mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-19 12:58:13 +00:00
feat(core/bootloader): only allow confirm-less firmware installation for full-trust images
This commit is contained in:
parent
7db1529533
commit
b8c27d5fd6
1
core/embed/bootloader/.changelog.d/3709.changed
Normal file
1
core/embed/bootloader/.changelog.d/3709.changed
Normal file
@ -0,0 +1 @@
|
||||
Require confirmation when installing non-full trust firmware image on empty device
|
@ -249,14 +249,17 @@ uint32_t ui_screen_menu(secbool firmware_present) {
|
||||
uint32_t ui_screen_install_confirm(const vendor_header *const vhdr,
|
||||
const image_header *const hdr,
|
||||
secbool should_keep_seed,
|
||||
secbool is_newvendor, int version_cmp) {
|
||||
secbool is_newvendor, secbool is_newinstall,
|
||||
int version_cmp) {
|
||||
uint8_t fingerprint[32];
|
||||
char ver_str[64];
|
||||
get_image_fingerprint(hdr, fingerprint);
|
||||
format_ver("%d.%d.%d", hdr->version, ver_str, sizeof(ver_str));
|
||||
return screen_install_confirm(vhdr->vstr, vhdr->vstr_len, ver_str,
|
||||
fingerprint, should_keep_seed == sectrue,
|
||||
is_newvendor == sectrue, version_cmp);
|
||||
|
||||
is_newvendor == sectrue,
|
||||
is_newinstall == sectrue, version_cmp);
|
||||
}
|
||||
|
||||
void ui_screen_install_start() {
|
||||
|
@ -62,7 +62,8 @@ uint32_t ui_screen_menu(secbool firmware_present);
|
||||
uint32_t ui_screen_install_confirm(const vendor_header* const vhdr,
|
||||
const image_header* const hdr,
|
||||
secbool shold_keep_seed,
|
||||
secbool is_newvendor, int version_cmp);
|
||||
secbool is_newvendor, secbool is_newinstall,
|
||||
int version_cmp);
|
||||
void ui_screen_install_start();
|
||||
void ui_screen_install_progress_erase(int pos, int len);
|
||||
void ui_screen_install_progress_upload(int pos);
|
||||
|
@ -673,13 +673,20 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size,
|
||||
#endif
|
||||
|
||||
uint32_t response = INPUT_CANCEL;
|
||||
if (sectrue == is_new || sectrue == is_ilu) {
|
||||
if (((vhdr.vtrust & VTRUST_NO_WARNING) == VTRUST_NO_WARNING) &&
|
||||
(sectrue == is_new || sectrue == is_ilu)) {
|
||||
// new installation or interaction less updated - auto confirm
|
||||
// only allowed for full-trust images
|
||||
response = INPUT_CONFIRM;
|
||||
} else {
|
||||
int version_cmp = version_compare(hdr.version, current_hdr->version);
|
||||
response = ui_screen_install_confirm(&vhdr, &hdr, should_keep_seed,
|
||||
is_newvendor, version_cmp);
|
||||
if (sectrue != is_new) {
|
||||
int version_cmp = version_compare(hdr.version, current_hdr->version);
|
||||
response = ui_screen_install_confirm(
|
||||
&vhdr, &hdr, should_keep_seed, is_newvendor, is_new, version_cmp);
|
||||
} else {
|
||||
response = ui_screen_install_confirm(&vhdr, &hdr, sectrue,
|
||||
is_newvendor, is_new, 0);
|
||||
}
|
||||
}
|
||||
|
||||
if (INPUT_CANCEL == response) {
|
||||
|
@ -4,7 +4,7 @@ uint32_t screen_install_confirm(const char* vendor_str, uint8_t vendor_str_len,
|
||||
const char* version_str,
|
||||
const uint8_t* fingerprint,
|
||||
bool should_keep_seed, bool is_newvendor,
|
||||
int version_cmp);
|
||||
bool is_newinstall, int version_cmp);
|
||||
uint32_t screen_wipe_confirm(void);
|
||||
void screen_install_progress(int16_t progress, bool initialize,
|
||||
bool initial_setup);
|
||||
|
@ -40,6 +40,7 @@ extern "C" fn screen_install_confirm(
|
||||
fingerprint: *const cty::uint8_t,
|
||||
should_keep_seed: bool,
|
||||
is_newvendor: bool,
|
||||
is_newinstall: bool,
|
||||
version_cmp: cty::c_int,
|
||||
) -> u32 {
|
||||
let text = unwrap!(unsafe { from_c_array(vendor_str, vendor_str_len as usize) });
|
||||
@ -58,6 +59,7 @@ extern "C" fn screen_install_confirm(
|
||||
fingerprint_str,
|
||||
should_keep_seed,
|
||||
is_newvendor,
|
||||
is_newinstall,
|
||||
version_cmp,
|
||||
)
|
||||
}
|
||||
|
@ -233,6 +233,7 @@ impl UIFeaturesBootloader for ModelMercuryFeatures {
|
||||
fingerprint: &str,
|
||||
should_keep_seed: bool,
|
||||
is_newvendor: bool,
|
||||
is_newinstall: bool,
|
||||
version_cmp: i32,
|
||||
) -> u32 {
|
||||
let mut version_str: BootloaderString = String::new();
|
||||
@ -241,7 +242,9 @@ impl UIFeaturesBootloader for ModelMercuryFeatures {
|
||||
unwrap!(version_str.push_str("\nby "));
|
||||
unwrap!(version_str.push_str(vendor));
|
||||
|
||||
let title_str = if is_newvendor {
|
||||
let title_str = if is_newinstall {
|
||||
"INSTALL FIRMWARE"
|
||||
} else if is_newvendor {
|
||||
"CHANGE FW\nVENDOR"
|
||||
} else if version_cmp > 0 {
|
||||
"UPDATE FIRMWARE"
|
||||
|
@ -209,6 +209,7 @@ impl UIFeaturesBootloader for ModelTRFeatures {
|
||||
fingerprint: &str,
|
||||
should_keep_seed: bool,
|
||||
is_newvendor: bool,
|
||||
is_newinstall: bool,
|
||||
version_cmp: i32,
|
||||
) -> u32 {
|
||||
let mut version_str: BootloaderString = String::new();
|
||||
@ -217,7 +218,9 @@ impl UIFeaturesBootloader for ModelTRFeatures {
|
||||
unwrap!(version_str.push_str("\nby "));
|
||||
unwrap!(version_str.push_str(vendor));
|
||||
|
||||
let title_str = if is_newvendor {
|
||||
let title_str = if is_newinstall {
|
||||
"INSTALL FIRMWARE"
|
||||
} else if is_newvendor {
|
||||
"CHANGE FW VENDOR"
|
||||
} else if version_cmp > 0 {
|
||||
"UPDATE FIRMWARE"
|
||||
|
@ -224,6 +224,7 @@ impl UIFeaturesBootloader for ModelTTFeatures {
|
||||
fingerprint: &str,
|
||||
should_keep_seed: bool,
|
||||
is_newvendor: bool,
|
||||
is_newinstall: bool,
|
||||
version_cmp: i32,
|
||||
) -> u32 {
|
||||
let mut version_str: BootloaderString = String::new();
|
||||
@ -232,7 +233,9 @@ impl UIFeaturesBootloader for ModelTTFeatures {
|
||||
unwrap!(version_str.push_str("\nby "));
|
||||
unwrap!(version_str.push_str(vendor));
|
||||
|
||||
let title_str = if is_newvendor {
|
||||
let title_str = if is_newinstall {
|
||||
"INSTALL FIRMWARE"
|
||||
} else if is_newvendor {
|
||||
"CHANGE FW\nVENDOR"
|
||||
} else if version_cmp > 0 {
|
||||
"UPDATE FIRMWARE"
|
||||
|
@ -51,6 +51,7 @@ pub trait UIFeaturesBootloader {
|
||||
fingerprint: &str,
|
||||
should_keep_seed: bool,
|
||||
is_newvendor: bool,
|
||||
is_newinstall: bool,
|
||||
version_cmp: i32,
|
||||
) -> u32;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user