Firmware package 7.54.0.A1 for SL808xT/BT digital signature revoked by Sierra Wireless? Has it been compromised?

Has anyone used the Firmware package 7.54.0.A1 for SL808xT/BT package?

I noticed that the digital signature for Firmware package 7.54.0.A1 for SL808xT/BT, R7.54.0.A1.201603171313.SL808xA_22_1.exe digital signature has been revoked by Sierra Wireless. Is this firmware package infected by malware? I downloaded it 5 years ago. I checked Sierra Wireless website, the file online is exactly the same one as my copy -,-d-,54,-d-,0,-d-,a1-for-sl808xt_bt/#sthash.Ud0SzXEg.T29uqfb4.dpbs

Has anyone used this package? Thanks! :frowning_face:

I just download from your link, i can see the digital signature:

Thanks. Please select the signature and then click on the button “Details”.

it has been expired:

But I believe you can still use the exe, right?

The expired certificate isn’t an issue. The issue is the certificate has been explicitly revoked.

Here’s another firmware package which is older but has valid certificate.

if you don’t trust this exe, you can download the dwl file and use AT+WDWL to download to the module

Have you used this package? I just want to confirm if this exe package (the original one since 2016/2017) has been used successfully.

What do you mean by (the original one since 2016/2017) ? R7.54.0.A1.201603171313.SL808xA_22_1.exe?

I don’t have SL8 module now, have you tried that exe in SOURCE page?

Actually, the one on the website is the original one. I downloaded mine 5 years ago, the file size is the same as the one on the website.