arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 20:38:10 +00:00
Code Issues Releases Wiki Activity

fix(core): disallow ILU when the installed firmware is not official

Browse Source 
It would be nice to hide this behind a compile-time flag, but doesn't seem worth introducing one just for it.
This commit is contained in:
matejcik 2023-10-27 16:27:09 +02:00
parent a4079d0cc5
commit ec2302d442
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/src/apps/management/reboot_to_bootloader.py
View File

@ -15,9 +15,17 @@ async def reboot_to_bootloader(msg: RebootToBootloader) -> NoReturn:
from trezor.ui.layouts import confirm_action, confirm_firmware_update
from trezor.wire.context import get_context
# Bootloader will only allow the INSTALL_UPGRADE flow for official images.
# This is to prevent a problematic custom signed firmware from self-updating
# through this code path.
# For convenience, we block unofficial firmwares from jumping to bootloader
# this way, so that the user doesn't get mysterious "install failed" errors.
# (It would be somewhat nicer if this was a compile-time flag, but oh well.)
is_official = utils.firmware_vendor() != "UNSAFE, DO NOT USE!"
if (
msg.boot_command == BootCommand.INSTALL_UPGRADE
and msg.firmware_header is not None
and is_official
):
# check and parse received firmware header
hdr = utils.check_firmware_header(msg.firmware_header)