arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-16 04:29:08 +00:00
Code Issues Releases Wiki Activity

firmware: fix digest for OneV1, disallow unsigned by default

Browse Source
This commit is contained in:
matejcik 2019-02-26 14:06:56 +01:00
parent cfb19dfb15
commit 302f2589a0
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
trezorlib/firmware.py
View File

@ -339,7 +339,7 @@ def validate_onev1(fw: FirmwareType, allow_unsigned: bool = False) -> None:
validate_onev2(fw.embedded_onev2, allow_unsigned) validate_onev2(fw.embedded_onev2, allow_unsigned)
def validate_v2(fw: FirmwareType, skip_vendor_header=False) -> None: def validate_v2(fw: FirmwareType, skip_vendor_header: bool = False) -> None:
vendor_fingerprint = _header_digest(fw.vendor_header, VendorHeader) vendor_fingerprint = _header_digest(fw.vendor_header, VendorHeader)
fingerprint = digest_v2(fw) fingerprint = digest_v2(fw)
@ -383,10 +383,7 @@ def validate_v2(fw: FirmwareType, skip_vendor_header=False) -> None:
def digest(version: FirmwareFormat, fw: FirmwareType) -> bytes: def digest(version: FirmwareFormat, fw: FirmwareType) -> bytes:
if version == FirmwareFormat.TREZOR_ONE: if version == FirmwareFormat.TREZOR_ONE:
if fw.embedded_onev2: return digest_onev1(fw)
return digest_onev2(fw.embedded_onev2)
else:
return digest_onev1(fw)
elif version == FirmwareFormat.TREZOR_ONE_V2: elif version == FirmwareFormat.TREZOR_ONE_V2:
return digest_onev2(fw) return digest_onev2(fw)
elif version == FirmwareFormat.TREZOR_T: elif version == FirmwareFormat.TREZOR_T:
@ -396,7 +393,7 @@ def digest(version: FirmwareFormat, fw: FirmwareType) -> bytes:
def validate( def validate(
version: FirmwareFormat, fw: FirmwareType, allow_unsigned: bool = True version: FirmwareFormat, fw: FirmwareType, allow_unsigned: bool = False
) -> None: ) -> None:
if version == FirmwareFormat.TREZOR_ONE: if version == FirmwareFormat.TREZOR_ONE:
return validate_onev1(fw, allow_unsigned) return validate_onev1(fw, allow_unsigned)