24.11.0 Release Candidate #475
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add introduction to anti-tamper doc
allow PIN with letters and special chars allow disabling PIN flash snapshot has words dedicated to SPIFFS
fix MaixPy submodule url
README info about add user to docker group before using ./krux build
adapt fill_flash to all devices update flash hash docs
set exec_allowed from spiffs to false
slightly expand prompt touch regions
Docs: Fix icon scale of backup templates II
Add BIP85 passwords
Tamper Detection
jdlcdl
reviewed
Nov 7, 2024
src/krux/pages/__init__.py
Outdated
| @@ -146,19 +148,24 @@ def capture_from_keypad( | |||
| """ | |||
| buffer = starting_buffer | |||
| pad = Keypad(self.ctx, keysets, possible_keys_fn) | |||
| big_tittle = len(self.ctx.display.to_lines(title)) > 1 | |||
There was a problem hiding this comment.
typo "big_tittle" becomes "big_title" but not currently a bug, would need to get altered below too.
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #475 +/- ##
==========================================
+ Coverage 94.70% 94.91% +0.21%
==========================================
Files 70 74 +4
Lines 7573 7951 +378
==========================================
+ Hits 7172 7547 +375
- Misses 401 404 +3 ☔ View full report in Codecov by Sentry. |
fr-FR Translations for release-24.11.0
jdlcdl
approved these changes
Nov 12, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
24.11.0 Release Candidate
Tamper Check Flash Hash and Tamper Check Code (Experimental)
The Tamper Check Flash Hash (TC Flash Hash) feature verifies the integrity of the device's flash memory by generating a unique tamper indicator that relies on hash properties. After setting up a Tamper Check Code (TC Code), this check can be performed at every boot or manually via
Tools -> Flash Tools. The TC Code is a key component, required to execute the verification and detect unauthorized changes to the device's memory. Users can also fill unused memory blocks with camera-generated entropy to further mitigate tampering attempts.Flash Map
Flash Map is an auxiliary tool that allows users to visualize the regions of the device's memory that are empty. This helps users verify the results of actions such as:
Japanese Translation
Japanese translation has been added.
BIP85: Allow Export Base64 Passwords
In addition to BIP39 Mnemonics, users can now derive Base64 passwords from their keys. These passwords, which can be used in standard logins, can be noted down, saved to an SD card, or exported as a QR code.
Vulnerability Fix: Block Import of Python Modules from SD Card
A feature of MicroPython, commonly used for general-purpose development, is the ability to run Python code directly from an SD card. However, with the recent implementation of tamper detection tools, this behavior is now considered a vulnerability. It was discovered that MicroPython would prioritize importing
.pyc(Python frozen modules) from an SD card before checking the internal flash, which could be exploited to run unintended code from the SD card. To address this, a block has been implemented in MicroPython to prevent running any code from the SD card, enhancing the overall security of the device.Add Compatibility to Partial Text Mnemonic QR Codes
Partial Text Mnemonic QR Codes, like Coldcard's backups, where mnemonics words are cropped and contain only the first 3 or 4 letters, are now auto-completed and loaded.
Multi-keypad Position Indicator
An indicator has been added to the bottom of keypads to help users identify the keypad index while swiping between them.
WonderMV Simulator
Computer simulator for WonderMV device has been added.
Krux Ethos
Guidelines have been created to assist with decision-making regarding the Krux project's interactions with contributors, users, and businesses that may create products or services related to Krux.
Minor Bugfixes and Refactors
Several code improvements for better reliability and efficiency.
What is the purpose of this pull request?