arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-19 21:08:07 +00:00
Code Issues Releases Wiki Activity

feat(core/prodtest): do not lock Optiga in non-production builds

Browse Source 
[no changelog]
This commit is contained in:
matejcik 2023-12-15 11:49:34 +01:00 committed by Andrew Kozlik
parent ed43a5bc5b
commit 45a973b8f9
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
core/embed/prodtest/optiga_prodtest.c
View File

@ -198,6 +198,13 @@ void pair_optiga(void) {
return; return;
} }
#if PRODUCTION
#define METADATA_SET_LOCKED(metadata) \
{ metadata.lcso = OPTIGA_META_LCS_OPERATIONAL; }
#else
#define METADATA_SET_LOCKED(metadata)
#endif
void optiga_lock(void) { void optiga_lock(void) {
if (!optiga_paired()) return; if (!optiga_paired()) return;
@ -215,7 +222,7 @@ void optiga_lock(void) {
// Set metadata for device certificate. // Set metadata for device certificate.
memzero(&metadata, sizeof(metadata)); memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_META_LCS_OPERATIONAL; METADATA_SET_LOCKED(metadata);
metadata.change = OPTIGA_META_ACCESS_NEVER; metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_META_ACCESS_ALWAYS; metadata.read = OPTIGA_META_ACCESS_ALWAYS;
metadata.execute = OPTIGA_META_ACCESS_ALWAYS; metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
@ -225,7 +232,7 @@ void optiga_lock(void) {
// Set metadata for FIDO attestation certificate. // Set metadata for FIDO attestation certificate.
memzero(&metadata, sizeof(metadata)); memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_META_LCS_OPERATIONAL; METADATA_SET_LOCKED(metadata);
metadata.change = OPTIGA_META_ACCESS_NEVER; metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_META_ACCESS_ALWAYS; metadata.read = OPTIGA_META_ACCESS_ALWAYS;
metadata.execute = OPTIGA_META_ACCESS_ALWAYS; metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
@ -235,7 +242,7 @@ void optiga_lock(void) {
// Set metadata for device private key. // Set metadata for device private key.
memzero(&metadata, sizeof(metadata)); memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_META_LCS_OPERATIONAL; METADATA_SET_LOCKED(metadata);
metadata.change = OPTIGA_META_ACCESS_NEVER; metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_META_ACCESS_NEVER; metadata.read = OPTIGA_META_ACCESS_NEVER;
metadata.execute = ACCESS_PAIRED; metadata.execute = ACCESS_PAIRED;
@ -246,7 +253,7 @@ void optiga_lock(void) {
// Set metadata for FIDO attestation private key. // Set metadata for FIDO attestation private key.
memzero(&metadata, sizeof(metadata)); memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_META_LCS_OPERATIONAL; METADATA_SET_LOCKED(metadata);
metadata.change = OPTIGA_META_ACCESS_NEVER; metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_META_ACCESS_NEVER; metadata.read = OPTIGA_META_ACCESS_NEVER;
metadata.execute = ACCESS_PAIRED; metadata.execute = ACCESS_PAIRED;
@ -257,7 +264,7 @@ void optiga_lock(void) {
// Set metadata for pairing key. // Set metadata for pairing key.
memzero(&metadata, sizeof(metadata)); memzero(&metadata, sizeof(metadata));
metadata.lcso = OPTIGA_META_LCS_OPERATIONAL; METADATA_SET_LOCKED(metadata);
metadata.change = OPTIGA_META_ACCESS_NEVER; metadata.change = OPTIGA_META_ACCESS_NEVER;
metadata.read = OPTIGA_META_ACCESS_NEVER; metadata.read = OPTIGA_META_ACCESS_NEVER;
metadata.execute = OPTIGA_META_ACCESS_ALWAYS; metadata.execute = OPTIGA_META_ACCESS_ALWAYS;