diff --git a/core/embed/models/D001/vendorheader/vendor_dev_DO_NOT_SIGN.json b/core/embed/models/D001/vendorheader/vendor_dev_DO_NOT_SIGN.json index cb4c1f60e4..3150544948 100644 --- a/core/embed/models/D001/vendorheader/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/models/D001/vendorheader/vendor_dev_DO_NOT_SIGN.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, diff --git a/core/embed/models/D001/vendorheader/vendor_prodtest_DO_NOT_SIGN.json b/core/embed/models/D001/vendorheader/vendor_prodtest_DO_NOT_SIGN.json index 765a6e4407..9128f05466 100644 --- a/core/embed/models/D001/vendorheader/vendor_prodtest_DO_NOT_SIGN.json +++ b/core/embed/models/D001/vendorheader/vendor_prodtest_DO_NOT_SIGN.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, diff --git a/core/embed/models/D001/vendorheader/vendor_unsafe.json b/core/embed/models/D001/vendorheader/vendor_unsafe.json index d0f1a3a470..10df761ec5 100644 --- a/core/embed/models/D001/vendorheader/vendor_unsafe.json +++ b/core/embed/models/D001/vendorheader/vendor_unsafe.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, diff --git a/core/embed/models/D002/vendorheader/vendor_dev_DO_NOT_SIGN.json b/core/embed/models/D002/vendorheader/vendor_dev_DO_NOT_SIGN.json index 1631002280..c1c8b3929c 100644 --- a/core/embed/models/D002/vendorheader/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/models/D002/vendorheader/vendor_dev_DO_NOT_SIGN.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "limit_runtime": false, "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, diff --git a/core/embed/models/D002/vendorheader/vendor_prodtest_DO_NOT_SIGN.json b/core/embed/models/D002/vendorheader/vendor_prodtest_DO_NOT_SIGN.json index e093d47b82..1f81e046ae 100644 --- a/core/embed/models/D002/vendorheader/vendor_prodtest_DO_NOT_SIGN.json +++ b/core/embed/models/D002/vendorheader/vendor_prodtest_DO_NOT_SIGN.json @@ -6,6 +6,7 @@ "version": [0, 1], "sig_m": 2, "trust": { + "limit_runtime": false, "deny_provisioning_access": false, "allow_run_with_secret": false, "show_vendor_string": true, diff --git a/core/embed/models/D002/vendorheader/vendor_unsafe.json b/core/embed/models/D002/vendorheader/vendor_unsafe.json index e03e841f12..368ab5b01a 100644 --- a/core/embed/models/D002/vendorheader/vendor_unsafe.json +++ b/core/embed/models/D002/vendorheader/vendor_unsafe.json @@ -6,6 +6,7 @@ "version": [0, 1], "sig_m": 2, "trust": { + "limit_runtime": true, "deny_provisioning_access": true, "allow_run_with_secret": false, "show_vendor_string": true, diff --git a/core/embed/models/D002/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin b/core/embed/models/D002/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin index dae088f70e..04ae5e118a 100644 Binary files a/core/embed/models/D002/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin and b/core/embed/models/D002/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin differ diff --git a/core/embed/models/D002/vendorheader/vendorheader_dev_DO_NOT_SIGN_unsigned.bin b/core/embed/models/D002/vendorheader/vendorheader_dev_DO_NOT_SIGN_unsigned.bin index a12bc36fbf..e6c4abcfb6 100644 Binary files a/core/embed/models/D002/vendorheader/vendorheader_dev_DO_NOT_SIGN_unsigned.bin and b/core/embed/models/D002/vendorheader/vendorheader_dev_DO_NOT_SIGN_unsigned.bin differ diff --git a/core/embed/models/D002/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_signed_dev.bin b/core/embed/models/D002/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_signed_dev.bin index 64d5c4f23d..12b034e4f9 100644 Binary files a/core/embed/models/D002/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_signed_dev.bin and b/core/embed/models/D002/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_signed_dev.bin differ diff --git a/core/embed/models/D002/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_unsigned.bin b/core/embed/models/D002/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_unsigned.bin index 244edfa9be..d2040130a0 100644 Binary files a/core/embed/models/D002/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_unsigned.bin and b/core/embed/models/D002/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_unsigned.bin differ diff --git a/core/embed/models/T2B1/vendorheader/vendor_dev_DO_NOT_SIGN.json b/core/embed/models/T2B1/vendorheader/vendor_dev_DO_NOT_SIGN.json index cd049ac74c..82766275d1 100644 --- a/core/embed/models/T2B1/vendorheader/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/models/T2B1/vendorheader/vendor_dev_DO_NOT_SIGN.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": true, diff --git a/core/embed/models/T2B1/vendorheader/vendor_prodtest.json b/core/embed/models/T2B1/vendorheader/vendor_prodtest.json index 4cdb215b5e..edebd3708a 100644 --- a/core/embed/models/T2B1/vendorheader/vendor_prodtest.json +++ b/core/embed/models/T2B1/vendorheader/vendor_prodtest.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": true, diff --git a/core/embed/models/T2B1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json b/core/embed/models/T2B1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json index 7abb9fd129..6e6acb01ec 100644 --- a/core/embed/models/T2B1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json +++ b/core/embed/models/T2B1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": true, diff --git a/core/embed/models/T2B1/vendorheader/vendor_trezor.json b/core/embed/models/T2B1/vendorheader/vendor_trezor.json index 9c29d12f05..e6dd8eaf84 100644 --- a/core/embed/models/T2B1/vendorheader/vendor_trezor.json +++ b/core/embed/models/T2B1/vendorheader/vendor_trezor.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": true, diff --git a/core/embed/models/T2B1/vendorheader/vendor_trezor_btconly.json b/core/embed/models/T2B1/vendorheader/vendor_trezor_btconly.json index 58525c552c..1beadf80aa 100644 --- a/core/embed/models/T2B1/vendorheader/vendor_trezor_btconly.json +++ b/core/embed/models/T2B1/vendorheader/vendor_trezor_btconly.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": true, diff --git a/core/embed/models/T2B1/vendorheader/vendor_unsafe.json b/core/embed/models/T2B1/vendorheader/vendor_unsafe.json index 3b1df91541..0a5a2c7cbd 100644 --- a/core/embed/models/T2B1/vendorheader/vendor_unsafe.json +++ b/core/embed/models/T2B1/vendorheader/vendor_unsafe.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, diff --git a/core/embed/models/T2T1/vendorheader/vendor_dev_DO_NOT_SIGN.json b/core/embed/models/T2T1/vendorheader/vendor_dev_DO_NOT_SIGN.json index 828cef56cc..d9462a4d5a 100644 --- a/core/embed/models/T2T1/vendorheader/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/models/T2T1/vendorheader/vendor_dev_DO_NOT_SIGN.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, diff --git a/core/embed/models/T2T1/vendorheader/vendor_prodtest.json b/core/embed/models/T2T1/vendorheader/vendor_prodtest.json index 0c30bce99c..2c4e3472e0 100644 --- a/core/embed/models/T2T1/vendorheader/vendor_prodtest.json +++ b/core/embed/models/T2T1/vendorheader/vendor_prodtest.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, diff --git a/core/embed/models/T2T1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json b/core/embed/models/T2T1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json index ea16bc42c1..c52e40eee4 100644 --- a/core/embed/models/T2T1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json +++ b/core/embed/models/T2T1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, diff --git a/core/embed/models/T2T1/vendorheader/vendor_satoshilabs.json b/core/embed/models/T2T1/vendorheader/vendor_satoshilabs.json index 6363c74622..d4c3a9cf0c 100644 --- a/core/embed/models/T2T1/vendorheader/vendor_satoshilabs.json +++ b/core/embed/models/T2T1/vendorheader/vendor_satoshilabs.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, diff --git a/core/embed/models/T2T1/vendorheader/vendor_unsafe.json b/core/embed/models/T2T1/vendorheader/vendor_unsafe.json index 1b44636efa..27b47a5cf7 100644 --- a/core/embed/models/T2T1/vendorheader/vendor_unsafe.json +++ b/core/embed/models/T2T1/vendorheader/vendor_unsafe.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "limit_runtime": false, "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, diff --git a/core/embed/models/T3W1/secmon/secmon_DEV.bin b/core/embed/models/T3W1/secmon/secmon_DEV.bin index 79a8a74ab0..1c92637c09 100755 Binary files a/core/embed/models/T3W1/secmon/secmon_DEV.bin and b/core/embed/models/T3W1/secmon/secmon_DEV.bin differ diff --git a/core/embed/models/T3W1/vendorheader/vendor_dev_DO_NOT_SIGN.json b/core/embed/models/T3W1/vendorheader/vendor_dev_DO_NOT_SIGN.json index c96a77a2b1..d6dec11ecc 100644 --- a/core/embed/models/T3W1/vendorheader/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/models/T3W1/vendorheader/vendor_dev_DO_NOT_SIGN.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "limit_runtime": false, "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, diff --git a/core/embed/models/T3W1/vendorheader/vendor_prodtest.json b/core/embed/models/T3W1/vendorheader/vendor_prodtest.json index c3d5145cab..54b3b4fa59 100644 --- a/core/embed/models/T3W1/vendorheader/vendor_prodtest.json +++ b/core/embed/models/T3W1/vendorheader/vendor_prodtest.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "limit_runtime": false, "deny_provisioning_access": false, "allow_run_with_secret": true, "show_vendor_string": false, diff --git a/core/embed/models/T3W1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json b/core/embed/models/T3W1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json index 3663e972d0..3e52b668e8 100644 --- a/core/embed/models/T3W1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json +++ b/core/embed/models/T3W1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "limit_runtime": false, "deny_provisioning_access": false, "allow_run_with_secret": true, "show_vendor_string": false, diff --git a/core/embed/models/T3W1/vendorheader/vendor_trezor.json b/core/embed/models/T3W1/vendorheader/vendor_trezor.json index 2e6825d082..85b26419c4 100644 --- a/core/embed/models/T3W1/vendorheader/vendor_trezor.json +++ b/core/embed/models/T3W1/vendorheader/vendor_trezor.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "limit_runtime": false, "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, diff --git a/core/embed/models/T3W1/vendorheader/vendor_trezor_btconly.json b/core/embed/models/T3W1/vendorheader/vendor_trezor_btconly.json index 57e87da2c7..4f7f84c384 100644 --- a/core/embed/models/T3W1/vendorheader/vendor_trezor_btconly.json +++ b/core/embed/models/T3W1/vendorheader/vendor_trezor_btconly.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "limit_runtime": false, "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, diff --git a/core/embed/models/T3W1/vendorheader/vendor_unsafe.json b/core/embed/models/T3W1/vendorheader/vendor_unsafe.json index fa52250689..1db42051bf 100644 --- a/core/embed/models/T3W1/vendorheader/vendor_unsafe.json +++ b/core/embed/models/T3W1/vendorheader/vendor_unsafe.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "limit_runtime": true, "deny_provisioning_access": true, "allow_run_with_secret": false, "show_vendor_string": true, diff --git a/core/embed/models/T3W1/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin b/core/embed/models/T3W1/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin index ec5a5b0a8d..f35b7d777f 100644 Binary files a/core/embed/models/T3W1/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin and b/core/embed/models/T3W1/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin differ diff --git a/core/embed/models/T3W1/vendorheader/vendorheader_dev_DO_NOT_SIGN_unsigned.bin b/core/embed/models/T3W1/vendorheader/vendorheader_dev_DO_NOT_SIGN_unsigned.bin index c226838bb3..940e1845e0 100644 Binary files a/core/embed/models/T3W1/vendorheader/vendorheader_dev_DO_NOT_SIGN_unsigned.bin and b/core/embed/models/T3W1/vendorheader/vendorheader_dev_DO_NOT_SIGN_unsigned.bin differ diff --git a/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_signed_dev.bin b/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_signed_dev.bin index 70f6de914a..bba12bf4ec 100644 Binary files a/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_signed_dev.bin and b/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_signed_dev.bin differ diff --git a/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_unsigned.bin b/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_unsigned.bin index 4b0945a5b8..8ec79c9d09 100644 Binary files a/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_unsigned.bin and b/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_unsigned.bin differ diff --git a/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_unsigned.bin b/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_unsigned.bin index 9cb2e0d7ef..4ce5418cdf 100644 Binary files a/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_unsigned.bin and b/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_unsigned.bin differ diff --git a/core/embed/models/T3W1/vendorheader/vendorheader_trezor_btconly_unsigned.bin b/core/embed/models/T3W1/vendorheader/vendorheader_trezor_btconly_unsigned.bin index 7ca9e32561..813def8bc5 100644 Binary files a/core/embed/models/T3W1/vendorheader/vendorheader_trezor_btconly_unsigned.bin and b/core/embed/models/T3W1/vendorheader/vendorheader_trezor_btconly_unsigned.bin differ diff --git a/core/embed/models/T3W1/vendorheader/vendorheader_trezor_unsigned.bin b/core/embed/models/T3W1/vendorheader/vendorheader_trezor_unsigned.bin index 0ee5922b8d..63bfbba6dd 100644 Binary files a/core/embed/models/T3W1/vendorheader/vendorheader_trezor_unsigned.bin and b/core/embed/models/T3W1/vendorheader/vendorheader_trezor_unsigned.bin differ diff --git a/core/embed/util/image/inc/util/image.h b/core/embed/util/image/inc/util/image.h index a95521f2c3..1a2be85d7b 100644 --- a/core/embed/util/image/inc/util/image.h +++ b/core/embed/util/image/inc/util/image.h @@ -89,6 +89,7 @@ typedef struct { (VTRUST_WAIT_MASK | VTRUST_NO_RED | VTRUST_NO_CLICK | VTRUST_NO_STRING) #define VTRUST_ALLOW_PROVISIONING 0x200 +#define VTRUST_ALLOW_UNLIMITED_RUN 0x400 typedef struct { uint32_t magic; diff --git a/python/src/trezorlib/firmware/vendor.py b/python/src/trezorlib/firmware/vendor.py index dd337c0063..4bc5f5acba 100644 --- a/python/src/trezorlib/firmware/vendor.py +++ b/python/src/trezorlib/firmware/vendor.py @@ -49,6 +49,7 @@ def _transform_vendor_trust(data: bytes) -> bytes: class VendorTrust(Struct): + limit_runtime: bool deny_provisioning_access: bool _dont_provide_secret: bool allow_run_with_secret: bool @@ -61,7 +62,8 @@ class VendorTrust(Struct): SUBCON = c.Transformed( c.BitStruct( - "_reserved" / c.Default(c.BitsInteger(6), 0b111111), + "_reserved" / c.Default(c.BitsInteger(5), 0b11111), + "limit_runtime" / c.Default(c.Flag, 1), "deny_provisioning_access" / c.Default(c.Flag, 1), "_dont_provide_secret" / c.Default(c.Flag, lambda this: not this.allow_run_with_secret),