Skip to content

Unlock reduce sc events #1622

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 6 commits into
base: master
Choose a base branch
from
Draft

Unlock reduce sc events #1622

wants to merge 6 commits into from

Conversation

benma
Copy link
Collaborator

@benma benma commented Oct 4, 2025
edited
Loading

Builds on #1619

benma added 5 commits October 2, 2025 12:32
@benma
hal: add show_and_confirm_mnemonic to HAL
2b77bd6 
The default implementation is in terms of other HAL/UI functions. For
unit tests (e.g. in show_mnemonic.rs or bip85.rs), it is useful to be
able to skip over the implementation details, so the tests don't have
to mock selecting the right words in the quiz.
@benma
api/show_mnemonic: add unit tests
28976d7 
This also allows us to keep track of the number of secure chip
operations in all the scenarios.
@benma
keystore: fewer securechip calls when checking password
4132672 
The sanity check to see if the seed has changed does not need a
securechip operation, it can use the retained seed hash instead, same
as `unlock_bip39()`. This reduces the number of securechip operations
needed to do a password check, which reduces the risk of running into
the Optiga throttling security mechanism.
@benma
api/backup: add unit test for creating a new backup when initialzed
0ea11ee
@benma
workflow/unlock: add unit test
124772c
@benma benma force-pushed the unlock-reduce-sc-events branch from c2562be to 4fcc8cd Compare October 4, 2025 21:08
@benma
keystore: reduce secure chip operations when unlocking
7cd4971 
Every call to `keystore::unlock` is followed by `copy_seed()`. The latter
uses a secure chip operation. We can remove that by returning the seed
from unlock and re-using it.

This reduces the number of securechip operations by 1 when:

- when unlocking the device
- showing mnemonic on initialized device
- creating backu on initialized device

This is to reduce the risk of running into Optiga's throttling
security mechanism.
@benma benma force-pushed the unlock-reduce-sc-events branch from 4fcc8cd to 7cd4971 Compare October 4, 2025 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@benma