arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 06:18:07 +00:00
Code Issues Releases Wiki Activity

feat(core): add install restricted screen on installation with locked bootloader

Browse Source 
[no changelog]
This commit is contained in:
tychovrahe 2023-08-24 19:16:09 +02:00 committed by matejcik
parent c9a657b074
commit ee34425062
5 changed files with 27 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
core/embed/bootloader/bootui.c
View File

@ -264,6 +264,18 @@ void ui_screen_fail(void) { screen_install_fail(); }
uint32_t ui_screen_unlock_bootloader_confirm(void) { uint32_t ui_screen_unlock_bootloader_confirm(void) {
return screen_unlock_bootloader_confirm(); return screen_unlock_bootloader_confirm();
} }
void ui_screen_install_restricted(void) {
display_clear();
screen_fatal_error_rust(
"INSTALL RESTRICTED",
"Installation of custom firmware is currently restricted.",
"Please visit\ntrezor.io/bootloader");
display_refresh();
}
#else
void ui_screen_install_restricted(void) { screen_install_fail(); }
#endif #endif
// general functions // general functions

1
core/embed/bootloader/bootui.h
View File

@ -61,6 +61,7 @@ void ui_screen_wipe_progress(int pos, int len);
void ui_screen_done(uint8_t restart_seconds, secbool full_redraw); void ui_screen_done(uint8_t restart_seconds, secbool full_redraw);
void ui_screen_fail(void); void ui_screen_fail(void);
void ui_screen_install_restricted(void);
void ui_fadein(void); void ui_fadein(void);
void ui_fadeout(void); void ui_fadeout(void);

16
core/embed/bootloader/main.c
View File

@ -188,7 +188,11 @@ static usb_result_t bootloader_usb_loop(const vendor_header *const vhdr,
case MessageType_MessageType_FirmwareUpload: case MessageType_MessageType_FirmwareUpload:
r = process_msg_FirmwareUpload(USB_IFACE_NUM, msg_size, buf); r = process_msg_FirmwareUpload(USB_IFACE_NUM, msg_size, buf);
if (r < 0 && r != UPLOAD_ERR_USER_ABORT) { // error, but not user abort if (r < 0 && r != UPLOAD_ERR_USER_ABORT) { // error, but not user abort
ui_screen_fail(); if (r == UPLOAD_ERR_BOOTLOADER_LOCKED) {
ui_screen_install_restricted();
} else {
ui_screen_fail();
}
usb_stop(); usb_stop();
usb_deinit(); usb_deinit();
return SHUTDOWN; return SHUTDOWN;
@ -225,7 +229,7 @@ static usb_result_t bootloader_usb_loop(const vendor_header *const vhdr,
usb_deinit(); usb_deinit();
return RETURN; return RETURN;
} }
process_msg_AttestationDelete(USB_IFACE_NUM, msg_size, buf); process_msg_UnlockBootloader(USB_IFACE_NUM, msg_size, buf);
screen_unlock_bootloader_success(); screen_unlock_bootloader_success();
hal_delay(100); hal_delay(100);
usb_stop(); usb_stop();
@ -549,13 +553,7 @@ int bootloader_main(void) {
#ifdef USE_OPTIGA #ifdef USE_OPTIGA
if (((vhdr.vtrust & VTRUST_SECRET) != 0) && (sectrue != secret_wiped())) { if (((vhdr.vtrust & VTRUST_SECRET) != 0) && (sectrue != secret_wiped())) {
display_clear(); ui_screen_install_restricted();
screen_fatal_error_rust(
"INSTALL RESTRICTED",
"Installation of custom firmware is currently restricted.",
"Please visit\ntrezor.io/bootloader");
display_refresh();
return 1; return 1;
} }
#endif #endif

8
core/embed/bootloader/messages.c
View File

@ -577,9 +577,9 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size,
if (sectrue != secret_wiped() && ((vhdr.vtrust & VTRUST_SECRET) != 0)) { if (sectrue != secret_wiped() && ((vhdr.vtrust & VTRUST_SECRET) != 0)) {
MSG_SEND_INIT(Failure); MSG_SEND_INIT(Failure);
MSG_SEND_ASSIGN_VALUE(code, FailureType_Failure_ProcessError); MSG_SEND_ASSIGN_VALUE(code, FailureType_Failure_ProcessError);
MSG_SEND_ASSIGN_STRING(message, "Attestation present"); MSG_SEND_ASSIGN_STRING(message, "Install restricted");
MSG_SEND(Failure); MSG_SEND(Failure);
return UPLOAD_ERR_ATTESTATION_PRESENT; return UPLOAD_ERR_BOOTLOADER_LOCKED;
} }
#endif #endif
@ -735,8 +735,8 @@ void process_msg_unknown(uint8_t iface_num, uint32_t msg_size, uint8_t *buf) {
} }
#ifdef USE_OPTIGA #ifdef USE_OPTIGA
void process_msg_AttestationDelete(uint8_t iface_num, uint32_t msg_size, void process_msg_UnlockBootloader(uint8_t iface_num, uint32_t msg_size,
uint8_t *buf) { uint8_t *buf) {
secret_erase(); secret_erase();
MSG_SEND_INIT(Success); MSG_SEND_INIT(Success);
MSG_SEND(Success); MSG_SEND(Success);

6
core/embed/bootloader/messages.h
View File

@ -41,7 +41,7 @@ enum {
UPLOAD_ERR_USER_ABORT = -7, UPLOAD_ERR_USER_ABORT = -7,
UPLOAD_ERR_FIRMWARE_TOO_BIG = -8, UPLOAD_ERR_FIRMWARE_TOO_BIG = -8,
UPLOAD_ERR_INVALID_CHUNK_HASH = -9, UPLOAD_ERR_INVALID_CHUNK_HASH = -9,
UPLOAD_ERR_ATTESTATION_PRESENT = -10, UPLOAD_ERR_BOOTLOADER_LOCKED = -10,
}; };
enum { enum {
@ -69,8 +69,8 @@ int process_msg_WipeDevice(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);
void process_msg_unknown(uint8_t iface_num, uint32_t msg_size, uint8_t *buf); void process_msg_unknown(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);
#ifdef USE_OPTIGA #ifdef USE_OPTIGA
void process_msg_AttestationDelete(uint8_t iface_num, uint32_t msg_size, void process_msg_UnlockBootloader(uint8_t iface_num, uint32_t msg_size,
uint8_t *buf); uint8_t *buf);
#endif #endif
secbool bootloader_WipeDevice(void); secbool bootloader_WipeDevice(void);