fix(core): allow running firmware on locked bootloader device based o…

…n allow_run_with_secret flag

core/embed/projects/bootloader/.changelog.d/4649.fixed

@@ -0,0 +1 @@
+Allow running firmware on locked bootloader device based on allow_run_with_secret flag

core/embed/sec/secret/inc/sec/secret.h

@@ -1,5 +1,23 @@
-#ifndef TREZORHAL_SECRET_H
-#define TREZORHAL_SECRET_H
+/*
+* This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#pragma once
 
 #include <trezor_types.h>
 
@@ -26,7 +44,7 @@ secbool secret_read(uint8_t* data, uint32_t offset, uint32_t len);
 // Checks if the secret storage has been wiped
 secbool secret_wiped(void);
 
-// Verifies that the secret storage has correct header
+// Verifies that the secret storage has the correct header
 secbool secret_verify_header(void);
 
 // Erases the entire secret storage
@@ -64,7 +82,8 @@ void secret_bhk_regenerate(void);
 // Provisions secrets/keys to the firmware, depending on the trust level
 // Disables access to the secret storage until next reset, if possible
 // This function is called by the bootloader before starting the firmware
-void secret_prepare_fw(secbool allow_run_with_secret, secbool trust_all);
+void secret_prepare_fw(secbool allow_run_with_secret,
+                       secbool allow_provisioning_access);
 
 // Prepares the secret storage for running the boardloader and next stages
 // Ensures that secret storage access is enabled
@@ -77,5 +96,3 @@ void secret_init(void);
 // pairing secret on platforms where access to the secret storage cannot be
 // restricted for unofficial firmware
 secbool secret_bootloader_locked(void);
-
-#endif  // TREZORHAL_SECRET_H

core/embed/sec/secret/stm32f4/secret.c

@@ -1,3 +1,22 @@
+/*
+* This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
 #include <trezor_model.h>
 #include <trezor_rtl.h>
 
@@ -123,7 +142,9 @@ secbool secret_optiga_writable(void) { return secret_wiped(); }
 
 void secret_optiga_erase(void) { secret_erase(); }
 
-void secret_prepare_fw(secbool allow_run_with_secret, secbool _trust_all) {
+void secret_prepare_fw(secbool allow_run_with_secret,
+                       secbool allow_provisioning_access) {
+  (void)allow_provisioning_access;
 #ifdef USE_OPTIGA
   if (sectrue != allow_run_with_secret && sectrue != secret_wiped()) {
     // This function does not return

core/embed/sec/secret/stm32u5/secret.c

@@ -1,3 +1,22 @@
+/*
+* This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
 #include <trezor_bsp.h>
 #include <trezor_model.h>
 #include <trezor_rtl.h>
@@ -306,7 +325,8 @@ void secret_erase(void) {
   mpu_restore(mpu_mode);
 }
 
-void secret_prepare_fw(secbool allow_run_with_secret, secbool trust_all) {
+void secret_prepare_fw(secbool allow_run_with_secret,
+                       secbool allow_provisioning_access) {
   /**
    * The BHK is copied to the backup registers, which are accessible by the SAES
    * peripheral. The BHK register is locked, so the BHK can't be accessed by the
@@ -326,7 +346,7 @@ void secret_prepare_fw(secbool allow_run_with_secret, secbool trust_all) {
   secret_optiga_uncache();
   secbool optiga_secret_present = secret_optiga_present();
   secbool optiga_secret_writable = secret_optiga_writable();
-  if (sectrue == trust_all && sectrue == allow_run_with_secret &&
+  if (sectrue == allow_provisioning_access &&
       sectrue == optiga_secret_writable && secfalse == optiga_secret_present) {
     // Secret is not present and the secret sector is writable.
     // This means the U5 chip is unprovisioned.
@@ -340,17 +360,13 @@ void secret_prepare_fw(secbool allow_run_with_secret, secbool trust_all) {
   }
   // Disable access unconditionally.
   secret_disable_access();
-  if (sectrue != trust_all && sectrue == optiga_secret_present) {
+  if (sectrue != allow_run_with_secret && sectrue == optiga_secret_present) {
     // Untrusted firmware, locked bootloader. Show the restricted screen.
     show_install_restricted_screen();
   }
 #else
   secret_disable_access();
 #endif
-
-  if (sectrue != trust_all) {
-    secret_disable_access();
-  }
 }
 
 void secret_init(void) {

core/embed/sec/secret/unix/secret.c

@@ -1,3 +1,22 @@
+/*
+* This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
 #include <trezor_model.h>
 #include <trezor_rtl.h>
 
@@ -123,7 +142,8 @@ secbool secret_optiga_writable(void) { return secret_wiped(); }
 
 void secret_optiga_erase(void) { secret_erase(); }
 
-void secret_prepare_fw(secbool allow_run_with_secret, secbool _trust_all) {
+void secret_prepare_fw(secbool allow_run_with_secret, secbool allow_provisioning_access) {
+  (void)allow_provisioning_access;
 #ifdef USE_OPTIGA
   if (sectrue != allow_run_with_secret && sectrue != secret_wiped()) {
     // This function does not return