This PR is a draft with an early POC of the app loading process.
The idea is that external apps audited and signed by the Specter team can be uploaded to the device with an SD card.
The device verifies the signatures and threshold, and if everything is fine copies the app to the internal flash and makes it available on the next boot.
Some tools and docs on the app preparation are here
If you are using self-signed firmware you can define your own set of keys that will be used for app verification.
As this is a security-critical feature it will be tested and polished over extended period of time, first we will make it available in a special experimental branch (requires a developer version of the bootloader), and if everything goes well we'll merge it into the main stable branch.
Roadmap:
[x] loading signed apps from SD card
[x] basic tools to prepare a signed app from a directory with python files
[ ] multisig verification (similar to the main firmware - m of n multisig)
[ ] app management - enable / disable / delete / show or hide on main screen
[ ] apps versioning and names (to avoid app downgrades)
[ ] signing with Bitcoin Message protocol using human-readable bech32 encoded app hashes
[ ] better communication between apps and main Specter instance
This PR is a draft with an early POC of the app loading process. The idea is that external apps audited and signed by the Specter team can be uploaded to the device with an SD card. The device verifies the signatures and threshold, and if everything is fine copies the app to the internal flash and makes it available on the next boot. Some tools and docs on the app preparation are here
If you are using self-signed firmware you can define your own set of keys that will be used for app verification.
As this is a security-critical feature it will be tested and polished over extended period of time, first we will make it available in a special experimental branch (requires a developer version of the bootloader), and if everything goes well we'll merge it into the main stable branch.
Roadmap: