fix(core): raise NotInitialized on BTC-only seed derivation #7035
Merged
Conversation
romanz
added
core
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (2)
WalkthroughThis PR extracts a shared raise_if_not_initialized() helper in apps.common.seed and replaces many ad-hoc storage_device.is_initialized() checks across the codebase with calls to this helper. Changes touch seed derivation paths (THP and v1), management handlers, base/Cardano/Evolu/WebAuthn handlers, add a test enforcing failure on uninitialized devices, updates UI test fixtures, and adds a changelog entry. Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
romanz
force-pushed
the
romanz/2606/not-initialized
branch
from
8b9afc2 to
0d681ed
Compare
romanz
force-pushed
the
romanz/2606/not-initialized
branch
from
0d681ed to
2904a62
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (2)
core/src/apps/common/seed.py (1)
174-175: ⚡ Quick winConsider aligning exception type with the new helper for consistency.
The function
_get_seed_without_passphrase()still raises a genericExceptionwhen the device is not initialized, while the new helper raisestrezor.wire.NotInitialized. This creates inconsistency in exception types across the module.Updating this location would complete the centralization and ensure uniform error handling contracts for callers.
♻️ Proposed alignment
`@cache.stored`(APP_COMMON_SEED_WITHOUT_PASSPHRASE) def _get_seed_without_passphrase() -> bytes: - if not storage_device.is_initialized(): - raise Exception("Device is not initialized") + raise_if_not_initialized() return mnemonic.get_seed(progress_bar=False)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@core/src/apps/common/seed.py` around lines 174 - 175, Replace the generic Exception raised in _get_seed_without_passphrase when storage_device.is_initialized() returns False with the same NotInitialized exception used by the new helper: import or reference trezor.wire.NotInitialized and raise NotInitialized() (or re-raise the helper's NotInitialized) instead of Exception("Device is not initialized") so the function and callers use the consistent exception type.tests/device_tests/test_basic.py (1)
66-74: 💤 Low valueConsider more explicit conditional for readability.
The tuple indexing with boolean (
expected[session.test_ctx.is_thp()]) is correct but relies on implicitFalse=0, True=1conversion. A conditional expression or if-statement would be more immediately readable:expected = ( messages.FailureType.InvalidSession if session.test_ctx.is_thp() else messages.FailureType.NotInitialized ) assert resp.code == expected🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@tests/device_tests/test_basic.py` around lines 66 - 74, Replace the boolean-indexed tuple in test_not_initialized with an explicit conditional to improve readability: instead of using expected[session.test_ctx.is_thp()], compute expected by checking session.test_ctx.is_thp() and selecting messages.FailureType.InvalidSession or messages.FailureType.NotInitialized accordingly, then assert resp.code == expected; update references to messages.FailureType and session.test_ctx.is_thp() in that test to reflect this clearer conditional.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@core/.changelog.d/6941.fixed`:
- Line 1: Update the changelog entry text "[T2B1,T2T1,T3B1,T3T1] Return an
explicit error when try to derive seed on Bicoin-only firmware." by correcting
the typo "Bicoin-only" → "Bitcoin-only" and fixing the grammar "when try" →
"when trying" so the line reads e.g. "[T2B1,T2T1,T3B1,T3T1] Return an explicit
error when trying to derive seed on Bitcoin-only firmware."
In `@core/src/apps/common/seed.py`:
- Around line 89-92: Move the initialization precondition check before the
business logic: call raise_if_not_initialized() prior to checking
ctx.cache.is_set(APP_COMMON_SEED). Specifically, in the seed logic where
ctx.cache.is_set(APP_COMMON_SEED) is currently checked, reorder the statements
so raise_if_not_initialized() runs first and then perform the cache check to
preserve the fail-fast behavior like the Cardano variant.
---
Nitpick comments:
In `@core/src/apps/common/seed.py`:
- Around line 174-175: Replace the generic Exception raised in
_get_seed_without_passphrase when storage_device.is_initialized() returns False
with the same NotInitialized exception used by the new helper: import or
reference trezor.wire.NotInitialized and raise NotInitialized() (or re-raise the
helper's NotInitialized) instead of Exception("Device is not initialized") so
the function and callers use the consistent exception type.
In `@tests/device_tests/test_basic.py`:
- Around line 66-74: Replace the boolean-indexed tuple in test_not_initialized
with an explicit conditional to improve readability: instead of using
expected[session.test_ctx.is_thp()], compute expected by checking
session.test_ctx.is_thp() and selecting messages.FailureType.InvalidSession or
messages.FailureType.NotInitialized accordingly, then assert resp.code ==
expected; update references to messages.FailureType and
session.test_ctx.is_thp() in that test to reflect this clearer conditional.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 748d9590-341b-45b2-a5f9-d8ea73bb3eed
📒 Files selected for processing (18)
core/.changelog.d/6941.fixedcore/src/apps/base.pycore/src/apps/cardano/seed.pycore/src/apps/common/seed.pycore/src/apps/evolu/get_node.pycore/src/apps/management/apply_flags.pycore/src/apps/management/apply_settings.pycore/src/apps/management/backup_device.pycore/src/apps/management/change_wipe_code.pycore/src/apps/management/get_next_u2f_counter.pycore/src/apps/management/recovery_device/__init__.pycore/src/apps/management/sd_protect.pycore/src/apps/management/set_brightness.pycore/src/apps/management/set_u2f_counter.pycore/src/apps/webauthn/add_resident_credential.pycore/src/apps/webauthn/remove_resident_credential.pytests/device_tests/test_basic.pytests/ui_tests/fixtures.json
M1nd3r
approved these changes
Jun 1, 2026
Contributor
M1nd3r
left a comment
M1nd3r
left a comment
There was a problem hiding this comment.
utACK
Please, fix the issues mentioned by CodeRabbit.
Also, add device test for `NotInitialized` exception.
romanz
force-pushed
the
romanz/2606/not-initialized
branch
from
2904a62 to
64317ac
Compare
M1nd3r
approved these changes
Jun 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Also add device test for
NotInitializedexceptionFixes #6941.
Notes to QA:
trezorctl -v btc get-public-node -n 'm/0h'should returnNotInitialized(instead ofFirmwareError)