feat(core): add allow unlimited run vendorheader flag

[no changelog]

core/embed/models/D001/vendorheader/vendor_dev_DO_NOT_SIGN.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": false,

core/embed/models/D001/vendorheader/vendor_prodtest_DO_NOT_SIGN.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": false,

core/embed/models/D001/vendorheader/vendor_unsafe.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": false,

core/embed/models/D002/vendorheader/vendor_dev_DO_NOT_SIGN.json

@@ -6,6 +6,7 @@
     "version": [0, 0],
     "sig_m": 2,
     "trust": {
+        "limit_runtime": false,
         "deny_provisioning_access": true,
         "allow_run_with_secret": true,
         "show_vendor_string": false,

core/embed/models/D002/vendorheader/vendor_prodtest_DO_NOT_SIGN.json

@@ -6,6 +6,7 @@
     "version": [0, 1],
     "sig_m": 2,
     "trust": {
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "allow_run_with_secret": false,
         "show_vendor_string": true,

core/embed/models/D002/vendorheader/vendor_unsafe.json

@@ -6,6 +6,7 @@
     "version": [0, 1],
     "sig_m": 2,
     "trust": {
+        "limit_runtime": true,
         "deny_provisioning_access": true,
         "allow_run_with_secret": false,
         "show_vendor_string": true,

core/embed/models/T2B1/vendorheader/vendor_dev_DO_NOT_SIGN.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": true,

core/embed/models/T2B1/vendorheader/vendor_prodtest.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": true,

core/embed/models/T2B1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": true,

core/embed/models/T2B1/vendorheader/vendor_trezor.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": true,

core/embed/models/T2B1/vendorheader/vendor_trezor_btconly.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": true,

core/embed/models/T2B1/vendorheader/vendor_unsafe.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": false,

core/embed/models/T2T1/vendorheader/vendor_dev_DO_NOT_SIGN.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": false,

core/embed/models/T2T1/vendorheader/vendor_prodtest.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": false,

core/embed/models/T2T1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": false,

core/embed/models/T2T1/vendorheader/vendor_satoshilabs.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": false,

core/embed/models/T2T1/vendorheader/vendor_unsafe.json

@@ -7,6 +7,7 @@
     "sig_m": 2,
     "trust": {
         "_reserved": 0,
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "_dont_provide_secret": false,
         "allow_run_with_secret": false,

core/embed/models/T3W1/vendorheader/vendor_dev_DO_NOT_SIGN.json

@@ -6,6 +6,7 @@
     "version": [0, 0],
     "sig_m": 2,
     "trust": {
+        "limit_runtime": false,
         "deny_provisioning_access": true,
         "allow_run_with_secret": true,
         "show_vendor_string": false,

core/embed/models/T3W1/vendorheader/vendor_prodtest.json

@@ -6,6 +6,7 @@
     "version": [0, 0],
     "sig_m": 2,
     "trust": {
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "allow_run_with_secret": true,
         "show_vendor_string": false,

core/embed/models/T3W1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json

@@ -6,6 +6,7 @@
     "version": [0, 0],
     "sig_m": 2,
     "trust": {
+        "limit_runtime": false,
         "deny_provisioning_access": false,
         "allow_run_with_secret": true,
         "show_vendor_string": false,

core/embed/models/T3W1/vendorheader/vendor_trezor.json

@@ -6,6 +6,7 @@
     "version": [0, 0],
     "sig_m": 2,
     "trust": {
+        "limit_runtime": false,
         "deny_provisioning_access": true,
         "allow_run_with_secret": true,
         "show_vendor_string": false,

core/embed/models/T3W1/vendorheader/vendor_trezor_btconly.json

@@ -6,6 +6,7 @@
     "version": [0, 0],
     "sig_m": 2,
     "trust": {
+        "limit_runtime": false,
         "deny_provisioning_access": true,
         "allow_run_with_secret": true,
         "show_vendor_string": false,

core/embed/models/T3W1/vendorheader/vendor_unsafe.json

@@ -6,6 +6,7 @@
     "version": [0, 0],
     "sig_m": 2,
     "trust": {
+        "limit_runtime": true,
         "deny_provisioning_access": true,
         "allow_run_with_secret": false,
         "show_vendor_string": true,

core/embed/util/image/inc/util/image.h

@@ -89,6 +89,7 @@ typedef struct {
   (VTRUST_WAIT_MASK | VTRUST_NO_RED | VTRUST_NO_CLICK | VTRUST_NO_STRING)
 
 #define VTRUST_ALLOW_PROVISIONING 0x200
+#define VTRUST_ALLOW_UNLIMITED_RUN 0x400
 
 typedef struct {
   uint32_t magic;

python/src/trezorlib/firmware/vendor.py

@@ -49,6 +49,7 @@ def _transform_vendor_trust(data: bytes) -> bytes:
 
 
 class VendorTrust(Struct):
+    limit_runtime: bool
     deny_provisioning_access: bool
     _dont_provide_secret: bool
     allow_run_with_secret: bool
@@ -61,7 +62,8 @@ class VendorTrust(Struct):
 
     SUBCON = c.Transformed(
         c.BitStruct(
-            "_reserved" / c.Default(c.BitsInteger(6), 0b111111),
+            "_reserved" / c.Default(c.BitsInteger(5), 0b11111),
+            "limit_runtime" / c.Default(c.Flag, 1),
             "deny_provisioning_access" / c.Default(c.Flag, 1),
             "_dont_provide_secret"
             / c.Default(c.Flag, lambda this: not this.allow_run_with_secret),