diff --git a/core/src/apps/base.py b/core/src/apps/base.py index 37c5a3abc..0995f7403 100644 --- a/core/src/apps/base.py +++ b/core/src/apps/base.py @@ -7,6 +7,7 @@ from trezor import config, sdcard, utils, wire, workflow from trezor.messages import Capability, MessageType from trezor.messages.Features import Features from trezor.messages.PreauthorizedRequest import PreauthorizedRequest +from trezor.messages.SafetyCheckLevel import Prompt, Strict from trezor.messages.Success import Success from apps.common import mnemonic @@ -92,6 +93,7 @@ def get_features() -> Features: f.sd_protection = storage.sd_salt.is_enabled() f.wipe_code_protection = config.has_wipe_code() f.passphrase_always_on_device = storage.device.get_passphrase_always_on_device() + f.safety_checks = Prompt if storage.device.unsafe_prompts_allowed() else Strict return f diff --git a/tests/device_tests/test_msg_applysettings.py b/tests/device_tests/test_msg_applysettings.py index c9951e3fa..7858328b1 100644 --- a/tests/device_tests/test_msg_applysettings.py +++ b/tests/device_tests/test_msg_applysettings.py @@ -161,6 +161,8 @@ class TestMsgApplysettings: def test_safety_checks(self, client): BAD_ADDRESS = parse_path("m/0") + assert client.features.safety_checks == messages.SafetyCheckLevel.Strict + with pytest.raises( exceptions.TrezorFailure, match="Forbidden key path" ), client: @@ -173,6 +175,8 @@ class TestMsgApplysettings: client, safety_checks=messages.SafetyCheckLevel.Prompt ) + assert client.features.safety_checks == messages.SafetyCheckLevel.Prompt + with client: client.set_expected_responses( [messages.ButtonRequest(), messages.Address()] @@ -185,6 +189,8 @@ class TestMsgApplysettings: client, safety_checks=messages.SafetyCheckLevel.Strict ) + assert client.features.safety_checks == messages.SafetyCheckLevel.Strict + with pytest.raises( exceptions.TrezorFailure, match="Forbidden key path" ), client: