Merge 008b5df432 into ef02c4de5d

reduces the number of PIN iterations and avoids erasing the other
storage bank -- if a test ever overruns, it will probably RSOD out, but
that's unlikely to happen

core/Makefile

@@ -31,6 +31,7 @@ PYOPT      ?= 1
 BITCOIN_ONLY ?= 0
 BOOTLOADER_QA ?= 0
 BOOTLOADER_DEVEL ?= 0
+DISABLE_OPTIGA ?= 0
 TREZOR_MODEL ?= T
 TREZOR_MEMPERF ?= 0
 ADDRESS_SANITIZER ?= 0
@@ -41,6 +42,8 @@ THP ?= 0
 BENCHMARK ?= 0
 TREZOR_EMULATOR_DEBUGGABLE ?= 0
 QUIET_MODE ?= 0
+TREZOR_DISABLE_ANIMATION ?= $(if $(filter 0,$(PYOPT)),1,0)
+STORAGE_INSECURE_TESTING_MODE ?= 0
 
 # OpenOCD interface default. Alternative: ftdi/olimex-arm-usb-tiny-h
 OPENOCD_INTERFACE ?= stlink
@@ -142,7 +145,9 @@ SCONS_VARS = \
 	PRODUCTION="$(PRODUCTION)" \
 	PYOPT="$(PYOPT)" \
 	QUIET_MODE="$(QUIET_MODE)" \
+	STORAGE_INSECURE_TESTING_MODE="$(STORAGE_INSECURE_TESTING_MODE)" \
 	THP="$(THP)" \
+	TREZOR_DISABLE_ANIMATION="$(TREZOR_DISABLE_ANIMATION)" \
 	TREZOR_EMULATOR_ASAN="$(ADDRESS_SANITIZER)" \
 	TREZOR_EMULATOR_DEBUGGABLE=$(TREZOR_EMULATOR_DEBUGGABLE) \
 	TREZOR_MEMPERF="$(TREZOR_MEMPERF)" \

core/SConscript.firmware

@@ -18,6 +18,14 @@ HW_REVISION = ARGUMENTS.get('HW_REVISION', None)
 THP = ARGUMENTS.get('THP', '0') == '1' # Trezor-Host Protocol
 MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL)
 BENCHMARK = ARGUMENTS.get('BENCHMARK', '0') == '1'
+DISABLE_ANIMATION = ARGUMENTS.get('TREZOR_DISABLE_ANIMATION', '0') == '1'
+
+STORAGE_INSECURE_TESTING_MODE = ARGUMENTS.get('STORAGE_INSECURE_TESTING_MODE', '0') == '1'
+if STORAGE_INSECURE_TESTING_MODE and PRODUCTION:
+    raise RuntimeError("STORAGE_INSECURE_TESTING_MODE cannot be used in production")
+if STORAGE_INSECURE_TESTING_MODE:
+    DISABLE_OPTIGA = True
+    PYOPT = "0"
 
 if BENCHMARK and PYOPT != '0':
   print("BENCHMARK=1 works only with PYOPT=0.")
@@ -30,7 +38,9 @@ FEATURE_FLAGS = {
 }
 
 FEATURES_WANTED = ["input", "sd_card", "rgb_led", "dma2d", "consumption_mask", "usb" ,"optiga", "haptic"]
-if DISABLE_OPTIGA and PYOPT == '0':
+if DISABLE_OPTIGA:
+    if PYOPT != '0':
+        raise RuntimeError("DISABLE_OPTIGA requires PYOPT=0")
     FEATURES_WANTED.remove("optiga")
 
 CCFLAGS_MOD = ''
@@ -69,6 +79,7 @@ CPPDEFINES_MOD += [
     ('USE_CARDANO', '1' if EVERYTHING else '0'),
     ('USE_NEM', '1' if (EVERYTHING and TREZOR_MODEL == "T") else '0'),
     ('USE_EOS', '1' if (EVERYTHING and TREZOR_MODEL == "T") else '0'),
+    ('DISABLE_ANIMATION', '1' if DISABLE_ANIMATION else '0'),
 ]
 SOURCE_MOD += [
     'embed/upymod/trezorobj.c',
@@ -367,6 +378,9 @@ if THP:
         'vendor/trezor-crypto/elligator2.c',
     ]
 
+if STORAGE_INSECURE_TESTING_MODE:
+    CPPDEFINES_MOD += ['STORAGE_INSECURE_TESTING_MODE']
+
 ui.init_ui(TREZOR_MODEL, "firmware", CPPDEFINES_MOD, SOURCE_MOD, RUST_UI_FEATURES)
 
 SOURCE_QSTR = SOURCE_MOD + SOURCE_MICROPYTHON + SOURCE_MICROPYTHON_SPEED
@@ -873,6 +887,14 @@ elif 'STM32U5G9xx' in CPPDEFINES_HAL or 'STM32U585xx' in CPPDEFINES_HAL:
 else:
     raise Exception("Unknown MCU")
 
+if STORAGE_INSECURE_TESTING_MODE:
+    INSECURE_TESTING_MODE_STR = """
+#########################################################
+#   STORAGE_INSECURE_TESTING_MODE enabled, DO NOT USE   #
+#########################################################
+"""
+    action_bin.append(INSECURE_TESTING_MODE_STR)
+
 program_bin = env.Command(
     target='firmware.bin',
     source=program_elf,

core/SConscript.kernel

@@ -16,6 +16,13 @@ DISABLE_OPTIGA = ARGUMENTS.get('DISABLE_OPTIGA', '0') == '1'
 HW_REVISION = ARGUMENTS.get('HW_REVISION', None)
 THP = ARGUMENTS.get('THP', '0') == '1' # Trezor-Host Protocol
 
+STORAGE_INSECURE_TESTING_MODE = ARGUMENTS.get('STORAGE_INSECURE_TESTING_MODE', '0') == '1'
+if STORAGE_INSECURE_TESTING_MODE and PRODUCTION:
+    raise RuntimeError("STORAGE_INSECURE_TESTING_MODE cannot be used in production")
+if STORAGE_INSECURE_TESTING_MODE:
+    DISABLE_OPTIGA = True
+    PYOPT = "0"
+
 FEATURE_FLAGS = {
     "RDI": True,
     "SECP256K1_ZKP": True,  # required for trezor.crypto.curve.bip340 (BIP340/Taproot)
@@ -24,7 +31,10 @@ FEATURE_FLAGS = {
 }
 
 FEATURES_WANTED = ["input", "sd_card", "rgb_led", "dma2d", "consumption_mask", "usb" ,"optiga", "haptic"]
-if DISABLE_OPTIGA and PYOPT == '0':
+if DISABLE_OPTIGA:
+    # TODO use PYOPT instead of PRODUCTION, same as in firmware, blocked on #4253
+    if PRODUCTION:
+        raise RuntimeError("DISABLE_OPTIGA requires non-production build")
     FEATURES_WANTED.remove("optiga")
 
 CCFLAGS_MOD = ''
@@ -235,6 +245,8 @@ if THP:
         'vendor/trezor-crypto/elligator2.c',
     ]
 
+if STORAGE_INSECURE_TESTING_MODE:
+    CPPDEFINES_MOD += ['STORAGE_INSECURE_TESTING_MODE']
 
 env = Environment(
     ENV=os.environ,
@@ -411,6 +423,14 @@ action_bin=[
     '$CP $TARGET ' + BINARY_NAME,
 ]
 
+if STORAGE_INSECURE_TESTING_MODE:
+    INSECURE_TESTING_MODE_STR = """
+#########################################################
+#   STORAGE_INSECURE_TESTING_MODE enabled, DO NOT USE   #
+#########################################################
+"""
+    action_bin.append(INSECURE_TESTING_MODE_STR)
+
 program_bin = env.Command(
     target='kernel.bin',
     source=program_elf,

core/embed/upymod/modtrezorutils/modtrezorutils.c

@@ -410,6 +410,9 @@ STATIC mp_obj_tuple_t mod_trezorutils_version_obj = {
 /// """UI layout identifier ("tt" for model T, "tr" for models One and R)."""
 /// USE_THP: bool
 /// """Whether the firmware supports Trezor-Host Protocol (version 2)."""
+/// if __debug__:
+///     DISABLE_ANIMATION: bool
+///     """Whether the firmware should disable animations."""
 
 STATIC const mp_rom_map_elem_t mp_module_trezorutils_globals_table[] = {
     {MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_trezorutils)},
@@ -502,6 +505,13 @@ STATIC const mp_rom_map_elem_t mp_module_trezorutils_globals_table[] = {
 #else
 #error Unknown layout
 #endif
+#if !PYOPT
+#if DISABLE_ANIMATION
+    {MP_ROM_QSTR(MP_QSTR_DISABLE_ANIMATION), mp_const_true},
+#else
+    {MP_ROM_QSTR(MP_QSTR_DISABLE_ANIMATION), mp_const_false},
+#endif  // TREZOR_DISABLE_ANIMATION
+#endif  // PYOPT
 };
 
 STATIC MP_DEFINE_CONST_DICT(mp_module_trezorutils_globals,

core/mocks/generated/trezorutils.pyi

@@ -152,3 +152,6 @@ UI_LAYOUT: str
 """UI layout identifier ("tt" for model T, "tr" for models One and R)."""
 USE_THP: bool
 """Whether the firmware supports Trezor-Host Protocol (version 2)."""
+if __debug__:
+    DISABLE_ANIMATION: bool
+    """Whether the firmware should disable animations."""

core/src/trezor/ui/__init__.py

@@ -24,7 +24,7 @@ else:
 
 
 if __debug__:
-    trezorui2.disable_animation(bool(utils.DISABLE_ANIMATION))
+    trezorui2.disable_animation(utils.DISABLE_ANIMATION)
 
 
 # all rendering is done through a singleton of `Display`

core/src/trezor/utils.py

@@ -33,17 +33,20 @@ from trezorutils import (  # noqa: F401
 )
 from typing import TYPE_CHECKING
 
-DISABLE_ANIMATION = 0
-
 if __debug__:
     if EMULATOR:
         import uos
 
-        DISABLE_ANIMATION = int(uos.getenv("TREZOR_DISABLE_ANIMATION") or "0")
-        LOG_MEMORY = int(uos.getenv("TREZOR_LOG_MEMORY") or "0")
+        DISABLE_ANIMATION = uos.getenv("TREZOR_DISABLE_ANIMATION") == "1"
+        LOG_MEMORY = uos.getenv("TREZOR_LOG_MEMORY") == "1"
     else:
+        from trezorutils import DISABLE_ANIMATION  # noqa: F401
+
         LOG_MEMORY = 0
 
+else:
+    DISABLE_ANIMATION = False
+
 if TYPE_CHECKING:
     from typing import Any, Iterator, Protocol, Sequence, TypeVar
 

python/.changelog.d/3993.added

@@ -0,0 +1 @@
+Added support for Trezor models not known by the current version of the library.

python/.changelog.d/3993.deprecated

@@ -0,0 +1 @@
+Calling `models.by_internal_name(None)` is deprecated -- check the presence of `internal_model` explicitly before passing it in.

python/src/trezorlib/client.py

@@ -273,19 +273,13 @@ class TrezorClient(Generic[UI]):
         """Update internal fields based on passed-in Features message."""
 
         if not self.model:
-            # Trezor Model One bootloader 1.8.0 or older does not send model name
-            model = models.by_internal_name(features.internal_model)
-            if model is None:
-                model = models.by_name(features.model or "1")
-            if model is None:
-                raise RuntimeError(
-                    "Unsupported Trezor model"
-                    f" (internal_model: {features.internal_model}, model: {features.model})"
-                )
-            self.model = model
+            if features.internal_model is not None:
+                self.model = models.by_internal_name(features.internal_model)
+            else:
+                self.model = models.by_name(features.model)
 
         if features.vendor not in self.model.vendors:
-            raise RuntimeError("Unsupported device")
+            raise exceptions.TrezorException(f"Unrecognized vendor: {features.vendor}")
 
         self.features = features
         self.version = (

python/src/trezorlib/models.py

@@ -14,8 +14,11 @@
 # You should have received a copy of the License along with this library.
 # If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
 
+from __future__ import annotations
+
+import warnings
 from dataclasses import dataclass
-from typing import Collection, Optional, Tuple
+from typing import Collection, Tuple
 
 from . import mapping
 
@@ -36,12 +39,17 @@ class TrezorModel:
 
 # ==== internal names ====
 
+USBID_TREZOR_ONE = (0x534C, 0x0001)
+USBID_TREZOR_CORE = (0x1209, 0x53C1)
+USBID_TREZOR_CORE_BOOTLOADER = (0x1209, 0x53C0)
+
+
 T1B1 = TrezorModel(
     name="1",
     internal_name="T1B1",
     minimum_version=(1, 8, 0),
     vendors=VENDORS,
-    usb_ids=((0x534C, 0x0001),),
+    usb_ids=(USBID_TREZOR_ONE,),
     default_mapping=mapping.DEFAULT_MAPPING,
 )
 
@@ -50,7 +58,7 @@ T2T1 = TrezorModel(
     internal_name="T2T1",
     minimum_version=(2, 1, 0),
     vendors=VENDORS,
-    usb_ids=((0x1209, 0x53C1), (0x1209, 0x53C0)),
+    usb_ids=(USBID_TREZOR_CORE, USBID_TREZOR_CORE_BOOTLOADER),
     default_mapping=mapping.DEFAULT_MAPPING,
 )
 
@@ -59,7 +67,7 @@ T2B1 = TrezorModel(
     internal_name="T2B1",
     minimum_version=(2, 1, 0),
     vendors=VENDORS,
-    usb_ids=((0x1209, 0x53C1), (0x1209, 0x53C0)),
+    usb_ids=(USBID_TREZOR_CORE, USBID_TREZOR_CORE_BOOTLOADER),
     default_mapping=mapping.DEFAULT_MAPPING,
 )
 
@@ -68,7 +76,7 @@ T3T1 = TrezorModel(
     internal_name="T3T1",
     minimum_version=(2, 1, 0),
     vendors=VENDORS,
-    usb_ids=((0x1209, 0x53C1), (0x1209, 0x53C0)),
+    usb_ids=(USBID_TREZOR_CORE, USBID_TREZOR_CORE_BOOTLOADER),
     default_mapping=mapping.DEFAULT_MAPPING,
 )
 
@@ -77,7 +85,7 @@ T3B1 = TrezorModel(
     internal_name="T3B1",
     minimum_version=(2, 1, 0),
     vendors=VENDORS,
-    usb_ids=((0x1209, 0x53C1), (0x1209, 0x53C0)),
+    usb_ids=(USBID_TREZOR_CORE, USBID_TREZOR_CORE_BOOTLOADER),
     default_mapping=mapping.DEFAULT_MAPPING,
 )
 
@@ -86,7 +94,7 @@ T3W1 = TrezorModel(
     internal_name="T3W1",
     minimum_version=(2, 1, 0),
     vendors=VENDORS,
-    usb_ids=((0x1209, 0x53C1), (0x1209, 0x53C0)),
+    usb_ids=(USBID_TREZOR_CORE, USBID_TREZOR_CORE_BOOTLOADER),
     default_mapping=mapping.DEFAULT_MAPPING,
 )
 
@@ -95,7 +103,7 @@ DISC1 = TrezorModel(
     internal_name="D001",
     minimum_version=(2, 1, 0),
     vendors=VENDORS,
-    usb_ids=((0x1209, 0x53C1), (0x1209, 0x53C0)),
+    usb_ids=(USBID_TREZOR_CORE, USBID_TREZOR_CORE_BOOTLOADER),
     default_mapping=mapping.DEFAULT_MAPPING,
 )
 
@@ -104,10 +112,24 @@ DISC2 = TrezorModel(
     internal_name="D002",
     minimum_version=(2, 1, 0),
     vendors=VENDORS,
-    usb_ids=((0x1209, 0x53C1), (0x1209, 0x53C0)),
+    usb_ids=(USBID_TREZOR_CORE, USBID_TREZOR_CORE_BOOTLOADER),
     default_mapping=mapping.DEFAULT_MAPPING,
 )
 
+# ==== unknown model ====
+
+UNKNOWN_MODEL = TrezorModel(
+    name="Unknown Trezor model",
+    internal_name="????",
+    minimum_version=(0, 0, 0),
+    vendors=VENDORS,
+    usb_ids=(),
+    default_mapping=mapping.DEFAULT_MAPPING,
+)
+"""Unknown model is a placeholder for detected devices that respond to the Trezor wire
+protocol, but are not in the list of known models -- presumably models newer than the
+current library version."""
+
 # ==== model based names ====
 
 TREZOR_ONE = T1B1
@@ -121,19 +143,20 @@ TREZOR_DISC2 = DISC2
 TREZORS = frozenset({T1B1, T2T1, T2B1, T3T1, T3B1, T3W1, DISC1, DISC2})
 
 
-def by_name(name: Optional[str]) -> Optional[TrezorModel]:
+def by_name(name: str | None) -> TrezorModel:
     if name is None:
         return T1B1
     for model in TREZORS:
         if model.name == name:
             return model
-    return None
+    return UNKNOWN_MODEL
 
 
-def by_internal_name(name: Optional[str]) -> Optional[TrezorModel]:
+def by_internal_name(name: str) -> TrezorModel:
     if name is None:
-        return None
+        warnings.warn("by_internal_name will no longer accept None", stacklevel=2)
+        return None  # type: ignore [incompatible with "TrezorModel"]
     for model in TREZORS:
         if model.internal_name == name:
             return model
-    return None
+    return UNKNOWN_MODEL

storage/norcow.c

@@ -284,11 +284,15 @@ void norcow_wipe(void) {
   // Erase the active sector first, because it contains sensitive data.
   erase_sector(norcow_active_sector, sectrue);
 
+#if STORAGE_INSECURE_TESTING_MODE && !PRODUCTION
+  // skip erasing inactive sectors
+#else
   for (uint8_t i = 0; i < NORCOW_SECTOR_COUNT; i++) {
     if (i != norcow_active_sector) {
       erase_sector(i, secfalse);
     }
   }
+#endif
   norcow_active_version = NORCOW_VERSION;
   norcow_write_sector = norcow_active_sector;
   norcow_free_offset = NORCOW_STORAGE_START;

storage/storage.c

@@ -86,8 +86,12 @@ const uint32_t V0_PIN_EMPTY = 1;
 // up constant storage space.
 #define MAX_WIPE_CODE_LEN 50
 
+#if STORAGE_INSECURE_TESTING_MODE && !PRODUCTION
+#define PIN_ITER_COUNT 1
+#else
 // The total number of iterations to use in PBKDF2.
 #define PIN_ITER_COUNT 20000
+#endif
 
 // The minimum number of milliseconds between progress updates.
 #define MIN_PROGRESS_UPDATE_MS 100

storage/storage_utils.h

@@ -2,3 +2,15 @@
 #include <stdint.h>
 
 uint32_t hamming_weight(uint32_t value);
+
+#ifndef STORAGE_INSECURE_TESTING_MODE
+#define STORAGE_INSECURE_TESTING_MODE 0
+#endif
+
+#if STORAGE_INSECURE_TESTING_MODE
+#if PRODUCTION
+#error "STORAGE_INSECURE_TESTING_MODE can't be used in production"
+#else
+#pragma message("STORAGE IS INSECURE DO NOT USE THIS IN PRODUCTION")
+#endif
+#endif

tests/conftest.py

@@ -234,7 +234,9 @@ class ModelsFilter:
             assert isinstance(marker, str)
             if marker in cls.MODEL_SHORTCUTS:
                 selected_models |= cls.MODEL_SHORTCUTS[marker]
-            elif (model := models.by_internal_name(marker.upper())) is not None:
+            elif (
+                model := models.by_internal_name(marker.upper())
+            ) is not models.UNKNOWN_MODEL:
                 selected_models.add(model)
             else:
                 raise ValueError(f"Unknown model: {marker}")