fix: bump bootloader version to 1.0.2 for key rotation#27
Open
k9ert wants to merge 1 commit intocryptoadvance:masterfrom
Open
fix: bump bootloader version to 1.0.2 for key rotation#27k9ert wants to merge 1 commit intocryptoadvance:masterfrom
k9ert wants to merge 1 commit intocryptoadvance:masterfrom
Conversation
The bootloader version was 1.0.1, same as the version shipped with v1.9.0. When the v1.10.0 upgrade writes the new bootloader (with rotated signing keys) to the inactive copy slot, the startup code never swaps to it because both copies have version 1.0.1 and ties go to copy 1 (the old one). This causes subsequent upgrades signed with the new keys to fail with "Not enough signatures". Bumping to 1.0.2 ensures the startup code selects the new copy after the v1.10.0 upgrade. See: cryptoadvance/specter-diy#330 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
0100000199) to 1.0.2 (0100000299)Problem
The startup code selects between two bootloader copies based on the ICR version — highest wins, ties go to copy 1. When v1.10.0 writes the new bootloader (with rotated signing keys) to the inactive slot, both copies end up at version 1.0.1. The startup code keeps running copy 1 (old keys), so v1.10.1 signed with the new keys fails signature verification.
Full analysis: cryptoadvance/specter-diy#330 (comment)
Test plan
🤖 Generated with Claude Code