mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-05 04:50:57 +00:00
fix(core/bootloader): fix unlocking bootloader granting HDP access on U5
[no changelog]
This commit is contained in:
parent
422b376ebd
commit
be9255ae04
@ -56,6 +56,9 @@ secbool secret_optiga_get(uint8_t dest[SECRET_OPTIGA_KEY_LEN]);
|
|||||||
// Checks if the optiga pairing secret is present in the secret storage
|
// Checks if the optiga pairing secret is present in the secret storage
|
||||||
secbool secret_optiga_present(void);
|
secbool secret_optiga_present(void);
|
||||||
|
|
||||||
|
// Checks if the optiga pairing secret can be written to the secret storage
|
||||||
|
secbool secret_optiga_writable(void);
|
||||||
|
|
||||||
// Erases optiga pairing secret from the secret storage
|
// Erases optiga pairing secret from the secret storage
|
||||||
void secret_optiga_erase(void);
|
void secret_optiga_erase(void);
|
||||||
|
|
||||||
|
@ -102,6 +102,8 @@ secbool secret_optiga_present(void) {
|
|||||||
return (sectrue != secret_wiped()) * sectrue;
|
return (sectrue != secret_wiped()) * sectrue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
secbool secret_optiga_writable(void) { return secret_wiped(); }
|
||||||
|
|
||||||
void secret_optiga_erase(void) { secret_erase(); }
|
void secret_optiga_erase(void) { secret_erase(); }
|
||||||
|
|
||||||
void secret_prepare_fw(secbool allow_run_with_secret, secbool _trust_all) {
|
void secret_prepare_fw(secbool allow_run_with_secret, secbool _trust_all) {
|
||||||
|
@ -176,6 +176,29 @@ secbool secret_optiga_present(void) {
|
|||||||
return secret_present(SECRET_OPTIGA_KEY_OFFSET, SECRET_OPTIGA_KEY_LEN);
|
return secret_present(SECRET_OPTIGA_KEY_OFFSET, SECRET_OPTIGA_KEY_LEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
secbool secret_optiga_writable(void) {
|
||||||
|
const uint32_t offset = SECRET_OPTIGA_KEY_OFFSET;
|
||||||
|
const uint32_t len = SECRET_OPTIGA_KEY_LEN;
|
||||||
|
|
||||||
|
const uint8_t *const secret =
|
||||||
|
(uint8_t *)flash_area_get_address(&SECRET_AREA, offset, len);
|
||||||
|
|
||||||
|
if (secret == NULL) {
|
||||||
|
return secfalse;
|
||||||
|
}
|
||||||
|
|
||||||
|
int secret_empty_bytes = 0;
|
||||||
|
|
||||||
|
for (int i = 0; i < len; i++) {
|
||||||
|
// 0xFF being the default value of the flash memory (before any write)
|
||||||
|
// 0x00 being the value of the flash memory after manual erase
|
||||||
|
if (secret[i] == 0xFF) {
|
||||||
|
secret_empty_bytes++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return sectrue * (secret_empty_bytes == len);
|
||||||
|
}
|
||||||
|
|
||||||
// Backs up the optiga pairing secret from the secret storage to the backup
|
// Backs up the optiga pairing secret from the secret storage to the backup
|
||||||
// register
|
// register
|
||||||
static void secret_optiga_cache(void) {
|
static void secret_optiga_cache(void) {
|
||||||
@ -270,17 +293,26 @@ void secret_prepare_fw(secbool allow_run_with_secret, secbool trust_all) {
|
|||||||
secret_bhk_lock();
|
secret_bhk_lock();
|
||||||
#ifdef USE_OPTIGA
|
#ifdef USE_OPTIGA
|
||||||
secret_optiga_uncache();
|
secret_optiga_uncache();
|
||||||
if (sectrue == allow_run_with_secret) {
|
secbool optiga_secret_present = secret_optiga_present();
|
||||||
if (secfalse != secret_optiga_present()) {
|
secbool optiga_secret_writable = secret_optiga_writable();
|
||||||
|
if (sectrue == trust_all && sectrue == allow_run_with_secret &&
|
||||||
|
sectrue == optiga_secret_writable && secfalse == optiga_secret_present) {
|
||||||
|
// Secret is not present and the secret sector is writable.
|
||||||
|
// This means the U5 chip is unprovisioned.
|
||||||
|
// Allow trusted firmware (prodtest presumably) to access the secret sector,
|
||||||
|
// early return here.
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (sectrue == allow_run_with_secret && sectrue == optiga_secret_present) {
|
||||||
|
// Firmware is trusted and the Optiga secret is present, make it available.
|
||||||
secret_optiga_cache();
|
secret_optiga_cache();
|
||||||
secret_disable_access();
|
|
||||||
}
|
}
|
||||||
} else {
|
// Disable access unconditionally.
|
||||||
if (secfalse != secret_optiga_present()) {
|
secret_disable_access();
|
||||||
|
if (sectrue != trust_all && sectrue == optiga_secret_present) {
|
||||||
|
// Untrusted firmware, locked bootloader. Show the restricted screen.
|
||||||
show_install_restricted_screen();
|
show_install_restricted_screen();
|
||||||
}
|
}
|
||||||
secret_disable_access();
|
|
||||||
}
|
|
||||||
#else
|
#else
|
||||||
secret_disable_access();
|
secret_disable_access();
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user