Skip to content

[Bug] TC Flash Hash at Boot should not display an "Invalid" warning #814

Description

@tadeubas

Describe the bug

When TC Flash Hash at Boot is enabled and user provides a wrong TC code, the device should not warn the user about Invalid Tamper Check Code, instead it should just show the image and two pair of words, the user have to always verify the images and words instead of the device validating the input and influencing users to ignore what is shown next.

The TC code is not a security PIN, the device should not be blocked, this could create a false sense of security false sensation of security while the devices are open and we don't have any form of "blocking", just as an example of how easy it is to disable this "blocking protection", if settings is stored in flash you just need to insert an SD card with a settings.json file with contents {"settings": {"persist": {"location": "sd"}}} and boom TC Flash Hash at Boot is disabled, if settings were stored in the SD already you just need to remove the SD card. So I consider the current way TC Flash Hash at Boot works as a bug as it should not "block" but show the Hash values instead.

Here’s a cleaned-up and more structured refactor that keeps the security rationale clear and avoids repetition:

When TC Flash Hash at Boot is enabled and the user enters an incorrect TC code, the device currently displays an “Invalid Tamper Check Code” warning. This behavior is misleading and undesirable.

Instead, the device should always display the image and the two word pairs, regardless of the entered TC code. The user must manually verify the displayed image and words, without the device validating the input or influencing the user’s perception of what is shown next.

The TC code is not a security PIN. The device should never be "blocked" based on an incorrect TC code. Treating it as a "blocking" or validating mechanism creates a false sense of security, especially given that the device is open and does not implement any real blocking protections.

For example, if settings are stored in flash, inserting an SD card with a settings.json containing:

{"settings": {"persist": {"location": "sd"}}}

immediately disables TC Flash Hash at Boot. If settings are already stored on the SD card, simply removing the card disables it as well.

Because of this, the current behavior, showing an "invalid" warning and implying enforcement, is incorrect. TC Flash Hash at Boot should never block or validate, only display the hash-derived visuals for user verification.

Device(s) affected

  • All

Version affected

  • Official release (selfcustody/krux): All versions after TC Flash Hash at Boot was available
  • Beta release (odudex/krux_binaries): vXX.YY.Z-betaWW

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions