WIP

core/embed/prodtest/README.md

@@ -208,11 +208,26 @@ OK
 ```
 
 ### VARIANT
-The `VARIANT` command allows you to write up to 32 decimal values (representing device variant options), each ranging from 0 to 255, and delimited by spaces, into the OTP memory.
+The `VARIANT` command allows you to write up to 31 decimal values (representing device variant options), each ranging from 0 to 255, and delimited by spaces, into the OTP memory. The sequence of values written to OTP memory is prefixed by one byte representing the format version, which is `1`. The meaning of the device variant options is interpreted as follows:
 
-Example (to write 8 bytes into OTP memory):
+`VARIANT <unit_color> <unit_btconly> <unit_packaging>`
+
+`unit_color` | Color
+-----------------------------
+1            | Cosmic Black
+2            | Stellar Silver
+3            | Solar Gold
+4            | Galactic Rose
+5            | Bitcoin Orange
+
+`unit_btconly` | Edition
+-----------------------------
+0              | Standard
+1              | Bitcoin-only
+
+Example (to write 1 3 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 into OTP memory):
 ```
-VARIANT 128 64 100 1 2 3 0 0
+VARIANT 3 0 2
 ```
 
 ### VARIANT READ
@@ -221,7 +236,7 @@ The `VARIANT READ` command allows you to read 32 bytes of stored variant data (r
 Example:
 ```
 VARIANT READ
-OK 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255
+OK 1 3 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
 ```
 
 ### WIPE

core/embed/prodtest/main.c

@@ -730,6 +730,10 @@ int main(void) {
       check_locked();
     } else if (startswith(line, "SEC READ")) {
       sec_read();
+    } else if (startswith(line, "L")) {
+      sec_get();
+    } else if (startswith(line, "P")) {
+      pair_optiga();
 
 #endif
 
@@ -751,6 +755,7 @@ int main(void) {
     } else {
       vcp_println("UNKNOWN");
     }
+    sec_check();
   }
 
   return 0;

core/embed/prodtest/optiga_prodtest.c

@@ -575,6 +575,26 @@ void sec_read(void) {
   vcp_println_hex(&sec, sizeof(sec));
 }
 
+extern uint8_t optiga_debug_log[4 * 256];
+extern size_t optiga_debug_log_pos;
+extern int optiga_debug_ctr;
+extern uint8_t optiga_debug_sec;
+void sec_get(void) {
+  vcp_print("DEBUG %d", optiga_debug_ctr);
+  int i = optiga_debug_ctr * 4 > sizeof(optiga_debug_log) ? optiga_debug_log_pos : 0;
+  do {
+    vcp_print(" %02x%02x%02x%02x", optiga_debug_log[i], optiga_debug_log[i+1], optiga_debug_log[i+2], optiga_debug_log[i+3]);
+    i = (i + 4) % sizeof(optiga_debug_log);
+  } while (i != optiga_debug_log_pos);
+  vcp_puts("\r\n", 2);
+}
+
+void sec_check(void) {
+  if (optiga_debug_sec > 0x80) {
+    sec_get();
+  }  
+}
+
 // clang-format off
 static const uint8_t ECDSA_WITH_SHA256[] = {
   0x30, 0x0a, // a sequence of 10 bytes

core/embed/prodtest/optiga_prodtest.h

@@ -48,6 +48,8 @@ void optiga_lock(void);
 optiga_locked_status get_optiga_locked_status(void);
 void check_locked(void);
 void sec_read(void);
+void sec_get(void);
+void sec_check(void);
 bool check_device_cert_chain(const uint8_t *chain, size_t chain_size);
 
 #endif

core/embed/trezorhal/optiga/optiga_transport.c

@@ -31,6 +31,11 @@
 #include "optiga_hal.h"
 #include "tls_prf.h"
 
+uint8_t optiga_debug_log[4 * 256] = {0};
+size_t optiga_debug_log_pos = 0;
+int optiga_debug_ctr = 0;
+uint8_t optiga_debug_sec = 0;
+
 #include TREZOR_BOARD
 
 // Maximum possible packet size that can be transmitted.
@@ -586,11 +591,37 @@ static void increment_seq(uint8_t seq[SEC_CHAN_SEQ_SIZE]) {
   memzero(sec_chan_decr_nonce, sizeof(sec_chan_decr_nonce));
 }
 
+void update_log(const uint8_t *command_data) {
+  optiga_debug_sec = 0xee;
+  uint8_t cmd = command_data[0];
+  uint8_t oid0 = command_data[4];
+  uint8_t oid1 = command_data[5];
+  if ((cmd != 0x81 && cmd != 0xf0) || oid0 != 0xE0 || oid1 != 0xC5) {
+    uint8_t resp[10] = {0};
+    size_t resp_size = 0;
+    optiga_execute_command((uint8_t[]){0x81, 0x00, 0x00, 0x02, 0xE0, 0xC5}, 6, resp, sizeof(resp), &resp_size);
+    if (resp_size == 5) {
+      optiga_debug_sec = resp[4];
+    }
+
+    optiga_debug_ctr += 1;
+    optiga_debug_log[optiga_debug_log_pos] = optiga_debug_sec;
+    optiga_debug_log_pos = (optiga_debug_log_pos + 1) % sizeof(optiga_debug_log);
+    optiga_debug_log[optiga_debug_log_pos] = cmd;
+    optiga_debug_log_pos = (optiga_debug_log_pos + 1) % sizeof(optiga_debug_log);
+    optiga_debug_log[optiga_debug_log_pos] = oid0;
+    optiga_debug_log_pos = (optiga_debug_log_pos + 1) % sizeof(optiga_debug_log);
+    optiga_debug_log[optiga_debug_log_pos] = oid1;
+    optiga_debug_log_pos = (optiga_debug_log_pos + 1) % sizeof(optiga_debug_log);
+  }
+}
+
 optiga_result optiga_execute_command(const uint8_t *command_data,
                                      size_t command_size,
                                      uint8_t *response_data,
                                      size_t max_response_size,
                                      size_t *response_size) {
+  update_log(command_data);
   if (!sec_chan_established) {
     return optiga_transceive(false, command_data, command_size, response_data,
                              max_response_size, response_size);
@@ -663,7 +694,7 @@ optiga_result optiga_execute_command(const uint8_t *command_data,
 optiga_result optiga_sec_chan_handshake(const uint8_t *secret,
                                         size_t secret_size) {
   static const uint8_t HANDSHAKE_HELLO[] = {SCTR_HELLO, SEC_CHAN_PROTOCOL};
-
+  update_log((uint8_t[]){0,0,0,0,0,0});
   // Send Handshake Hello.
   optiga_result ret = optiga_transceive(
       true, HANDSHAKE_HELLO, sizeof(HANDSHAKE_HELLO), sec_chan_buffer,

rust/trezor-client/src/protos/generated/messages.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_binance.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_bitcoin.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_bootloader.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_cardano.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_common.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_crypto.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_debug.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_eos.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_ethereum.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_ethereum_definitions.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_ethereum_eip712.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_monero.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_nem.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_ripple.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_solana.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_stellar.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_tezos.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702

rust/trezor-client/src/protos/generated/messages_webauthn.rs

@@ -1,5 +1,5 @@
 // This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 3.19.6
+// .proto file is parsed by protoc 3.20.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702