Pin code management: when device is locked, returned 0x5515 error

.github/workflows/build_all_apps.yml

@@ -91,6 +91,17 @@ jobs:
                     echo "path=$path" >> $cargo_toml_path
                     echo "Patch added to Cargo.toml"
                 fi
+                # Patch include_gif
+                if grep -Fxq "[patch.crates-io.include_gif]" $cargo_toml_path; then
+                    echo "The patch already exists in the file."
+                    exit 1
+                else
+                    echo "" >> $cargo_toml_path 
+                    echo "[patch.crates-io.include_gif]" >> $cargo_toml_path
+                    path=\"$GITHUB_WORKSPACE/sdk/include_gif\"
+                    echo "path=$path" >> $cargo_toml_path
+                    echo "Patch added to Cargo.toml"
+                fi
 
             - name: Build
               run: |
@@ -100,8 +111,9 @@ jobs:
                 cd $build_directory
                 for device in $devices; do
                     # Required as patch has a different version from what is locked in Cargo.lock
-                    cargo +$RUST_NIGHTLY update ledger_device_sdk
+                    cargo +$RUST_NIGHTLY update include_gif
                     cargo +$RUST_NIGHTLY update ledger_secure_sdk_sys
+                    cargo +$RUST_NIGHTLY update ledger_device_sdk
                     echo "Build for "$device
                     cargo ledger build $device
                 done

ledger_device_sdk/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ledger_device_sdk"
-version = "1.19.4"
+version = "1.19.5"
 authors = ["yhql", "yogh333", "agrojean-ledger", "kingofpayne"]
 edition = "2021"
 license.workspace = true

ledger_device_sdk/src/io.rs

@@ -432,6 +432,15 @@ impl Comm {
         }
 
         if unsafe { G_io_app.apdu_state } != APDU_IDLE && unsafe { G_io_app.apdu_length } > 0 {
+            #[cfg(not(any(target_os = "nanos")))]
+            unsafe {
+                if os_perso_is_pin_set() == BOLOS_TRUE.try_into().unwrap()
+                    && os_global_pin_is_validated() != BOLOS_TRUE.try_into().unwrap()
+                {
+                    self.reply(StatusWords::DeviceLocked);
+                    return None;
+                }
+            }
             self.rx = unsafe { G_io_app.apdu_length as usize };
             self.event_pending = true;
             return self.check_event();

ledger_device_sdk/src/ui/gadgets.rs

@@ -608,11 +608,7 @@ impl<'a> MultiPageMenu<'a> {
                 io::Event::Ticker => {
                     if UxEvent::Event.request() != BOLOS_UX_OK {
                         // pin lock management
-                        let (_res, ins) = UxEvent::block_and_get_event::<Temp>(self.comm);
-                        if let Some(_e) = ins {
-                            self.comm
-                                .reply::<io::StatusWords>(io::StatusWords::DeviceLocked);
-                        }
+                        UxEvent::block_and_get_event::<Temp>(self.comm);
                         // notify Ticker event only when redisplay is required
                         return EventOrPageIndex::Event(io::Event::Ticker);
                     }

ledger_secure_sdk_sys/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ledger_secure_sdk_sys"
-version = "1.6.1"
+version = "1.6.2"
 authors = ["yhql", "agrojean-ledger", "yogh333"]
 edition = "2021"
 license.workspace = true

ledger_secure_sdk_sys/src/seph.rs

@@ -34,6 +34,17 @@ pub fn send_general_status() {
     }
 }
 
+/// Function to ensure a I/O channel is not timeouting waiting
+/// for operations after a long time without SEPH packet exchanges
+pub fn heartbeat() {
+    send_general_status();
+    let mut spi_buffer = [0u8; 128];
+    seph_recv(&mut spi_buffer, 0);
+    while is_status_sent() {
+        seph_recv(&mut spi_buffer, 0);
+    }
+}
+
 #[repr(u8)]
 pub enum SephTags {
     ScreenDisplayStatus = SEPROXYHAL_TAG_SCREEN_DISPLAY_STATUS as u8,