RasPi to make a new die revision. But how I understand the talk, the changes required to fix the OTP security would be more involved than for the GPIO latching/leak issue.

We had some good discussions in the live chat and on social media, I really enjoyed the talk.

For all the promotion of the “unbreakable” security, it took a first time glitch hacker less than two months to break it.

It also seems to have a similar cause as the latching issue. Some black box third party vendor IP was tossed in without the ability to properly simulate or the knowledge of how it works. I was concerned about exactly this after the latching issue was fully disclosed.

If that wasn’t enough reason to give the security features wide berth, they’ve known for months and didn’t make any kind of disclosure that the super security was blown away almost instantly by a total amateur.

Someone on social media that they couldn’t disclose earlier because of the contest. If I valued security for my application I would sincerely hope that the manufacturer put that security of my data over a contest.

Love these chips though, can’t wait until they’re publicly available so we can crank out some BP7 prototypes. They’re just so hackable, even in ways not intended

Yeah, this “toss in some vendor ip, but don’t investigate and verify the details” seems to be a pattern there unfortunately.

Yeah, they should have added an erratum in the datasheet for this.

While he claims this is his first hardware security attack, he appears to certainly know what he is doing. Things like the X-ray images and super clean die shots, with the metal layers removed without visible residuals, point to a professional outfit in the background. Also being able to guess at the functions of the individual sections on the die and finding the original company that developed the OTP IP hints at deeper knowledge about hardware design and the chip industry. So I wouldn’t call him an amateur.

Oh, absolutely! I did not mean any offense to the speaker. Only in the sense that he said it was his first time, and that he’s not a security researcher with deep experience specifically in glitching. There was some extremely professional and impressive craft on display in the presentation.

The method of repeating the attack now that it’s disclosed is very accessible to folks glitching for the first time.

Based on other discussions here I can’t wait for the prototypes to become final products

Hackaday / Supplyframe has managed to organize a live chat with Eben Upton on wednesday:

Maybe he’ll answer a direct question if there will be a new revision of the RP2350…

First comment. Not mine.

In my humble experience this is the conclusion of every austensibly open hardware company founder that chases VC and IPO. From tiny one man ops to behemoths with government investment. The missions are not always copacetic, and the funders always win out.

It would be great to get confirmation, but I think we already have it. The end of year speculation has passed. They knew less than two months on that the security was broken. I would guess 3 to 5 months, the same scale up they announced publicly before all the issues were found.

Rest assured, your experience here is free of VC, funders and IPO aspirations. The Bus Pirate was bootstrapped with $420. $50 for the business registration and $370 for the first 20 Bus Pirates. We are a team of 5 made possible entirely by you, and have no obligations to anyone else.