diff --git a/core/embed/prodtest/README.md b/core/embed/prodtest/README.md index b12c6a443..258408295 100644 --- a/core/embed/prodtest/README.md +++ b/core/embed/prodtest/README.md @@ -208,11 +208,26 @@ OK ``` ### VARIANT -The `VARIANT` command allows you to write up to 32 decimal values (representing device variant options), each ranging from 0 to 255, and delimited by spaces, into the OTP memory. +The `VARIANT` command allows you to write up to 31 decimal values (representing device variant options), each ranging from 0 to 255, and delimited by spaces, into the OTP memory. The sequence of values written to OTP memory is prefixed by one byte representing the format version, which is `1`. The meaning of the device variant options is interpreted as follows: -Example (to write 8 bytes into OTP memory): +`VARIANT ` + +`unit_color` | Color +----------------------------- +1 | Cosmic Black +2 | Stellar Silver +3 | Solar Gold +4 | Galactic Rose +5 | Bitcoin Orange + +`unit_btconly` | Edition +----------------------------- +0 | Standard +1 | Bitcoin-only + +Example (to write 1 3 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 into OTP memory): ``` -VARIANT 128 64 100 1 2 3 0 0 +VARIANT 3 0 2 ``` ### VARIANT READ @@ -221,7 +236,7 @@ The `VARIANT READ` command allows you to read 32 bytes of stored variant data (r Example: ``` VARIANT READ -OK 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 +OK 1 3 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ``` ### WIPE diff --git a/core/embed/prodtest/main.c b/core/embed/prodtest/main.c index 71a822c99..9e692a4a5 100644 --- a/core/embed/prodtest/main.c +++ b/core/embed/prodtest/main.c @@ -730,6 +730,10 @@ int main(void) { check_locked(); } else if (startswith(line, "SEC READ")) { sec_read(); + } else if (startswith(line, "L")) { + sec_get(); + } else if (startswith(line, "P")) { + pair_optiga(); #endif @@ -751,6 +755,7 @@ int main(void) { } else { vcp_println("UNKNOWN"); } + sec_check(); } return 0; diff --git a/core/embed/prodtest/optiga_prodtest.c b/core/embed/prodtest/optiga_prodtest.c index 05fbcb128..ad3353033 100644 --- a/core/embed/prodtest/optiga_prodtest.c +++ b/core/embed/prodtest/optiga_prodtest.c @@ -575,6 +575,26 @@ void sec_read(void) { vcp_println_hex(&sec, sizeof(sec)); } +extern uint8_t optiga_debug_log[4 * 256]; +extern size_t optiga_debug_log_pos; +extern int optiga_debug_ctr; +extern uint8_t optiga_debug_sec; +void sec_get(void) { + vcp_print("DEBUG %d", optiga_debug_ctr); + int i = optiga_debug_ctr * 4 > sizeof(optiga_debug_log) ? optiga_debug_log_pos : 0; + do { + vcp_print(" %02x%02x%02x%02x", optiga_debug_log[i], optiga_debug_log[i+1], optiga_debug_log[i+2], optiga_debug_log[i+3]); + i = (i + 4) % sizeof(optiga_debug_log); + } while (i != optiga_debug_log_pos); + vcp_puts("\r\n", 2); +} + +void sec_check(void) { + if (optiga_debug_sec > 0x80) { + sec_get(); + } +} + // clang-format off static const uint8_t ECDSA_WITH_SHA256[] = { 0x30, 0x0a, // a sequence of 10 bytes diff --git a/core/embed/prodtest/optiga_prodtest.h b/core/embed/prodtest/optiga_prodtest.h index a378ba343..9a81434e3 100644 --- a/core/embed/prodtest/optiga_prodtest.h +++ b/core/embed/prodtest/optiga_prodtest.h @@ -48,6 +48,8 @@ void optiga_lock(void); optiga_locked_status get_optiga_locked_status(void); void check_locked(void); void sec_read(void); +void sec_get(void); +void sec_check(void); bool check_device_cert_chain(const uint8_t *chain, size_t chain_size); #endif diff --git a/core/embed/trezorhal/optiga/optiga_transport.c b/core/embed/trezorhal/optiga/optiga_transport.c index e26076371..0e9d1abd1 100644 --- a/core/embed/trezorhal/optiga/optiga_transport.c +++ b/core/embed/trezorhal/optiga/optiga_transport.c @@ -31,6 +31,11 @@ #include "optiga_hal.h" #include "tls_prf.h" +uint8_t optiga_debug_log[4 * 256] = {0}; +size_t optiga_debug_log_pos = 0; +int optiga_debug_ctr = 0; +uint8_t optiga_debug_sec = 0; + #include TREZOR_BOARD // Maximum possible packet size that can be transmitted. @@ -586,11 +591,37 @@ static void increment_seq(uint8_t seq[SEC_CHAN_SEQ_SIZE]) { memzero(sec_chan_decr_nonce, sizeof(sec_chan_decr_nonce)); } +void update_log(const uint8_t *command_data) { + optiga_debug_sec = 0xee; + uint8_t cmd = command_data[0]; + uint8_t oid0 = command_data[4]; + uint8_t oid1 = command_data[5]; + if ((cmd != 0x81 && cmd != 0xf0) || oid0 != 0xE0 || oid1 != 0xC5) { + uint8_t resp[10] = {0}; + size_t resp_size = 0; + optiga_execute_command((uint8_t[]){0x81, 0x00, 0x00, 0x02, 0xE0, 0xC5}, 6, resp, sizeof(resp), &resp_size); + if (resp_size == 5) { + optiga_debug_sec = resp[4]; + } + + optiga_debug_ctr += 1; + optiga_debug_log[optiga_debug_log_pos] = optiga_debug_sec; + optiga_debug_log_pos = (optiga_debug_log_pos + 1) % sizeof(optiga_debug_log); + optiga_debug_log[optiga_debug_log_pos] = cmd; + optiga_debug_log_pos = (optiga_debug_log_pos + 1) % sizeof(optiga_debug_log); + optiga_debug_log[optiga_debug_log_pos] = oid0; + optiga_debug_log_pos = (optiga_debug_log_pos + 1) % sizeof(optiga_debug_log); + optiga_debug_log[optiga_debug_log_pos] = oid1; + optiga_debug_log_pos = (optiga_debug_log_pos + 1) % sizeof(optiga_debug_log); + } +} + optiga_result optiga_execute_command(const uint8_t *command_data, size_t command_size, uint8_t *response_data, size_t max_response_size, size_t *response_size) { + update_log(command_data); if (!sec_chan_established) { return optiga_transceive(false, command_data, command_size, response_data, max_response_size, response_size); @@ -663,7 +694,7 @@ optiga_result optiga_execute_command(const uint8_t *command_data, optiga_result optiga_sec_chan_handshake(const uint8_t *secret, size_t secret_size) { static const uint8_t HANDSHAKE_HELLO[] = {SCTR_HELLO, SEC_CHAN_PROTOCOL}; - + update_log((uint8_t[]){0,0,0,0,0,0}); // Send Handshake Hello. optiga_result ret = optiga_transceive( true, HANDSHAKE_HELLO, sizeof(HANDSHAKE_HELLO), sec_chan_buffer, diff --git a/rust/trezor-client/src/protos/generated/messages.rs b/rust/trezor-client/src/protos/generated/messages.rs index ebd3224f2..23f3b5cd5 100644 --- a/rust/trezor-client/src/protos/generated/messages.rs +++ b/rust/trezor-client/src/protos/generated/messages.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_binance.rs b/rust/trezor-client/src/protos/generated/messages_binance.rs index 0f5a29d0d..9d447af1c 100644 --- a/rust/trezor-client/src/protos/generated/messages_binance.rs +++ b/rust/trezor-client/src/protos/generated/messages_binance.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_bitcoin.rs b/rust/trezor-client/src/protos/generated/messages_bitcoin.rs index 9840875ee..65cf581b9 100644 --- a/rust/trezor-client/src/protos/generated/messages_bitcoin.rs +++ b/rust/trezor-client/src/protos/generated/messages_bitcoin.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_bootloader.rs b/rust/trezor-client/src/protos/generated/messages_bootloader.rs index 622188a30..83bcf199f 100644 --- a/rust/trezor-client/src/protos/generated/messages_bootloader.rs +++ b/rust/trezor-client/src/protos/generated/messages_bootloader.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_cardano.rs b/rust/trezor-client/src/protos/generated/messages_cardano.rs index da2d0c7e5..c4c6b6d3f 100644 --- a/rust/trezor-client/src/protos/generated/messages_cardano.rs +++ b/rust/trezor-client/src/protos/generated/messages_cardano.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_common.rs b/rust/trezor-client/src/protos/generated/messages_common.rs index 7688e2d41..67d5a6b6e 100644 --- a/rust/trezor-client/src/protos/generated/messages_common.rs +++ b/rust/trezor-client/src/protos/generated/messages_common.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_crypto.rs b/rust/trezor-client/src/protos/generated/messages_crypto.rs index 4f4b248a1..263fe210a 100644 --- a/rust/trezor-client/src/protos/generated/messages_crypto.rs +++ b/rust/trezor-client/src/protos/generated/messages_crypto.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_debug.rs b/rust/trezor-client/src/protos/generated/messages_debug.rs index b787aeb03..95e4de337 100644 --- a/rust/trezor-client/src/protos/generated/messages_debug.rs +++ b/rust/trezor-client/src/protos/generated/messages_debug.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_eos.rs b/rust/trezor-client/src/protos/generated/messages_eos.rs index af40f217d..9558bbcba 100644 --- a/rust/trezor-client/src/protos/generated/messages_eos.rs +++ b/rust/trezor-client/src/protos/generated/messages_eos.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_ethereum.rs b/rust/trezor-client/src/protos/generated/messages_ethereum.rs index 98650c831..f0c13b38c 100644 --- a/rust/trezor-client/src/protos/generated/messages_ethereum.rs +++ b/rust/trezor-client/src/protos/generated/messages_ethereum.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_ethereum_definitions.rs b/rust/trezor-client/src/protos/generated/messages_ethereum_definitions.rs index f2ee22698..a9a32cba8 100644 --- a/rust/trezor-client/src/protos/generated/messages_ethereum_definitions.rs +++ b/rust/trezor-client/src/protos/generated/messages_ethereum_definitions.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_ethereum_eip712.rs b/rust/trezor-client/src/protos/generated/messages_ethereum_eip712.rs index 84cde85c8..64ccab035 100644 --- a/rust/trezor-client/src/protos/generated/messages_ethereum_eip712.rs +++ b/rust/trezor-client/src/protos/generated/messages_ethereum_eip712.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_monero.rs b/rust/trezor-client/src/protos/generated/messages_monero.rs index daf182a14..a41d21d7c 100644 --- a/rust/trezor-client/src/protos/generated/messages_monero.rs +++ b/rust/trezor-client/src/protos/generated/messages_monero.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_nem.rs b/rust/trezor-client/src/protos/generated/messages_nem.rs index 799e3468b..a856a4aa8 100644 --- a/rust/trezor-client/src/protos/generated/messages_nem.rs +++ b/rust/trezor-client/src/protos/generated/messages_nem.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_ripple.rs b/rust/trezor-client/src/protos/generated/messages_ripple.rs index 94497219e..8e4a54756 100644 --- a/rust/trezor-client/src/protos/generated/messages_ripple.rs +++ b/rust/trezor-client/src/protos/generated/messages_ripple.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_solana.rs b/rust/trezor-client/src/protos/generated/messages_solana.rs index 2531e9c47..0b9c84f61 100644 --- a/rust/trezor-client/src/protos/generated/messages_solana.rs +++ b/rust/trezor-client/src/protos/generated/messages_solana.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_stellar.rs b/rust/trezor-client/src/protos/generated/messages_stellar.rs index 06deba5e4..398505c19 100644 --- a/rust/trezor-client/src/protos/generated/messages_stellar.rs +++ b/rust/trezor-client/src/protos/generated/messages_stellar.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_tezos.rs b/rust/trezor-client/src/protos/generated/messages_tezos.rs index 13e68d557..832be1282 100644 --- a/rust/trezor-client/src/protos/generated/messages_tezos.rs +++ b/rust/trezor-client/src/protos/generated/messages_tezos.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702 diff --git a/rust/trezor-client/src/protos/generated/messages_webauthn.rs b/rust/trezor-client/src/protos/generated/messages_webauthn.rs index 3f9e0c0b9..ca86c3478 100644 --- a/rust/trezor-client/src/protos/generated/messages_webauthn.rs +++ b/rust/trezor-client/src/protos/generated/messages_webauthn.rs @@ -1,5 +1,5 @@ // This file is generated by rust-protobuf 3.3.0. Do not edit -// .proto file is parsed by protoc 3.19.6 +// .proto file is parsed by protoc 3.20.1 // @generated // https://github.com/rust-lang/rust-clippy/issues/702