From 71ea6f5405e932aa0d8190b38497b07c39cb1d59 Mon Sep 17 00:00:00 2001
From: matejcik <ja@matejcik.cz>
Date: Fri, 15 Dec 2023 11:49:34 +0100
Subject: [PATCH] feat(core/prodtest): do not lock Optiga in non-production
 builds

[no changelog]
---
 core/embed/prodtest/optiga_prodtest.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/core/embed/prodtest/optiga_prodtest.c b/core/embed/prodtest/optiga_prodtest.c
index 2d1e2ee90..56cfcd8a5 100644
--- a/core/embed/prodtest/optiga_prodtest.c
+++ b/core/embed/prodtest/optiga_prodtest.c
@@ -173,6 +173,13 @@ void pair_optiga(void) {
   return;
 }
 
+#if PRODUCTION
+#define METADATA_SET_LOCKED(metadata) \
+  { metadata.lcso = OPTIGA_META_LCS_OPERATIONAL; }
+#else
+#define METADATA_SET_LOCKED(metadata)
+#endif
+
 void optiga_lock(void) {
   if (!optiga_paired()) return;
 
@@ -190,7 +197,7 @@ void optiga_lock(void) {
 
   // Set metadata for device certificate.
   memzero(&metadata, sizeof(metadata));
-  metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
+  METADATA_SET_LOCKED(metadata);
   metadata.change = OPTIGA_META_ACCESS_NEVER;
   metadata.read = OPTIGA_META_ACCESS_ALWAYS;
   metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
@@ -200,7 +207,7 @@ void optiga_lock(void) {
 
   // Set metadata for FIDO attestation certificate.
   memzero(&metadata, sizeof(metadata));
-  metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
+  METADATA_SET_LOCKED(metadata);
   metadata.change = OPTIGA_META_ACCESS_NEVER;
   metadata.read = OPTIGA_META_ACCESS_ALWAYS;
   metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
@@ -210,7 +217,7 @@ void optiga_lock(void) {
 
   // Set metadata for device private key.
   memzero(&metadata, sizeof(metadata));
-  metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
+  METADATA_SET_LOCKED(metadata);
   metadata.change = OPTIGA_META_ACCESS_NEVER;
   metadata.read = OPTIGA_META_ACCESS_NEVER;
   metadata.execute = ACCESS_PAIRED;
@@ -221,7 +228,7 @@ void optiga_lock(void) {
 
   // Set metadata for FIDO attestation private key.
   memzero(&metadata, sizeof(metadata));
-  metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
+  METADATA_SET_LOCKED(metadata);
   metadata.change = OPTIGA_META_ACCESS_NEVER;
   metadata.read = OPTIGA_META_ACCESS_NEVER;
   metadata.execute = ACCESS_PAIRED;
@@ -232,7 +239,7 @@ void optiga_lock(void) {
 
   // Set metadata for pairing key.
   memzero(&metadata, sizeof(metadata));
-  metadata.lcso = OPTIGA_META_LCS_OPERATIONAL;
+  METADATA_SET_LOCKED(metadata);
   metadata.change = OPTIGA_META_ACCESS_NEVER;
   metadata.read = OPTIGA_META_ACCESS_NEVER;
   metadata.execute = OPTIGA_META_ACCESS_ALWAYS;