search

polhenarejos / pico-hsm

Hardware Security Module (HSM) for Raspberry Pico and ESP32
https://www.picokeys.com
GNU General Public License v3.0
222 stars 30 forks source link

Press-to-confirm button #39

Closed fastchain closed 3 months ago

fastchain commented 3 months ago

Hello!

Thank you for the great project!

According to this description

https://github.com/polhenarejos/pico-hsm/blob/98e9b72b42a128d5cc2bd74dedb742a59662ccc0/doc/extra_command.md#press-to-confirm-button

It seems the press-to-confirm function can be enabled and disabled without requiring any authentication. This raises a concern that malware could potentially disable it without notice, rendering the press-to-confirm control ineffective. Is it possible lock this setting to prevent such actions?

fastchain commented 3 months ago

Hello,

Here is the fix https://github.com/polhenarejos/pico-hsm/pull/40

polhenarejos commented 3 months ago

Merged.