fixup! feat(core/bootloader): only allow confirm-less firmware instal…

…lation for full-trust images
trezor · Aug 29, 2024 · 1148b43 · 1148b43
1 parent dca328c
commit 1148b43
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/core/embed/bootloader/messages.c b/core/embed/bootloader/messages.c
@@ -673,20 +673,19 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size,
 #endif
 
  uint32_t response = INPUT_CANCEL;
- if (((vhdr.vtrust & VTRUST_ALL) == VTRUST_ALL) &&
+ if (((vhdr.vtrust & VTRUST_NO_WARNING) == VTRUST_NO_WARNING) &&
  (sectrue == is_new || sectrue == is_ilu)) {
  // new installation or interaction less updated - auto confirm
  // only allowed for full-trust images
  response = INPUT_CONFIRM;
  } else {
- if (!is_new) {
- int version_cmp = version_compare(hdr.version, current_hdr->version);
- response = ui_screen_install_confirm(
- &vhdr, &hdr, should_keep_seed, is_newvendor, is_new, version_cmp);
- } else {
- response = ui_screen_install_confirm(&vhdr, &hdr, true, is_newvendor,
- is_new, 0);
- }
+ int version_cmp =
+ (sectrue == is_new)
+ ? 0
+ : version_compare(hdr.version, current_hdr->version);
+ response =
+ ui_screen_install_confirm(&vhdr, &hdr, should_keep_seed | is_new,
+ is_newvendor, is_new, version_cmp);
  }
 
  if (INPUT_CANCEL == response) {