1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 20:38:10 +00:00

fix(core): disallow ILU when the installed firmware is not official

It would be nice to hide this behind a compile-time flag, but doesn't seem worth introducing one just for it.
This commit is contained in:
matejcik 2023-10-27 16:27:09 +02:00
parent a4079d0cc5
commit ec2302d442

View File

@ -15,9 +15,17 @@ async def reboot_to_bootloader(msg: RebootToBootloader) -> NoReturn:
from trezor.ui.layouts import confirm_action, confirm_firmware_update from trezor.ui.layouts import confirm_action, confirm_firmware_update
from trezor.wire.context import get_context from trezor.wire.context import get_context
# Bootloader will only allow the INSTALL_UPGRADE flow for official images.
# This is to prevent a problematic custom signed firmware from self-updating
# through this code path.
# For convenience, we block unofficial firmwares from jumping to bootloader
# this way, so that the user doesn't get mysterious "install failed" errors.
# (It would be somewhat nicer if this was a compile-time flag, but oh well.)
is_official = utils.firmware_vendor() != "UNSAFE, DO NOT USE!"
if ( if (
msg.boot_command == BootCommand.INSTALL_UPGRADE msg.boot_command == BootCommand.INSTALL_UPGRADE
and msg.firmware_header is not None and msg.firmware_header is not None
and is_official
): ):
# check and parse received firmware header # check and parse received firmware header
hdr = utils.check_firmware_header(msg.firmware_header) hdr = utils.check_firmware_header(msg.firmware_header)