feat(core): Improve Optiga transport error handling.

trezor · Sep 25, 2023 · 05ef0d0 · 05ef0d0
1 parent 1ec1745
commit 05ef0d0
Showing 1 changed file with 15 additions and 5 deletions.
diff --git a/core/embed/trezorhal/optiga/optiga_transport.c b/core/embed/trezorhal/optiga/optiga_transport.c
@@ -279,20 +279,23 @@ static optiga_result optiga_ensure_ready(void) {
         return ret;
       }
 
-      if ((frame_buffer[0] & I2C_STATE_BYTE1_BUSY) == 0) {
+      if ((frame_buffer[0] & I2C_STATE_BYTE1_RESP_RDY) != 0) {
+        // There is a response that needs to be flushed out.
         break;
       }
+
+      if ((frame_buffer[0] & I2C_STATE_BYTE1_BUSY) == 0) {
+        // Not busy and no response that would need to be flushed out.
+        return OPTIGA_SUCCESS;
+      }
       ret = OPTIGA_ERR_BUSY;
     }
 
     if (ret != OPTIGA_SUCCESS) {
+      // Optiga is busy even after maximum retries at reading the I2C state.
       return ret;
     }
 
-    if ((frame_buffer[0] & I2C_STATE_BYTE1_RESP_RDY) == 0) {
-      return OPTIGA_SUCCESS;
-    }
-
     // Flush out the previous response.
 
     uint16_t size = (frame_buffer[2] << 8) + frame_buffer[3];
@@ -402,6 +405,13 @@ static optiga_result optiga_read(void) {
 
       return OPTIGA_SUCCESS;
     }
+
+    if ((frame_buffer[0] & I2C_STATE_BYTE1_BUSY) == 0) {
+      // Optiga has no response ready and is not busy. This shouldn't happen if
+      // we are expecting to read a response, but Optiga occasionally fails to
+      // give any response to a command.
+      return OPTIGA_ERR_UNEXPECTED;
+    }
   }
 
   return OPTIGA_ERR_TIMEOUT;