Account for Optiga throttling delay in PIN countdown #4000
Conversation
|
|
The progress bar snapshots in tests are taken when the text message changes, i.e. when changing from "2 seconds remaining" to "1 second remaining" regardless of the actuall progress. As for point 1), progress bars when booting the device are explicitly disabled (per product guys request to avoid visual disturbance). We can re-enable it if SEC is elevated, but we will need to expose reading SEC to python. |
That's not a problem. I already exposed it, so that it can be shown in |
|
I observed something very strange when making measurements. It seems that
|
|
In d5a2e78 I fixed the extra long with |
andrewkozlik
added
the
translations
|
Point 1 done in 95c362c. I also added a new message |
|
Seems to me that you are measuring the delay time including the rendering time, that is with the
The progress calculation is done using real tick values that include the rendering time, so this shouldn't be an issue |
storage/storage.c
Outdated
| static void ui_total_init(uint32_t total_ms) { | ||
| ui_total = total_ms; | ||
| ui_rem = total_ms; | ||
| static uint32_t ui_estimate_time(storage_pin_op_t op) { |
There was a problem hiding this comment.
I don't like introducing the SystemCoreClock dependency here, and not happy about the EMULATOR ifdef either.
We could perhaps organize it this way:
- use unix implementation of
optiga_estimate_timetoo and put there the 500ms as mock value (or even take the operation into account) - introduce something like time_estimations.c/h in each trezorhal implementation, that would contain function
estimate_pbkfd2(iterations)returning estimated time to complete on given HW. Probably use some mock value for emulator/unix there too.
Then we could have single implementation here in storage, with possibility to cleanly improve emulation over time.
(just an example, there might be better ways to do this, perhaps we don't need to restructure it now and do it when we have clearer idea)
There was a problem hiding this comment.
use unix implementation of optiga_estimate_time too and put there the 500ms as mock value
That wouldn't work for T1 and TT, which do not use the unix Optiga implementation.
introduce something like time_estimations.c/h [...]
That would work and I agree it's more generic. It just seemed easier to introduce the SystemCoreClock dependency.
There was a problem hiding this comment.
I mean, the optiga_estimate_time would still be behind ifdef USE_OPTIGA, for TT and T1 the time would be just the pbkfd2 estimation.
Sure its easier like this, feel free to keep current implementation, we can refactor this later if it bothers us at some point
There was a problem hiding this comment.
The introduction of time_estimate.c will come in handy if we start using the hardware accelerated SHA-256 for the STM32U5.
|
|
I added one more change to not lock freshly initialized storage. That way we don't have to unnecessarily unlock it, which otherwise doubles the initialization time of wiped storage, taking a great deal of time when Optiga's SEC is high. |
[no changelog]
andrewkozlik
force-pushed
the
andrewkozlik/optiga-progress
branch
from
1b8d87f to
37caef2
Compare
andrewkozlik
force-pushed
the
andrewkozlik/optiga-progress
branch
from
37caef2 to
b403aa3
Compare
If Optiga's security event counter is set higher than 128, the chip introduces a throttling delay which slows down PIN operations. This makes the progress bar freeze at certain points. In case of PIN change the overall delay can add as much as 65 seconds to the process.
Since we are now measuring the actual elapsed time instead of making estimates of the elapsed time, this PR could mess with the UI tests. The progress bar could be captured at different moments by the UI tests. I am not familiar with how the UI tests make snapshots so not sure whether this would actually be an issue. I tried to avoid this problem by returning 1 ms in
ui_estimate_time()for the emulator build.Further work: