feat(fw): add device authentication public key whitelist

[matejcik]

This should be the source of truth for https://github.com/trezor/trezor-suite/blob/develop/packages/connect/src/data/deviceAuthenticityConfig.ts#L48

What is missing here is any kind of signature over these files -- kind of crucial if you ask me, but there is no straightforward way to add it. We were discussing using the equivalent of Suite messaging system for it?

cc @tsusanka @komret @mroz22

[mroz22]

ack for the source of truth part

[komret]

There is a requirement for onboarding to work offline, so we need to have the source of truth in Suite...

[matejcik]

There is a requirement for onboarding to work offline, so we need to have the source of truth in Suite...

no, you need a copy of the source of truth in Suite :)

[matejcik]

specifically, what I'm proposing here is that these are the master files that are published on data.tio, and Suite grabs them from here in the same process as grabbing FW images

[mroz22]

yes, we should have some good automation for all those sources of truth. There are many things we should improve and we can start here. @karliatto could you check on it? a script that would check trezor-common submodule and update the respective file in connect when needed? It could be a nightl job opening PR maybe?

[karliatto]

yes, we should have some good automation for all those sources of truth. There are many things we should improve and we can start here. @karliatto could you check on it? a script that would check trezor-common submodule and update the respective file in connect when needed? It could be a nightl job opening PR maybe?

Sure, having a look at that.

[tsusanka]

Confirming that this equals the pub keys we have in Suite.

We can merge now, and we will discuss how to improve this by signing.

[tsusanka]

@mroz22 @karliatto made an issue in Suite repo: trezor/trezor-suite#12982