Currently even in stateless mode DIY stores some stuff in flash:
currently selected network
encrypted multisig wallets files
number of PIN code attempts
It would be interesting to have a fully stateless mode where writing to flash is not possible at all.
Idea
No need in PIN in this mode, instantly get to init screen with 4 options:
generate key
enter key
import key (QR / SD)
integrity check
If you go to integrity check you will get a keyboard where you type something unique, for example "blah blah blah".
As the result you get a pixel image like this:
Next time you enter the same string you should get the same picture. So you just remember that "blah blah blah" gives you a pink bull.
And anything else will give you a completely different picture.
The picture is generated based on the string you entered and internal secret. So if internal secret changes you will get a completely different picture.
And if attacker loads malicious firmware he can not guess what you will enter, so he can not guess what picture to show.
Bootloader can lock flash for the main firmware, so it becomes read-only.
Currently even in stateless mode DIY stores some stuff in flash:
It would be interesting to have a fully stateless mode where writing to flash is not possible at all.
Idea
No need in PIN in this mode, instantly get to init screen with 4 options:
If you go to integrity check you will get a keyboard where you type something unique, for example "blah blah blah". As the result you get a pixel image like this:
Next time you enter the same string you should get the same picture. So you just remember that "blah blah blah" gives you a pink bull.
And anything else will give you a completely different picture.
The picture is generated based on the string you entered and internal secret. So if internal secret changes you will get a completely different picture. And if attacker loads malicious firmware he can not guess what you will enter, so he can not guess what picture to show.
Bootloader can lock flash for the main firmware, so it becomes read-only.