Hardening + porting to Apex P

[iartemov-ledger]

Initial motivation for the work was to port the app to Apex.
Also we have a strategy of least permission.
As this application is a L2 on top of bitcoin using app-bitcoin-new@baseapp branch as dependency the both goals can be achieved by the upgrading of the dependency to its current head.

• allowed derivation path limited to "*/0'" "4541509'" "45'" (or to "*/1'" "4541509'" "45'" for testnet)
• APPLICATION_FLAG_DERIVE_MASTER removed
• Porting to Apex P
• Some adaptation of the app's code to the updated baseapp branch
• Version bump + CHANGELOG
• Snapshot update
• to remove artificial, for-test-only commit 2860e65
• to be merged first as dependency app-core hardening ledger-app-database#470

@pollastri-pierre can it be an issue for this application - the derivation path hardening applied ?

[pollastri-pierre]

@iartemov-ledger I'm not familiar with this way to express derivation path "*/0'" "4541509'" "45'"

The app needs access to the same path as the bitcoin app + it needs access to m/84h/[0-1]h/0h/0/0 (which is native segwit so if the app has access to default wallet policy paths, it already have access to that)

[iartemov-ledger]

@iartemov-ledger I'm not familiar with this way to express derivation path "*/0'" "4541509'" "45'"

The app needs access to the same path as the bitcoin app + it needs access to m/84h/[0-1]h/0h/0/0 (which is native segwit so if the app has access to default wallet policy paths, it already have access to that)

Thank you @pollastri-pierre !
With "*/0'" / "*/'" syntax we ensure the access to any purposes including the Native segwit one (84').

[tdejoigny-ledger]

Did you sideload on Nano Gen 5 ?

[tdejoigny-ledger]

@iartemov-ledger LGMT, sideload ok

[iartemov-ledger]

Did you sideload on Nano Gen 5 ?

I had side-loaded on Apex of course.
But indeed, the icon and the glyph were both grayscale, and still displayed fine.
Anyway I've just converted the both to bilevel.
@tdejoigny-ledger , could you please re-approve?