mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-18 11:21:11 +00:00
fix(core/bootloader): fix unlocking bootloader granting HDP access on U5
[no changelog]
This commit is contained in:
parent
422b376ebd
commit
be9255ae04
@ -56,6 +56,9 @@ secbool secret_optiga_get(uint8_t dest[SECRET_OPTIGA_KEY_LEN]);
|
||||
// Checks if the optiga pairing secret is present in the secret storage
|
||||
secbool secret_optiga_present(void);
|
||||
|
||||
// Checks if the optiga pairing secret can be written to the secret storage
|
||||
secbool secret_optiga_writable(void);
|
||||
|
||||
// Erases optiga pairing secret from the secret storage
|
||||
void secret_optiga_erase(void);
|
||||
|
||||
|
@ -102,6 +102,8 @@ secbool secret_optiga_present(void) {
|
||||
return (sectrue != secret_wiped()) * sectrue;
|
||||
}
|
||||
|
||||
secbool secret_optiga_writable(void) { return secret_wiped(); }
|
||||
|
||||
void secret_optiga_erase(void) { secret_erase(); }
|
||||
|
||||
void secret_prepare_fw(secbool allow_run_with_secret, secbool _trust_all) {
|
||||
|
@ -176,6 +176,29 @@ secbool secret_optiga_present(void) {
|
||||
return secret_present(SECRET_OPTIGA_KEY_OFFSET, SECRET_OPTIGA_KEY_LEN);
|
||||
}
|
||||
|
||||
secbool secret_optiga_writable(void) {
|
||||
const uint32_t offset = SECRET_OPTIGA_KEY_OFFSET;
|
||||
const uint32_t len = SECRET_OPTIGA_KEY_LEN;
|
||||
|
||||
const uint8_t *const secret =
|
||||
(uint8_t *)flash_area_get_address(&SECRET_AREA, offset, len);
|
||||
|
||||
if (secret == NULL) {
|
||||
return secfalse;
|
||||
}
|
||||
|
||||
int secret_empty_bytes = 0;
|
||||
|
||||
for (int i = 0; i < len; i++) {
|
||||
// 0xFF being the default value of the flash memory (before any write)
|
||||
// 0x00 being the value of the flash memory after manual erase
|
||||
if (secret[i] == 0xFF) {
|
||||
secret_empty_bytes++;
|
||||
}
|
||||
}
|
||||
return sectrue * (secret_empty_bytes == len);
|
||||
}
|
||||
|
||||
// Backs up the optiga pairing secret from the secret storage to the backup
|
||||
// register
|
||||
static void secret_optiga_cache(void) {
|
||||
@ -270,16 +293,25 @@ void secret_prepare_fw(secbool allow_run_with_secret, secbool trust_all) {
|
||||
secret_bhk_lock();
|
||||
#ifdef USE_OPTIGA
|
||||
secret_optiga_uncache();
|
||||
if (sectrue == allow_run_with_secret) {
|
||||
if (secfalse != secret_optiga_present()) {
|
||||
secret_optiga_cache();
|
||||
secret_disable_access();
|
||||
}
|
||||
} else {
|
||||
if (secfalse != secret_optiga_present()) {
|
||||
show_install_restricted_screen();
|
||||
}
|
||||
secret_disable_access();
|
||||
secbool optiga_secret_present = secret_optiga_present();
|
||||
secbool optiga_secret_writable = secret_optiga_writable();
|
||||
if (sectrue == trust_all && sectrue == allow_run_with_secret &&
|
||||
sectrue == optiga_secret_writable && secfalse == optiga_secret_present) {
|
||||
// Secret is not present and the secret sector is writable.
|
||||
// This means the U5 chip is unprovisioned.
|
||||
// Allow trusted firmware (prodtest presumably) to access the secret sector,
|
||||
// early return here.
|
||||
return;
|
||||
}
|
||||
if (sectrue == allow_run_with_secret && sectrue == optiga_secret_present) {
|
||||
// Firmware is trusted and the Optiga secret is present, make it available.
|
||||
secret_optiga_cache();
|
||||
}
|
||||
// Disable access unconditionally.
|
||||
secret_disable_access();
|
||||
if (sectrue != trust_all && sectrue == optiga_secret_present) {
|
||||
// Untrusted firmware, locked bootloader. Show the restricted screen.
|
||||
show_install_restricted_screen();
|
||||
}
|
||||
#else
|
||||
secret_disable_access();
|
||||
|
Loading…
Reference in New Issue
Block a user