Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add install restricted screen on installation with locked bootloader #3236

Merged
merged 1 commit into from
Aug 25, 2023
Merged

add install restricted screen on installation with locked bootloader #3236

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions core/embed/bootloader/bootui.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,18 @@ void ui_screen_fail(void) { screen_install_fail(); }
uint32_t ui_screen_unlock_bootloader_confirm(void) {
return screen_unlock_bootloader_confirm();
}

void ui_screen_install_restricted(void) {
display_clear();
screen_fatal_error_rust(
"INSTALL RESTRICTED",
"Installation of custom firmware is currently restricted.",
"Please visit\ntrezor.io/bootloader");

display_refresh();
}
#else
void ui_screen_install_restricted(void) { screen_install_fail(); }
#endif

// general functions
Expand Down
1 change: 1 addition & 0 deletions core/embed/bootloader/bootui.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ void ui_screen_wipe_progress(int pos, int len);
void ui_screen_done(uint8_t restart_seconds, secbool full_redraw);

void ui_screen_fail(void);
void ui_screen_install_restricted(void);

void ui_fadein(void);
void ui_fadeout(void);
Expand Down
16 changes: 7 additions & 9 deletions core/embed/bootloader/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,11 @@ static usb_result_t bootloader_usb_loop(const vendor_header *const vhdr,
case MessageType_MessageType_FirmwareUpload:
r = process_msg_FirmwareUpload(USB_IFACE_NUM, msg_size, buf);
if (r < 0 && r != UPLOAD_ERR_USER_ABORT) { // error, but not user abort
ui_screen_fail();
if (r == UPLOAD_ERR_BOOTLOADER_LOCKED) {
ui_screen_install_restricted();
} else {
ui_screen_fail();
}
usb_stop();
usb_deinit();
return SHUTDOWN;
Expand Down Expand Up @@ -225,7 +229,7 @@ static usb_result_t bootloader_usb_loop(const vendor_header *const vhdr,
usb_deinit();
return RETURN;
}
process_msg_AttestationDelete(USB_IFACE_NUM, msg_size, buf);
process_msg_UnlockBootloader(USB_IFACE_NUM, msg_size, buf);
screen_unlock_bootloader_success();
hal_delay(100);
usb_stop();
Expand Down Expand Up @@ -549,13 +553,7 @@ int bootloader_main(void) {

#ifdef USE_OPTIGA
if (((vhdr.vtrust & VTRUST_SECRET) != 0) && (sectrue != secret_wiped())) {
display_clear();
screen_fatal_error_rust(
"INSTALL RESTRICTED",
"Installation of custom firmware is currently restricted.",
"Please visit\ntrezor.io/bootloader");

display_refresh();
ui_screen_install_restricted();
return 1;
}
#endif
Expand Down
8 changes: 4 additions & 4 deletions core/embed/bootloader/messages.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -577,9 +577,9 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size,
if (sectrue != secret_wiped() && ((vhdr.vtrust & VTRUST_SECRET) != 0)) {
MSG_SEND_INIT(Failure);
MSG_SEND_ASSIGN_VALUE(code, FailureType_Failure_ProcessError);
MSG_SEND_ASSIGN_STRING(message, "Attestation present");
MSG_SEND_ASSIGN_STRING(message, "Install restricted");
MSG_SEND(Failure);
return UPLOAD_ERR_ATTESTATION_PRESENT;
return UPLOAD_ERR_BOOTLOADER_LOCKED;
}
#endif

Expand Down Expand Up @@ -735,8 +735,8 @@ void process_msg_unknown(uint8_t iface_num, uint32_t msg_size, uint8_t *buf) {
}

#ifdef USE_OPTIGA
void process_msg_AttestationDelete(uint8_t iface_num, uint32_t msg_size,
uint8_t *buf) {
void process_msg_UnlockBootloader(uint8_t iface_num, uint32_t msg_size,
uint8_t *buf) {
secret_erase();
MSG_SEND_INIT(Success);
MSG_SEND(Success);
Expand Down
6 changes: 3 additions & 3 deletions core/embed/bootloader/messages.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ enum {
UPLOAD_ERR_USER_ABORT = -7,
UPLOAD_ERR_FIRMWARE_TOO_BIG = -8,
UPLOAD_ERR_INVALID_CHUNK_HASH = -9,
UPLOAD_ERR_ATTESTATION_PRESENT = -10,
UPLOAD_ERR_BOOTLOADER_LOCKED = -10,
};

enum {
Expand Down Expand Up @@ -69,8 +69,8 @@ int process_msg_WipeDevice(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);
void process_msg_unknown(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);

#ifdef USE_OPTIGA
void process_msg_AttestationDelete(uint8_t iface_num, uint32_t msg_size,
uint8_t *buf);
void process_msg_UnlockBootloader(uint8_t iface_num, uint32_t msg_size,
uint8_t *buf);
#endif

secbool bootloader_WipeDevice(void);
Expand Down
Loading