mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-18 12:28:09 +00:00
fix(core): disallow ILU when the installed firmware is not official
It would be nice to hide this behind a compile-time flag, but doesn't seem worth introducing one just for it.
This commit is contained in:
parent
a4079d0cc5
commit
ec2302d442
@ -15,9 +15,17 @@ async def reboot_to_bootloader(msg: RebootToBootloader) -> NoReturn:
|
||||
from trezor.ui.layouts import confirm_action, confirm_firmware_update
|
||||
from trezor.wire.context import get_context
|
||||
|
||||
# Bootloader will only allow the INSTALL_UPGRADE flow for official images.
|
||||
# This is to prevent a problematic custom signed firmware from self-updating
|
||||
# through this code path.
|
||||
# For convenience, we block unofficial firmwares from jumping to bootloader
|
||||
# this way, so that the user doesn't get mysterious "install failed" errors.
|
||||
# (It would be somewhat nicer if this was a compile-time flag, but oh well.)
|
||||
is_official = utils.firmware_vendor() != "UNSAFE, DO NOT USE!"
|
||||
if (
|
||||
msg.boot_command == BootCommand.INSTALL_UPGRADE
|
||||
and msg.firmware_header is not None
|
||||
and is_official
|
||||
):
|
||||
# check and parse received firmware header
|
||||
hdr = utils.check_firmware_header(msg.firmware_header)
|
||||
|
Loading…
Reference in New Issue
Block a user