Prevent memory_reset_hww from masking flash write failures

cedwies · cedwies · commit 55104dd18809 · 2025-12-09T17:21:30.000+01:00
memory_reset_hww combined the CHUNK_1 write result and the
shared BLE chunk write using |=, so a later successful
write could hide an earlier failure. Change both writes to
be checked individually and return false on the first
failure, making the function only report success when all
flash writes succeed.

Using explicit checks with early returns instead of
changing |= to &amp;= keeps each flash write logically
independent and minimalizes the risk of future confusion.
diff --git a/src/memory/memory.c b/src/memory/memory.c
@@ -371,7 +371,6 @@ bool memory_reset_hww(void)
     }
 
     // Initialize hww memory
-
     chunk_1_t chunk = {0};
     CLEANUP_CHUNK(chunk);
     _read_chunk(CHUNK_1, chunk_bytes);
@@ -382,7 +381,9 @@ bool memory_reset_hww(void)
     // Set a new noise static private key.
     rust_noise_generate_static_private_key(rust_util_bytes_mut(
         chunk.fields.noise_static_private_key, sizeof(chunk.fields.noise_static_private_key)));
-    bool res = _write_chunk(CHUNK_1, chunk.bytes);
+    if (!_write_chunk(CHUNK_1, chunk.bytes)) {
+        return false;
+    }
 
     // Reset bond-db and reinitialize IRK and identity address
     if (memory_get_platform() == MEMORY_PLATFORM_BITBOX02_PLUS) {
@@ -405,10 +406,12 @@ bool memory_reset_hww(void)
         chunk_shared.fields.ble_identity_address[0] |= 0xc;
 
         memset(&chunk_shared.fields.ble_bond_db, 0xff, sizeof(chunk_shared.fields.ble_bond_db));
-        res |= _write_to_address(FLASH_SHARED_DATA_START, 0, chunk_shared.bytes);
+        if (!_write_to_address(FLASH_SHARED_DATA_START, 0, chunk_shared.bytes)) {
+            return false;
+        }
     }
 
-    return res;
+    return true;
 }
 
 static bool _is_bitmask_flag_set(uint8_t flag)
