feat(core/headertool): detect devel signatures for more objects (fixes #2616)

[no changelog]
2025-07-23 23:18:16 +00:00 · 2022-12-15 14:36:04 +01:00 · 2022-12-15 14:36:04 +01:00 · 5a237d6a94
commit 5a237d6a94
parent 8921a124c3
3 changed files with 42 additions and 17 deletions
--- a/python/src/trezorlib/_internal/firmware_headers.py
+++ b/python/src/trezorlib/_internal/firmware_headers.py
@ -53,12 +53,18 @@ def all_zero(data: bytes) -> bool:
    return all(b == 0 for b in data)
-def _check_signature_any(fw: "SignableImageProto", is_devel: bool) -> Status:
+def _check_signature_any(fw: "SignableImageProto", is_devel: bool = False) -> Status:
    if not fw.signature_present():
        return Status.MISSING
    try:
        fw.verify()
        return Status.VALID if not is_devel else Status.DEVEL
    except Exception:
        pass
    try:
        fw.verify(public_keys=fw.public_keys(dev_keys=True))
        return Status.DEVEL
    except Exception:
        return Status.INVALID
@ -189,7 +195,7 @@ class SignableImageProto(Protocol):
    def digest(self) -> bytes:
        ...
-    def verify(self) -> None:
+    def verify(self, public_keys: t.Sequence[bytes] = ...) -> None:
        ...
    def build(self) -> bytes:
@ -201,7 +207,7 @@ class SignableImageProto(Protocol):
    def signature_present(self) -> bool:
        ...
-    def public_keys(self) -> t.Sequence[bytes]:
+    def public_keys(self, dev_keys: bool = False) -> t.Sequence[bytes]:
        ...
@ -267,7 +273,7 @@ class VendorHeader(firmware.VendorHeader, CosiSignedMixin):
        if not terse:
            output.append(f"Fingerprint: {click.style(self.digest().hex(), bold=True)}")
-        sig_status = _check_signature_any(self, is_devel=False)
+        sig_status = _check_signature_any(self)
        sym = SYM_OK if sig_status.is_ok() else SYM_FAIL
        output.append(f"{sym} Signature is {sig_status.value}")
@ -276,8 +282,11 @@ class VendorHeader(firmware.VendorHeader, CosiSignedMixin):
    def format(self, verbose: bool = False) -> str:
        return self._format(terse=False)
-    def public_keys(self) -> t.Sequence[bytes]:
+    def public_keys(self, dev_keys: bool = False) -> t.Sequence[bytes]:
-        return firmware.V2_BOOTLOADER_KEYS
+        if not dev_keys:
            return firmware.V2_BOOTLOADER_KEYS
        else:
            return firmware.V2_BOOTLOADER_DEV_KEYS
 class VendorFirmware(firmware.VendorFirmware, CosiSignedMixin):
@ -305,7 +314,7 @@ class VendorFirmware(firmware.VendorFirmware, CosiSignedMixin):
            )
        )
-    def public_keys(self) -> t.Sequence[bytes]:
+    def public_keys(self, dev_keys: bool = False) -> t.Sequence[bytes]:
        return self.vendor_header.pubkeys
@ -321,24 +330,29 @@ class BootloaderImage(firmware.FirmwareImage, CosiSignedMixin):
            self.header,
            self.code_hashes(),
            self.digest(),
-            _check_signature_any(self, False),
+            _check_signature_any(self),
        )
-    def verify(self) -> None:
+    def verify(self, public_keys: t.Sequence[bytes] = ()) -> None:
        self.validate_code_hashes()
        if not public_keys:
            public_keys = self.public_keys()
        try:
            cosi.verify(
                self.header.signature,
                self.digest(),
                firmware.V2_SIGS_REQUIRED,
-                firmware.V2_BOARDLOADER_KEYS,
+                public_keys,
                self.header.sigmask,
            )
        except Exception:
            raise firmware.InvalidSignatureError("Invalid bootloader signature")
-    def public_keys(self) -> t.Sequence[bytes]:
+    def public_keys(self, dev_keys: bool = False) -> t.Sequence[bytes]:
-        return firmware.V2_BOARDLOADER_KEYS
+        if not dev_keys:
            return firmware.V2_BOARDLOADER_KEYS
        else:
            return firmware.V2_BOARDLOADER_DEV_KEYS
 class LegacyFirmware(firmware.LegacyFirmware):
@ -371,7 +385,7 @@ class LegacyFirmware(firmware.LegacyFirmware):
        return _format_container(contents) + embedded_content
-    def public_keys(self) -> t.Sequence[bytes]:
+    def public_keys(self, dev_keys: bool = False) -> t.Sequence[bytes]:
        return firmware.V1_BOOTLOADER_KEYS
    def slots(self) -> t.Iterable[int]:
@ -404,10 +418,10 @@ class LegacyV2Firmware(firmware.LegacyV2Firmware):
            self.header,
            self.code_hashes(),
            self.digest(),
-            _check_signature_any(self, False),
+            _check_signature_any(self),
        )
-    def public_keys(self) -> t.Sequence[bytes]:
+    def public_keys(self, dev_keys: bool = False) -> t.Sequence[bytes]:
        return firmware.V1_BOOTLOADER_KEYS
    def slots(self) -> t.Iterable[int]:
--- a/python/src/trezorlib/firmware/consts.py
+++ b/python/src/trezorlib/firmware/consts.py
@ -53,6 +53,15 @@ V2_BOOTLOADER_KEYS = [
    )
 ]
 V2_BOOTLOADER_DEV_KEYS = [
    bytes.fromhex(key)
    for key in (
        "d759793bbc13a2819a827c76adb6fba8a49aee007f49f2d0992d99b825ad2c48",
        "6355691c178a8ff91007a7478afb955ef7352c63e7b25703984cf78b26e21a56",
        "ee93a4f66f8d16b819bb9beb9ffccdfcdc1412e87fee6a324c2a99a1e0e67148",
    )
 ]
 V2_SIGS_REQUIRED = 2
 ONEV2_CHUNK_SIZE = 1024 * 64
--- a/python/src/trezorlib/firmware/vendor.py
+++ b/python/src/trezorlib/firmware/vendor.py
@ -125,14 +125,16 @@ class VendorHeader(Struct):
                h.update(b"\x00" * 32)
        return h.digest()
-    def verify(self, pubkeys: t.Sequence[bytes] = consts.V2_BOOTLOADER_KEYS) -> None:
+    def verify(
        self, public_keys: t.Sequence[bytes] = consts.V2_BOOTLOADER_KEYS
    ) -> None:
        digest = self.digest()
        try:
            cosi.verify(
                self.signature,
                digest,
                consts.V2_SIGS_REQUIRED,
-                pubkeys,
+                public_keys,
                self.sigmask,
            )
        except Exception: