Merge c5579ca180 into ef02c4de5d

reduces the number of PIN iterations and avoids erasing the other
storage bank -- if a test ever overruns, it will probably RSOD out, but
that's unlikely to happen

core/Makefile

@@ -31,6 +31,7 @@ PYOPT      ?= 1
 BITCOIN_ONLY ?= 0
 BOOTLOADER_QA ?= 0
 BOOTLOADER_DEVEL ?= 0
+DISABLE_OPTIGA ?= 0
 TREZOR_MODEL ?= T
 TREZOR_MEMPERF ?= 0
 ADDRESS_SANITIZER ?= 0
@@ -41,6 +42,8 @@ THP ?= 0
 BENCHMARK ?= 0
 TREZOR_EMULATOR_DEBUGGABLE ?= 0
 QUIET_MODE ?= 0
+TREZOR_DISABLE_ANIMATION ?= $(if $(filter 0,$(PYOPT)),1,0)
+STORAGE_INSECURE_TESTING_MODE ?= 0
 
 # OpenOCD interface default. Alternative: ftdi/olimex-arm-usb-tiny-h
 OPENOCD_INTERFACE ?= stlink
@@ -142,7 +145,9 @@ SCONS_VARS = \
 	PRODUCTION="$(PRODUCTION)" \
 	PYOPT="$(PYOPT)" \
 	QUIET_MODE="$(QUIET_MODE)" \
+	STORAGE_INSECURE_TESTING_MODE="$(STORAGE_INSECURE_TESTING_MODE)" \
 	THP="$(THP)" \
+	TREZOR_DISABLE_ANIMATION="$(TREZOR_DISABLE_ANIMATION)" \
 	TREZOR_EMULATOR_ASAN="$(ADDRESS_SANITIZER)" \
 	TREZOR_EMULATOR_DEBUGGABLE=$(TREZOR_EMULATOR_DEBUGGABLE) \
 	TREZOR_MEMPERF="$(TREZOR_MEMPERF)" \

core/SConscript.firmware

@@ -18,6 +18,14 @@ HW_REVISION = ARGUMENTS.get('HW_REVISION', None)
 THP = ARGUMENTS.get('THP', '0') == '1' # Trezor-Host Protocol
 MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL)
 BENCHMARK = ARGUMENTS.get('BENCHMARK', '0') == '1'
+DISABLE_ANIMATION = ARGUMENTS.get('TREZOR_DISABLE_ANIMATION', '0') == '1'
+
+STORAGE_INSECURE_TESTING_MODE = ARGUMENTS.get('STORAGE_INSECURE_TESTING_MODE', '0') == '1'
+if STORAGE_INSECURE_TESTING_MODE and PRODUCTION:
+    raise RuntimeError("STORAGE_INSECURE_TESTING_MODE cannot be used in production")
+if STORAGE_INSECURE_TESTING_MODE:
+    DISABLE_OPTIGA = True
+    PYOPT = "0"
 
 if BENCHMARK and PYOPT != '0':
   print("BENCHMARK=1 works only with PYOPT=0.")
@@ -30,7 +38,9 @@ FEATURE_FLAGS = {
 }
 
 FEATURES_WANTED = ["input", "sd_card", "rgb_led", "dma2d", "consumption_mask", "usb" ,"optiga", "haptic"]
-if DISABLE_OPTIGA and PYOPT == '0':
+if DISABLE_OPTIGA:
+    if PYOPT != '0':
+        raise RuntimeError("DISABLE_OPTIGA requires PYOPT=0")
     FEATURES_WANTED.remove("optiga")
 
 CCFLAGS_MOD = ''
@@ -69,6 +79,7 @@ CPPDEFINES_MOD += [
     ('USE_CARDANO', '1' if EVERYTHING else '0'),
     ('USE_NEM', '1' if (EVERYTHING and TREZOR_MODEL == "T") else '0'),
     ('USE_EOS', '1' if (EVERYTHING and TREZOR_MODEL == "T") else '0'),
+    ('DISABLE_ANIMATION', '1' if DISABLE_ANIMATION else '0'),
 ]
 SOURCE_MOD += [
     'embed/upymod/trezorobj.c',
@@ -367,6 +378,9 @@ if THP:
         'vendor/trezor-crypto/elligator2.c',
     ]
 
+if STORAGE_INSECURE_TESTING_MODE:
+    CPPDEFINES_MOD += ['STORAGE_INSECURE_TESTING_MODE']
+
 ui.init_ui(TREZOR_MODEL, "firmware", CPPDEFINES_MOD, SOURCE_MOD, RUST_UI_FEATURES)
 
 SOURCE_QSTR = SOURCE_MOD + SOURCE_MICROPYTHON + SOURCE_MICROPYTHON_SPEED
@@ -873,6 +887,14 @@ elif 'STM32U5G9xx' in CPPDEFINES_HAL or 'STM32U585xx' in CPPDEFINES_HAL:
 else:
     raise Exception("Unknown MCU")
 
+if STORAGE_INSECURE_TESTING_MODE:
+    INSECURE_TESTING_MODE_STR = """
+#########################################################
+#   STORAGE_INSECURE_TESTING_MODE enabled, DO NOT USE   #
+#########################################################
+"""
+    action_bin.append(INSECURE_TESTING_MODE_STR)
+
 program_bin = env.Command(
     target='firmware.bin',
     source=program_elf,

core/SConscript.kernel

@@ -16,6 +16,13 @@ DISABLE_OPTIGA = ARGUMENTS.get('DISABLE_OPTIGA', '0') == '1'
 HW_REVISION = ARGUMENTS.get('HW_REVISION', None)
 THP = ARGUMENTS.get('THP', '0') == '1' # Trezor-Host Protocol
 
+STORAGE_INSECURE_TESTING_MODE = ARGUMENTS.get('STORAGE_INSECURE_TESTING_MODE', '0') == '1'
+if STORAGE_INSECURE_TESTING_MODE and PRODUCTION:
+    raise RuntimeError("STORAGE_INSECURE_TESTING_MODE cannot be used in production")
+if STORAGE_INSECURE_TESTING_MODE:
+    DISABLE_OPTIGA = True
+    PYOPT = "0"
+
 FEATURE_FLAGS = {
     "RDI": True,
     "SECP256K1_ZKP": True,  # required for trezor.crypto.curve.bip340 (BIP340/Taproot)
@@ -24,7 +31,10 @@ FEATURE_FLAGS = {
 }
 
 FEATURES_WANTED = ["input", "sd_card", "rgb_led", "dma2d", "consumption_mask", "usb" ,"optiga", "haptic"]
-if DISABLE_OPTIGA and PYOPT == '0':
+if DISABLE_OPTIGA:
+    # TODO use PYOPT instead of PRODUCTION, same as in firmware, blocked on #4253
+    if PRODUCTION:
+        raise RuntimeError("DISABLE_OPTIGA requires non-production build")
     FEATURES_WANTED.remove("optiga")
 
 CCFLAGS_MOD = ''
@@ -235,6 +245,8 @@ if THP:
         'vendor/trezor-crypto/elligator2.c',
     ]
 
+if STORAGE_INSECURE_TESTING_MODE:
+    CPPDEFINES_MOD += ['STORAGE_INSECURE_TESTING_MODE']
 
 env = Environment(
     ENV=os.environ,
@@ -411,6 +423,14 @@ action_bin=[
     '$CP $TARGET ' + BINARY_NAME,
 ]
 
+if STORAGE_INSECURE_TESTING_MODE:
+    INSECURE_TESTING_MODE_STR = """
+#########################################################
+#   STORAGE_INSECURE_TESTING_MODE enabled, DO NOT USE   #
+#########################################################
+"""
+    action_bin.append(INSECURE_TESTING_MODE_STR)
+
 program_bin = env.Command(
     target='kernel.bin',
     source=program_elf,

core/embed/rust/src/translations/generated/translated_string.rs

@@ -894,11 +894,11 @@ pub enum TranslatedString {
     ripple__confirm_tag = 605,  // "Confirm tag"
     #[cfg(feature = "universal_fw")]
     ripple__destination_tag_template = 606,  // "Destination tag:\n{0}"
-    rotation__change_template = 607,  // "Do you want to change device rotation to {0}?"
+    rotation__change_template = 607,  // "Change display orientation to {0}?"
     rotation__east = 608,  // "east"
     rotation__north = 609,  // "north"
     rotation__south = 610,  // "south"
-    rotation__title_change = 611,  // "Change rotation"
+    rotation__title_change = 611,  // "Display orientation"
     rotation__west = 612,  // "west"
     safety_checks__approve_unsafe_always = 613,  // "Trezor will allow you to approve some actions which might be unsafe."
     safety_checks__approve_unsafe_temporary = 614,  // "Trezor will temporarily allow you to approve some actions which might be unsafe."
@@ -2270,11 +2270,11 @@ impl TranslatedString {
             Self::ripple__confirm_tag => "Confirm tag",
             #[cfg(feature = "universal_fw")]
             Self::ripple__destination_tag_template => "Destination tag:\n{0}",
-            Self::rotation__change_template => "Do you want to change device rotation to {0}?",
+            Self::rotation__change_template => "Change display orientation to {0}?",
             Self::rotation__east => "east",
             Self::rotation__north => "north",
             Self::rotation__south => "south",
-            Self::rotation__title_change => "Change rotation",
+            Self::rotation__title_change => "Display orientation",
             Self::rotation__west => "west",
             Self::safety_checks__approve_unsafe_always => "Trezor will allow you to approve some actions which might be unsafe.",
             Self::safety_checks__approve_unsafe_temporary => "Trezor will temporarily allow you to approve some actions which might be unsafe.",

core/embed/upymod/modtrezorutils/modtrezorutils.c

@@ -410,6 +410,9 @@ STATIC mp_obj_tuple_t mod_trezorutils_version_obj = {
 /// """UI layout identifier ("tt" for model T, "tr" for models One and R)."""
 /// USE_THP: bool
 /// """Whether the firmware supports Trezor-Host Protocol (version 2)."""
+/// if __debug__:
+///     DISABLE_ANIMATION: bool
+///     """Whether the firmware should disable animations."""
 
 STATIC const mp_rom_map_elem_t mp_module_trezorutils_globals_table[] = {
     {MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_trezorutils)},
@@ -502,6 +505,13 @@ STATIC const mp_rom_map_elem_t mp_module_trezorutils_globals_table[] = {
 #else
 #error Unknown layout
 #endif
+#if !PYOPT
+#if DISABLE_ANIMATION
+    {MP_ROM_QSTR(MP_QSTR_DISABLE_ANIMATION), mp_const_true},
+#else
+    {MP_ROM_QSTR(MP_QSTR_DISABLE_ANIMATION), mp_const_false},
+#endif  // TREZOR_DISABLE_ANIMATION
+#endif  // PYOPT
 };
 
 STATIC MP_DEFINE_CONST_DICT(mp_module_trezorutils_globals,

core/mocks/generated/trezorutils.pyi

@@ -152,3 +152,6 @@ UI_LAYOUT: str
 """UI layout identifier ("tt" for model T, "tr" for models One and R)."""
 USE_THP: bool
 """Whether the firmware supports Trezor-Host Protocol (version 2)."""
+if __debug__:
+    DISABLE_ANIMATION: bool
+    """Whether the firmware should disable animations."""

core/mocks/trezortranslate_keys.pyi

@@ -705,11 +705,11 @@ class TR:
     reset__your_backup_is_done: str = "Your backup is done."
     ripple__confirm_tag: str = "Confirm tag"
     ripple__destination_tag_template: str = "Destination tag:\n{0}"
-    rotation__change_template: str = "Do you want to change device rotation to {0}?"
+    rotation__change_template: str = "Change display orientation to {0}?"
     rotation__east: str = "east"
     rotation__north: str = "north"
     rotation__south: str = "south"
-    rotation__title_change: str = "Change rotation"
+    rotation__title_change: str = "Display orientation"
     rotation__west: str = "west"
     safety_checks__approve_unsafe_always: str = "Trezor will allow you to approve some actions which might be unsafe."
     safety_checks__approve_unsafe_temporary: str = "Trezor will temporarily allow you to approve some actions which might be unsafe."

core/src/apps/management/apply_settings.py

@@ -182,6 +182,7 @@ async def _require_confirm_change_display_rotation(rotation: DisplayRotation) ->
     await confirm_action(
         "set_rotation",
         TR.rotation__title_change,
+        subtitle=TR.words__settings,
         description=TR.rotation__change_template,
         description_param=label,
         br_code=BRT_PROTECT_CALL,

core/src/trezor/ui/__init__.py

@@ -24,7 +24,7 @@ else:
 
 
 if __debug__:
-    trezorui2.disable_animation(bool(utils.DISABLE_ANIMATION))
+    trezorui2.disable_animation(utils.DISABLE_ANIMATION)
 
 
 # all rendering is done through a singleton of `Display`

core/src/trezor/utils.py

@@ -33,17 +33,20 @@ from trezorutils import (  # noqa: F401
 )
 from typing import TYPE_CHECKING
 
-DISABLE_ANIMATION = 0
-
 if __debug__:
     if EMULATOR:
         import uos
 
-        DISABLE_ANIMATION = int(uos.getenv("TREZOR_DISABLE_ANIMATION") or "0")
-        LOG_MEMORY = int(uos.getenv("TREZOR_LOG_MEMORY") or "0")
+        DISABLE_ANIMATION = uos.getenv("TREZOR_DISABLE_ANIMATION") == "1"
+        LOG_MEMORY = uos.getenv("TREZOR_LOG_MEMORY") == "1"
     else:
+        from trezorutils import DISABLE_ANIMATION  # noqa: F401
+
         LOG_MEMORY = 0
 
+else:
+    DISABLE_ANIMATION = False
+
 if TYPE_CHECKING:
     from typing import Any, Iterator, Protocol, Sequence, TypeVar
 

core/translations/cs.json

@@ -749,11 +749,11 @@
     "reset__your_backup_is_done": "Záloha je dokončena.",
     "ripple__confirm_tag": "Potvrdit značku",
     "ripple__destination_tag_template": "Cílová značka:\n{0}",
-    "rotation__change_template": "Chcete změnit orientaci zařízení na {0}?",
+    "rotation__change_template": "Změnit orientaci displeje na {0}?",
     "rotation__east": "východ",
     "rotation__north": "sever",
     "rotation__south": "jih",
-    "rotation__title_change": "Změnit orientaci",
+    "rotation__title_change": "Orientace displeje",
     "rotation__west": "západ",
     "safety_checks__approve_unsafe_always": "Trezor vám umožní schválit některé akce, které by mohly být nebezpečné.",
     "safety_checks__approve_unsafe_temporary": "Trezor vám dočasně umožní schválit některé akce, které by mohly být nebezpečné.",

core/translations/de.json

@@ -749,11 +749,11 @@
     "reset__your_backup_is_done": "Backup abgeschlossen.",
     "ripple__confirm_tag": "Tag bestätigen",
     "ripple__destination_tag_template": "Ziel-Tag:\n{0}",
-    "rotation__change_template": "Möchtest du das Gerät nach {0} drehen?",
+    "rotation__change_template": "Bildschirmausrichtung auf {0} ändern?",
     "rotation__east": "Osten",
     "rotation__north": "Norden",
     "rotation__south": "Süden",
-    "rotation__title_change": "Drehung ändern",
+    "rotation__title_change": "Bildschirmausrichtung",
     "rotation__west": "Westen",
     "safety_checks__approve_unsafe_always": "Trezor erlaubt dir, einige Aktionen zu genehmigen, die unsicher sein könnten.",
     "safety_checks__approve_unsafe_temporary": "Trezor erlaubt kurzzeitig die Genehmigung potenziell unsicherer Aktionen.",

core/translations/en.json

@@ -707,11 +707,11 @@
     "reset__your_backup_is_done": "Your backup is done.",
     "ripple__confirm_tag": "Confirm tag",
     "ripple__destination_tag_template": "Destination tag:\n{0}",
-    "rotation__change_template": "Do you want to change device rotation to {0}?",
+    "rotation__change_template": "Change display orientation to {0}?",
     "rotation__east": "east",
     "rotation__north": "north",
     "rotation__south": "south",
-    "rotation__title_change": "Change rotation",
+    "rotation__title_change": "Display orientation",
     "rotation__west": "west",
     "safety_checks__approve_unsafe_always": "Trezor will allow you to approve some actions which might be unsafe.",
     "safety_checks__approve_unsafe_temporary": "Trezor will temporarily allow you to approve some actions which might be unsafe.",

core/translations/es.json

@@ -749,11 +749,11 @@
     "reset__your_backup_is_done": "Fin de la copia seg.",
     "ripple__confirm_tag": "Confirmar etiqueta",
     "ripple__destination_tag_template": "Etiqueta de destino:\n{0}",
-    "rotation__change_template": "¿Quieres cambiar la rotación del dispositivo al {0}?",
+    "rotation__change_template": "¿Cambiar la orientación de la pantalla a {0}?",
     "rotation__east": "este",
     "rotation__north": "norte",
     "rotation__south": "sur",
-    "rotation__title_change": "Cambiar rotación",
+    "rotation__title_change": "Rotación de pantalla",
     "rotation__west": "oeste",
     "safety_checks__approve_unsafe_always": "Trezor te permitirá aprobar algunas acciones que podrían no ser seguras.",
     "safety_checks__approve_unsafe_temporary": "Trezor te permitirá aprobar temporalmente algunas acciones que podrían no ser seguras.",

core/translations/fr.json

@@ -749,11 +749,11 @@
     "reset__your_backup_is_done": "Sauv. terminée.",
     "ripple__confirm_tag": "Conf. étiquette",
     "ripple__destination_tag_template": "Étiquette de destination:\n{0}",
-    "rotation__change_template": "Voulez-vous modifier la rotation du disp. pour {0} ?",
+    "rotation__change_template": "Changer l'orientation de l'écran en {0} ?",
     "rotation__east": "est",
     "rotation__north": "nord",
     "rotation__south": "sud",
-    "rotation__title_change": "Modifier rotation",
+    "rotation__title_change": "Rotation d'écran",
     "rotation__west": "ouest",
     "safety_checks__approve_unsafe_always": "Trezor vous permettra d'approuver certaines actions qui pourraient être dangereuses.",
     "safety_checks__approve_unsafe_temporary": "Trezor vous laissera temporairement appr. des actions pouvant être dangereuses.",

core/translations/it.json

@@ -749,11 +749,11 @@
     "reset__your_backup_is_done": "Back-up eseguito.",
     "ripple__confirm_tag": "Conferma tag",
     "ripple__destination_tag_template": "Tag di destin.:\n{0}",
-    "rotation__change_template": "Modificare rotazione del dispositivo verso {0}?",
+    "rotation__change_template": "Cambiare l'orientamento dello schermo in {0}?",
     "rotation__east": "est",
     "rotation__north": "nord",
     "rotation__south": "sud",
-    "rotation__title_change": "Cambia rotaz.",
+    "rotation__title_change": "Orientamento dello schermo",
     "rotation__west": "ovest",
     "safety_checks__approve_unsafe_always": "Trezor consentirà di approvare azioni potenzialmente non sicure.",
     "safety_checks__approve_unsafe_temporary": "Trezor consentirà temporan. di approvare azioni potenzialmente non sicure.",

core/translations/pt.json

@@ -748,11 +748,11 @@
     "reset__your_backup_is_done": "Backup concluído.",
     "ripple__confirm_tag": "Confirmar etiqueta",
     "ripple__destination_tag_template": "Etiqueta de destino:\n{0}",
-    "rotation__change_template": "Deseja alterar a rotação do dispositivo para {0}?",
+    "rotation__change_template": "Alterar a orientação da tela para {0}?",
     "rotation__east": "leste",
     "rotation__north": "norte",
     "rotation__south": "sul",
-    "rotation__title_change": "Alterar rotação",
+    "rotation__title_change": "Orientação da tela",
     "rotation__west": "oeste",
     "safety_checks__approve_unsafe_always": "O Trezor permitirá aprovação de cotas  não seguras.",
     "safety_checks__approve_unsafe_temporary": "O Trezor permitirá temporariamente aprovação de cotas não seguras.",

core/translations/signatures.json

@@ -1,8 +1,8 @@
 {
   "current": {
-    "merkle_root": "007f67665e08d5512c3d287949ada4fab7ef7de33dd5edc0539f090d0d3d2d98",
-    "datetime": "2024-11-28T12:34:57.070219",
-    "commit": "66e992540ecc37e77c8fc40f626039fa6a68eeb2"
+    "merkle_root": "30668d47ab98455c6e89fef357ccd7ebd7386501c5d934af5f4995d9e106df6c",
+    "datetime": "2024-12-02T11:45:41.893178",
+    "commit": "521d0989513a74461f86fd881d7efd23cff025f0"
   },
   "history": [
     {

core/translations/tr.json

@@ -680,11 +680,11 @@
     "reset__your_backup_is_done": "Yedekleme tamamlandı.",
     "ripple__confirm_tag": "Etiketi onayla",
     "ripple__destination_tag_template": "Hedef etiket:\n{0}",
-    "rotation__change_template": "Cihaz rotasyonunu {0} olarak değiştirmek istiyor musunuz?",
+    "rotation__change_template": "Ekran yönünü {0} olarak değiştir?",
     "rotation__east": "doğu",
     "rotation__north": "kuzey",
     "rotation__south": "güney",
-    "rotation__title_change": "Rotasyonu deği̇şti̇r",
+    "rotation__title_change": "Ekran yönü",
     "rotation__west": "batı",
     "safety_checks__approve_unsafe_always": "Trezor, güvenli olmayabilecek bazı eylemleri onaylamanıza izin verecektir.",
     "safety_checks__approve_unsafe_temporary": "Trezor, güvenli olmayabilecek bazı eylemleri onaylamanıza geçici izin verecektir.",

storage/norcow.c

@@ -284,11 +284,15 @@ void norcow_wipe(void) {
   // Erase the active sector first, because it contains sensitive data.
   erase_sector(norcow_active_sector, sectrue);
 
+#if STORAGE_INSECURE_TESTING_MODE && !PRODUCTION
+  // skip erasing inactive sectors
+#else
   for (uint8_t i = 0; i < NORCOW_SECTOR_COUNT; i++) {
     if (i != norcow_active_sector) {
       erase_sector(i, secfalse);
     }
   }
+#endif
   norcow_active_version = NORCOW_VERSION;
   norcow_write_sector = norcow_active_sector;
   norcow_free_offset = NORCOW_STORAGE_START;

storage/storage.c

@@ -86,8 +86,12 @@ const uint32_t V0_PIN_EMPTY = 1;
 // up constant storage space.
 #define MAX_WIPE_CODE_LEN 50
 
+#if STORAGE_INSECURE_TESTING_MODE && !PRODUCTION
+#define PIN_ITER_COUNT 1
+#else
 // The total number of iterations to use in PBKDF2.
 #define PIN_ITER_COUNT 20000
+#endif
 
 // The minimum number of milliseconds between progress updates.
 #define MIN_PROGRESS_UPDATE_MS 100

storage/storage_utils.h

@@ -2,3 +2,15 @@
 #include <stdint.h>
 
 uint32_t hamming_weight(uint32_t value);
+
+#ifndef STORAGE_INSECURE_TESTING_MODE
+#define STORAGE_INSECURE_TESTING_MODE 0
+#endif
+
+#if STORAGE_INSECURE_TESTING_MODE
+#if PRODUCTION
+#error "STORAGE_INSECURE_TESTING_MODE can't be used in production"
+#else
+#pragma message("STORAGE IS INSECURE DO NOT USE THIS IN PRODUCTION")
+#endif
+#endif