Add setting to disable USB if user will be using airgap

2021-03-30 10:41:55 -04:00 · 2021-03-30 10:41:55 -04:00 · a13562dc26
commit a13562dc26
parent c3ec04cb7b
8 changed files with 41 additions and 7 deletions
--- a/releases/ChangeLog.md
+++ b/releases/ChangeLog.md
@ -1,3 +1,9 @@
+## 4.0.2 - March 30, 2021
+
+- Security Enhancement: New setting to disable USB port if your plan is air-gap only. Default
+  remains USB port enabled, see: Settings > Disable USB
+- Bugfix: Formating of larger SD Cards works again.
+
 ## 4.0.1 - March 29, 2021

 - Fixes security issue in v4.0.0. (3.x.x Unaffected)
--- a/shared/actions.py
+++ b/shared/actions.py
@ -173,6 +173,10 @@ async def dev_enable_protocol(*a):
        await ux_show_story('Coldcard USB protocol is already enabled (HID mode)')
        return

+    if settings.get('du', 0):
+        await ux_show_story('USB disabled in settings.')
+        return
+
    # might need to reset stuff?
    from usb import enable_usb

@ -710,9 +714,9 @@ async def start_login_sequence():
        except: pass

    # Allow USB protocol, now that we are auth'ed
-    from usb import enable_usb
-    enable_usb()
-
+    if not settings.get('du', 0):
+        from usb import enable_usb
+        enable_usb()
        
 def goto_top_menu():
    # Start/restart menu system
--- a/shared/choosers.py
+++ b/shared/choosers.py
@ -128,6 +128,24 @@ def scramble_keypad_chooser():

    return which, ch, set

+def disable_usb_chooser():
+    value = settings.get('du', 0)
+    ch = [ 'Normal', 'Disable USB']
+    def set_it(idx, text):
+        settings.set('du', idx)
+
+        import pyb
+        from usb import enable_usb, disable_usb
+        cur = pyb.usb_mode()
+        if cur and idx:
+            # usb enabled, but should not be now
+            disable_usb()
+        elif not cur and not idx:
+            # USB disabled, but now should be
+            enable_usb()
+
+    return value, ch, set_it
+
 def delete_inputs_chooser():
    #   del = (int) 0=normal 1=overwrite+delete input PSBT's, rename outputs
    del_psbt = settings.get('del', 0)
--- a/shared/flow.py
+++ b/shared/flow.py
@ -63,6 +63,7 @@ SettingsMenu = [
    #         xxxxxxxxxxxxxxxx
    MenuItem('Idle Timeout', chooser=idle_timeout_chooser),
    MenuItem('Login Countdown', chooser=countdown_chooser),
+    MenuItem('Disable USB', chooser=disable_usb_chooser),
    MenuItem('Max Network Fee', chooser=max_fee_chooser),
    MenuItem('PIN Options', menu=which_pin_menu),
    MenuItem('Multisig Wallets', menu=make_multisig_menu),
--- a/shared/nvstore.py
+++ b/shared/nvstore.py
@ -43,6 +43,7 @@ from utils import call_later_ms
 #   ovc = (list) "outpoint value cache"; only for segwit UTXO inputs (see history.py)
 #   del = (int) 0=normal 1=overwrite+delete input PSBT's, rename outputs
 #   axskip = (bool) skip warning about addr explorer
+#   du = (bool) if set, disable the USB port at all times
 # Stored w/ key=00 for access before login
 #   _skip_pin = hard code a PIN value (dangerous, only for debug)
 #   nick = optional nickname for this coldcard (personalization)
--- a/shared/usb.py
+++ b/shared/usb.py
@ -82,6 +82,10 @@ def enable_usb():
        from imptask import IMPT
        IMPT.start_task('USB', handler.usb_hid_recv())

+def disable_usb():
+    # pull the plug
+    pyb.usb_mode(None)
+
 def is_vcp_active():
    # VCP = Virtual Comm Port
    en = ckcc.vcp_enabled(None)
--- a/stm32/COLDCARD/file_time.c
+++ b/stm32/COLDCARD/file_time.c
@ -3,12 +3,12 @@
 //
 // AUTO-generated.
 //
-//   built: 2021-03-29
-// version: 4.0.1
+//   built: 2021-03-30
+// version: 4.0.2
 //
 #include <stdint.h>

 // this overrides ports/stm32/fatfs_port.c
 uint32_t get_fattime(void) {
-    return 0x527d2000UL;
+    return 0x527e2000UL;
 }
--- a/stm32/Makefile
+++ b/stm32/Makefile
@ -34,7 +34,7 @@ BOOTLOADER_BASE = 0x08000000
 FILESYSTEM_BASE = 0x080e0000

 # Our version for this release.
-VERSION_STRING = 4.0.1
+VERSION_STRING = 4.0.2

 #
 # Sign and merge various parts