-
-
Notifications
You must be signed in to change notification settings - Fork 241
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
T1 downgrade to firmware not compatible with current bootloader is allowed #3706
Comments
We should consider doing this along with #1871. |
@marekrjpolak do you need some product input on how to handle this or is there a clear way to abort the firmware downgrade and explain it to the user? |
Currently I handle situations like this in #4170: Unfortunately, 1.8.0 installation from 1.10.0 is allowed in that PR, so I have to come with some new validation rule. |
I've tested it and Suite currently behaves almost exactly as trezorctl: doesn't allow to install 1.7.3 on 1.10.0 but allows to install 1.8.0 which results in @tsusanka any idea how to detect this error from the firmware binary in advance? |
@matejcik will be able to answer your question properly. My few cents are that I think we should do this only if it is simple enough. We can also hardcode some table against which we would check.. |
There is no reasonably easy way to do it. What you can do is look up firmware fingerprint in |
AFAIK the functionality to obtain fingerprints of firmware binaries is currently not implemented in Suite, and if I'm looking correctly, in trezorctl there are at least 3 different ways how to calculate them based on firmware version. Moreover, it requires advanced parsing, so it would be rather complex task in javascript. Should I implement it anyway, @alex-jerechinsky? |
The easy way to go about is to do only the one method that is relevant here:
I also realized that we only care about bootloaders 1.8.0 and up, correct? There is a reasonably easy algorithm to either get the firmware version, or know that it's incompatible regardless of version.
|
|
yes, you're right, i was wrongly counting in bits :)
The message "Unknown bootloader detected" is coming from the firmware newly installed on the device, not from the bootloader. If someone builds a heavily customized firmware based on our sources, they are most likely going to If someone modifies the firmware to the point that they keep the cross-check but remove known official bootloader versions from the allowed list, then this won't work. But that is unlikely to actually happen. |
Upon further discussion we have decided this is not worth the effort. It requires complex implementation and solves minor use case. |
T1 downgrade to firmware with lower bootloader required (1.10.0 -> 1.8.0) is allowed, which results in a "Unknown bootloader detected" error and info to contact support (which is unneccessary).
Expected:
Downgrade to firmware mentioned above is not allowed, the same way downgrade to 1.7.3 is not (Firmware is too old for your device. Aborting.)
Actual:
"Unknown bootloader detected. Unplug your TREZOR contact our support" is displayed.
Note:
attempt to downgrade to 1.7.3 from 1.10.0 in trezoctl
Originally posted by @sorooris in #1871 (comment)
The text was updated successfully, but these errors were encountered: