Trezor Safe 5 + MacOS 14.6.1 = Unsupported Trezor model

[JavierGonzalez]

The new Trezor Safe 5 [Firmware 2.7.2] (next version of Trezor Model T) works fine on Ubuntu 24.04 but does not work on MacOS 14.6.1 under the same conditions.

It is important that this hardware works well, as it is the most advanced hardware key available in my opinion.

Thank you!! (trezor-agent is the pinacle of authentication)

• A different minor problem is that when authenticating with Trezor Safe 5 it asks for the possible passphrase, even though it is unnecessary.

user@MacOS ~ % trezor-agent --version
trezor-agent=0.12.0 libagent=0.14.7
user@MacOS ~ % sw_vers
ProductName: macOS
ProductVersion: 14.6.1
BuildVersion: 23G93
user@MacOS ~ % trezor-agent test --verbose
2024-08-13 13:49:03,239 INFO         identity #0: <ssh://test|nist256p1>                                                                  [__init__.py:273]
2024-08-13 13:49:03,242 WARNING      DISPLAY not defined                                                                                  [ui.py:92]
2024-08-13 13:49:03,243 INFO         using [b'ttyname=/dev/ttys000'] for pinentry options                                                 [ui.py:94]
2024-08-13 13:49:03,279 INFO         Enumerating WebUsbTransport: found 1 devices                                                         [__init__.py:138]
2024-08-13 13:49:03,279 INFO         Enumerating UdpTransport: found 0 devices                                                            [__init__.py:138]
2024-08-13 13:49:03,293 INFO         Enumerating BridgeTransport: found 1 devices                                                         [__init__.py:138]
2024-08-13 13:49:03,296 INFO         Enumerating HidTransport: found 0 devices                                                            [__init__.py:138]
2024-08-13 13:49:03,296 INFO         creating client instance for device: webusb:001:1                                                    [client.py:123]
2024-08-13 13:49:03,388 INFO         On field capabilities: 18 is not a valid Capability                                                  [protobuf.py:312]
2024-08-13 13:49:03,388 INFO         On field capabilities: 19 is not a valid Capability                                                  [protobuf.py:312]
2024-08-13 13:49:03,388 INFO         On field capabilities: 21 is not a valid Capability                                                  [protobuf.py:312]
2024-08-13 13:49:03,388 INFO         On field capabilities: 20 is not a valid Capability                                                  [protobuf.py:312]
Traceback (most recent call last):
  File "/opt/homebrew/bin/trezor-agent", line 8, in <module>
    sys.exit(ssh_agent())
             ^^^^^^^^^^^
  File "/opt/homebrew/Cellar/trezor-agent/0.12.0_6/libexec/bin/trezor_agent.py", line 5, in <lambda>
    ssh_agent = lambda: ssh.main(DeviceType)
                        ^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/trezor-agent/0.12.0_6/libexec/lib/python3.12/site-packages/libagent/ssh/__init__.py", line 173, in wrapper
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/trezor-agent/0.12.0_6/libexec/lib/python3.12/site-packages/libagent/ssh/__init__.py", line 308, in main
    for pk in conn.public_keys():
              ^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/trezor-agent/0.12.0_6/libexec/lib/python3.12/site-packages/libagent/ssh/__init__.py", line 209, in public_keys
    self.public_keys_cache = conn.export_public_keys(self.identities)
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/trezor-agent/0.12.0_6/libexec/lib/python3.12/site-packages/libagent/ssh/client.py", line 24, in export_public_keys
    with self.device:
  File "/opt/homebrew/Cellar/trezor-agent/0.12.0_6/libexec/lib/python3.12/site-packages/libagent/device/interface.py", line 126, in __enter__
    self.conn = self.connect()
                ^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/trezor-agent/0.12.0_6/libexec/lib/python3.12/site-packages/libagent/device/trezor.py", line 56, in connect
    connection = self._defs.Client(transport=transport,
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/trezor-agent/0.12.0_6/libexec/lib/python3.12/site-packages/trezorlib/client.py", line 136, in __init__
    self.init_device(session_id=session_id, derive_cardano=derive_cardano)
  File "/opt/homebrew/Cellar/trezor-agent/0.12.0_6/libexec/lib/python3.12/site-packages/trezorlib/tools.py", line 308, in wrapped_f
    return f(client, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/trezor-agent/0.12.0_6/libexec/lib/python3.12/site-packages/trezorlib/client.py", line 377, in init_device
    self._refresh_features(resp)
  File "/opt/homebrew/Cellar/trezor-agent/0.12.0_6/libexec/lib/python3.12/site-packages/trezorlib/client.py", line 281, in _refresh_features
    raise RuntimeError("Unsupported Trezor model")
RuntimeError: Unsupported Trezor model

[romanz]

Many thanks for reporting this issue! Could you please check that trezorctl works with your device on MacOS?

For example, you can try:

$ trezorctl -v list
$ trezorctl -v ping -b test

Also which version of trezorlib is installed on the host?

$ trezorctl version

[JavierGonzalez]

I confirm that trezorctl is installed and working correctly on MacOS with Safe 5. trezorctl version 0.13.9

[romanz]

Thanks @JavierGonzalez!

It seems that trezor-agent is using an older version of Python TREZOR library - from the above traceback there seems to be a call to _refresh_features from line 377:

  File "/opt/homebrew/Cellar/trezor-agent/0.12.0_6/libexec/lib/python3.12/site-packages/trezorlib/client.py", line 377, in init_device
    self._refresh_features(resp)

Which was on line 377 in trezorlib 0.13.8: https://github.com/trezor/trezor-firmware/blob/python/v0.13.8/python/src/trezorlib/client.py#L377

But was moved to line 380 in trezorlib 0.13.9: https://github.com/trezor/trezor-firmware/blob/python/v0.13.9/python/src/trezorlib/client.py#L380

I think that we will need to upgrade the trezorlib package being used by Homebrew from 0.13.8 to 0.13.9 to allow trezor-agent to run on TREZOR Safe 5: https://github.com/Homebrew/homebrew-core/blob/abc953ca10dc5c6228a7d0051fe1362c30c7a4f2/Formula/t/trezor-agent.rb#L249

CC: @chenrui333 @cho-m (who IIUC are maintaining https://github.com/Homebrew/homebrew-core/commits/master/Formula/t/trezor-agent.rb)

[JavierGonzalez]

Thank you!

[romanz]

I have opened https://github.com/Homebrew/homebrew-core/pull/183792. @JavierGonzalez could you please test it?

[JavierGonzalez]

I have run brew upgrade and tried it without success.

What exactly do you want me to test?

[romanz]

Sorry - I meant if you could please install trezor-agent in a Python virtual environment with the latest https://pypi.org/project/trezor/0.13.9/ to see that it works with Safe 5?

[JavierGonzalez]

Sorry Roman, but I am not able to install the latest version of trezor-agent on MacOS. I have no experience with Python and the manual installation commands don't work for me. ChatGPT doesn't help me and I don't understand what I am missing.

I have only managed to install it with brew install trezor-agent but this gives version 0.12.0 (libagent 0.14.7).

[romanz]

Following the merge of https://github.com/Homebrew/homebrew-core/pull/183792, could you please try to upgrade trezor-agent to see if the issue is resolved?

[romanz]

@JavierGonzalez Ping :)

[JavierGonzalez]

Works well!

Good job, congratulations. I just did brew upgrade && brew reinstall trezor-agent.

I confirm that I have been able to access with SSH and I have decrypted files with GPG with success beyond any doubt.

Now the only problem I see -not critical- is that it asks me for the passphrase in Trezor all the time (I don't use it, I have SSS), it's undesirable. This is not happening with the Trezor Model 3.

Thank you very much!