From a13562dc2634e7589433bf88f36a175cb2933d64 Mon Sep 17 00:00:00 2001
From: "Peter D. Gray" <peter@conalgo.com>
Date: Tue, 30 Mar 2021 10:41:55 -0400
Subject: [PATCH] Add setting to disable USB if user will be using airgap

---
 releases/ChangeLog.md      |  6 ++++++
 shared/actions.py          | 10 +++++++---
 shared/choosers.py         | 18 ++++++++++++++++++
 shared/flow.py             |  1 +
 shared/nvstore.py          |  1 +
 shared/usb.py              |  4 ++++
 stm32/COLDCARD/file_time.c |  6 +++---
 stm32/Makefile             |  2 +-
 8 files changed, 41 insertions(+), 7 deletions(-)

diff --git a/releases/ChangeLog.md b/releases/ChangeLog.md
index 43c0761e..229771cb 100644
--- a/releases/ChangeLog.md
+++ b/releases/ChangeLog.md
@@ -1,3 +1,9 @@
+## 4.0.2 - March 30, 2021
+
+- Security Enhancement: New setting to disable USB port if your plan is air-gap only. Default
+  remains USB port enabled, see: Settings > Disable USB
+- Bugfix: Formating of larger SD Cards works again.
+
 ## 4.0.1 - March 29, 2021
 
 - Fixes security issue in v4.0.0. (3.x.x Unaffected)
diff --git a/shared/actions.py b/shared/actions.py
index 0e08258a..3a687dff 100644
--- a/shared/actions.py
+++ b/shared/actions.py
@@ -173,6 +173,10 @@ async def dev_enable_protocol(*a):
         await ux_show_story('Coldcard USB protocol is already enabled (HID mode)')
         return
 
+    if settings.get('du', 0):
+        await ux_show_story('USB disabled in settings.')
+        return
+
     # might need to reset stuff?
     from usb import enable_usb
 
@@ -710,9 +714,9 @@ async def start_login_sequence():
         except: pass
 
     # Allow USB protocol, now that we are auth'ed
-    from usb import enable_usb
-    enable_usb()
-
+    if not settings.get('du', 0):
+        from usb import enable_usb
+        enable_usb()
         
 def goto_top_menu():
     # Start/restart menu system
diff --git a/shared/choosers.py b/shared/choosers.py
index f553d040..5e6931a8 100644
--- a/shared/choosers.py
+++ b/shared/choosers.py
@@ -128,6 +128,24 @@ def scramble_keypad_chooser():
 
     return which, ch, set
 
+def disable_usb_chooser():
+    value = settings.get('du', 0)
+    ch = [ 'Normal', 'Disable USB']
+    def set_it(idx, text):
+        settings.set('du', idx)
+
+        import pyb
+        from usb import enable_usb, disable_usb
+        cur = pyb.usb_mode()
+        if cur and idx:
+            # usb enabled, but should not be now
+            disable_usb()
+        elif not cur and not idx:
+            # USB disabled, but now should be
+            enable_usb()
+
+    return value, ch, set_it
+
 def delete_inputs_chooser():
     #   del = (int) 0=normal 1=overwrite+delete input PSBT's, rename outputs
     del_psbt = settings.get('del', 0)
diff --git a/shared/flow.py b/shared/flow.py
index 3cbedb9e..72f73819 100644
--- a/shared/flow.py
+++ b/shared/flow.py
@@ -63,6 +63,7 @@ SettingsMenu = [
     #         xxxxxxxxxxxxxxxx
     MenuItem('Idle Timeout', chooser=idle_timeout_chooser),
     MenuItem('Login Countdown', chooser=countdown_chooser),
+    MenuItem('Disable USB', chooser=disable_usb_chooser),
     MenuItem('Max Network Fee', chooser=max_fee_chooser),
     MenuItem('PIN Options', menu=which_pin_menu),
     MenuItem('Multisig Wallets', menu=make_multisig_menu),
diff --git a/shared/nvstore.py b/shared/nvstore.py
index dca99042..95f8bcf8 100644
--- a/shared/nvstore.py
+++ b/shared/nvstore.py
@@ -43,6 +43,7 @@ from utils import call_later_ms
 #   ovc = (list) "outpoint value cache"; only for segwit UTXO inputs (see history.py)
 #   del = (int) 0=normal 1=overwrite+delete input PSBT's, rename outputs
 #   axskip = (bool) skip warning about addr explorer
+#   du = (bool) if set, disable the USB port at all times
 # Stored w/ key=00 for access before login
 #   _skip_pin = hard code a PIN value (dangerous, only for debug)
 #   nick = optional nickname for this coldcard (personalization)
diff --git a/shared/usb.py b/shared/usb.py
index 44bbb307..ea502a87 100644
--- a/shared/usb.py
+++ b/shared/usb.py
@@ -82,6 +82,10 @@ def enable_usb():
         from imptask import IMPT
         IMPT.start_task('USB', handler.usb_hid_recv())
 
+def disable_usb():
+    # pull the plug
+    pyb.usb_mode(None)
+
 def is_vcp_active():
     # VCP = Virtual Comm Port
     en = ckcc.vcp_enabled(None)
diff --git a/stm32/COLDCARD/file_time.c b/stm32/COLDCARD/file_time.c
index b87d3849..aba92727 100644
--- a/stm32/COLDCARD/file_time.c
+++ b/stm32/COLDCARD/file_time.c
@@ -3,12 +3,12 @@
 //
 // AUTO-generated.
 //
-//   built: 2021-03-29
-// version: 4.0.1
+//   built: 2021-03-30
+// version: 4.0.2
 //
 #include <stdint.h>
 
 // this overrides ports/stm32/fatfs_port.c
 uint32_t get_fattime(void) {
-    return 0x527d2000UL;
+    return 0x527e2000UL;
 }
diff --git a/stm32/Makefile b/stm32/Makefile
index 2eb9428d..1ce4de8c 100644
--- a/stm32/Makefile
+++ b/stm32/Makefile
@@ -34,7 +34,7 @@ BOOTLOADER_BASE = 0x08000000
 FILESYSTEM_BASE = 0x080e0000
 
 # Our version for this release.
-VERSION_STRING = 4.0.1
+VERSION_STRING = 4.0.2
 
 #
 # Sign and merge various parts