Merge pull request #332 from keepkey/feature-auth

Feature auth

CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.7.2)
 
 project(KeepKeyFirmware
 
-        VERSION 7.5.2
+        VERSION 7.6.0
 
         LANGUAGES C CXX ASM)
 

SECURITY.md

@@ -1,132 +1,62 @@
 # Security Policy
 
-At ShapeShift, we take security seriously. We encourage independent security
-researchers to contact us in order to privately report security vulnerabilities
-or issues. The information on this page is intended for those security
-researchers that are interested in reporting security vulnerabilities directly
-to the ShapeShift security team.
+Please visit https://www.keepkey.com/security to view the KeepKey security policy and vulnerability
+reporting program. The website includes a GPG key to encrypt vulnerability reports, and is also included
+below:
+
+<summary>GPG Key</summary>
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+mQINBGO4eXYBEAC3uXhD/3vkkMm+sLBeVFipCRCnY+nOgwcmiQ9juAoLJl7/y3jS
+gOlJZXpnIlVeV/Aca0v4EkVITxdiBHQWtuOmpD/nToDkzJnAd4WBLRTYwd8WCcTo
+vLX0MZBx5f8JV0RqTpII5qVfmEVal7bIHbeHp8r5kYDw+3PbY10GbEYZlosXwWw2
+eg2SVpZ7qG79Ak+6rHghzyVsPvvj3RSQlg4g9fs+i+K2omf6HgOXX+1+ExXARpvI
+PNe5GtPiwdzpnlUAqT+1rTS1m8JZ6f/8bOtVdJkTGgChu0fePkY24xiCW3VcOuVJ
+H1+ILjPU9sP0qUkWhUUZM4K54x/2S9hvH79I3rjoRQir2p71S02IG8ethIY4uoJU
+1sJHSXxN49S2BbEYZgJHW+ZhRkqXLDdteJqOGezjy2n0aY9CiS4v5+IrO2slxPlO
+69g4iQMWMVrw7FQsvWWvYgGrTtdocEVVzkkyaNHLV5qQb/9IdeUyyuAP+4UoMxcr
+LTJr2ixbPQBfihGPEFTZsn0t980ofroaHOjVtx3Z6/DBE/gerN0U7P6yVHaUDeTw
+AL6QAxFRZSf/rZjIEMjsPtGxWD8m9xAkJhUgaufMdmlUVk2SFyO528+G4Gapk7zq
+YHf0jRhwmmZwrXJZttcrfanS1ZYyCax+HwoyhyZmrddiSenAUO8sMb3W0QARAQAB
+tCdLZWVwS2V5IFNlY3VyaXR5IDxzZWN1cml0eUBrZWVwa2V5LmNvbT6JAk4EEwEI
+ADgWIQQdQOCfysUXSozzwVr73OGve5lq2QUCY7h5dgIbAwULCQgHAgYVCgkICwIE
+FgIDAQIeAQIXgAAKCRD73OGve5lq2T4hD/9AE6c5I2kG1rg/vUd6i/MZPTBnakru
+kWa5BJn2Qpv+e/i3D0EVfoZAtyREfAcHyqAZvdc1bUz/vmUmUslm3tXTzrYBdulO
+PGQ3reN7I2N/q77ZrdjW7KDHc5w+t9Dl1Ei/iLt5j3wEa04d2/t7cuv97yMi587L
+XmTwMbsfOtnl08oHjWtMjwX9RmIBHqveLdGsEzuJ4s+7MLPhmyDnPzzoRsTxeSU+
+UuvaRvfZtNbfUK7OxvoAvreyk6JHS9AMAtyXROf9fTN+2vEzzmzNDIfHtEDasANY
+w21rhNSUIQ9EPMBzvrTkUToqlnahhHyOFki0WjRxsIniQClDEyRPeq6VqC2YSEOo
+4w8vT7/CxS2oFReZsDQcXcPFgKV9FyBq4zKjGPrxnKwcb+82ACLYTVj5qUNX3aug
+qJ1yD7vLxN9J3Rolx4rdHpnAZbfvELydLcdi9qQazLsR0wR/ofj6TgJux4mVsQfr
+GgoYuOMJZUwcYCidu3Drpi7KvK/y0bYEeEeIxzUIgRMVTIwEbcoEgMCh3s3Cu5eU
+GQOhwzno0O3fSfr/1UPJUHdRAm2u1BvlzDk7GMELV7CkMHlXVfL5bf0zRERM1YqY
+OUMajfk8FAcAv2fPTZ57dJtwu/rIh5rNRizcHn3fFloci+ReuT2X1wlbKQnrITTg
+EUli2Q8sY8MLC7kCDQRjuHl2ARAAsB5mAR8btR374iaTNcLUaA/KLPoZI23tsKiU
+SMhJ0MiORkfYjjUD019rZQMVZG/dBxL/mXwGqlMxLZ/NjpGV38lJ+HyTq6onTq+H
+1HIqJqsIvJ0nGu/j3N4lNp5NUwCAij8smKkirVTrAQ1ggCTCKjNgYVe8rr0RW9Dw
+pxnvOWt3rcOOnuY02ZWbiiUmpW7msGVG0MJR86IInBml7r6SN+6hnhIEhGKrKe2a
+LgFgT/oqEMirvv2vlcfRmKSsrghFPZsWcV+F6RSsS0tODPC5pYJ7vaqGZFLE24cS
+RVkKK/zbr3sI6WiFnolM3vH41de0ejYPRU5cGGseGEBfxpy0sL5yJzFZ+OBjBmys
+XuW/htIgCLXVdKcj/T/c1ypHJe8jOhT7A5OleTZqXeQx1HCi+n3fBTK7+KrPlq9H
+A3ccesTuKC5Whj6sFFs6bBhTffW+upg+T7z+DFWVz4swxsqO9tyipeCcObHMp8yi
+b7O5uwEvpvP/QqhocSGrR6gipjwprgcrWp5Nga+ycM1Lh5lbCTLeG6mAFovunMG4
+Bt1v5nv2iCm0aiq7/CCJUYJk+ZxmTT4yyijusnklLDbm7OJ/fDYhhqrJMOSl+PrX
+eXcIiIdFNhoyc1e33AdbcDuYBQ4b68arw+rXA1ZJRjhvQJwYfwEZ6y4Mw2VWJfl6
+3FBLr3cAEQEAAYkCNgQYAQgAIBYhBB1A4J/KxRdKjPPBWvvc4a97mWrZBQJjuHl2
+AhsMAAoJEPvc4a97mWrZQvIP/iq4sXo8tYk/wF+HraSCcIeVTAGWgwn9IKwyHaq1
+yf6iDAvMtUg3h74Om63INrfxEusfSrJK86f1Q1nXJoxneJKNAnpIdmv63bDghyd3
+aFrtPFtB+mIxzg38/2ka3yfOx36wAc9Q5YHYPuT5jnRiwyUdTNL1BBYBFSpukUDs
+e0k71l+asqHQL9HHw8Ug+7B9jkXgwuwDkmH3m274XyUdmzagzPdXdQcgSNIKZG27
+4NPqSirByQDRhjMai5272jZlleD/LAuh+hNf8a2MrckEhNqlfYwEvqP6T3mFdcr7
+jkBXyRHWKt2X2gyfgd8Yz/0vO2kzSfwZj/Pm2sHKUAZXr8OLVyhlN/cWzjFQqR9b
+l3twcMdl3LuoaQWyjU1jqIvClpD7wjvpXg0RwVwtYX0Ma9RqacwdjMrIj5uSLQUS
+DyA6wwyMEXsHf55dNUX8jy/i0gN8mta5Ofc11B+Jtr+b5E7l8QgnOsbKxTgJOi9z
+salPPYoPvIQ5LNi8vfLrs2ou9LVYoElw4TNqDIT7OnN/7yaWpXjfmvrLsN4sn+Oy
+goi+0Shty6zGJPTsk9g1PrjGNt9+QpDHm7Dm4jYMvGM4co/tdmhxK+d5KEA5TJAT
+vFLvoJ8hXCfYOOfkKdo77biOs5Mf4hamdUY+Xyvtfns5mbuuIfP+DTLEXXCXypMP
+wemd
+=XEEu
+-----END PGP PUBLIC KEY BLOCK-----
 
-## Reporting a Vulnerability
 
-If you would like to disclose a vulnerability to ShapeShift, we encourage you
-to send a new email to [email protected] with the word **[VULNERABILITY]** in
-the subject line.
 
-Please include the following information in your email:
-
-- Your name, nickname, handle, or what you’d like to be called while we
-  communicate with you.
-- The date/time you first identified the vulnerability.
-- How you identified the vulnerability.
-- As much detail about the vulnerability as you can.
-- How many times you leveraged the vulnerability during your testing (and if
-  applicable, a list of each test you performed).
-- Any additional information you feel may be pertinent.
-
-If you would like to encrypt your vulnerability report, you can use the
-following GPG key:
-
-<details><summary>GPG Key</summary>
-
-    -----BEGIN PGP PUBLIC KEY BLOCK-----
-
-    mQINBFqzSDABEAC8+iDfkjzoCiELiP4XQ5mc+UvEyYmkawy3iVJA36lXUgAXepM2
-    CqFRdcEamwukzP9XnpHlrTZIgYYkBCXPqy19bnvBiZ3LXwnPvvWG/skWQcoI9n6g
-    bgbYQ/DME/U7G8UjUXknKLfURYyAt2DE3VJP4qilJRQRIF0a3bMF1w6mSCOHwFUS
-    I+0EURF9wnTwq7QX3bKiPzj9D/8MTUN0vfLcN0oTeJz9F8oM/9d4/n0xhD2D+hgm
-    xUFa82COYuB93G3Wltiwg8+tEtqQ0hbsoWCGqgLiDZlA8fmuojcBqHsFXt09BXeJ
-    PN8dgb5Dfnsh1pQbROxYK7rAfaZRP6sRfGrGCxwIyYlN7jIaaK4wGAv+KKrxuZ+V
-    hoEnsNBhlrGRD7HlDvltH2WA/8ocyi4h0jWEMTSgGYHjVtSTaGBKpDd2FapKxw8+
-    WuuejzvPOC1FJT7JtbjDmjw4CPFruG2YzphNMWbAt3UNMyujneR7ZHZ2BNDeQa7m
-    r+g/o6OrxoPcIBHQ+aenJ+8HhYbl46GIZ1cVlroUWqD9w0JLc7UQRYRGKqPfJwLf
-    XioRCx/4KH6gTGVRLCgy0iGci9BZvoTgBAkwk/4Fmxga3xdfEG/DKNUi+fHYs41b
-    rT+TDJ5DYy/+iLvQcrAVtP/ub/OT67NECI8VMwcxi0jJ/wko0Si6wTrdMwARAQAB
-    tC1TZWN1cml0eSAoQWlyR2FwcGVkKSA8c2VjdXJpdHlAc2hhcGVzaGlmdC5pbz6J
-    Aj0EEwEKACcFAlqzSDACGwMFCQPCZwAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AA
-    CgkQBLl8Md92+kA8+RAAh9iQTNNi/yabsmrDsHNzW5YDfsCD0tTLQqkBS2FUZIb4
-    G23rWrAbvDlidXl6dJ0CRp1Zsi2kNVYM0qYzYNFZ9nQ/y76Gd8pKvgVr8sihp2XL
-    pp8iO0u6jQIiy5WDZi8vSKLY7LaN94OGHEmO8BIqusXWcDogVMdCnEuILw2tJRYT
-    wp/TULDYwUrXlm5oBB4qvkqb7tFSYid+7VxY6sAXfMf6AzS1Mjkv2/EQ6PEfI3GF
-    3jphPE6Y6S+rdS/XNaaodCFwLG6pFPN9fFJzQHl+ae7nAbBtLeeCjR5eyD+b1uuz
-    YXzAhr/hOlM58pMGu/iud5Ccxp2/MSgR7ey+mXzOgqxtcW6fMNeDR+38IK4KpvV7
-    eiAcGJrL/ZsbNBU37Fb/2ZQHpWDBkyXeoHU3KO7Hoi1N+3U5+d6o+bHChiODDptH
-    YyDyFQCSFSU5eAW+jfhpP2DVi7B3BvTnBcvECjfYcBH/03MJUK9U1STiWIX5xdvi
-    6mmOW0iZOCdkRzJvllHnXBR4oa8nva10Ad8zN6/nfFVnnLdbAKWPq0BJUHUpBXQ7
-    yD2j8DjyVYFs1j4UdmdSlArjxGpVwi1lT7xzKYGWmVT7WaFEVm5GWfk3y+m6HrIn
-    ItisUaIN/jzT3qXQ2bzOv3UWkz/NWUbJ6VhXZltbGGiDH1AgjT7QAJmnh4DrEDO0
-    K1NlY3VyaXR5IChBaXJHYXBwZWQpIDxzZWN1cml0eUBrZWVwa2V5LmNvbT6JAj0E
-    EwEKACcFAlqzSK4CGwMFCQPCZwAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
-    BLl8Md92+kBy5hAAj00uVyzu4uSaacbDThk+gcTBcpQxYmOFnUKZ6TWESd0RyzIW
-    Rai9aH/Qx73tJsAkLadM1mi+2TEgmB6vMmqgy+rq4Zu7hvzJjS/xJyVPxA2uL/V5
-    jQBKYaNalICbYwxmpubY8OHBNCCTuYRU07IEndmXx7cdhUdfkB6py6UTbpZ1f32U
-    RImtXdXKkz0Bl4QKByMNUE+xgeTXm7ucyiwD/oxrU1/Y6ga1R2r/U9P7C0bQrQGZ
-    WS/cv4FtgXbwLKhZdo0ahz28vptz2qy861ZCRC58IptO/iS3aPNjzZDA/Lz0oj74
-    qfZ9kf3HYK3pux52xLecZbyYh/3qOAEn9DGsj5jamJXTRI/ikoipVq8DQ1PnBTCs
-    aRjDIvi0YapeRz6KJyGvwyCFyU3ciYVtc2G1RjXOsbmCH48MNYja9zaswJGjBUnn
-    B41mBoUsBRvXyZZ6rWwqIaGKsqg+9coqRkZRU9EU2JC1Jk5E7IFG52BtcwoNG2gH
-    aOsyU1K9QSenZMLWY4Tz3+FBjSuUp+fAvFlB7uld00CBsifNVDJ/UjA2NQNrXrvx
-    coYx2PHlhEItgWkgHEayUHG6TL+NIqQlfm2tHVia6Si3FNLd7yg0hc6WlVRXPops
-    RyP2UPQ7uVjm11sgr69x98F2F4vgnCwXGthnzwcrw4JEE+1saVMvqpK/Gou5Ag0E
-    WrNItgEQAMvsoxJOb53qEwMhQeeuz+8B1IiJEEf9+MJZni1FW6a0rAPWtGGxaQxy
-    OCYEG7sKFkubtSHlvnS8DuvcarPyDWWjvkgwJWj3dazqK9gq9GJtd3EgFA4znkEF
-    dC9OaTdRRd1FtwKig9MTmUTShEXW8b/GsZHEoqarvltQ5Zs0jDVr1grppCt03nXI
-    kL9WqLPZBlVChLcI3y9fS6fN/Sh17dbzcSBYR7CmpkRC21P5qLzq+qk51+UtrYul
-    MEPLqaUIgqHDmsZxjCdlKuZ2kkpHSICBqB/SkrbMA7WLOm0/9Hk2EPH66mJ4S3dI
-    0tFEANaz2BFmUARAR7xMuSykY6nGHsCjpNEFU68rw7rT0cY//iU0jgNUoGIyu2PR
-    99sFlIk09USl+pVsovUc/IjgEKKzp24aG7HB0wn1h9cMnrbXn29LfrJ7lE0qa9OW
-    JnuETSfbNA6MrLu3sX+apgZKd3DZUHpbjwJ+TWI2RvFFyW7Fpl0qw9jgK2RSmhvb
-    sO+kssKyDYvoKdb2oWrbd3cQGf+DFB5KBO7ULOjEOhf/RgI8UoV2h4AlODHMOyBa
-    D77Z35hRQKXcZqoGePJ419AKLRRv41f+IZgNGF8xDJiGEbj9aWUgMSi99/zJLhkK
-    Nq5H5vhlKkTU6aG4jqyy4oT8eCiYUBVHwcNIVXg96gysRAIFX5AFABEBAAGJAiUE
-    GAEKAA8FAlqzSLYCGwwFCQPCZwAACgkQBLl8Md92+kDV+hAAhFJcbtab1zoWR5Sb
-    I0QKUv1VDdTFBaAuGJym2ySAQpBO3UklNxIY+Pxose+MO0KhWxVWouWOFqIEwJ1S
-    XH7whRcDgve5OcTRW9ylDS2QFjdaFSlEE9B7qbWibr0PO4duSs6W/R2XZthb3bf1
-    whJz5TbtqQ2DHFGgrcVS4KwEqkbcNVJH8okEtldk5bH1woegRcIoSpvWOn/oxDbu
-    N+RJgfeN+5+i7W66Ze/zimHLvgJjvK/t9yHXh06Xuc0D1BzWo+qhq1PH8ltyqQxW
-    rVzmU+2bUavaYXIJn74C/QaHhuUUvv8KZWCxjWtFHj/g8DkFVpahiFB6kIoSyqNx
-    lJsalOmkBdFT4Qqz3c92T7rnySmNGwsipEMHLmBrZ5t/7JtRsnXwgh2L59U345xE
-    VAPKd0AMvYOqiMYTIXcf7qztodlTY3HMNCrvQc5ltqDEv38J+bdSKZI0VEkK5Cjm
-    3fZGoXuU/heByFks+aZgbPATjERVb0tPTuRc1m6BMG963PBxi1ZzmXAXVpfaJK/M
-    sB5Lz3tokmGAOnQoN2x/A/ki/O03dwqo2OFF7rkhW7yfS5hRhoefIUw8lcCMDHFz
-    GU6vD0PjsTgm+n10nTYnpeMthFHjHkIbayN9HCKk98dwSruk1vJhQrATxvbAA1K2
-    d+jEZJdCsJUsYSuhzaTfNjzy/qy5Ag0EWrNI0gEQAK8RPInGMMZnQp06QWHKtL2M
-    7NVAsMYKqQrhfkNS8XddbIBmhszAXq+1cYVac7skBSeDb/FJXS7R1qbKBJX35bAF
-    MNpqjmB26NbtUgoCuknB9UjB9DrV67foSfI9Jaj7jcN9pVs8kE8+PW93dwkdPoD0
-    Mpv22HYaPRotdprITBwXpO0ZLzlBBXAy4P/6RJ6nqTn//DiHG2SBvdGd03OgLpkd
-    /gqOOH1Xb6X/RarP93DMBNKZgKZ/qEJsROQFiS/p5bPAcW2cOEXPORT7ICcq92tg
-    Qu6os/h4zkTEsJr8SVcjo8/V4HUHRC4op4GUnSCEWhOp9wiWD1MD0bvOuCND3Ivq
-    Z379IbaCbr6UgipZvr+FUONpAjVRQodyuLt56NJjRHpMBih1mAQMbvSmQuQXHAF7
-    MuaxkoMXFgM8FIROnCmHpPbAeGKpWxNuPNVTGx3Df0oPvKxZWRvtSTo6Z++x3+2B
-    1iFC2lOH/vsH007rb6zNMd96JvHU6TcU9WodUJ640yvHHxJA6LPsEbWfhWSYMyMI
-    8mhlA0Gybgj8sbB7sB3lexC8rV4ckQYnz7yXtfMfhqHdrGxOmJ6TJ3dxs74l2g33
-    cqyvZ+TexomWruxE1V0PpGts/rYKKSZYbphnaCWmyVvxM7WnOENPvXbcedWsefn+
-    Xs+ERp877Z2oHkkyTviPABEBAAGJBEQEGAEKAA8FAlqzSNICGwIFCQPCZwACKQkQ
-    BLl8Md92+kDBXSAEGQEKAAYFAlqzSNIACgkQg5bPBbyR2lAKPQ//QcWhEHhsM6sX
-    4Xcv63+4Vs0UUfN0NEQi4KeMt6ursIRqxq5iaFgOXK8pirOjK94PEhSbFqgUlhKa
-    NWlhfhp06/zFQxYvySbW9BH4AQ171WWM3K/aUJnw1i1GjErIJYIhEsq516weVGx0
-    KcB8J9NylrioxxKmHtimqcPTRmGPTXxDpLpxDH9dtW/7rAZwJP5PYsBDiDWR/p/Z
-    58adx9k+Bv3n9SVhO5gvicgJdg4xebzoFeu+97c15sw+seMYnOfrJuiWK9CWO4o7
-    KRZrQzidSKEhhWVfl1AUCjtB/9b/rUj6oEtRlxR1FJjj94BCl2AwQ5nKQw5LsvJO
-    5MhDqkQ2FoadLgddFTxdBAPbV+9aIlP1CqPEdSlkMmj9eHRwopyFir8/WQ5aYx4Y
-    eros2mPx08uCE+Mm6xvNBKegdZpU75bd3t3xVujSNAkuZvfnGT910w2j1leTujj7
-    W68s0P1VXEp6hDx0uvNOLwdKQV1E2cmoezR5/Ymq7ZzBAXMn9RYZ/3ThP9rftPMC
-    EO19YW4GD9qi8HKM1pUcmjjF5Fc2IvD8OqoYUi8YrE2ClqSicbRMioEvnUPuX1Z8
-    IE9xYGHQiEEomA58vOn6SZJd/8WWb5C7UdWiUsZ7GvYZ6oETH2EGkCI2PJEcqBBg
-    bSj2YcJ4YKMpmoplngcJCs323Ek4FD2tohAAg/VAecWh4Pp60Gbs0DAnKMrN376S
-    mEuRIbHRZkdCG+F/Es6qYJxCULNbI/40pTN3vx7RFVSVSKsyZnMhd0o9oZG/y8ux
-    KLdusYUgl5jP77AE4XLR5UxnGuKd7c9TiVPqkQ821fzMJVGjYbT4scBO+8hWx8wc
-    9RNaDO5AE10QSZ9asqPscQVgOVIm+oJ0n+R35kl2y3kRP+hr0oGbm+R/Y3yshuBa
-    LnFQXZP2Alc1G39/fWkcjawUCMppiDqDty2+CpjKFUpdNVDmW/lKxsr4nxbxEwoY
-    LNMCK9L4xaEFETyV+CU+3VWs26ov6sVnI7+dlNplXPko2JVC8n2HnxKe2N8ZlqBH
-    36FFRA16skbgwS4vAKMgNwhld+XMKfN61t2igzShik1YaF3JRtGgoMY9+w1rOsNs
-    Qy+ArXXsZ6tkw7ZUiOl400hE4exGk2CjXqXBTxXhYi9jMl+8Ho8VgyQoc2JPBB6/
-    tB2+UO/Nwpiskw2328CHPNCb1YYsAuNRyRkGbJi/hY2Qu6D8AwUZtffXiVR/eg+k
-    t4qqiXfKrL/z520LYos2PmDloEj/z1ezItCfpEtUv6UASpeRnwFIgHndYy2M5y3B
-    ELz4oMjKb0M8ooSv26UusBMS63vqCy1oN3RDzgOkt0N3rcltJ6Q87X1h/cVo+tOd
-    vdS+QrWAKcrcUEg=
-    =G0QG
-    -----END PGP PUBLIC KEY BLOCK-----
-
-</details>
-
-https://corp.shapeshift.io/responsible-disclosure-program

docs/Storage.md

@@ -124,7 +124,7 @@ it easier to extend for new features later on.
 | root_seed_cache_status    | u8             |            1 |            370 |
 | root_seed_cache           | char[64]       |           64 |            371 |
 | root_ecdsa_curve_type     | char[10]       |           10 |            435 |
-| reserved                  | char[63]       |           63 |            445 |
+| reserved                  | char[67]       |           67 |            445 |
 
 
 STORAGE_VERSION 16 layout
@@ -181,4 +181,80 @@ STORAGE_VERSION 16 layout
 | root_seed_cache_status    | u8             |            1 |            370 |
 | root_seed_cache           | char[64]       |           64 |            371 |
 | root_ecdsa_curve_type     | char[10]       |           10 |            435 |
-| reserved                  | char[63]       |           63 |            445 |
+| reserved                  | char[67]       |           67 |            445 |
+
+STORAGE_VERSION 17 layout
+-------------------------
+This version increased the size of the secret storage to accomodate the authenticator feature secrets
+#### Public(ish) Storage
+
+| Field                     | Type           | Size (bytes) | Offset (bytes) |
+| ------------------------- | -------------- | ------------ | -------------- |
+| version                   | u32            |            4 |              0 |
+| flags                     | u32            |            4 |              4 |
+|   has_pin                 |   bit 0        |              |                |
+|   has_language            |   bit 1        |              |                |
+|   has_label               |   bit 2        |              |                |
+|   has_auto_lock_delay_ms  |   bit 3        |              |                |
+|   imported                |   bit 4        |              |                |
+|   passphrase_protection   |   bit 5        |              |                |
+|   formerly: ShapeShift    |   bit 6        |              |                |
+|   formerly: Pin Caching   |   bit 7        |              |                |
+|   has_node                |   bit 8        |              |                |
+|   has_mnemonic            |   bit 9        |              |                |
+|   has_u2froot             |   bit 10       |              |                |
+|   Experimental policy     |   bit 11       |              |                |
+|   AdvancedMode policy     |   bit 12       |              |                |
+|   no backup (seedless)    |   bit 13       |              |                |
+|   has_sec_fingerprint     |   bit 14       |              |                |
+|   sca_hardened            |   bit 15       |              |                |
+|   has_wipe_code           |   bit 16       |              |                |
+|   v15_16_trans            |   bit 17       |              |                |
+|   authdata_initialized    |   bit 18       |              |                |
+|   authdata_encrypted      |   bit 19       |              |                |
+|   reserved                |   bits 20 - 31 |              |                |
+| pin_failed_attempts       | u32            |            4 |              8 |
+| auto_lock_delay_ms        | u32            |            4 |             12 |
+| language                  | char[16]       |           16 |             16 |
+| label                     | char[48]       |           48 |             32 |
+| wrapped_storage_key       | char[64]       |           64 |             80 |
+| storage_key_fingerprint   | char[64]       |           32 |            144 |
+| wrapped_wipe_code_key     | char[64]       |           64 |            176 |
+| wipe_code_key_fingerprint | char[64]       |           32 |            240 |
+| u2froot                   | StorageHDNode  |          129 |            272 |
+| u2f_counter               | u32            |            4 |            401 |
+| sec_fingerprint           | char[32]       |           32 |            405 |
+| random_salt               | char[32]       |           32 |            437 |
+| authdata_fingerprint      | char[32]       |           32 |            469 | 
+| reserved                  | char[996]      |         1028 |            501 |
+| encrypted_secrets_version | u32            |            4 |           1497 |
+| encrypted_secrets         | char[1024]     |          512 |           1501 |
+
+
+#### Secret Storage
+
+| Field                     | section        | Type           | Size (bytes) | Offset (bytes) |
+| ------------------------- | -------------- |--------------- | ------------ | -------------- |
+| node                      | crypto         |StorageHDNode   |          129 |              0 |
+| mnemonic                  | crypto         | char[241]      |          241 |            129 |
+| cache->
+|   root_seed_cache_status  | crypto         | u8             |            1 |            370 |
+|   root_seed_cache         | crypto         | char[64]       |           64 |            371 |
+|   root_ecdsa_curve_type   | crypto         | char[10]       |           10 |            435 |
+| sec_reserved              | crypto         | char[67]       |           67 |            445 |
+|                    Block boundary - N*256 bytes above, M*256 bytes below
+| authenticator_accounts    | authenticator  | 10 * char[45]  |          450 |            512 |
+| authenticator_reserved    | authenticator  | char[62]       |           62 |            962 | 
+
+Secret storage is split into two sections block-multiple size sections, crypto secrets and authenticator secrets.
+Because the authenticator data is encrypted independently with the bip39 passphrase,
+  sizeof(authenticator_accounts) + sizeof(authenticator_reserved) % 256 == 0.
+
+Cache specifics:
+
+typedef struct _Cache {
+  /* Root node cache */
+  uint8_t root_seed_cache_status;
+  uint8_t root_seed_cache[64];
+  char root_ecdsa_curve_type[10];
+} Cache;

include/keepkey/board/confirm_sm.h

@@ -28,21 +28,26 @@
 
 /* implement a means to display debug information */
 #ifdef DEBUG_ON
-  #define DEBUG_DISPLAY(TITLE) \
+  // Examples
+  // DEBUG_DISPLAY("here");
+  // DEBUG_DISPLAY("%d %s", slot, account);
+  #define DEBUG_DISPLAY(...)\
   {\
-    (void)review(ButtonRequestType_ButtonRequest_Other, TITLE, " ");\
+    char _str[61]={0};\
+    snprintf(_str, 60, __VA_ARGS__);\
+    (void)review(ButtonRequestType_ButtonRequest_Other, _str, " ");\
   }
   // Example
-  // DEBUG_DISPLAY_VAL("sig", "sig %s", 65, resp->signature.bytes[ctr]);
+  // DEBUG_DISPLAY_VAL("sig", "sig %s", 65, resp->signature.bytes[_ctr]);
   #define DEBUG_DISPLAY_VAL(TITLE,VALNAME,SIZE,BYTES) \
   {\
-    char str[SIZE+1];\
-    int ctr;\
-    for (ctr=0; ctr<SIZE/2; ctr++) {\
-      snprintf(&str[2*ctr], 3, "%02x", BYTES);\
+    char _str[SIZE+1];\
+    int _ctr;\
+    for (_ctr=0; _ctr<SIZE/2; _ctr++) {\
+      snprintf(&_str[2*_ctr], 3, "%02x", BYTES);\
     }\
     (void)review(ButtonRequestType_ButtonRequest_Other, TITLE,\
-                 VALNAME, str);\
+                 VALNAME, _str);\
   }
 #endif
 
@@ -58,7 +63,7 @@ typedef enum {
   LAYOUT_CONFIRMED,
   LAYOUT_FINISHED,
   LAYOUT_NUM_LAYOUTS,
-  LAYOUT_INVALID
+  LAYOUT_INVALID,
 } ActiveLayout;
 
 /* Define the given layout dialog texts for each screen */
@@ -74,6 +79,7 @@ typedef struct {
   DialogLines lines;
   DisplayState display_state;
   ActiveLayout active_layout;
+  bool immediate;
 } StateInfo;
 
 #define isprint(c)   ((c) >= 0x20 && (c) < 0x7f)
@@ -143,4 +149,11 @@ bool review_with_icon(ButtonRequestType type, IconType iconNum, const char *requ
                       const char *request_body, ...)
       __attribute__((format(printf, 4, 5)));
 
+/// Like confirm, but always \returns true and immediately.
+/// \param request_title   Title of confirm message.
+/// \param request_body    Body of confirm message.
+bool review_immediate(ButtonRequestType type, const char *request_title,
+            const char *request_body, ...)
+    __attribute__((format(printf, 3, 4)));
+
 #endif

include/keepkey/board/layout.h

@@ -121,6 +121,7 @@ bool is_animating(void);
 void force_animation_start(void);
 void animating_progress_handler(const char *desc, int permil);
 void layoutProgress(const char *desc, int permil);
+void layoutProgressForAuth(const char *otp, const char *desc, int permil);
 void layoutProgressSwipe(const char *desc, int permil);
 void layout_add_animation(AnimateCallback callback, void *data,
                           uint32_t duration);