mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-21 23:18:13 +00:00
fix(python): allow unsigned legacy firmware (fixes #2801)
This commit is contained in:
parent
c4bf4fa884
commit
966e5d8286
1
python/.changelog.d/2801.fixed
Normal file
1
python/.changelog.d/2801.fixed
Normal file
@ -0,0 +1 @@
|
||||
Fixed behavior of `trezorctl fw` with unsigned Trezor One firmwares.
|
@ -77,7 +77,9 @@ def print_firmware_version(fw: "firmware.FirmwareType") -> None:
|
||||
_print_version(fw.firmware.header.version)
|
||||
|
||||
|
||||
def validate_signatures(fw: "firmware.FirmwareType") -> None:
|
||||
def validate_signatures(
|
||||
fw: "firmware.FirmwareType", prompt_unsigned: bool = True
|
||||
) -> None:
|
||||
"""Check the signatures on the firmware.
|
||||
|
||||
Prints the validity status.
|
||||
@ -86,14 +88,17 @@ def validate_signatures(fw: "firmware.FirmwareType") -> None:
|
||||
"""
|
||||
try:
|
||||
fw.verify()
|
||||
click.echo("Signatures are valid.")
|
||||
except firmware.Unsigned:
|
||||
if not isinstance(fw, firmware.LegacyFirmware):
|
||||
raise
|
||||
if not prompt_unsigned or not isinstance(
|
||||
fw, (firmware.LegacyFirmware, firmware.LegacyV2Firmware)
|
||||
):
|
||||
click.echo("Firmware is not signed, aborting.")
|
||||
sys.exit(4)
|
||||
|
||||
# allow legacy firmware without signatures
|
||||
if not click.confirm("No signatures found. Continue?", default=False):
|
||||
sys.exit(1)
|
||||
|
||||
if firmware.is_onev2(fw):
|
||||
try:
|
||||
assert fw.embedded_v2 is not None
|
||||
@ -337,6 +342,7 @@ def validate_firmware(
|
||||
fingerprint: Optional[str] = None,
|
||||
bootloader_onev2: Optional[bool] = None,
|
||||
trezor_major_version: Optional[int] = None,
|
||||
prompt_unsigned: bool = True,
|
||||
) -> None:
|
||||
"""Validate the firmware through multiple tests.
|
||||
|
||||
@ -352,7 +358,7 @@ def validate_firmware(
|
||||
|
||||
print_firmware_version(fw)
|
||||
validate_fingerprint(fw, fingerprint)
|
||||
validate_signatures(fw)
|
||||
validate_signatures(fw, prompt_unsigned=prompt_unsigned)
|
||||
|
||||
if bootloader_onev2 is not None and trezor_major_version is not None:
|
||||
check_device_match(
|
||||
@ -447,6 +453,7 @@ def verify(
|
||||
fingerprint=fingerprint,
|
||||
bootloader_onev2=bootloader_onev2,
|
||||
trezor_major_version=trezor_major_version,
|
||||
prompt_unsigned=False,
|
||||
)
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user