bugfix: lockdown temporary seed was no-op

(cherry picked from commit d289bfc7c2)

releases/ChangeLog.md

@@ -1,3 +1,7 @@
+## 5.2.2 - 2023-12-21
+
+- Bugfix: Re-enable `Lock Down Seed` which was disabled by accident
+
 ## 5.2.1 - 2023-12-19
 
 - New Feature: Temporary Seed import from a COLDCARD encrypted backup.

shared/actions.py

@@ -563,25 +563,26 @@ async def convert_ephemeral_to_master(*a):
         return
 
     words = settings.get("words", True)
-    msg = 'Convert currently used '
-    msg += 'BIP-39 passphrase ' if bip39_passphrase else 'temporary seed '
-    msg += 'to main seed. '
+    _type = 'BIP-39 passphrase ' if bip39_passphrase else 'temporary seed '
+    msg = 'Convert currently used %s to master seed. Old master seed' % _type
     if words or bip39_passphrase:
-        msg += 'Main seed words themselves are erased forever, '
+        msg += ' words themselves are erased forever, '
     else:
-        msg += 'Main seed is erased forever, '
+        msg += ' is erased forever, '
 
-    msg += 'but effectively there is no other change. '
+    msg += ('and its settings blanked. This action is destructive '
+            'and may affect funds, if any, on old master seed. ')
 
     if bip39_passphrase:
-        msg += ('BIP-39 passphrase is currently in effect, its value '
+        msg += ('BIP-39 passphrase '
                 'is captured during this process and will be in effect '
                 'going forward, but the passphrase itself is erased '
                 'and unrecoverable. ')
     if not words:
         msg += 'The resulting wallet cannot be used with any other passphrase. '
 
-    msg += 'A reboot is part of this process. PIN code, and funds are not affected.'
+    msg += 'A reboot is part of this process. '
+    msg += ('PIN code, and %s funds are not affected.' % _type)
     if not await ux_confirm(msg):
 
         return await ux_aborted()

shared/pincodes.py

@@ -363,7 +363,8 @@ class PinAttempt:
 
     def change(self, **kws):
         # change various values, stored in secure element
-        if self.tmp_value: return
+        if not kws.pop("tmp_lockdown", False):
+            if self.tmp_value: return
 
         self.roundtrip(3, **kws)
 

shared/seed.py

@@ -686,19 +686,30 @@ async def set_bip39_passphrase(pw, bypass_tmp=False, summarize_ux=True):
 async def remember_ephemeral_seed():
     # Compute current xprv and switch to using that as root secret.
     import stash
-    from glob import dis
+    from nvstore import SettingsObject
+    from glob import dis, settings
 
-    dis.fullscreen('Check...')
-    with stash.SensitiveValues() as sv:
-        nv = sv.encoded_secret()
+    # we are already at temporary seed, with correct
+    # settings in use - no need to call new_main_secret
+    # at the end
+
+    # locking down temporary as new master
+    # old master settings are destroyed
+    dis.fullscreen("Cleanup...")
+    assert pa.tmp_value, "no tmp"
+    assert settings.master_nvram_key, "master nvram k"
+    old_master = SettingsObject(settings.master_nvram_key)
+    old_master.load()
+    old_master.blank()
+    del old_master
 
     dis.draw_status(bip39=0, tmp=0)
     dis.fullscreen('Saving...')
-    pa.change(new_secret=nv)
+    pa.change(new_secret=pa.tmp_value, tmp_lockdown=True)
 
-    # re-read settings since key is now different
-    # - also captures xfp, xpub at this point
-    pa.new_main_secret(nv)
+    # not needed - will be handled by reboot
+    settings.master_nvram_key = None
+    settings.master_sv_data = {}
 
     # check and reload secret
     pa.reset()