2018-07-04 14:44:26 +00:00
syntax = "proto2" ;
2018-07-29 14:17:00 +00:00
package hw . trezor.messages.management ;
2018-07-04 14:44:26 +00:00
// Sugar for easier handling in Java
option java_package = "com.satoshilabs.trezor.lib.protobuf" ;
option java_outer_classname = "TrezorMessageManagement" ;
2024-10-15 15:52:37 +00:00
import "options.proto" ;
2021-09-27 22:42:28 +00:00
2024-10-15 15:52:37 +00:00
option ( include_in_bitcoin_only ) = true ;
2021-05-31 13:09:43 +00:00
2019-09-19 07:37:23 +00:00
/ * *
* Type of the mnemonic backup given / received by the device during reset / recovery.
* /
enum BackupType {
2024-05-17 19:26:21 +00:00
Bip39 = 0 ; // also called "Single Backup", see BIP-0039
Slip39_Basic = 1 ; // also called "Shamir Backup", see SLIP-0039
Slip39_Advanced = 2 ; // also called "Super Shamir" or "Shamir with Groups", see SLIP-0039#two-level-scheme
Slip39_Single_Extendable = 3 ; // extendable single-share Shamir backup
Slip39_Basic_Extendable = 4 ; // extendable multi-share Shamir backup
Slip39_Advanced_Extendable = 5 ; // extendable multi-share Shamir backup with groups
2019-09-19 07:37:23 +00:00
}
2020-09-02 11:07:56 +00:00
/ * *
* Level of safety checks for unsafe actions like spending from invalid path namespace or setting high transaction fee.
* /
enum SafetyCheckLevel {
2020-09-03 14:47:57 +00:00
Strict = 0 ; // disallow unsafe actions, this is the default
PromptAlways = 1 ; // ask user before unsafe action
PromptTemporarily = 2 ; // like PromptAlways but reverts to Strict after reboot
2020-09-02 11:07:56 +00:00
}
2024-08-27 14:19:55 +00:00
/ * *
* Allowed display rotation angles ( in degrees from North )
* /
enum DisplayRotation {
North = 0 ;
East = 90 ;
South = 180 ;
West = 270 ;
}
2022-10-13 11:37:02 +00:00
/ * *
* Format of the homescreen image
* /
enum HomescreenFormat {
2023-04-06 21:19:39 +00:00
Toif = 1 ; // full-color toif
Jpeg = 2 ; // jpeg
ToiG = 3 ; // greyscale toif
2022-10-13 11:37:02 +00:00
}
2018-07-04 14:44:26 +00:00
/ * *
* Request : Reset device to default state and ask for device details
2018-07-16 14:51:03 +00:00
* @ start
2018-07-04 14:44:26 +00:00
* @ next Features
* /
message Initialize {
2021-10-12 11:58:23 +00:00
optional bytes session_id = 1 ; // assumed device session id; Trezor clears caches if it is different or empty
2021-11-19 13:10:05 +00:00
optional bool _skip_passphrase = 2 [ deprecated = true ] ; // removed as part of passphrase redesign
2021-10-12 11:58:23 +00:00
optional bool derive_cardano = 3 ; // whether to derive Cardano Icarus root keys in this session
2018-07-04 14:44:26 +00:00
}
/ * *
* Request : Ask for device details ( no device reset )
2018-07-16 14:51:03 +00:00
* @ start
2018-07-04 14:44:26 +00:00
* @ next Features
* /
message GetFeatures {
}
/ * *
* Response : Reports various information about the device
2018-07-16 14:51:03 +00:00
* @ end
2018-07-04 14:44:26 +00:00
* /
message Features {
optional string vendor = 1 ; // name of the manufacturer, e.g. "trezor.io"
2021-01-14 11:05:03 +00:00
required uint32 major_version = 2 ; // major version of the firmware/bootloader, e.g. 1
required uint32 minor_version = 3 ; // minor version of the firmware/bootloader, e.g. 0
required uint32 patch_version = 4 ; // patch version of the firmware/bootloader, e.g. 0
2018-07-04 14:44:26 +00:00
optional bool bootloader_mode = 5 ; // is device in bootloader mode?
optional string device_id = 6 ; // device's unique identifier
optional bool pin_protection = 7 ; // is device protected by PIN?
optional bool passphrase_protection = 8 ; // is node/mnemonic encrypted using passphrase?
optional string language = 9 ; // device language
optional string label = 10 ; // device description label
optional bool initialized = 12 ; // does device contain seed?
optional bytes revision = 13 ; // SCM revision of firmware
optional bytes bootloader_hash = 14 ; // hash of the bootloader
optional bool imported = 15 ; // was storage imported from an external source?
2020-06-19 14:04:24 +00:00
optional bool unlocked = 16 ; // is the device unlocked? called "pin_cached" previously
2021-11-01 16:14:31 +00:00
optional bool _passphrase_cached = 17 [ deprecated = true ] ; // is passphrase already cached in session?
2018-07-04 14:44:26 +00:00
optional bool firmware_present = 18 ; // is valid firmware loaded?
2024-05-23 14:09:16 +00:00
optional BackupAvailability backup_availability = 19 ; // does storage need backup? is repeated backup unlocked?
2018-07-04 14:44:26 +00:00
optional uint32 flags = 20 ; // device flags (equals to Storage.flags)
optional string model = 21 ; // device hardware model
optional uint32 fw_major = 22 ; // reported firmware version if in bootloader mode
optional uint32 fw_minor = 23 ; // reported firmware version if in bootloader mode
optional uint32 fw_patch = 24 ; // reported firmware version if in bootloader mode
optional string fw_vendor = 25 ; // reported firmware vendor if in bootloader mode
2021-12-28 10:30:36 +00:00
// optional bytes fw_vendor_keys = 26; // obsoleted, use fw_vendor
2018-07-04 14:44:26 +00:00
optional bool unfinished_backup = 27 ; // report unfinished backup (equals to Storage.unfinished_backup)
2018-10-04 14:36:27 +00:00
optional bool no_backup = 28 ; // report no backup (equals to Storage.no_backup)
2024-04-23 10:26:46 +00:00
optional RecoveryStatus recovery_status = 29 ; // whether or not we are in recovery mode and of what kind
2019-09-19 07:37:23 +00:00
repeated Capability capabilities = 30 ; // list of supported capabilities
2024-04-23 10:26:46 +00:00
optional BackupType backup_type = 31 ; // type of device backup (BIP-39 / SLIP-39 basic / SLIP-39 advanced)
optional bool sd_card_present = 32 ; // is SD card present
optional bool sd_protection = 33 ; // is SD Protect enabled
optional bool wipe_code_protection = 34 ; // is wipe code protection enabled
optional bytes session_id = 35 ;
optional bool passphrase_always_on_device = 36 ; // device enforces passphrase entry on Trezor
optional SafetyCheckLevel safety_checks = 37 ; // safety check level, set to Prompt to limit path namespace enforcement
optional uint32 auto_lock_delay_ms = 38 ; // number of milliseconds after which the device locks itself
2024-08-27 14:19:55 +00:00
optional DisplayRotation display_rotation = 39 ; // rotation of display (in degrees from North)
2024-04-23 10:26:46 +00:00
optional bool experimental_features = 40 ; // are experimental message types enabled?
optional bool busy = 41 ; // is the device busy, showing "Do not disconnect"?
optional HomescreenFormat homescreen_format = 42 ; // format of the homescreen, 1 = TOIf, 2 = jpg, 3 = TOIG
optional bool hide_passphrase_from_host = 43 ; // should we hide the passphrase when it comes from host?
optional string internal_model = 44 ; // internal model name
2024-05-23 14:09:16 +00:00
optional uint32 unit_color = 45 ; // color of the unit/device
optional bool unit_btconly = 46 ; // unit/device is intended as bitcoin only
optional uint32 homescreen_width = 47 ; // homescreen width in pixels
optional uint32 homescreen_height = 48 ; // homescreen height in pixels
2024-04-23 10:26:46 +00:00
optional bool bootloader_locked = 49 ; // bootloader is locked
optional bool language_version_matches = 50 [ default = true ] ; // translation blob version matches firmware version
optional uint32 unit_packaging = 51 ; // unit/device packaging version
optional bool haptic_feedback = 52 ; // haptic feedback is enabled
2024-05-23 14:09:16 +00:00
optional RecoveryType recovery_type = 53 ; // what type of recovery we are in. NB: this works in conjunction with recovery_status
2024-06-25 09:22:58 +00:00
optional uint32 optiga_sec = 54 ; // Optiga's security event counter.
2024-05-23 14:09:16 +00:00
enum BackupAvailability {
/// Device is already backed up, or a previous backup has failed.
NotAvailable = 0 ;
/// Device is not backed up. Backup is required.
Required = 1 ;
/// Device is already backed up and can be backed up again.
Available = 2 ;
}
2024-04-23 10:26:46 +00:00
enum RecoveryStatus {
2024-05-23 14:09:16 +00:00
Nothing = 0 ; // we are not in recovery mode
Recovery = 1 ; // we are in "Normal" or "DryRun" recovery
Backup = 2 ; // we are in repeated backup mode
2024-04-23 10:26:46 +00:00
}
2019-08-28 10:42:33 +00:00
enum Capability {
2021-05-31 13:09:43 +00:00
option ( has_bitcoin_only_values ) = true ;
Capability_Bitcoin = 1 [ ( bitcoin_only ) = true ] ;
Capability_Bitcoin_like = 2 ; // Altcoins based on the Bitcoin source code
2019-08-28 10:42:33 +00:00
Capability_Binance = 3 ;
Capability_Cardano = 4 ;
2021-05-31 13:09:43 +00:00
Capability_Crypto = 5 [ ( bitcoin_only ) = true ] ; // generic crypto operations for GPG, SSH, etc.
2019-08-28 10:42:33 +00:00
Capability_EOS = 6 ;
Capability_Ethereum = 7 ;
2021-08-18 10:06:48 +00:00
Capability_Lisk = 8 [ deprecated = true ] ;
2019-08-28 10:42:33 +00:00
Capability_Monero = 9 ;
Capability_NEM = 10 ;
Capability_Ripple = 11 ;
Capability_Stellar = 12 ;
Capability_Tezos = 13 ;
Capability_U2F = 14 ;
2021-05-31 13:09:43 +00:00
Capability_Shamir = 15 [ ( bitcoin_only ) = true ] ;
Capability_ShamirGroups = 16 [ ( bitcoin_only ) = true ] ;
Capability_PassphraseEntry = 17 [ ( bitcoin_only ) = true ] ; // the device is capable of passphrase entry directly on the device
2023-10-18 09:28:04 +00:00
Capability_Solana = 18 ;
2024-02-28 20:37:31 +00:00
Capability_Translations = 19 [ ( bitcoin_only ) = true ] ;
2024-01-08 22:40:25 +00:00
Capability_Brightness = 20 [ ( bitcoin_only ) = true ] ;
2024-05-07 13:46:15 +00:00
Capability_Haptic = 21 [ ( bitcoin_only ) = true ] ;
2019-08-19 10:22:06 +00:00
}
2018-07-04 14:44:26 +00:00
}
/ * *
2020-04-21 13:33:46 +00:00
* Request : soft - lock the device. Following actions will require PIN. Passphrases remain cached.
2018-07-16 14:51:03 +00:00
* @ start
2018-07-04 14:44:26 +00:00
* @ next Success
* /
2020-04-21 13:33:46 +00:00
message LockDevice {
}
2022-08-09 08:11:30 +00:00
/ * *
* Request : Show a "Do not disconnect" dialog instead of the standard homescreen.
* @ start
* @ next Success
* /
message SetBusy {
optional uint32 expiry_ms = 1 ; // The time in milliseconds after which the dialog will automatically disappear. Overrides any previously set expiry. If not set, then the dialog is hidden.
}
2020-04-21 13:33:46 +00:00
/ * *
* Request : end the current sesson. Following actions must call Initialize again.
* Cache for the current session is discarded , other sessions remain intact.
* Device is not PIN - locked.
* @ start
* @ next Success
* /
message EndSession {
2018-07-04 14:44:26 +00:00
}
/ * *
2023-08-11 15:57:32 +00:00
* Request : change some property of the device , e.g. label or homescreen
2018-07-16 14:51:03 +00:00
* @ start
2018-07-04 14:44:26 +00:00
* @ next Success
* @ next Failure
* /
message ApplySettings {
2024-01-31 11:28:39 +00:00
optional string language = 1 [ deprecated = true ] ;
2018-07-04 14:44:26 +00:00
optional string label = 2 ;
optional bool use_passphrase = 3 ;
optional bytes homescreen = 4 ;
2021-11-01 16:14:31 +00:00
optional uint32 _passphrase_source = 5 [ deprecated = true ] ; // ASK = 0; DEVICE = 1; HOST = 2;
2018-07-04 14:44:26 +00:00
optional uint32 auto_lock_delay_ms = 6 ;
2024-08-27 14:19:55 +00:00
optional DisplayRotation display_rotation = 7 ; // rotation of display (in degrees from North)
2019-11-21 09:53:42 +00:00
optional bool passphrase_always_on_device = 8 ; // do not prompt for passphrase, enforce device entry
2020-07-24 14:04:03 +00:00
optional SafetyCheckLevel safety_checks = 9 ; // Safety check level, set to Prompt to limit path namespace enforcement
2020-10-04 20:53:42 +00:00
optional bool experimental_features = 10 ; // enable experimental message types
2023-02-15 14:43:04 +00:00
optional bool hide_passphrase_from_host = 11 ; // do not show passphrase coming from host
2024-05-07 13:46:15 +00:00
optional bool haptic_feedback = 13 ; // enable haptic feedback
2018-07-04 14:44:26 +00:00
}
2023-08-11 15:57:32 +00:00
/ * *
* Request : change the device language via translation data.
* Does not send the translation data itself , as they are too large for one message.
* Device will request the translation data in chunks.
* @ start
* @ next TranslationDataRequest
* @ next Failure
* /
message ChangeLanguage {
// byte length of the whole translation blob (set to 0 for default language - english)
required uint32 data_length = 1 ;
// Prompt the user on screen.
// In certain conditions (such as freshly installed device), the confirmation prompt
// is not mandatory. Setting show_display=false will skip the prompt if that's
// the case. If the device does not allow skipping the prompt, a request with
// show_display=false will return a failure. (This way the host can safely try
// to change the language without invoking a prompt.)
// Setting show_display to true will always show the prompt.
// Leaving the option unset will show the prompt only when necessary.
optional bool show_display = 2 ;
}
/ * *
* Response : Device asks for more data from transaction payload.
* @ end
* @ next TranslationDataAck
* /
message TranslationDataRequest {
required uint32 data_length = 1 ; // Number of bytes being requested
required uint32 data_offset = 2 ; // Offset of the first byte being requested
}
/ * *
* Request : Translation payload data.
* @ next TranslationDataRequest
* @ next Success
* /
message TranslationDataAck {
required bytes data_chunk = 1 ; // Bytes from translation payload
}
2018-07-04 14:44:26 +00:00
/ * *
* Request : set flags of the device
2018-07-16 14:51:03 +00:00
* @ start
2018-07-04 14:44:26 +00:00
* @ next Success
* @ next Failure
* /
message ApplyFlags {
2021-07-26 13:05:42 +00:00
required uint32 flags = 1 ; // bitmask, can only set bits, not unset
2018-07-04 14:44:26 +00:00
}
/ * *
* Request : Starts workflow for setting / changing / removing the PIN
2018-07-16 14:51:03 +00:00
* @ start
* @ next Success
* @ next Failure
2018-07-04 14:44:26 +00:00
* /
message ChangePin {
optional bool remove = 1 ; // is PIN removal requested?
}
2019-10-18 13:28:53 +00:00
/ * *
* Request : Starts workflow for setting / removing the wipe code
* @ start
* @ next Success
* @ next Failure
* /
message ChangeWipeCode {
optional bool remove = 1 ; // is wipe code removal requested?
}
2019-08-09 17:19:00 +00:00
/ * *
* Request : Starts workflow for enabling / regenerating / disabling SD card protection
* @ start
* @ next Success
* @ next Failure
* /
message SdProtect {
2021-07-26 13:05:42 +00:00
required SdProtectOperationType operation = 1 ;
2019-08-09 17:19:00 +00:00
/ * *
* Structure representing SD card protection operation
* /
enum SdProtectOperationType {
DISABLE = 0 ;
ENABLE = 1 ;
REFRESH = 2 ;
}
}
2018-07-04 14:44:26 +00:00
/ * *
* Request : Test if the device is alive , device sends back the message in Success response
2018-07-16 14:51:03 +00:00
* @ start
2018-07-04 14:44:26 +00:00
* @ next Success
* /
message Ping {
2021-01-14 11:05:03 +00:00
optional string message = 1 [ default = "" ] ; // message to send back in Success message
2018-07-04 14:44:26 +00:00
optional bool button_protection = 2 ; // ask for button press
}
/ * *
* Request : Abort last operation that required user interaction
2018-07-16 14:51:03 +00:00
* @ start
2018-07-16 16:19:46 +00:00
* @ next Failure
2018-07-04 14:44:26 +00:00
* /
message Cancel {
}
/ * *
* Request : Request a sample of random data generated by hardware RNG. May be used for testing.
2018-07-16 14:51:03 +00:00
* @ start
2018-07-04 14:44:26 +00:00
* @ next Entropy
* @ next Failure
* /
message GetEntropy {
required uint32 size = 1 ; // size of requested entropy
}
/ * *
* Response : Reply with random data generated by internal RNG
2018-07-16 14:51:03 +00:00
* @ end
2018-07-04 14:44:26 +00:00
* /
message Entropy {
required bytes entropy = 1 ; // chunk of random generated bytes
}
2022-04-22 22:16:35 +00:00
/ * *
* Request : Get a hash of the installed firmware combined with an optional challenge.
* @ start
* @ next FirmwareHash
* @ next Failure
* /
message GetFirmwareHash {
optional bytes challenge = 1 ; // Blake2s key up to 32 bytes in length.
}
/ * *
* Response : Hash of the installed firmware combined with the optional challenge.
* @ end
* /
message FirmwareHash {
required bytes hash = 1 ;
}
2023-08-23 07:59:52 +00:00
/ * *
* Request : Request a signature of the provided challenge.
* @ start
* @ next AuthenticityProof
* @ next Failure
* /
message AuthenticateDevice {
required bytes challenge = 1 ; // A random challenge to sign.
}
/ * *
* Response : Signature of the provided challenge along with a certificate issued by the Trezor company.
* @ end
* /
message AuthenticityProof {
repeated bytes certificates = 1 ; // A certificate chain starting with the device certificate, followed by intermediate CA certificates, the last of which is signed by Trezor company's root CA.
required bytes signature = 2 ; // A DER-encoded signature of "\0x13AuthenticateDevice:" + length-prefixed challenge that should be verified using the device certificate.
}
2018-07-04 14:44:26 +00:00
/ * *
* Request : Request device to wipe all sensitive data and settings
2018-07-16 14:51:03 +00:00
* @ start
* @ next Success
* @ next Failure
2018-07-04 14:44:26 +00:00
* /
message WipeDevice {
}
/ * *
* Request : Load seed and related internal settings from the computer
2018-07-16 14:51:03 +00:00
* @ start
2018-07-04 14:44:26 +00:00
* @ next Success
* @ next Failure
* /
message LoadDevice {
2019-07-24 10:35:37 +00:00
repeated string mnemonics = 1 ; // seed encoded as mnemonic (12, 18 or 24 words for BIP39, 20 or 33 for SLIP39)
2018-07-29 14:17:00 +00:00
optional string pin = 3 ; // set PIN protection
optional bool passphrase_protection = 4 ; // enable master node encryption using passphrase
2024-01-31 11:28:39 +00:00
optional string language = 5 [ deprecated = true ] ; // deprecated (use ChangeLanguage)
2018-07-29 14:17:00 +00:00
optional string label = 6 ; // device label
optional bool skip_checksum = 7 ; // do not test mnemonic for valid BIP-39 checksum
optional uint32 u2f_counter = 8 ; // U2F counter
2019-10-03 13:41:45 +00:00
optional bool needs_backup = 9 ; // set "needs backup" flag
optional bool no_backup = 10 ; // indicate that no backup is going to be made
2018-07-04 14:44:26 +00:00
}
/ * *
* Request : Ask device to do initialization involving user interaction
2018-07-16 14:51:03 +00:00
* @ start
2018-07-04 14:44:26 +00:00
* @ next EntropyRequest
* @ next Failure
* /
message ResetDevice {
2024-08-22 16:49:48 +00:00
reserved 1 ; // unused display_random
2019-10-03 13:41:45 +00:00
optional uint32 strength = 2 [ default = 256 ] ; // strength of seed in bits
optional bool passphrase_protection = 3 ; // enable master node encryption using passphrase
optional bool pin_protection = 4 ; // enable PIN protection
2024-01-31 11:28:39 +00:00
optional string language = 5 [ deprecated = true ] ; // deprecated (use ChangeLanguage)
2019-10-03 13:41:45 +00:00
optional string label = 6 ; // device label
optional uint32 u2f_counter = 7 ; // U2F counter
optional bool skip_backup = 8 ; // postpone seed backup to BackupDevice workflow
optional bool no_backup = 9 ; // indicate that no backup is going to be made
optional BackupType backup_type = 10 [ default = Bip39 ] ; // type of the mnemonic backup
2024-09-04 14:54:05 +00:00
optional bool entropy_check = 11 ; // run with entropy check protocol
2018-07-04 14:44:26 +00:00
}
/ * *
* Request : Perform backup of the device seed if not backed up using ResetDevice
2018-07-16 14:51:03 +00:00
* @ start
* @ next Success
2018-07-04 14:44:26 +00:00
* /
message BackupDevice {
2024-04-11 14:21:17 +00:00
optional uint32 group_threshold = 1 ;
message Slip39Group {
required uint32 member_threshold = 1 ;
required uint32 member_count = 2 ;
}
repeated Slip39Group groups = 2 ;
2018-07-04 14:44:26 +00:00
}
/ * *
* Response : Ask for additional entropy from host computer
* @ next EntropyAck
* /
message EntropyRequest {
2024-09-04 14:54:05 +00:00
optional bytes entropy_commitment = 1 ; // HMAC-SHA256 of Trezor's internal entropy used in entropy check.
optional bytes prev_entropy = 2 ; // Trezor's internal entropy from the previous round of entropy check.
2018-07-04 14:44:26 +00:00
}
/ * *
* Request : Provide additional entropy for seed generation function
2018-07-16 14:51:03 +00:00
* @ next Success
2024-12-20 15:39:49 +00:00
* @ next EntropyCheckReady
2018-07-04 14:44:26 +00:00
* /
message EntropyAck {
2024-09-04 14:54:05 +00:00
required bytes entropy = 1 ; // 256 bits (32 bytes) of the host's random data
}
/ * *
2024-12-20 15:39:49 +00:00
* Response : Trezor is ready for the next phase of the entropy check protocol.
* @ next EntropyCheckContinue
* @ next GetPublicKey
2024-09-04 14:54:05 +00:00
* /
2024-12-20 15:39:49 +00:00
message EntropyCheckReady {
2024-09-04 14:54:05 +00:00
}
/ * *
2024-12-20 15:39:49 +00:00
* Request : Proceed with the next phase of the entropy check protocol.
2024-09-04 14:54:05 +00:00
* @ next Success
2024-12-20 15:39:49 +00:00
* @ next EntropyRequest
2024-09-04 14:54:05 +00:00
* /
2024-12-20 15:39:49 +00:00
message EntropyCheckContinue {
optional bool finish = 1 [ default = false ] ; // finish the entropy check protocol, store the seed
2018-07-04 14:44:26 +00:00
}
/ * *
* Request : Start recovery workflow asking user for specific words of mnemonic
* Used to recovery device safely even on untrusted computer.
2018-07-16 14:51:03 +00:00
* @ start
2018-07-04 14:44:26 +00:00
* @ next WordRequest
* /
message RecoveryDevice {
2024-04-23 10:26:46 +00:00
optional uint32 word_count = 1 ; // number of words in BIP-39 mnemonic (T1 only)
optional bool passphrase_protection = 2 ; // enable master node encryption using passphrase
optional bool pin_protection = 3 ; // enable PIN protection
optional string language = 4 [ deprecated = true ] ; // deprecated (use ChangeLanguage)
optional string label = 5 ; // device label
optional bool enforce_wordlist = 6 ; // enforce BIP-39 wordlist during the process (T1 only)
reserved 7 ; // unused recovery method
2024-05-23 14:09:16 +00:00
optional RecoveryDeviceInputMethod input_method = 8 ; // supported recovery input method (T1 only)
2024-04-23 10:26:46 +00:00
optional uint32 u2f_counter = 9 ; // U2F counter
2024-05-23 14:09:16 +00:00
optional RecoveryType type = 10 [ default = NormalRecovery ] ; // the type of recovery to perform
2018-07-04 14:44:26 +00:00
/ * *
* Type of recovery procedure. These should be used as bitmask , e.g. ,
2024-05-23 14:09:16 +00:00
* ` RecoveryDeviceInputMethod_ScrambledWords | RecoveryDeviceInputMethod_Matrix `
2018-07-04 14:44:26 +00:00
* listing every method supported by the host computer.
*
* Note that ScrambledWords must be supported by every implementation
* for backward compatibility ; there is no way to not support it.
* /
2024-05-23 14:09:16 +00:00
enum RecoveryDeviceInputMethod {
2018-07-04 14:44:26 +00:00
// use powers of two when extending this field
2024-05-23 14:09:16 +00:00
ScrambledWords = 0 ; // words in scrambled order
Matrix = 1 ; // matrix recovery type
2018-07-04 14:44:26 +00:00
}
2024-05-23 14:09:16 +00:00
}
2024-04-23 10:26:46 +00:00
2024-05-23 14:09:16 +00:00
enum RecoveryType {
NormalRecovery = 0 ; // recovery from seedphrase on an uninitialized device
DryRun = 1 ; // mnemonic validation
UnlockRepeatedBackup = 2 ; // unlock SLIP-39 repeated backup
2018-07-04 14:44:26 +00:00
}
/ * *
* Response : Device is waiting for user to enter word of the mnemonic
* Its position is shown only on device ' s internal display.
2018-07-16 14:51:03 +00:00
* @ next WordAck
2018-07-04 14:44:26 +00:00
* /
message WordRequest {
2021-07-26 13:05:42 +00:00
required WordRequestType type = 1 ;
2018-07-04 14:44:26 +00:00
/ * *
* Type of Recovery Word request
* /
enum WordRequestType {
WordRequestType_Plain = 0 ;
WordRequestType_Matrix9 = 1 ;
WordRequestType_Matrix6 = 2 ;
}
}
/ * *
* Request : Computer replies with word from the mnemonic
* @ next WordRequest
* @ next Success
* @ next Failure
* /
message WordAck {
required string word = 1 ; // one word of mnemonic on asked position
}
/ * *
* Request : Set U2F counter
2018-07-16 14:51:03 +00:00
* @ start
2018-07-04 14:44:26 +00:00
* @ next Success
* /
message SetU2FCounter {
2021-07-26 13:05:42 +00:00
required uint32 u2f_counter = 1 ;
2019-11-11 14:58:09 +00:00
}
/ * *
* Request : Set U2F counter
* @ start
* @ next NextU2FCounter
* /
message GetNextU2FCounter {
}
/ * *
* Request : Set U2F counter
* @ end
* /
message NextU2FCounter {
2021-07-26 13:05:42 +00:00
required uint32 u2f_counter = 1 ;
2018-07-04 14:44:26 +00:00
}
2020-07-16 14:24:09 +00:00
/ * *
* Request : Ask device to prepare for a preauthorized operation.
* @ start
* @ next PreauthorizedRequest
* @ next Failure
* /
message DoPreauthorized {
}
/ * *
* Request : Device awaits a preauthorized operation.
* @ start
* @ next SignTx
* @ next GetOwnershipProof
* /
message PreauthorizedRequest {
}
2020-08-03 16:13:12 +00:00
/ * *
* Request : Cancel any outstanding authorization in the current session.
* @ start
* @ next Success
* @ next Failure
* /
message CancelAuthorization {
}
2021-02-25 11:54:29 +00:00
/ * *
* Request : Reboot firmware to bootloader
* @ start
2021-02-26 14:22:32 +00:00
* @ next Success
2021-02-25 11:54:29 +00:00
* /
message RebootToBootloader {
2023-08-11 15:57:32 +00:00
// Action to be performed after rebooting to bootloader
2023-10-20 12:49:27 +00:00
optional BootCommand boot_command = 1 [ default = STOP_AND_WAIT ] ;
2023-08-11 15:57:32 +00:00
// Firmware header to be flashed after rebooting to bootloader
2023-10-20 12:49:27 +00:00
optional bytes firmware_header = 2 ;
2023-08-11 15:57:32 +00:00
// Length of language blob to be installed before upgrading firmware
optional uint32 language_data_length = 3 [ default = 0 ] ;
2023-10-20 12:49:27 +00:00
enum BootCommand {
2023-08-11 15:57:32 +00:00
// Go to bootloader menu
2023-10-20 12:49:27 +00:00
STOP_AND_WAIT = 0 ;
2023-08-11 15:57:32 +00:00
// Connect to host and wait for firmware update
2023-10-20 12:49:27 +00:00
INSTALL_UPGRADE = 1 ;
}
2021-02-25 11:54:29 +00:00
}
2021-01-12 17:56:10 +00:00
/ * *
* Request : Ask device to generate a random nonce and store it in the session ' s cache
* @ start
* @ next Nonce
* /
message GetNonce {
2022-11-02 11:05:42 +00:00
option ( experimental_message ) = true ;
2021-01-12 17:56:10 +00:00
}
/ * *
* Response : Contains a random nonce
* @ end
* /
message Nonce {
2022-11-02 11:05:42 +00:00
option ( experimental_message ) = true ;
2021-02-17 10:44:20 +00:00
2021-01-12 17:56:10 +00:00
required bytes nonce = 1 ; // a 32-byte random value generated by Trezor
}
2022-06-03 09:38:22 +00:00
/ * *
* Request : Ask device to unlock a subtree of the keychain.
* @ start
* @ next UnlockedPathRequest
* @ next Failure
* /
message UnlockPath {
repeated uint32 address_n = 1 ; // prefix of the BIP-32 path leading to the account (m / purpose')
optional bytes mac = 2 ; // the MAC returned by UnlockedPathRequest
}
/ * *
* Request : Device awaits an operation.
* @ start
* @ next SignTx
* @ next GetPublicKey
* @ next GetAddress
* /
message UnlockedPathRequest {
optional bytes mac = 1 ; // authentication code for future UnlockPath calls
}
2023-05-12 09:19:35 +00:00
/ * *
* Request : Show tutorial screens on the device
* @ start
* @ next Success
* /
message ShowDeviceTutorial {
}
2023-07-20 11:20:50 +00:00
/ * *
* Request : Unlocks bootloader , ! irreversible !
* @ start
* @ next Success
* @ next Failure
* /
message UnlockBootloader {
}
2024-01-08 22:40:25 +00:00
/ * *
* Request : Set device brightness
* @ start
* @ next Success
* /
message SetBrightness {
optional uint32 value = 1 ; // if not specified, let the user choose
}