Merge branch 'master' into segwit

.travis.yml

@@ -1,12 +1,17 @@
+sudo: false
+dist: trusty
 language: c
 
-install:
+addons:
-  - sudo add-apt-repository -y ppa:team-gcc-arm-embedded/ppa
+  apt:
-  - sudo apt-get update
+    packages:
-  - sudo apt-get install -y build-essential git gcc-arm-embedded
+    - build-essential
+    - git
+    - gcc-arm-none-eabi
+    - libnewlib-arm-none-eabi
 
 script:
-  - make -C vendor/libopencm3
+  - CFLAGS="-std=c99" make -C vendor/libopencm3
   - make
   - make -C firmware
   - make -C bootloader

Makefile.include

@@ -49,7 +49,6 @@ CFLAGS   += $(OPTFLAGS) \
             -I$(TOP_DIR)gen \
             -I$(TOP_DIR)vendor/trezor-crypto \
             -I$(TOP_DIR)vendor/trezor-crypto/ed25519-donna \
-            -I$(TOP_DIR)vendor/trezor-crypto/curve25519-donna \
             -I$(TOP_DIR)vendor/trezor-qrenc
 
 ifdef APPVER

bootloader/bootloader.c

@@ -38,11 +38,10 @@
 #error Bootloader cannot be used in app mode
 #endif
 
-void layoutFirmwareHash(uint8_t *hash)
+void layoutFirmwareHash(const uint8_t *hash)
 {
 	char str[4][17];
-	int i;
+	for (int i = 0; i < 4; i++) {
-	for (i = 0; i < 4; i++) {
 		data2hex(hash + i * 8, 8, str[i]);
 	}
 	layoutDialog(&bmp_icon_question, "Abort", "Continue", "Compare fingerprints", str[0], str[1], str[2], str[3], NULL, NULL);
@@ -54,7 +53,7 @@ void show_halt(void)
 	system_halt();
 }
 
-void show_unofficial_warning(uint8_t *hash)
+void show_unofficial_warning(const uint8_t *hash)
 {
 	layoutDialog(&bmp_icon_warning, "Abort", "I'll take the risk", NULL, "WARNING!", NULL, "Unofficial firmware", "detected.", NULL, NULL);
 
@@ -117,13 +116,13 @@ void bootloader_loop(void)
 
 int check_firmware_sanity(void)
 {
-	if (memcmp((void *)FLASH_META_MAGIC, "TRZR", 4)) { // magic does not match
+	if (memcmp((const void *)FLASH_META_MAGIC, "TRZR", 4)) { // magic does not match
 		return 0;
 	}
-	if (*((uint32_t *)FLASH_META_CODELEN) < 4096) { // firmware reports smaller size than 4kB
+	if (*((const uint32_t *)FLASH_META_CODELEN) < 4096) { // firmware reports smaller size than 4kB
 		return 0;
 	}
-	if (*((uint32_t *)FLASH_META_CODELEN) > FLASH_TOTAL_SIZE - (FLASH_APP_START - FLASH_ORIGIN)) { // firmware reports bigger size than flash size
+	if (*((const uint32_t *)FLASH_META_CODELEN) > FLASH_TOTAL_SIZE - (FLASH_APP_START - FLASH_ORIGIN)) { // firmware reports bigger size than flash size
 		return 0;
 	}
 	return 1;
@@ -139,8 +138,8 @@ void __attribute__((noreturn)) __stack_chk_fail(void)
 
 int main(void)
 {
-	__stack_chk_guard = random32();
 	setup();
+	__stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks
 	memory_protect();
 	oledInit();
 

bootloader/bootloader.h

@@ -33,6 +33,6 @@
 
 #include "memory.h"
 
-void layoutFirmwareHash(uint8_t *hash);
+void layoutFirmwareHash(const uint8_t *hash);
 
 #endif

bootloader/firmware_sign.py

@@ -189,7 +189,7 @@ def main(args):
         data = sign(data, args.pem)
         check_signatures(data)
 
-    fp = open(args.path, 'w')
+    fp = open(args.path, 'wb')
     fp.write(data)
     fp.close()
 

bootloader/signatures.c

@@ -28,24 +28,28 @@
 
 #define PUBKEYS 5
 
-static const uint8_t *pubkey[PUBKEYS] = {
+static const uint8_t * const pubkey[PUBKEYS] = {
-	(uint8_t *)"\x04\xd5\x71\xb7\xf1\x48\xc5\xe4\x23\x2c\x38\x14\xf7\x77\xd8\xfa\xea\xf1\xa8\x42\x16\xc7\x8d\x56\x9b\x71\x04\x1f\xfc\x76\x8a\x5b\x2d\x81\x0f\xc3\xbb\x13\x4d\xd0\x26\xb5\x7e\x65\x00\x52\x75\xae\xde\xf4\x3e\x15\x5f\x48\xfc\x11\xa3\x2e\xc7\x90\xa9\x33\x12\xbd\x58",
+	(const uint8_t *)"\x04\xd5\x71\xb7\xf1\x48\xc5\xe4\x23\x2c\x38\x14\xf7\x77\xd8\xfa\xea\xf1\xa8\x42\x16\xc7\x8d\x56\x9b\x71\x04\x1f\xfc\x76\x8a\x5b\x2d\x81\x0f\xc3\xbb\x13\x4d\xd0\x26\xb5\x7e\x65\x00\x52\x75\xae\xde\xf4\x3e\x15\x5f\x48\xfc\x11\xa3\x2e\xc7\x90\xa9\x33\x12\xbd\x58",
-	(uint8_t *)"\x04\x63\x27\x9c\x0c\x08\x66\xe5\x0c\x05\xc7\x99\xd3\x2b\xd6\xba\xb0\x18\x8b\x6d\xe0\x65\x36\xd1\x10\x9d\x2e\xd9\xce\x76\xcb\x33\x5c\x49\x0e\x55\xae\xe1\x0c\xc9\x01\x21\x51\x32\xe8\x53\x09\x7d\x54\x32\xed\xa0\x6b\x79\x20\x73\xbd\x77\x40\xc9\x4c\xe4\x51\x6c\xb1",
+	(const uint8_t *)"\x04\x63\x27\x9c\x0c\x08\x66\xe5\x0c\x05\xc7\x99\xd3\x2b\xd6\xba\xb0\x18\x8b\x6d\xe0\x65\x36\xd1\x10\x9d\x2e\xd9\xce\x76\xcb\x33\x5c\x49\x0e\x55\xae\xe1\x0c\xc9\x01\x21\x51\x32\xe8\x53\x09\x7d\x54\x32\xed\xa0\x6b\x79\x20\x73\xbd\x77\x40\xc9\x4c\xe4\x51\x6c\xb1",
-	(uint8_t *)"\x04\x43\xae\xdb\xb6\xf7\xe7\x1c\x56\x3f\x8e\xd2\xef\x64\xec\x99\x81\x48\x25\x19\xe7\xef\x4f\x4a\xa9\x8b\x27\x85\x4e\x8c\x49\x12\x6d\x49\x56\xd3\x00\xab\x45\xfd\xc3\x4c\xd2\x6b\xc8\x71\x0d\xe0\xa3\x1d\xbd\xf6\xde\x74\x35\xfd\x0b\x49\x2b\xe7\x0a\xc7\x5f\xde\x58",
+	(const uint8_t *)"\x04\x43\xae\xdb\xb6\xf7\xe7\x1c\x56\x3f\x8e\xd2\xef\x64\xec\x99\x81\x48\x25\x19\xe7\xef\x4f\x4a\xa9\x8b\x27\x85\x4e\x8c\x49\x12\x6d\x49\x56\xd3\x00\xab\x45\xfd\xc3\x4c\xd2\x6b\xc8\x71\x0d\xe0\xa3\x1d\xbd\xf6\xde\x74\x35\xfd\x0b\x49\x2b\xe7\x0a\xc7\x5f\xde\x58",
-	(uint8_t *)"\x04\x87\x7c\x39\xfd\x7c\x62\x23\x7e\x03\x82\x35\xe9\xc0\x75\xda\xb2\x61\x63\x0f\x78\xee\xb8\xed\xb9\x24\x87\x15\x9f\xff\xed\xfd\xf6\x04\x6c\x6f\x8b\x88\x1f\xa4\x07\xc4\xa4\xce\x6c\x28\xde\x0b\x19\xc1\xf4\xe2\x9f\x1f\xcb\xc5\xa5\x8f\xfd\x14\x32\xa3\xe0\x93\x8a",
+	(const uint8_t *)"\x04\x87\x7c\x39\xfd\x7c\x62\x23\x7e\x03\x82\x35\xe9\xc0\x75\xda\xb2\x61\x63\x0f\x78\xee\xb8\xed\xb9\x24\x87\x15\x9f\xff\xed\xfd\xf6\x04\x6c\x6f\x8b\x88\x1f\xa4\x07\xc4\xa4\xce\x6c\x28\xde\x0b\x19\xc1\xf4\xe2\x9f\x1f\xcb\xc5\xa5\x8f\xfd\x14\x32\xa3\xe0\x93\x8a",
-	(uint8_t *)"\x04\x73\x84\xc5\x1a\xe8\x1a\xdd\x0a\x52\x3a\xdb\xb1\x86\xc9\x1b\x90\x6f\xfb\x64\xc2\xc7\x65\x80\x2b\xf2\x6d\xbd\x13\xbd\xf1\x2c\x31\x9e\x80\xc2\x21\x3a\x13\x6c\x8e\xe0\x3d\x78\x74\xfd\x22\xb7\x0d\x68\xe7\xde\xe4\x69\xde\xcf\xbb\xb5\x10\xee\x9a\x46\x0c\xda\x45",
+	(const uint8_t *)"\x04\x73\x84\xc5\x1a\xe8\x1a\xdd\x0a\x52\x3a\xdb\xb1\x86\xc9\x1b\x90\x6f\xfb\x64\xc2\xc7\x65\x80\x2b\xf2\x6d\xbd\x13\xbd\xf1\x2c\x31\x9e\x80\xc2\x21\x3a\x13\x6c\x8e\xe0\x3d\x78\x74\xfd\x22\xb7\x0d\x68\xe7\xde\xe4\x69\xde\xcf\xbb\xb5\x10\xee\x9a\x46\x0c\xda\x45",
 };
 
 #define SIGNATURES 3
 
 int signatures_ok(uint8_t *store_hash)
 {
-	uint32_t codelen = *((uint32_t *)FLASH_META_CODELEN);
+	const uint32_t codelen = *((const uint32_t *)FLASH_META_CODELEN);
-	uint8_t sigindex1, sigindex2, sigindex3;
+	const uint8_t sigindex1 = *((const uint8_t *)FLASH_META_SIGINDEX1);
+	const uint8_t sigindex2 = *((const uint8_t *)FLASH_META_SIGINDEX2);
+	const uint8_t sigindex3 = *((const uint8_t *)FLASH_META_SIGINDEX3);
 
-	sigindex1 = *((uint8_t *)FLASH_META_SIGINDEX1);
+	uint8_t hash[32];
-	sigindex2 = *((uint8_t *)FLASH_META_SIGINDEX2);
+	sha256_Raw((const uint8_t *)FLASH_APP_START, codelen, hash);
-	sigindex3 = *((uint8_t *)FLASH_META_SIGINDEX3);
+	if (store_hash) {
+		memcpy(store_hash, hash, 32);
+	}
 
 	if (sigindex1 < 1 || sigindex1 > PUBKEYS) return 0; // invalid index
 	if (sigindex2 < 1 || sigindex2 > PUBKEYS) return 0; // invalid index
@@ -55,19 +59,13 @@ int signatures_ok(uint8_t *store_hash)
 	if (sigindex1 == sigindex3) return 0; // duplicate use
 	if (sigindex2 == sigindex3) return 0; // duplicate use
 
-	uint8_t hash[32];
+	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex1 - 1], (const uint8_t *)FLASH_META_SIG1, hash) != 0) { // failure
-	sha256_Raw((uint8_t *)FLASH_APP_START, codelen, hash);
-	if (store_hash) {
-		memcpy(store_hash, hash, 32);
-	}
-
-	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex1 - 1], (uint8_t *)FLASH_META_SIG1, hash) != 0) { // failure
 		return 0;
 	}
-	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex2 - 1], (uint8_t *)FLASH_META_SIG2, hash) != 0) { // failure
+	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex2 - 1], (const uint8_t *)FLASH_META_SIG2, hash) != 0) { // failure
 		return 0;
 	}
-	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex3 - 1], (uint8_t *)FLASH_META_SIG3, hash) != 0) { // failture
+	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex3 - 1], (const uint8_t *)FLASH_META_SIG3, hash) != 0) { // failture
 		return 0;
 	}
 

bootloader/usb.c

@@ -183,24 +183,33 @@ static uint8_t meta_backup[FLASH_META_LEN];
 
 static void send_msg_success(usbd_device *dev)
 {
-	// send response: Success message (id 2), payload len 0
+	// response: Success message (id 2), payload len 0
 	while ( usbd_ep_write_packet(dev, ENDPOINT_ADDRESS_IN,
-		"?##"				// header
+		// header
-		"\x00\x02"			// msg_id
+		"?##"
-		"\x00\x00\x00\x00"	// payload_len
+		// msg_id
+		"\x00\x02"
+		// msg_size
+		"\x00\x00\x00\x00"
+		// padding
 		"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 		, 64) != 64) {}
 }
 
 static void send_msg_failure(usbd_device *dev)
 {
-	// send response: Failure message (id 3), payload len 2
+	// response: Failure message (id 3), payload len 2
-		// code = 99 (Failure_FirmwareError)
+	//           - code = 99 (Failure_FirmwareError)
 	while ( usbd_ep_write_packet(dev, ENDPOINT_ADDRESS_IN,
-		"?##"				// header
+		// header
-		"\x00\x03"			// msg_id
+		"?##"
-		"\x00\x00\x00\x02"	// payload_len
+		// msg_id
-		"\x08\x63"			// data
+		"\x00\x03"
+		// msg_size
+		"\x00\x00\x00\x02"
+		// data
+		"\x08" "\x63"
+		// padding
 		"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 		, 64) != 64) {}
 }
@@ -209,41 +218,66 @@ extern int firmware_present;
 
 static void send_msg_features(usbd_device *dev)
 {
-	// send response: Features message (id 17), payload len 30
+	// response: Features message (id 17), payload len 30
-		// vendor = "bitcointrezor.com"
+	//           - vendor = "bitcointrezor.com"
-		// major_version = VERSION_MAJOR
+	//           - major_version = VERSION_MAJOR
-		// minor_version = VERSION_MINOR
+	//           - minor_version = VERSION_MINOR
-		// patch_version = VERSION_PATCH
+	//           - patch_version = VERSION_PATCH
-		// bootloader_mode = True
+	//           - bootloader_mode = True
-		// firmware_present = True/False
+	//           - firmware_present = True/False
 	if (firmware_present) {
 		while ( usbd_ep_write_packet(dev, ENDPOINT_ADDRESS_IN,
-			"?##"				// header
+			// header
-			"\x00\x11"			// msg_id
+			"?##"
-			"\x00\x00\x00\x1e"	// payload_len
+			// msg_id
-			"\x0a\x11" "bitcointrezor.com\x10" VERSION_MAJOR_CHAR "\x18" VERSION_MINOR_CHAR " " VERSION_PATCH_CHAR "(\x01"		// data
+			"\x00\x11"
-			"\x90\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+			// msg_size
+			"\x00\x00\x00\x1e"
+			// data
+			"\x0a" "\x11" "bitcointrezor.com"
+			"\x10" VERSION_MAJOR_CHAR
+			"\x18" VERSION_MINOR_CHAR
+			"\x20" VERSION_PATCH_CHAR
+			"\x28" "\x01"
+			"\x90\x01" "\x01"
+			// padding
+			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 			, 64) != 64) {}
 	} else {
 		while ( usbd_ep_write_packet(dev, ENDPOINT_ADDRESS_IN,
-			"?##"				// header
+			// header
-			"\x00\x11"			// msg_id
+			"?##"
-			"\x00\x00\x00\x1e"	// payload_len
+			// msg_id
-			"\x0a\x11" "bitcointrezor.com\x10" VERSION_MAJOR_CHAR "\x18" VERSION_MINOR_CHAR " " VERSION_PATCH_CHAR "(\x01"		// data
+			"\x00\x11"
-			"\x90\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+			// msg_size
+			"\x00\x00\x00\x1e"
+			// data
+			"\x0a\x11" "bitcointrezor.com"
+			"\x10" VERSION_MAJOR_CHAR
+			"\x18" VERSION_MINOR_CHAR
+			"\x20" VERSION_PATCH_CHAR
+			"\x28" "\x01"
+			"\x90\x01" "\x00"
+			// padding
+			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 			, 64) != 64) {}
 	}
 }
 
 static void send_msg_buttonrequest_firmwarecheck(usbd_device *dev)
 {
-	// send response: ButtonRequest message (id 26), payload len 2
+	// response: ButtonRequest message (id 26), payload len 2
-		// code = ButtonRequest_FirmwareCheck (9)
+	//           - code = ButtonRequest_FirmwareCheck (9)
 	while ( usbd_ep_write_packet(dev, ENDPOINT_ADDRESS_IN,
-		"?##"				// header
+		// header
-		"\x00\x1a"			// msg_id
+		"?##"
-		"\x00\x00\x00\x02"	// payload_len
+		// msg_id
-		"\x08\x09"			// data
+		"\x00\x1a"
+		// msg_size
+		"\x00\x00\x00\x02"
+		// data
+		"\x08" "\x09"
+		// padding
 		"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 		, 64) != 64) {}
 }
@@ -288,12 +322,14 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
 
 	if (flash_state == STATE_OPEN) {
 		if (msg_id == 0x0006) {		// FirmwareErase message (id 6)
+			if (firmware_present) {
 				layoutDialog(&bmp_icon_question, "Abort", "Continue", NULL, "Install new", "firmware?", NULL, "Never do this without", "your recovery card!", NULL);
 				do {
 					delay(100000);
 					buttonUpdate();
 				} while (!button.YesUp && !button.NoUp);
-			if (button.YesUp) {
+			}
+			if (!firmware_present || button.YesUp) {
 				// backup metadata
 				memcpy(meta_backup, (void *)FLASH_META_START, FLASH_META_LEN);
 				flash_unlock();

demo/demo.c

@@ -248,11 +248,15 @@ void __attribute__((noreturn)) __stack_chk_fail(void)
 
 int main(void)
 {
-	__stack_chk_guard = random32();
 #ifndef APPVER
 	setup();
+	__stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks
 	oledInit();
+#else
+	setupApp();
+	__stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks
 #endif
+
 	usbInit();
 
 	passlen = strlen((char *)pass);

firmware/Makefile

@@ -28,7 +28,6 @@ OBJS += ../vendor/trezor-crypto/curves.o
 OBJS += ../vendor/trezor-crypto/secp256k1.o
 OBJS += ../vendor/trezor-crypto/nist256p1.o
 OBJS += ../vendor/trezor-crypto/ed25519-donna/ed25519.o
-OBJS += ../vendor/trezor-crypto/curve25519-donna/curve25519.o
 OBJS += ../vendor/trezor-crypto/hmac.o
 OBJS += ../vendor/trezor-crypto/bip32.o
 OBJS += ../vendor/trezor-crypto/bip39.o
@@ -61,6 +60,4 @@ CFLAGS += -DQR_MAX_VERSION=0
 CFLAGS += -DDEBUG_LINK=0
 CFLAGS += -DDEBUG_LOG=0
 CFLAGS += -DSCM_REVISION='"$(shell git rev-parse HEAD | sed 's:\(..\):\\x\1:g')"'
-CFLAGS += -DED25519_CUSTOMRANDOM=1
-CFLAGS += -DED25519_CUSTOMHASH=1
 CFLAGS += -DUSE_ETHEREUM=1

firmware/coins.c

@@ -26,7 +26,7 @@
 // filled CoinType Protobuf structure defined in https://github.com/trezor/trezor-common/blob/master/protob/types.proto#L133
 // address types > 0xFF represent a two-byte prefix in big-endian order
 const CoinType coins[COINS_COUNT] = {
-	{true, "Bitcoin",       true, "BTC",  true,    0, true,     100000, true,    5, true,  6, true,  10, true, "\x18" "Bitcoin Signed Message:\n",  },
+	{true, "Bitcoin",       true, "BTC",  true,    0, true,     300000, true,    5, true,  6, true,  10, true, "\x18" "Bitcoin Signed Message:\n",  },
 	{true, "Testnet",       true, "TEST", true,  111, true,   10000000, true,  196, true,  3, true,  40, true, "\x18" "Bitcoin Signed Message:\n",  },
 	{true, "Namecoin",      true, "NMC",  true,   52, true,   10000000, true,    5, false, 0, false,  0, true, "\x19" "Namecoin Signed Message:\n", },
 	{true, "Litecoin",      true, "LTC",  true,   48, true,    1000000, true,    5, false, 0, false,  0, true, "\x19" "Litecoin Signed Message:\n", },

firmware/trezor.c

@@ -89,12 +89,13 @@ void check_lock_screen(void)
 
 int main(void)
 {
-	__stack_chk_guard = random32();
 #ifndef APPVER
 	setup();
+	__stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks
 	oledInit();
 #else
 	setupApp();
+	__stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks
 #endif
 
 	timer_init();

setup.c

@@ -21,6 +21,7 @@
 #include <libopencm3/stm32/gpio.h>
 #include <libopencm3/stm32/spi.h>
 #include <libopencm3/stm32/f2/rng.h>
+#include "rng.h"
 
 void setup(void)
 {
@@ -42,6 +43,9 @@ void setup(void)
 	// enable RNG
 	rcc_periph_clock_enable(RCC_RNG);
 	RNG_CR |= RNG_CR_IE | RNG_CR_RNGEN;
+	// to be extra careful and heed the STM32F205xx Reference manual, Section 20.3.1
+	// we don't use the first random number generated after setting the RNGEN bit in setup
+	random32();
 
 	// set GPIO for buttons
 	gpio_mode_setup(GPIOC, GPIO_MODE_INPUT, GPIO_PUPD_PULLUP, GPIO2 | GPIO5);
@@ -69,6 +73,12 @@ void setup(void)
 
 void setupApp(void)
 {
+	// the static variables in random32 are separate between the bootloader and firmware.
+	// therefore, they need to be initialized here so that we can be sure to avoid dupes.
+	// this is to try to comply with STM32F205xx Reference manual - Section 20.3.1:
+	// "Each subsequent generated random number has to be compared with the previously generated
+	// number. The test fails if any two compared numbers are equal (continuous random number generator test)."
+	random32();
 	// hotfix for old bootloader
 	gpio_mode_setup(GPIOA, GPIO_MODE_INPUT, GPIO_PUPD_NONE, GPIO9);
 	spi_init_master(SPI1, SPI_CR1_BAUDRATE_FPCLK_DIV_8, SPI_CR1_CPOL_CLK_TO_0_WHEN_IDLE, SPI_CR1_CPHA_CLK_TRANSITION_1, SPI_CR1_DFF_8BIT, SPI_CR1_MSBFIRST);

vendor/libopencm3

@@ -1 +1 @@
-Subproject commit d3fff11c1f68b706591c0d51c82d18a0bc88dc17
+Subproject commit 383fafc862c0d47f30965f00409d03a328049278

vendor/trezor-common

@@ -1 +1 @@
-Subproject commit 9d2ab7318db08a47b35588b0593fb66129214f8d
+Subproject commit 80c7b666a204c74be1d1ed6b019d1fad2d2fe909

vendor/trezor-crypto

@@ -1 +1 @@
-Subproject commit b55473a01ecfd095d1f4bd068c8d3385b993b986
+Subproject commit df2524e35bc7d10129b965be017277ce46d2cae0

vendor/trezor-qrenc

@@ -1 +1 @@
-Subproject commit 566bcd028d51b615b6620bbb500e72041ae4c614
+Subproject commit 9344f23d869030fbe7261d3361862eaba12b9975