Enhancement and fixes of "Secure" feature (#16958)

2022-05-14 15:07:08 -07:00 · 2022-05-14 15:07:08 -07:00 · db887e63d7
commit db887e63d7
parent baa8d07fdb
8 changed files with 379 additions and 2 deletions
--- a/quantum/process_keycode/process_secure.c
+++ b/quantum/process_keycode/process_secure.c
@ -7,7 +7,9 @@

 bool preprocess_secure(uint16_t keycode, keyrecord_t *record) {
    if (secure_is_unlocking()) {
-        if (!record->event.pressed) {
+        // !pressed will trigger on any already held keys (such as layer keys),
+        // and cause the request secure check to prematurely fail.
+        if (record->event.pressed) {
            secure_keypress_event(record->event.key.row, record->event.key.col);
        }

@ -33,7 +35,11 @@ bool process_secure(uint16_t keycode, keyrecord_t *record) {
            secure_is_locked() ? secure_unlock() : secure_lock();
            return false;
        }
+        if (keycode == SECURE_REQUEST) {
+            secure_request_unlock();
+            return false;
+        }
    }
 #endif
    return true;
-}
+}
--- a/quantum/quantum.c
+++ b/quantum/quantum.c
@ -571,3 +571,16 @@ const char *get_u16_str(uint16_t curr_num, char curr_pad) {
    last_pad = curr_pad;
    return get_numeric_str(buf, sizeof(buf), curr_num, curr_pad);
 }
+
+#if defined(SECURE_ENABLE)
+void secure_hook_quantum(secure_status_t secure_status) {
+    // If keys are being held when this is triggered, they may not be released properly
+    // this can result in stuck keys, mods and layers.  To prevent that, manually
+    // clear these, when it is triggered.
+
+    if (secure_status == SECURE_PENDING) {
+        clear_keyboard();
+        layer_clear();
+    }
+}
+#endif
--- a/quantum/quantum_keycodes.h
+++ b/quantum/quantum_keycodes.h
@ -601,6 +601,7 @@ enum quantum_keycodes {
    SECURE_LOCK,
    SECURE_UNLOCK,
    SECURE_TOGGLE,
+    SECURE_REQUEST,

    CAPS_WORD,

--- a/quantum/secure.c
+++ b/quantum/secure.c
@ -23,17 +23,24 @@ static secure_status_t secure_status = SECURE_LOCKED;
 static uint32_t        unlock_time   = 0;
 static uint32_t        idle_time     = 0;

+static void secure_hook(secure_status_t secure_status) {
+    secure_hook_quantum(secure_status);
+    secure_hook_kb(secure_status);
+}
+
 secure_status_t secure_get_status(void) {
    return secure_status;
 }

 void secure_lock(void) {
    secure_status = SECURE_LOCKED;
+    secure_hook(secure_status);
 }

 void secure_unlock(void) {
    secure_status = SECURE_UNLOCKED;
    idle_time     = timer_read32();
+    secure_hook(secure_status);
 }

 void secure_request_unlock(void) {
@ -41,6 +48,7 @@ void secure_request_unlock(void) {
        secure_status = SECURE_PENDING;
        unlock_time   = timer_read32();
    }
+    secure_hook(secure_status);
 }

 void secure_activity_event(void) {
@ -85,3 +93,10 @@ void secure_task(void) {
    }
 #endif
 }
+
+__attribute__((weak)) bool secure_hook_user(secure_status_t secure_status) {
+    return true;
+}
+__attribute__((weak)) bool secure_hook_kb(secure_status_t secure_status) {
+    return secure_hook_user(secure_status);
+}
--- a/quantum/secure.h
+++ b/quantum/secure.h
@ -65,3 +65,15 @@ void secure_keypress_event(uint8_t row, uint8_t col);
 /** \brief Handle various secure subsystem background tasks
 */
 void secure_task(void);
+
+/** \brief quantum hook called when changing secure status device
+ */
+void secure_hook_quantum(secure_status_t secure_status);
+
+/** \brief user hook called when changing secure status device
+ */
+bool secure_hook_user(secure_status_t secure_status);
+
+/** \brief keyboard hook called when changing secure status device
+ */
+bool secure_hook_kb(secure_status_t secure_status);