deltamode & Seed Vault

(cherry picked from commit 5568082f35)
2024-10-15 14:41:00 +02:00 · 2024-10-15 14:41:00 +02:00 · 128658e1e6
commit 128658e1e6
parent 282e8fbc28
3 changed files with 12 additions and 1 deletions
--- a/releases/Next-ChangeLog.md
+++ b/releases/Next-ChangeLog.md
@ -5,6 +5,7 @@ This lists the new changes that have not yet been published in a normal release.
 # Shared Improvements - Both Mk4 and Q

 - Enhancement: Hide Secure Notes & Passwords in Deltamode. Wipe seed if notes menu accessed. 
+- Enhancement: Hide Seed Vault in Deltamode. Wipe seed if Seed Vault menu accessed. 
 - Bugfix: Sometimes see a struck screen after _Verifying..._ in boot up sequence.
  On Q, result is blank screen, on Mk4, result is three-dots screen.
 - Bugfix: Do not allow to enable/disable Seed Vault feature when in temporary seed mode
--- a/shared/actions.py
+++ b/shared/actions.py
@ -899,8 +899,10 @@ async def start_login_sequence():

    if pa.is_deltamode():
        # pretend Secure Notes & Passwords is disabled
+        # pretend SeedVault is disabled
        try:
            settings.remove_key("secnap")
+            settings.master_set("seedvault", False)
        except: pass

    if version.has_nfc and settings.get('nfc', 0):
--- a/shared/seed.py
+++ b/shared/seed.py
@ -423,9 +423,11 @@ async def add_seed_to_vault(encoded, meta=None):

    if not settings.master_get("seedvault", False):
        # seed vault disabled
+        # this can be re-enabled by attacker in deltamode
        return
-    if pa.is_secret_blank():
+    if pa.is_secret_blank() or pa.is_deltamode():
        # do not save anything if no SE secret yet
+        # do not offer any access to SV in deltamode
        return

    # do not offer to store secrets that are already in vault
@ -970,6 +972,12 @@ class SeedVaultMenu(MenuSystem):
        from glob import settings
        from pincodes import pa

+        if pa.is_deltamode():
+            # attacker has re-enabled SeedVault in Settings
+            import callgate
+            callgate.fast_wipe()
+
+
        rv = []
        add_current_tmp = MenuItem("Add current tmp", f=cls._add_current_tmp)