arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-19 12:58:13 +00:00
Code Issues Releases Wiki Activity

feat(core/bootloader): only allow confirm-less firmware installation for full-trust images

Browse Source
This commit is contained in:
tychovrahe 2024-04-11 09:35:13 +02:00 committed by TychoVrahe
parent 7db1529533
commit b8c27d5fd6
10 changed files with 35 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/embed/bootloader/.changelog.d/3709.changed Normal file
View File

@ -0,0 +1 @@
Require confirmation when installing non-full trust firmware image on empty device

7
core/embed/bootloader/bootui.c
View File

@ -249,14 +249,17 @@ uint32_t ui_screen_menu(secbool firmware_present) {
uint32_t ui_screen_install_confirm(const vendor_header *const vhdr,
const image_header *const hdr,
secbool should_keep_seed,
secbool is_newvendor, int version_cmp) {
secbool is_newvendor, secbool is_newinstall,
int version_cmp) {
uint8_t fingerprint[32];
char ver_str[64];
get_image_fingerprint(hdr, fingerprint);
format_ver("%d.%d.%d", hdr->version, ver_str, sizeof(ver_str));
return screen_install_confirm(vhdr->vstr, vhdr->vstr_len, ver_str,
fingerprint, should_keep_seed == sectrue,
is_newvendor == sectrue, version_cmp);
is_newvendor == sectrue,
is_newinstall == sectrue, version_cmp);
}
void ui_screen_install_start() {

3
core/embed/bootloader/bootui.h
View File

@ -62,7 +62,8 @@ uint32_t ui_screen_menu(secbool firmware_present);
uint32_t ui_screen_install_confirm(const vendor_header* const vhdr,
const image_header* const hdr,
secbool shold_keep_seed,
secbool is_newvendor, int version_cmp);
secbool is_newvendor, secbool is_newinstall,
int version_cmp);
void ui_screen_install_start();
void ui_screen_install_progress_erase(int pos, int len);
void ui_screen_install_progress_upload(int pos);

15
core/embed/bootloader/messages.c
View File

@ -673,13 +673,20 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size,
#endif
uint32_t response = INPUT_CANCEL;
if (sectrue == is_new || sectrue == is_ilu) {
if (((vhdr.vtrust & VTRUST_NO_WARNING) == VTRUST_NO_WARNING) &&
(sectrue == is_new || sectrue == is_ilu)) {
// new installation or interaction less updated - auto confirm
// only allowed for full-trust images
response = INPUT_CONFIRM;
} else {
int version_cmp = version_compare(hdr.version, current_hdr->version);
response = ui_screen_install_confirm(&vhdr, &hdr, should_keep_seed,
is_newvendor, version_cmp);
if (sectrue != is_new) {
int version_cmp = version_compare(hdr.version, current_hdr->version);
response = ui_screen_install_confirm(
&vhdr, &hdr, should_keep_seed, is_newvendor, is_new, version_cmp);
} else {
response = ui_screen_install_confirm(&vhdr, &hdr, sectrue,
is_newvendor, is_new, 0);
}
}
if (INPUT_CANCEL == response) {

2
core/embed/rust/rust_ui_bootloader.h
View File

@ -4,7 +4,7 @@ uint32_t screen_install_confirm(const char* vendor_str, uint8_t vendor_str_len,
const char* version_str,
const uint8_t* fingerprint,
bool should_keep_seed, bool is_newvendor,
int version_cmp);
bool is_newinstall, int version_cmp);
uint32_t screen_wipe_confirm(void);
void screen_install_progress(int16_t progress, bool initialize,
bool initial_setup);

2
core/embed/rust/src/ui/api/bootloader_c.rs
View File

@ -40,6 +40,7 @@ extern "C" fn screen_install_confirm(
fingerprint: *const cty::uint8_t,
should_keep_seed: bool,
is_newvendor: bool,
is_newinstall: bool,
version_cmp: cty::c_int,
) -> u32 {
let text = unwrap!(unsafe { from_c_array(vendor_str, vendor_str_len as usize) });
@ -58,6 +59,7 @@ extern "C" fn screen_install_confirm(
fingerprint_str,
should_keep_seed,
is_newvendor,
is_newinstall,
version_cmp,
)
}

5
core/embed/rust/src/ui/model_mercury/bootloader/mod.rs
View File

@ -233,6 +233,7 @@ impl UIFeaturesBootloader for ModelMercuryFeatures {
fingerprint: &str,
should_keep_seed: bool,
is_newvendor: bool,
is_newinstall: bool,
version_cmp: i32,
) -> u32 {
let mut version_str: BootloaderString = String::new();
@ -241,7 +242,9 @@ impl UIFeaturesBootloader for ModelMercuryFeatures {
unwrap!(version_str.push_str("\nby "));
unwrap!(version_str.push_str(vendor));
let title_str = if is_newvendor {
let title_str = if is_newinstall {
"INSTALL FIRMWARE"
} else if is_newvendor {
"CHANGE FW\nVENDOR"
} else if version_cmp > 0 {
"UPDATE FIRMWARE"

5
core/embed/rust/src/ui/model_tr/bootloader/mod.rs
View File

@ -209,6 +209,7 @@ impl UIFeaturesBootloader for ModelTRFeatures {
fingerprint: &str,
should_keep_seed: bool,
is_newvendor: bool,
is_newinstall: bool,
version_cmp: i32,
) -> u32 {
let mut version_str: BootloaderString = String::new();
@ -217,7 +218,9 @@ impl UIFeaturesBootloader for ModelTRFeatures {
unwrap!(version_str.push_str("\nby "));
unwrap!(version_str.push_str(vendor));
let title_str = if is_newvendor {
let title_str = if is_newinstall {
"INSTALL FIRMWARE"
} else if is_newvendor {
"CHANGE FW VENDOR"
} else if version_cmp > 0 {
"UPDATE FIRMWARE"

5
core/embed/rust/src/ui/model_tt/bootloader/mod.rs
View File

@ -224,6 +224,7 @@ impl UIFeaturesBootloader for ModelTTFeatures {
fingerprint: &str,
should_keep_seed: bool,
is_newvendor: bool,
is_newinstall: bool,
version_cmp: i32,
) -> u32 {
let mut version_str: BootloaderString = String::new();
@ -232,7 +233,9 @@ impl UIFeaturesBootloader for ModelTTFeatures {
unwrap!(version_str.push_str("\nby "));
unwrap!(version_str.push_str(vendor));
let title_str = if is_newvendor {
let title_str = if is_newinstall {
"INSTALL FIRMWARE"
} else if is_newvendor {
"CHANGE FW\nVENDOR"
} else if version_cmp > 0 {
"UPDATE FIRMWARE"

1
core/embed/rust/src/ui/ui_features.rs
View File

@ -51,6 +51,7 @@ pub trait UIFeaturesBootloader {
fingerprint: &str,
should_keep_seed: bool,
is_newvendor: bool,
is_newinstall: bool,
version_cmp: i32,
) -> u32;