New app policies

client/src/ledger_app_clients/ethereum/settings.py

@@ -5,27 +5,24 @@
 
 
 class SettingID(Enum):
-    BLIND_SIGNING = auto()
-    DEBUG_DATA = auto()
-    NONCE = auto()
-    VERBOSE_EIP712 = auto()
     VERBOSE_ENS = auto()
+    VERBOSE_EIP712 = auto()
+    NONCE = auto()
+    DEBUG_DATA = auto()
 
 
 def get_device_settings(device: str) -> list[SettingID]:
     if device == "nanos":
         return [
-            SettingID.BLIND_SIGNING,
+            SettingID.NONCE,
             SettingID.DEBUG_DATA,
-            SettingID.NONCE
         ]
     if device in ("nanox", "nanosp", "stax", "flex"):
         return [
-            SettingID.BLIND_SIGNING,
-            SettingID.DEBUG_DATA,
-            SettingID.NONCE,
+            SettingID.VERBOSE_ENS,
             SettingID.VERBOSE_EIP712,
-            SettingID.VERBOSE_ENS
+            SettingID.NONCE,
+            SettingID.DEBUG_DATA,
         ]
     return []
 

src/handle_swap_sign_transaction.c

@@ -95,7 +95,6 @@ void __attribute__((noreturn)) handle_swap_sign_transaction(const chain_config_t
 
     if (N_storage.initialized != 0x01) {
         internalStorage_t storage;
-        storage.dataAllowed = 0x00;
         storage.contractDetails = 0x00;
         storage.initialized = 0x01;
         storage.displayNonce = 0x00;

src/main.c

@@ -39,7 +39,6 @@ unsigned char G_io_seproxyhal_spi_buffer[IO_SEPROXYHAL_BUFFER_SIZE_B];
 void ui_idle(void);
 
 uint32_t set_result_get_publicKey(void);
-void finalizeParsing(bool);
 
 tmpCtx_t tmpCtx;
 txContext_t txContext;
@@ -549,11 +548,6 @@ __attribute__((noreturn)) void coin_main(libargs_t *args) {
 
                 if (!N_storage.initialized) {
                     internalStorage_t storage;
-#ifdef HAVE_ALLOW_DATA
-                    storage.dataAllowed = true;
-#else
-                    storage.dataAllowed = false;
-#endif
                     storage.contractDetails = false;
                     storage.displayNonce = false;
 #ifdef HAVE_EIP712_FULL_SUPPORT

src/shared_context.h

@@ -30,7 +30,6 @@ typedef struct bip32_path_t {
 } bip32_path_t;
 
 typedef struct internalStorage_t {
-    bool dataAllowed;
     bool contractDetails;
     bool displayNonce;
 #ifdef HAVE_EIP712_FULL_SUPPORT

src/ui_callbacks.h

@@ -24,4 +24,3 @@ unsigned int io_seproxyhal_touch_privacy_cancel(const bagl_element_t *e);
 void ui_warning_contract_data(void);
 
 void io_seproxyhal_send_status(uint32_t sw);
-void finalizeParsing(bool direct);

src_bagl/common_ui.c

@@ -13,7 +13,7 @@ void ui_idle(void) {
 }
 
 void ui_warning_contract_data(void) {
-    ux_flow_init(0, ux_warning_contract_data_flow, NULL);
+    ux_flow_init(0, ux_blind_signing_flow, NULL);
 }
 
 void ui_display_public_eth2(void) {

src_bagl/ui_flow.c

@@ -2,23 +2,22 @@
 #include "ui_callbacks.h"
 #include "common_ui.h"
 #include "common_utils.h"
+#include "feature_signTx.h"
 
 #define ENABLED_STR   "Enabled"
 #define DISABLED_STR  "Disabled"
 #define BUF_INCREMENT (MAX(strlen(ENABLED_STR), strlen(DISABLED_STR)) + 1)
 
 // Reuse the strings.common.fullAmount buffer for settings displaying.
 // No risk of collision as this buffer is unused in the settings menu
-#define SETTING_BLIND_SIGNING_STATE       (strings.common.fullAmount)
-#define SETTING_DISPLAY_DATA_STATE        (strings.common.fullAmount + (BUF_INCREMENT * 1))
+#define SETTING_VERBOSE_DOMAIN_NAME_STATE (strings.common.fullAmount + (BUF_INCREMENT * 0))
+#define SETTING_VERBOSE_EIP712_STATE      (strings.common.fullAmount + (BUF_INCREMENT * 1))
 #define SETTING_DISPLAY_NONCE_STATE       (strings.common.fullAmount + (BUF_INCREMENT * 2))
-#define SETTING_VERBOSE_EIP712_STATE      (strings.common.fullAmount + (BUF_INCREMENT * 3))
-#define SETTING_VERBOSE_DOMAIN_NAME_STATE (strings.common.fullAmount + (BUF_INCREMENT * 4))
+#define SETTING_DISPLAY_DATA_STATE        (strings.common.fullAmount + (BUF_INCREMENT * 3))
 
 #define BOOL_TO_STATE_STR(b) (b ? ENABLED_STR : DISABLED_STR)
 
 static void display_settings(const ux_flow_step_t* const start_step);
-static void switch_settings_blind_signing(void);
 static void switch_settings_display_data(void);
 static void switch_settings_display_nonce(void);
 #ifdef HAVE_EIP712_FULL_SUPPORT
@@ -71,45 +70,31 @@ UX_FLOW(ux_idle_flow,
         FLOW_LOOP);
 
 // clang-format off
+#ifdef HAVE_DOMAIN_NAME
 UX_STEP_CB(
-    ux_settings_flow_blind_signing_step,
-#ifdef TARGET_NANOS
-    bnnn_paging,
-#else
+    ux_settings_flow_verbose_domain_name_step,
     bnnn,
-#endif
-    switch_settings_blind_signing(),
+    switch_settings_verbose_domain_name(),
     {
-#ifdef TARGET_NANOS
-      .title = "Blind signing",
-      .text =
-#else
-      "Blind signing",
-      "Transaction",
-      "blind signing",
-#endif
-      SETTING_BLIND_SIGNING_STATE
+      "ENS addresses",
+      "Displays resolved",
+      "addresses from ENS",
+      SETTING_VERBOSE_DOMAIN_NAME_STATE
     });
+#endif // HAVE_DOMAIN_NAME
 
+#ifdef HAVE_EIP712_FULL_SUPPORT
 UX_STEP_CB(
-    ux_settings_flow_display_data_step,
-#ifdef TARGET_NANOS
-    bnnn_paging,
-#else
+    ux_settings_flow_verbose_eip712_step,
     bnnn,
-#endif
-    switch_settings_display_data(),
+    switch_settings_verbose_eip712(),
     {
-#ifdef TARGET_NANOS
-      .title = "Debug data",
-      .text =
-#else
-      "Debug data",
-      "Show contract data",
-      "details",
-#endif
-      SETTING_DISPLAY_DATA_STATE
+      "Raw messages",
+      "Displays raw content",
+      "from EIP712 messages",
+      SETTING_VERBOSE_EIP712_STATE
     });
+#endif // HAVE_EIP712_FULL_SUPPORT
 
 UX_STEP_CB(
     ux_settings_flow_display_nonce_step,
@@ -125,38 +110,31 @@ UX_STEP_CB(
       .text =
 #else
       "Nonce",
-      "Show account nonce",
+      "Displays nonce",
       "in transactions",
 #endif
       SETTING_DISPLAY_NONCE_STATE
     });
 
-#ifdef HAVE_EIP712_FULL_SUPPORT
-UX_STEP_CB(
-    ux_settings_flow_verbose_eip712_step,
-    bnnn,
-    switch_settings_verbose_eip712(),
-    {
-      "Verbose EIP-712",
-      "Ignore filtering &",
-      "display raw content",
-      SETTING_VERBOSE_EIP712_STATE
-    });
-#endif // HAVE_EIP712_FULL_SUPPORT
-
-#ifdef HAVE_DOMAIN_NAME
 UX_STEP_CB(
-    ux_settings_flow_verbose_domain_name_step,
+    ux_settings_flow_display_data_step,
+#ifdef TARGET_NANOS
+    bnnn_paging,
+#else
     bnnn,
-    switch_settings_verbose_domain_name(),
+#endif
+    switch_settings_display_data(),
     {
-      "Verbose domains",
-      "Show",
-      "resolved address",
-      SETTING_VERBOSE_DOMAIN_NAME_STATE
+#ifdef TARGET_NANOS
+      .title = "Debug data",
+      .text =
+#else
+      "Debug contracts",
+      "Displays contract",
+      "data details",
+#endif
+      SETTING_DISPLAY_DATA_STATE
     });
-#endif // HAVE_DOMAIN_NAME
-
 
 UX_STEP_CB(
     ux_settings_flow_back_step,
@@ -169,19 +147,17 @@ UX_STEP_CB(
 // clang-format on
 
 UX_FLOW(ux_settings_flow,
-        &ux_settings_flow_blind_signing_step,
-        &ux_settings_flow_display_data_step,
-        &ux_settings_flow_display_nonce_step,
-#ifdef HAVE_EIP712_FULL_SUPPORT
-        &ux_settings_flow_verbose_eip712_step,
-#endif  // HAVE_EIP712_FULL_SUPPORT
 #ifdef HAVE_DOMAIN_NAME
         &ux_settings_flow_verbose_domain_name_step,
 #endif  // HAVE_DOMAIN_NAME
+#ifdef HAVE_EIP712_FULL_SUPPORT
+        &ux_settings_flow_verbose_eip712_step,
+#endif  // HAVE_EIP712_FULL_SUPPORT
+        &ux_settings_flow_display_nonce_step,
+        &ux_settings_flow_display_data_step,
         &ux_settings_flow_back_step);
 
 static void display_settings(const ux_flow_step_t* const start_step) {
-    strlcpy(SETTING_BLIND_SIGNING_STATE, BOOL_TO_STATE_STR(N_storage.dataAllowed), BUF_INCREMENT);
     strlcpy(SETTING_DISPLAY_DATA_STATE,
             BOOL_TO_STATE_STR(N_storage.contractDetails),
             BUF_INCREMENT);
@@ -206,10 +182,6 @@ static void toggle_setting(volatile bool* setting, const ux_flow_step_t* ui_step
     display_settings(ui_step);
 }
 
-static void switch_settings_blind_signing(void) {
-    toggle_setting(&N_storage.dataAllowed, &ux_settings_flow_blind_signing_step);
-}
-
 static void switch_settings_display_data(void) {
     toggle_setting(&N_storage.contractDetails, &ux_settings_flow_display_data_step);
 }
@@ -232,26 +204,76 @@ static void switch_settings_verbose_domain_name(void) {
 
 //////////////////////////////////////////////////////////////////////
 // clang-format off
+UX_STEP_NOCB(
+    ux_blind_signing_warning_step,
+    pbb,
+    {
+      &C_icon_warning,
 #ifdef TARGET_NANOS
-UX_STEP_CB(
-    ux_warning_contract_data_step,
-    bnnn_paging,
-    ui_idle(),
+      "Transaction",
+      "not trusted",
+#else
+      "This transaction",
+      "cannot be trusted",
+#endif
+    });
+#ifndef TARGET_NANOS
+UX_STEP_NOCB(
+    ux_blind_signing_text1_step,
+    nnnn,
+    {
+      "Your Ledger cannot",
+      "decode this",
+      "transaction. If you",
+      "sign it, you could",
+    });
+UX_STEP_NOCB(
+    ux_blind_signing_text2_step,
+    nnnn,
+    {
+      "be authorizing",
+      "malicious actions",
+      "that can drain your",
+      "wallet.",
+    });
+#endif
+UX_STEP_NOCB(
+    ux_blind_signing_link_step,
+    nn,
     {
-      "Error",
-      "Blind signing must be enabled in Settings",
+      "Learn more:",
+      "ledger.com/e8",
     });
+UX_STEP_CB(
+    ux_blind_signing_accept_step,
+    pbb,
+    start_signature_flow(),
+    {
+      &C_icon_validate_14,
+#ifdef TARGET_NANOS
+      "Accept risk",
+      "and review",
 #else
+      "Accept risk and",
+      "review transaction",
+#endif
+    });
 UX_STEP_CB(
-    ux_warning_contract_data_step,
-    pnn,
-    ui_idle(),
+    ux_blind_signing_reject_step,
+    pb,
+    report_finalize_error(),
     {
       &C_icon_crossmark,
-      "Blind signing must be",
-      "enabled in Settings",
+      "Reject",
     });
-#endif
 // clang-format on
 
-UX_FLOW(ux_warning_contract_data_flow, &ux_warning_contract_data_step);
+UX_FLOW(ux_blind_signing_flow,
+        &ux_blind_signing_warning_step,
+#ifndef TARGET_NANOS
+        &ux_blind_signing_text1_step,
+        &ux_blind_signing_text2_step,
+#endif
+        &ux_blind_signing_link_step,
+        &ux_blind_signing_accept_step,
+        &ux_blind_signing_reject_step);

src_bagl/ui_flow.h

@@ -8,7 +8,7 @@
 
 extern const ux_flow_step_t* const ux_idle_flow[];
 
-extern const ux_flow_step_t* const ux_warning_contract_data_flow[];
+extern const ux_flow_step_t* const ux_blind_signing_flow[];
 
 extern const ux_flow_step_t* const ux_settings_flow[];