Configurable auto-lock feature about trezor-firmware HOT 25 CLOSED

1. when trying to wipe auto-locked device i'm not asked to unlock it but to confirm wipe, is this intentional ?

yes, this is intentional

from trezor-firmware.

#949 is a necessary prerequisite of this. After that is done, hardness of auto-locking is decreased, so I updated the estimate.

from trezor-firmware.

For QA:

Auto-lock is enabled by default and set to 10 minutes. It cannot be completely disabled, but can be configured for up to ~6 days (technical limitation; setting higher values will silently set the maximum).

Minimum is 10 seconds. Specifying less will set (and show) 10 seconds.

Use trezorctl set auto-lock-delay <seconds> to set the delay.
Use trezorctl clear-session (command name will be changed but for now this works) to lock the device manually.
No need to update trezorctl, these commands existed for T1 for quite some time.

Scenarios:

• Device locks after the specified period of inactivity. A lock screen should be displayed.
• Device can be unlocked by tapping the lock screen.
• Device can be unlocked by initiating an action from wallet software.
• Device can be unlocked by a FIDO/U2F request.
• Work with the device for longer than the specified autolock delay. Ensure that the device doesn't lock while you are using it.
• Let the autolock interrupt an action (leave an address screen on; or signtx confirmation; or just the PIN entry for unlocking). The device should lock, and the wallet software should react with "action was cancelled"
• Let the autolock interrupt FIDO/U2F request. Device should lock, FIDO should be rejected.

This is currently blocked in Suite by trezor/trezor-suite#1971, and there is most likely something similar for old Wallet.

from trezor-firmware.

@trezor/qa please do a quick test with Password Manager as well.

from trezor-firmware.

@tsusanka i already sent issue 2 days ago for TT 2.3.2 ;)
trezor/trezor-password-manager#95

i will check it with T1 tomorrow ;)

from trezor-firmware.

Default value as per a6e8a37 is 10 minutes, see trezor/trezor-core@a6e8a37#diff-b325a57e27deacedf04af2b2023c70ccR137

from trezor-firmware.

@sorooris why not get it from CI? From master artifact core fw regular.

from trezor-firmware.

@tsusanka thanks, i wasn't sure.

from trezor-firmware.

And let's wait for the old Wallet implementation :). I'll let you know when that's ready. Thanks

from trezor-firmware.

Linked issue from the report retested and is fixed by Connect, removing the needs QA label.

from trezor-firmware.

Configuration value autolock_delay_ms implemented in a6e8a37

from trezor-firmware.

Also, the wake event should be a human interaction (touch event), not wire communication, to protect device from misbehaving app on desktop.

I believe this is so already.

So what is left is to implement the auto-lock and set the settings (use the configuration value added in a6e8a37).

@prusnak What should be the default value? Auto-lock after what time?

from trezor-firmware.

Let's do this in the following milestone, because it should solve some user-unfriendliness in Wallet. In particular, it prompts the user for passphrase entry selection (host vs device) way too often.

On 'clear cache' we should not forget the passphrase, but just lock the device. The passphrase will remain in cache.

from trezor-firmware.

Not erasing passphrase on ClearSession implemented in 4097f25

from trezor-firmware.

what's the purpose of ClearSession if it doesn't clear the session?
i mean, what is wallet using it for?

from trezor-firmware.

According to how it is being used now the message should have been called LockDevice.

from trezor-firmware.

what's the purpose of ClearSession if it doesn't clear the session?

@matejcik , so the trezorctl auto-lock-delay and clear-session command are still WIP in trezorctl v0.12.0 and FW v2.3.0, or did I miss read?

trezorctl set auto-lock-delay 300
trezorctl clear-session

from trezor-firmware.

@brianddk both have been working fine* on T1 for quite some time. Neither is implemented in TT as of now, i wouldn't even call it "WIP", more like "there is an open issue".

*) for some values of "working fine", mostly depending on what exactly you want ClearSession to do

from trezor-firmware.

@matejcik could you link QA with a non-debug firmware build please? thanks

from trezor-firmware.

currently testing suite branch suite-web/feat/232-pinentry
trezor/trezor-suite@06d90d2 with latest 2.3.2 master e630279

1. i often see enter passphrase dialogue before i see correct dialogue after i unlock auto-locked device with some confirmation like change pin or name, after less than second it will disappear and I will see correct dialogue, is this firmware or suite issue ?

After quick check I noticed that this happens with 2.3.1 production c6b2580 FW too and beta version of suite trezor/trezor-suite@06d90d2

do you recommend to send it as Firmware issue or suite issue ?

2. when trying to wipe auto-locked device i'm not asked to unlock it but to confirm wipe, is this intentional ?

from trezor-firmware.

i often see enter passphrase dialogue before i see correct dialogue after i unlock auto-locked device with some confirmation like change pin or name, after less than second it will disappear and I will see correct dialogue, is this firmware or suite issue ?

So you have an auto-locked device and you start some action in Suite (such as change pin). You unlock the device and instead of the change pin dialog you see a passphrase dialog on the device for a brief second? Is that correct? What is displayed in the passphrase dialog? Maybe video could help?

from trezor-firmware.

@tsusanka I just sent suite issue, screenshot from video and video included
trezor/trezor-suite#2046

strange is the it only happens once, maybe then passphrase is already cached, i don't know ;)

from trezor-firmware.

So since @bosomt's (1) is not related to the auto-lock (happens on 2.3.1 as well) and (2) is intentional I am closing again. @bosomt were those the only issues you have encountered? In another words, did you successfully test all the other scenarios provided by @matejcik? (On Suite suite-web/feat/232-pinentry, we still need to test Wallet later)

from trezor-firmware.

@tsusanka tested and all features mentioned by matejcik are working fine.

Let's wait for rest of team so we can say QA OK

from trezor-firmware.

Tested with 2.3.2 14a8da9
Testpad report

from trezor-firmware.