arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-07-29 18:08:19 +00:00
Code Issues Releases Wiki Activity

feat(core): add allow unlimited run vendorheader flag

Browse Source 
[no changelog]
This commit is contained in:
tychovrahe 2025-07-01 22:08:38 +02:00 committed by TychoVrahe
parent f898dc1232
commit 3b9be7baec
37 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/embed/models/D001/vendorheader/vendor_dev_DO_NOT_SIGN.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": false, "allow_run_with_secret": false,

1
core/embed/models/D001/vendorheader/vendor_prodtest_DO_NOT_SIGN.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": false, "allow_run_with_secret": false,

1
core/embed/models/D001/vendorheader/vendor_unsafe.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": false, "allow_run_with_secret": false,

1
core/embed/models/D002/vendorheader/vendor_dev_DO_NOT_SIGN.json
View File

@ -6,6 +6,7 @@
"version": [0, 0], "version": [0, 0],
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"limit_runtime": false,
"deny_provisioning_access": true, "deny_provisioning_access": true,
"allow_run_with_secret": true, "allow_run_with_secret": true,
"show_vendor_string": false, "show_vendor_string": false,

1
core/embed/models/D002/vendorheader/vendor_prodtest_DO_NOT_SIGN.json
View File

@ -6,6 +6,7 @@
"version": [0, 1], "version": [0, 1],
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"allow_run_with_secret": false, "allow_run_with_secret": false,
"show_vendor_string": true, "show_vendor_string": true,

1
core/embed/models/D002/vendorheader/vendor_unsafe.json
View File

@ -6,6 +6,7 @@
"version": [0, 1], "version": [0, 1],
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"limit_runtime": true,
"deny_provisioning_access": true, "deny_provisioning_access": true,
"allow_run_with_secret": false, "allow_run_with_secret": false,
"show_vendor_string": true, "show_vendor_string": true,

BIN
core/embed/models/D002/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin
View File

Binary file not shown.

BIN
core/embed/models/D002/vendorheader/vendorheader_dev_DO_NOT_SIGN_unsigned.bin
View File

Binary file not shown.

BIN
core/embed/models/D002/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_signed_dev.bin
View File

Binary file not shown.

BIN
core/embed/models/D002/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_unsigned.bin
View File

Binary file not shown.

1
core/embed/models/T2B1/vendorheader/vendor_dev_DO_NOT_SIGN.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": true, "allow_run_with_secret": true,

1
core/embed/models/T2B1/vendorheader/vendor_prodtest.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": true, "allow_run_with_secret": true,

1
core/embed/models/T2B1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": true, "allow_run_with_secret": true,

1
core/embed/models/T2B1/vendorheader/vendor_trezor.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": true, "allow_run_with_secret": true,

1
core/embed/models/T2B1/vendorheader/vendor_trezor_btconly.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": true, "allow_run_with_secret": true,

1
core/embed/models/T2B1/vendorheader/vendor_unsafe.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": false, "allow_run_with_secret": false,

1
core/embed/models/T2T1/vendorheader/vendor_dev_DO_NOT_SIGN.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": false, "allow_run_with_secret": false,

1
core/embed/models/T2T1/vendorheader/vendor_prodtest.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": false, "allow_run_with_secret": false,

1
core/embed/models/T2T1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": false, "allow_run_with_secret": false,

1
core/embed/models/T2T1/vendorheader/vendor_satoshilabs.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": false, "allow_run_with_secret": false,

1
core/embed/models/T2T1/vendorheader/vendor_unsafe.json
View File

@ -7,6 +7,7 @@
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"_reserved": 0, "_reserved": 0,
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"_dont_provide_secret": false, "_dont_provide_secret": false,
"allow_run_with_secret": false, "allow_run_with_secret": false,

BIN
core/embed/models/T3W1/secmon/secmon_DEV.bin
View File

Binary file not shown.

1
core/embed/models/T3W1/vendorheader/vendor_dev_DO_NOT_SIGN.json
View File

@ -6,6 +6,7 @@
"version": [0, 0], "version": [0, 0],
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"limit_runtime": false,
"deny_provisioning_access": true, "deny_provisioning_access": true,
"allow_run_with_secret": true, "allow_run_with_secret": true,
"show_vendor_string": false, "show_vendor_string": false,

1
core/embed/models/T3W1/vendorheader/vendor_prodtest.json
View File

@ -6,6 +6,7 @@
"version": [0, 0], "version": [0, 0],
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"allow_run_with_secret": true, "allow_run_with_secret": true,
"show_vendor_string": false, "show_vendor_string": false,

1
core/embed/models/T3W1/vendorheader/vendor_prodtest_DO_NOT_SIGN.json
View File

@ -6,6 +6,7 @@
"version": [0, 0], "version": [0, 0],
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"limit_runtime": false,
"deny_provisioning_access": false, "deny_provisioning_access": false,
"allow_run_with_secret": true, "allow_run_with_secret": true,
"show_vendor_string": false, "show_vendor_string": false,

1
core/embed/models/T3W1/vendorheader/vendor_trezor.json
View File

@ -6,6 +6,7 @@
"version": [0, 0], "version": [0, 0],
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"limit_runtime": false,
"deny_provisioning_access": true, "deny_provisioning_access": true,
"allow_run_with_secret": true, "allow_run_with_secret": true,
"show_vendor_string": false, "show_vendor_string": false,

1
core/embed/models/T3W1/vendorheader/vendor_trezor_btconly.json
View File

@ -6,6 +6,7 @@
"version": [0, 0], "version": [0, 0],
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"limit_runtime": false,
"deny_provisioning_access": true, "deny_provisioning_access": true,
"allow_run_with_secret": true, "allow_run_with_secret": true,
"show_vendor_string": false, "show_vendor_string": false,

1
core/embed/models/T3W1/vendorheader/vendor_unsafe.json
View File

@ -6,6 +6,7 @@
"version": [0, 0], "version": [0, 0],
"sig_m": 2, "sig_m": 2,
"trust": { "trust": {
"limit_runtime": true,
"deny_provisioning_access": true, "deny_provisioning_access": true,
"allow_run_with_secret": false, "allow_run_with_secret": false,
"show_vendor_string": true, "show_vendor_string": true,

BIN
core/embed/models/T3W1/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin
View File

Binary file not shown.

BIN
core/embed/models/T3W1/vendorheader/vendorheader_dev_DO_NOT_SIGN_unsigned.bin
View File

Binary file not shown.

BIN
core/embed/models/T3W1/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_signed_dev.bin
View File

Binary file not shown.

BIN
core/embed/models/T3W1/vendorheader/vendorheader_prodtest_DO_NOT_SIGN_unsigned.bin
View File

Binary file not shown.

BIN
core/embed/models/T3W1/vendorheader/vendorheader_prodtest_unsigned.bin
View File

Binary file not shown.

BIN
core/embed/models/T3W1/vendorheader/vendorheader_trezor_btconly_unsigned.bin
View File

Binary file not shown.

BIN
core/embed/models/T3W1/vendorheader/vendorheader_trezor_unsigned.bin
View File

Binary file not shown.

1
core/embed/util/image/inc/util/image.h
View File

@ -89,6 +89,7 @@ typedef struct {
(VTRUST_WAIT_MASK | VTRUST_NO_RED | VTRUST_NO_CLICK | VTRUST_NO_STRING) (VTRUST_WAIT_MASK | VTRUST_NO_RED | VTRUST_NO_CLICK | VTRUST_NO_STRING)
#define VTRUST_ALLOW_PROVISIONING 0x200 #define VTRUST_ALLOW_PROVISIONING 0x200
#define VTRUST_ALLOW_UNLIMITED_RUN 0x400
typedef struct { typedef struct {
uint32_t magic; uint32_t magic;

4
python/src/trezorlib/firmware/vendor.py
View File

@ -49,6 +49,7 @@ def _transform_vendor_trust(data: bytes) -> bytes:
class VendorTrust(Struct): class VendorTrust(Struct):
limit_runtime: bool
deny_provisioning_access: bool deny_provisioning_access: bool
_dont_provide_secret: bool _dont_provide_secret: bool
allow_run_with_secret: bool allow_run_with_secret: bool
@ -61,7 +62,8 @@ class VendorTrust(Struct):
SUBCON = c.Transformed( SUBCON = c.Transformed(
c.BitStruct( c.BitStruct(
"_reserved" / c.Default(c.BitsInteger(6), 0b111111), "_reserved" / c.Default(c.BitsInteger(5), 0b11111),
"limit_runtime" / c.Default(c.Flag, 1),
"deny_provisioning_access" / c.Default(c.Flag, 1), "deny_provisioning_access" / c.Default(c.Flag, 1),
"_dont_provide_secret" "_dont_provide_secret"
/ c.Default(c.Flag, lambda this: not this.allow_run_with_secret), / c.Default(c.Flag, lambda this: not this.allow_run_with_secret),