Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(legacy): don't erase firmware and storage in intermediate firmware ... #1600

Merged
merged 2 commits into from
May 13, 2021
Merged

fix(legacy): don't erase firmware and storage in intermediate firmware ... #1600

merged 2 commits into from
May 13, 2021

Conversation

prusnak
Copy link
Member

@prusnak prusnak commented May 5, 2021
edited
Loading

... if the storage has been already initialized

Possible fix for #1597

@prusnak prusnak mentioned this pull request May 5, 2021
Closed
@tsusanka tsusanka requested a review from hiviah May 5, 2021 17:49
matejcik
matejcik approved these changes May 6, 2021
View reviewed changes
Copy link
Contributor

@matejcik matejcik left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, best as I can tell

kusai90
kusai90 reviewed May 6, 2021
View reviewed changes
Copy link

@kusai90 kusai90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hiviah
hiviah approved these changes May 7, 2021
View reviewed changes
Copy link
Contributor

@hiviah hiviah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine, but I didn't get chance to test it on device.

@prusnak prusnak marked this pull request as draft May 10, 2021 10:35
@prusnak
Copy link
Member Author

prusnak commented May 10, 2021

Switching back to draft - we need to polish the details before merging this one in.

@prusnak prusnak force-pushed the legacy-interim-dont-erase branch from 24859f4 to 044cda4 Compare May 10, 2021 15:51
@prusnak prusnak changed the title fix(legacy): make intermediate firmware not to erase firmware and storage fix(legacy): don't erase firmware and storage in intermediate firmware May 10, 2021
@prusnak prusnak changed the title fix(legacy): don't erase firmware and storage in intermediate firmware fix(legacy): don't erase firmware and storage in intermediate firmware ... May 10, 2021
prusnak
prusnak commented May 10, 2021
View reviewed changes
legacy/intermediate_fw/trezor.c Outdated
@@ -67,16 +74,15 @@ erase_firmware_and_storage(void) {
FLASH_KEYR = FLASH_KEYR_KEY1;
FLASH_KEYR = FLASH_KEYR_KEY2;

// Erase storage sectors to prevent firmware downgrade to vulnerable version
// Erase storage sectors
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed the comment - downgrade is already prevented, because the firmware has a whitelist of recognized bootloaders (in check_and_replace_bootloader below), so it halts before proceeding if an unknown bootloader is found (a bootloader from the future would be unknown).

Open question is - do we event want to delete the storage here? Bootloader will take care of deletion when an unofficial firmware (or a non-firmware) is found during the firmware update. I guess this does not hurt, but probably causes the storage erasure twice (once here and once the bootloader performs a firmware update).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you are correct that we don't need to erase the storage here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, addressed in another fixup - b4c7d22

andrewkozlik
andrewkozlik requested changes May 12, 2021
View reviewed changes
Copy link
Contributor

@andrewkozlik andrewkozlik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use fixup commits. They make it easier to review.

andrewkozlik
andrewkozlik approved these changes May 12, 2021
View reviewed changes
Copy link
Contributor

@andrewkozlik andrewkozlik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK

@prusnak prusnak marked this pull request as ready for review May 12, 2021 16:01
@onvej-sl onvej-sl self-requested a review May 13, 2021 14:43
@prusnak prusnak force-pushed the legacy-interim-dont-erase branch from b4c7d22 to b1f5c49 Compare May 13, 2021 15:13
@prusnak prusnak merged commit 0c46b79 into master May 13, 2021
@prusnak prusnak deleted the legacy-interim-dont-erase branch May 13, 2021 15:59
@prusnak prusnak linked an issue May 13, 2021 that may be closed by this pull request
Intermediary firmware deletes seed #1597
Closed
@andrewkozlik andrewkozlik mentioned this pull request May 20, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kusai90 kusai90 kusai90 left review comments

@matejcik matejcik matejcik approved these changes

@hiviah hiviah hiviah approved these changes

@onvej-sl onvej-sl onvej-sl approved these changes

@andrewkozlik andrewkozlik andrewkozlik approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Intermediary firmware deletes seed
6 participants
@prusnak @matejcik @hiviah @onvej-sl @andrewkozlik @kusai90