From 302f2589a0f5b6297a9e636881ab8936ec4a718f Mon Sep 17 00:00:00 2001 From: matejcik Date: Tue, 26 Feb 2019 14:06:56 +0100 Subject: [PATCH] firmware: fix digest for OneV1, disallow unsigned by default --- trezorlib/firmware.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/trezorlib/firmware.py b/trezorlib/firmware.py index a99a6c36e..9e7bb21ee 100644 --- a/trezorlib/firmware.py +++ b/trezorlib/firmware.py @@ -339,7 +339,7 @@ def validate_onev1(fw: FirmwareType, allow_unsigned: bool = False) -> None: validate_onev2(fw.embedded_onev2, allow_unsigned) -def validate_v2(fw: FirmwareType, skip_vendor_header=False) -> None: +def validate_v2(fw: FirmwareType, skip_vendor_header: bool = False) -> None: vendor_fingerprint = _header_digest(fw.vendor_header, VendorHeader) fingerprint = digest_v2(fw) @@ -383,10 +383,7 @@ def validate_v2(fw: FirmwareType, skip_vendor_header=False) -> None: def digest(version: FirmwareFormat, fw: FirmwareType) -> bytes: if version == FirmwareFormat.TREZOR_ONE: - if fw.embedded_onev2: - return digest_onev2(fw.embedded_onev2) - else: - return digest_onev1(fw) + return digest_onev1(fw) elif version == FirmwareFormat.TREZOR_ONE_V2: return digest_onev2(fw) elif version == FirmwareFormat.TREZOR_T: @@ -396,7 +393,7 @@ def digest(version: FirmwareFormat, fw: FirmwareType) -> bytes: def validate( - version: FirmwareFormat, fw: FirmwareType, allow_unsigned: bool = True + version: FirmwareFormat, fw: FirmwareType, allow_unsigned: bool = False ) -> None: if version == FirmwareFormat.TREZOR_ONE: return validate_onev1(fw, allow_unsigned)