diff --git a/core/embed/models/D001/vendorheader/vendor_dev_DO_NOT_SIGN.json b/core/embed/models/D001/vendorheader/vendor_dev_DO_NOT_SIGN.json index 379c30a8d3..cb4c1f60e4 100644 --- a/core/embed/models/D001/vendorheader/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/models/D001/vendorheader/vendor_dev_DO_NOT_SIGN.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, "show_vendor_string": false, diff --git a/core/embed/models/D001/vendorheader/vendor_unsafe.json b/core/embed/models/D001/vendorheader/vendor_unsafe.json index c92f619947..d0f1a3a470 100644 --- a/core/embed/models/D001/vendorheader/vendor_unsafe.json +++ b/core/embed/models/D001/vendorheader/vendor_unsafe.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, "show_vendor_string": true, diff --git a/core/embed/models/D002/vendorheader/vendor_dev_DO_NOT_SIGN.json b/core/embed/models/D002/vendorheader/vendor_dev_DO_NOT_SIGN.json index d4483d0867..1631002280 100644 --- a/core/embed/models/D002/vendorheader/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/models/D002/vendorheader/vendor_dev_DO_NOT_SIGN.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/D002/vendorheader/vendor_unsafe.json b/core/embed/models/D002/vendorheader/vendor_unsafe.json index 500fcb84e2..e03e841f12 100644 --- a/core/embed/models/D002/vendorheader/vendor_unsafe.json +++ b/core/embed/models/D002/vendorheader/vendor_unsafe.json @@ -6,6 +6,7 @@ "version": [0, 1], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": false, "show_vendor_string": true, "require_user_click": true, diff --git a/core/embed/models/T2B1/vendorheader/vendor_dev_DO_NOT_SIGN.json b/core/embed/models/T2B1/vendorheader/vendor_dev_DO_NOT_SIGN.json index a8241cccef..cd049ac74c 100644 --- a/core/embed/models/T2B1/vendorheader/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/models/T2B1/vendorheader/vendor_dev_DO_NOT_SIGN.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": true, "show_vendor_string": false, diff --git a/core/embed/models/T2B1/vendorheader/vendor_prodtest.json b/core/embed/models/T2B1/vendorheader/vendor_prodtest.json index 5e7d392e5a..4cdb215b5e 100644 --- a/core/embed/models/T2B1/vendorheader/vendor_prodtest.json +++ b/core/embed/models/T2B1/vendorheader/vendor_prodtest.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": true, "show_vendor_string": false, diff --git a/core/embed/models/T2B1/vendorheader/vendor_trezor.json b/core/embed/models/T2B1/vendorheader/vendor_trezor.json index 307cfb8e98..9c29d12f05 100644 --- a/core/embed/models/T2B1/vendorheader/vendor_trezor.json +++ b/core/embed/models/T2B1/vendorheader/vendor_trezor.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": true, "show_vendor_string": false, diff --git a/core/embed/models/T2B1/vendorheader/vendor_trezor_btconly.json b/core/embed/models/T2B1/vendorheader/vendor_trezor_btconly.json index 958bc944f8..58525c552c 100644 --- a/core/embed/models/T2B1/vendorheader/vendor_trezor_btconly.json +++ b/core/embed/models/T2B1/vendorheader/vendor_trezor_btconly.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": true, "show_vendor_string": false, diff --git a/core/embed/models/T2B1/vendorheader/vendor_unsafe.json b/core/embed/models/T2B1/vendorheader/vendor_unsafe.json index 5e27e9ccd7..3b1df91541 100644 --- a/core/embed/models/T2B1/vendorheader/vendor_unsafe.json +++ b/core/embed/models/T2B1/vendorheader/vendor_unsafe.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, "show_vendor_string": true, diff --git a/core/embed/models/T2T1/vendorheader/vendor_dev_DO_NOT_SIGN.json b/core/embed/models/T2T1/vendorheader/vendor_dev_DO_NOT_SIGN.json index f20be5bf83..828cef56cc 100644 --- a/core/embed/models/T2T1/vendorheader/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/models/T2T1/vendorheader/vendor_dev_DO_NOT_SIGN.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, "show_vendor_string": false, diff --git a/core/embed/models/T2T1/vendorheader/vendor_prodtest.json b/core/embed/models/T2T1/vendorheader/vendor_prodtest.json index bc34f23f68..0c30bce99c 100644 --- a/core/embed/models/T2T1/vendorheader/vendor_prodtest.json +++ b/core/embed/models/T2T1/vendorheader/vendor_prodtest.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, "show_vendor_string": false, diff --git a/core/embed/models/T2T1/vendorheader/vendor_satoshilabs.json b/core/embed/models/T2T1/vendorheader/vendor_satoshilabs.json index b9d6339337..6363c74622 100644 --- a/core/embed/models/T2T1/vendorheader/vendor_satoshilabs.json +++ b/core/embed/models/T2T1/vendorheader/vendor_satoshilabs.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, "show_vendor_string": false, diff --git a/core/embed/models/T2T1/vendorheader/vendor_unsafe.json b/core/embed/models/T2T1/vendorheader/vendor_unsafe.json index 19eb2e6523..1b44636efa 100644 --- a/core/embed/models/T2T1/vendorheader/vendor_unsafe.json +++ b/core/embed/models/T2T1/vendorheader/vendor_unsafe.json @@ -7,6 +7,7 @@ "sig_m": 2, "trust": { "_reserved": 0, + "deny_provisioning_access": false, "_dont_provide_secret": false, "allow_run_with_secret": false, "show_vendor_string": true, diff --git a/core/embed/models/T3B1/vendorheader/vendor_dev_DO_NOT_SIGN.json b/core/embed/models/T3B1/vendorheader/vendor_dev_DO_NOT_SIGN.json index 7ded76ed4e..b84d72b788 100644 --- a/core/embed/models/T3B1/vendorheader/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/models/T3B1/vendorheader/vendor_dev_DO_NOT_SIGN.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/T3B1/vendorheader/vendor_prodtest.json b/core/embed/models/T3B1/vendorheader/vendor_prodtest.json index ad4be7ce06..e4a015cfd6 100644 --- a/core/embed/models/T3B1/vendorheader/vendor_prodtest.json +++ b/core/embed/models/T3B1/vendorheader/vendor_prodtest.json @@ -3,9 +3,10 @@ "text": "UNSAFE, FACTORY TEST ONLY", "hw_model": "T3B1", "expiry": 0, - "version": [0, 0], + "version": [0, 1], "sig_m": 2, "trust": { + "deny_provisioning_access": false, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/T3B1/vendorheader/vendor_trezor.json b/core/embed/models/T3B1/vendorheader/vendor_trezor.json index e9ce3cf43d..a9fc979ed6 100644 --- a/core/embed/models/T3B1/vendorheader/vendor_trezor.json +++ b/core/embed/models/T3B1/vendorheader/vendor_trezor.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/T3B1/vendorheader/vendor_trezor_btconly.json b/core/embed/models/T3B1/vendorheader/vendor_trezor_btconly.json index 35112ca2ce..16602b8b03 100644 --- a/core/embed/models/T3B1/vendorheader/vendor_trezor_btconly.json +++ b/core/embed/models/T3B1/vendorheader/vendor_trezor_btconly.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/T3B1/vendorheader/vendor_unsafe.json b/core/embed/models/T3B1/vendorheader/vendor_unsafe.json index 5ac4215741..9563cbed05 100644 --- a/core/embed/models/T3B1/vendorheader/vendor_unsafe.json +++ b/core/embed/models/T3B1/vendorheader/vendor_unsafe.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": false, "show_vendor_string": true, "require_user_click": true, diff --git a/core/embed/models/T3B1/vendorheader/vendorheader_prodtest_unsigned.bin b/core/embed/models/T3B1/vendorheader/vendorheader_prodtest_unsigned.bin index e5c243ab0f..a6df2b28b7 100644 Binary files a/core/embed/models/T3B1/vendorheader/vendorheader_prodtest_unsigned.bin and b/core/embed/models/T3B1/vendorheader/vendorheader_prodtest_unsigned.bin differ diff --git a/core/embed/models/T3T1/vendorheader/vendor_dev_DO_NOT_SIGN.json b/core/embed/models/T3T1/vendorheader/vendor_dev_DO_NOT_SIGN.json index d173b7637f..3ff2b93def 100644 --- a/core/embed/models/T3T1/vendorheader/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/models/T3T1/vendorheader/vendor_dev_DO_NOT_SIGN.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/T3T1/vendorheader/vendor_prodtest.json b/core/embed/models/T3T1/vendorheader/vendor_prodtest.json index 902d02da1f..1bbbfc7582 100644 --- a/core/embed/models/T3T1/vendorheader/vendor_prodtest.json +++ b/core/embed/models/T3T1/vendorheader/vendor_prodtest.json @@ -3,9 +3,10 @@ "text": "UNSAFE, FACTORY TEST ONLY", "hw_model": "T3T1", "expiry": 0, - "version": [0, 0], + "version": [0, 1], "sig_m": 2, "trust": { + "deny_provisioning_access": false, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/T3T1/vendorheader/vendor_trezor.json b/core/embed/models/T3T1/vendorheader/vendor_trezor.json index 72d6398f97..044a4b4418 100644 --- a/core/embed/models/T3T1/vendorheader/vendor_trezor.json +++ b/core/embed/models/T3T1/vendorheader/vendor_trezor.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/T3T1/vendorheader/vendor_trezor_btconly.json b/core/embed/models/T3T1/vendorheader/vendor_trezor_btconly.json index 4b610ea9fc..139d151da4 100644 --- a/core/embed/models/T3T1/vendorheader/vendor_trezor_btconly.json +++ b/core/embed/models/T3T1/vendorheader/vendor_trezor_btconly.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/T3T1/vendorheader/vendor_unsafe.json b/core/embed/models/T3T1/vendorheader/vendor_unsafe.json index 6d1987da0f..025a668d25 100644 --- a/core/embed/models/T3T1/vendorheader/vendor_unsafe.json +++ b/core/embed/models/T3T1/vendorheader/vendor_unsafe.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": false, "show_vendor_string": true, "require_user_click": true, diff --git a/core/embed/models/T3T1/vendorheader/vendorheader_prodtest_unsigned.bin b/core/embed/models/T3T1/vendorheader/vendorheader_prodtest_unsigned.bin index 557b001f13..15dc7e766e 100644 Binary files a/core/embed/models/T3T1/vendorheader/vendorheader_prodtest_unsigned.bin and b/core/embed/models/T3T1/vendorheader/vendorheader_prodtest_unsigned.bin differ diff --git a/core/embed/models/T3W1/vendorheader/vendor_dev_DO_NOT_SIGN.json b/core/embed/models/T3W1/vendorheader/vendor_dev_DO_NOT_SIGN.json index c88c58a88b..c96a77a2b1 100644 --- a/core/embed/models/T3W1/vendorheader/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/models/T3W1/vendorheader/vendor_dev_DO_NOT_SIGN.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/T3W1/vendorheader/vendor_prodtest.json b/core/embed/models/T3W1/vendorheader/vendor_prodtest.json index 2e23951dc7..c3d5145cab 100644 --- a/core/embed/models/T3W1/vendorheader/vendor_prodtest.json +++ b/core/embed/models/T3W1/vendorheader/vendor_prodtest.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": false, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/T3W1/vendorheader/vendor_trezor.json b/core/embed/models/T3W1/vendorheader/vendor_trezor.json index 7e5e4de1e8..2e6825d082 100644 --- a/core/embed/models/T3W1/vendorheader/vendor_trezor.json +++ b/core/embed/models/T3W1/vendorheader/vendor_trezor.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/T3W1/vendorheader/vendor_trezor_btconly.json b/core/embed/models/T3W1/vendorheader/vendor_trezor_btconly.json index 39e33087fe..57e87da2c7 100644 --- a/core/embed/models/T3W1/vendorheader/vendor_trezor_btconly.json +++ b/core/embed/models/T3W1/vendorheader/vendor_trezor_btconly.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, diff --git a/core/embed/models/T3W1/vendorheader/vendor_unsafe.json b/core/embed/models/T3W1/vendorheader/vendor_unsafe.json index 1881294d93..fa52250689 100644 --- a/core/embed/models/T3W1/vendorheader/vendor_unsafe.json +++ b/core/embed/models/T3W1/vendorheader/vendor_unsafe.json @@ -6,6 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { + "deny_provisioning_access": true, "allow_run_with_secret": false, "show_vendor_string": true, "require_user_click": true, diff --git a/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_unsigned.bin b/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_unsigned.bin index a5714a79a8..9cb2e0d7ef 100644 Binary files a/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_unsigned.bin and b/core/embed/models/T3W1/vendorheader/vendorheader_prodtest_unsigned.bin differ