Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(fw): add device authentication public key whitelist #79

Merged
merged 1 commit into from
Jun 19, 2024
Merged

feat(fw): add device authentication public key whitelist #79

merged 1 commit into from
Jun 19, 2024

Conversation

matejcik
Copy link
Contributor

This should be the source of truth for https:/trezor/trezor-suite/blob/develop/packages/connect/src/data/deviceAuthenticityConfig.ts#L48

What is missing here is any kind of signature over these files -- kind of crucial if you ask me, but there is no straightforward way to add it. We were discussing using the equivalent of Suite messaging system for it?

cc @tsusanka @komret @mroz22

@mroz22
Copy link
Contributor

mroz22 commented Jun 16, 2024

ack for the source of truth part

@matejcik matejcik marked this pull request as ready for review June 17, 2024 14:44
@komret
Copy link
Contributor

komret commented Jun 18, 2024

There is a requirement for onboarding to work offline, so we need to have the source of truth in Suite...

@matejcik
Copy link
Contributor Author

There is a requirement for onboarding to work offline, so we need to have the source of truth in Suite...

no, you need a copy of the source of truth in Suite :)

@matejcik
Copy link
Contributor Author

specifically, what I'm proposing here is that these are the master files that are published on data.tio, and Suite grabs them from here in the same process as grabbing FW images

@matejcik matejcik mentioned this pull request Jun 18, 2024
Merged
@matejcik matejcik requested a review from vdovhanych June 18, 2024 12:16
@mroz22
Copy link
Contributor

mroz22 commented Jun 18, 2024

yes, we should have some good automation for all those sources of truth. There are many things we should improve and we can start here. @karliatto could you check on it? a script that would check trezor-common submodule and update the respective file in connect when needed? It could be a nightl job opening PR maybe?

@karliatto
Copy link
Member

yes, we should have some good automation for all those sources of truth. There are many things we should improve and we can start here. @karliatto could you check on it? a script that would check trezor-common submodule and update the respective file in connect when needed? It could be a nightl job opening PR maybe?

Sure, having a look at that.

tsusanka
tsusanka approved these changes Jun 19, 2024
View reviewed changes
Copy link
Contributor

@tsusanka tsusanka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirming that this equals the pub keys we have in Suite.

We can merge now, and we will discuss how to improve this by signing.

@tsusanka tsusanka merged commit 269c66a into master Jun 19, 2024
1 check passed
@tsusanka tsusanka deleted the matejcik/authenticity branch June 19, 2024 18:39
@tsusanka tsusanka mentioned this pull request Jun 19, 2024
Closed
@tsusanka
Copy link
Contributor

@mroz22 @karliatto made an issue in Suite repo: trezor/trezor-suite#12982

@tsusanka tsusanka mentioned this pull request Jun 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsusanka tsusanka tsusanka approved these changes

@vdovhanych vdovhanych Awaiting requested review from vdovhanych

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@matejcik @mroz22 @komret @karliatto @tsusanka