Skip to content

HAL: Unlock Attempts #1710

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cedwies wants to merge 1 commit into
base: master
Choose a base branch
from
Open

HAL: Unlock Attempts #1710

cedwies wants to merge 1 commit into from
+56 −42

Conversation

@cedwies
Copy link
Collaborator

@cedwies cedwies commented Dec 14, 2025

Adds

  1. get_unlock_attempts
  2. fn increment_unlock_attempts
  3. reset_unlock_attempts
  4. get_max_unlock_attempts

to HAL

@cedwies cedwies marked this pull request as ready for review December 14, 2025 18:05
@cedwies cedwies requested a review from benma December 14, 2025 18:05
benma
benma requested changes Dec 14, 2025
View reviewed changes
src/rust/bitbox02-rust/src/hal.rs Outdated
bitbox02::memory::smarteeprom_reset_unlock_attempts()
}
fn get_max_unlock_attempts(&mut self) -> u8 {
bitbox02::memory::MAX_UNLOCK_ATTEMPTS
Copy link
Collaborator

@benma benma Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is unlikely to change in different implementations, so I'd remove that function and define this constant in keystore.rs instead.

The only uses of it in C are the sanity checks in the smarteeprom code. Try and see if you can get rid of them.

Copy link
Collaborator Author

@cedwies cedwies Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed the get_max_unlock_attempts from hal.rs, defined MAX_UNLOCK_ATTEMPTS in keystore.rs
But I would keep the sanity checks, I'd prefer to keep them as defense in depth.

Copy link
Collaborator

@benma benma Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not optimal to have the same const defined in two places, though it could be acceptable. In that case, maybe add a comment to both that mention the other.

But maybe they can be removed after all: bitbox02::memory::smarteeprom_increment_unlock_attempts(); in keystore.rs is called only if get_remaining_unlock_attempts() != 0, so the sanity check in there:

if (unlock_attempts == MAX_UNLOCK_ATTEMPTS) {
        Abort("Tried to increment the number of unlocks past the maximum allowed value.");
    }

cannot happen. The other sanity check in bitbox02_smarteeprom_get_unlock_attempts could be ported Rust.

Imho it's okay for the app-layer to do sanity checks instead of the storage layer - the storage layer could just blindly set/get.

What do you think?

@cedwies cedwies force-pushed the cedwies/unlock-attempts branch from 6aa47be to 6936d3c Compare December 16, 2025 14:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benma benma benma requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cedwies @benma