Merge pull request #369 from LedgerHQ/endorsement_display

Endorsement display
LedgerHQ · Sep 5, 2023 · d5b0435 · d5b0435
2 parents 6608b6c + 35be215
commit d5b0435
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 10 deletions.
diff --git a/include/os_endorsement.h b/include/os_endorsement.h
@@ -7,6 +7,13 @@
 /* -                         ENDORSEMENT FEATURE                         - */
 /* ----------------------------------------------------------------------- */
 
+typedef enum endorsement_revoke_id_e {
+    ENDORSEMENT_REVOKE_ID_ALL   = 0,
+    ENDORSEMENT_REVOKE_ID_SLOT1 = 1,
+    ENDORSEMENT_REVOKE_ID_SLOT2 = 2,
+    ENDORSEMENT_REVOKE_ID_LAST  = 3,
+} endorsement_revoke_id_t;
+
 #define ENDORSEMENT_MAX_ASN1_LENGTH                     (1 + 1 + 2 * (1 + 1 + 33))
 
 SYSCALL unsigned int os_endorsement_get_code_hash(unsigned char* buffer PLENGTH(32));
@@ -16,6 +23,8 @@ SYSCALL unsigned int os_endorsement_key1_get_app_secret(unsigned char* buffer PL
 SYSCALL unsigned int os_endorsement_key1_sign_data(unsigned char* src PLENGTH(srcLength), unsigned int srcLength, unsigned char* signature PLENGTH(ENDORSEMENT_MAX_ASN1_LENGTH));
 SYSCALL unsigned int os_endorsement_key2_derive_sign_data(unsigned char* src PLENGTH(srcLength), unsigned int srcLength, unsigned char* signature PLENGTH(ENDORSEMENT_MAX_ASN1_LENGTH));
 
-#if (defined(HAVE_BOLOS_NOTWIPED_ENDORSEMENT) && defined(HAVE_ENDORSEMENTS_DISPLAY))
 SYSCALL unsigned int os_endorsement_get_metadata(unsigned char index, unsigned char* buffer PLENGTH(8));
-#endif // (defined(HAVE_BOLOS_NOTWIPED_ENDORSEMENT) && defined(HAVE_ENDORSEMENTS_DISPLAY))
+
+SYSCALL void os_endorsement_revoke_slot1(void);
+SYSCALL void os_endorsement_revoke_slot2(void);
+SYSCALL void os_endorsement_revoke_all(void);
diff --git a/include/syscalls.h b/include/syscalls.h
@@ -190,10 +190,12 @@
 #define SYSCALL_os_allow_protected_ram_ID                          0x00000092
 #define SYSCALL_os_deny_protected_ram_ID                           0x00000093
 
-#ifdef HAVE_CUSTOM_CA_SETTINGS
+#ifdef HAVE_CUSTOM_CA_DETAILS_IN_SETTINGS
 #define SYSCALL_os_bolos_custom_ca_get_info_ID                     0x01000CA0
 #define SYSCALL_os_bolos_custom_ca_revoke_ID                       0x00000CA1
-#endif // HAVE_CUSTOM_CA_SETTINGS
+#endif // HAVE_CUSTOM_CA_DETAILS_IN_SETTINGS
+
+#define SYSCALL_os_bolos_endorsement_revoke_ID                     0x010001ED
 
 #ifndef HAVE_BOLOS_NO_CUSTOMCA
 #define SYSCALL_os_customca_verify_ID                              0x03000090
@@ -217,9 +219,7 @@
 #define SYSCALL_os_aem_is_pin_validated_ID                         0x00000147
 #endif // HAVE_AEM_PIN
 
-#if (defined(HAVE_BOLOS_NOTWIPED_ENDORSEMENT) && defined(HAVE_ENDORSEMENTS_DISPLAY))
 #define SYSCALL_os_endorsement_get_metadata_ID                     0x02000138
-#endif // (defined(HAVE_BOLOS_NOTWIPED_ENDORSEMENT) && defined(HAVE_ENDORSEMENTS_DISPLAY))
 
 #if defined(HAVE_VAULT_RECOVERY_ALGO)
 #define SYSCALL_os_perso_derive_and_prepare_seed_ID                0x02000137

diff --git a/src/syscalls.c b/src/syscalls.c
@@ -1547,7 +1547,7 @@ unsigned int os_deny_protected_flash( void ) {
   return (unsigned int) SVC_Call(SYSCALL_os_deny_protected_flash_ID, parameters);
 }
 
-#ifdef HAVE_CUSTOM_CA_SETTINGS
+#ifdef HAVE_CUSTOM_CA_DETAILS_IN_SETTINGS
 bolos_bool_t os_bolos_custom_ca_get_info(customca_data_t *custom_ca) {
   unsigned int parameters[2];
   parameters[0] = (unsigned int) custom_ca;
@@ -1561,7 +1561,14 @@ void os_bolos_custom_ca_revoke(void) {
   SVC_Call(SYSCALL_os_bolos_custom_ca_revoke_ID, parameters);
   return;
 }
-#endif //HAVE_CUSTOM_CA_SETTINGS
+#endif //HAVE_CUSTOM_CA_DETAILS_IN_SETTINGS
+
+bolos_bool_t os_bolos_endorsement_revoke(uint8_t slot) {
+  unsigned int parameters[1];
+  parameters[0] = (unsigned int) slot;
+  bolos_bool_t ret = SVC_Call(SYSCALL_os_bolos_endorsement_revoke_ID, parameters);
+  return ret;
+}
 
 #ifdef HAVE_MCU_SERIAL_STORAGE
 unsigned int os_seph_serial ( unsigned char * serial, unsigned int maxlength ) {
@@ -1762,14 +1769,12 @@ bolos_bool_t os_aem_is_pin_validated ( void ) {
 }
 #endif // HAVE_AEM_PIN
 
-#if (defined(HAVE_BOLOS_NOTWIPED_ENDORSEMENT) && defined(HAVE_ENDORSEMENTS_DISPLAY))
 unsigned int os_endorsement_get_metadata ( unsigned char index, unsigned char * buffer ) {
   unsigned int parameters[2];
   parameters[0] = (unsigned int)index;
   parameters[1] = (unsigned int)buffer;
   return (unsigned int) SVC_Call(SYSCALL_os_endorsement_get_metadata_ID, parameters);
 }
-#endif // (defined(HAVE_BOLOS_NOTWIPED_ENDORSEMENT) && defined(HAVE_ENDORSEMENTS_DISPLAY))
 
 #if defined(HAVE_LANGUAGE_PACK)
 void list_language_packs(UX_LOC_LANGUAGE_PACK_INFO *packs) {