trezor-firmware
trezor-firmware copied to clipboard
trezor
make secret api more versatile
This PR refactors secret API to accommodate needs for more complex keys handling.
Secret API is unified to be independent on optiga/tropic presence, and a specific secret_keys extension is introduced to handle these specific keys.
Secret storage layout is now model dependent.
On U5, new key variant, public, is introduced: such keys are always provided to FW and are not erased on bootloader unlock.
On T3W1 we still use original secret layout with three keys stored, change to 'root key' and derivations are left to next work.
Ad review: @andrewkozlik and @onvej-sl as you will be working on the derivations, please look over the API to see if it can work. No need to go trough implementation details if you dont want to.
| core UI changes | device test | click test | persistence test |
|---|---|---|---|
| T2T1 Model T |  test(screens) main(screens) |
 test(screens) main(screens) |
 test(screens) main(screens) |
| T3B1 Safe 3 |  test(screens) main(screens) |
 test(screens) main(screens) |
 test(screens) main(screens) |
| T3T1 Safe 5 |  test(screens) main(screens) |
 test(screens) main(screens) |
 test(screens) main(screens) |
| T3W1 |  test(screens) main(screens) |
 test(screens) main(screens) |
 test(screens) main(screens) |
| All | main(screens) |
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
one more commit to: fix caching of potentially non-written public keys, and prioritize locked bootloader check in prepare_fw function: https://github.com/trezor/trezor-firmware/pull/5184/commits/6e8ed491d29b59a391dd7f90282aac08cff7b5b7
one more commit to: fix caching of potentially non-written public keys, and prioritize locked bootloader check in prepare_fw function: 6e8ed49
LGTM
