def hsm_setup(policy=None, dry_run=False):
"""
Enable Hardware Security Module (HSM) mode.
Upload policy file (or use existing policy) and start HSM mode on device. User must approve startup.
All PSBT's will be signed automatically based on that policy.
"""
with get_device() as dev:
dev.check_mitm()
if policy:
if dry_run:
# check it looks reasonable, but jsut a JSON check
raw = open(policy, 'rt').read()
j = json.loads(raw)
click.echo("Policy ok")
sys.exit(0)
file_len, sha = real_file_upload(open(policy, 'rb'), dev)
dev.send_recv(CCProtocolPacker.hsm_start(file_len, sha))
else:
if dry_run:
raise click.UsageError(
"Dry run not useful without a policy file to check.")
dev.send_recv(CCProtocolPacker.hsm_start())
click.echo("Approve HSM policy on Coldcard screen.")
async def hsm_start(self, new_policy=None):
args = []
if new_policy is not None:
# must upload it first
data = json_dumps(new_policy).encode('utf8')
args = self.dev.upload_file(data)
# save a trimmed copy of some details, if they want that
bk = policy.desensitize(new_policy)
BP['summary'] = None
if not bk.get('priv_over_ux'):
BP['priv_over_ux'] = False
BP['policy'] = bk # full copy
BP['xfp'] = xfp2str(self.dev.master_fingerprint)
BP['serial'] = self.dev.serial
else:
BP['priv_over_ux'] = True
BP['policy'] = None
BP['xfp'] = None
BP['serial'] = None
BP.save()
try:
await self.send_recv(CCProtocolPacker.hsm_start(*args))
except CCProtoError as exc:
msg = str(exc)
logging.error("Coldcard didn't like policy: %s" % msg)
raise RuntimeError(str(msg))
