From f4e5901726c9f8fab28c515d3fe97e0380e9717d Mon Sep 17 00:00:00 2001
From: zvecr <git@zvecr.com>
Date: Wed, 13 Jul 2022 23:49:55 +0100
Subject: [PATCH] Strip out 'permissions: ignore'

---
 data/schemas/xap.jsonschema                    |  3 +--
 data/xap/xap_0.1.0.hjson                       | 18 ------------------
 docs/xap_0.1.0.md                              |  6 ++----
 docs/xap_0.2.0.md                              |  6 ++----
 lib/python/qmk/cli/xap/xap_client.py           |  4 +---
 .../qmk/xap/gen_firmware/inline_generator.py   |  1 -
 quantum/xap/xap.c                              |  6 ------
 7 files changed, 6 insertions(+), 38 deletions(-)

diff --git a/data/schemas/xap.jsonschema b/data/schemas/xap.jsonschema
index db0e7c4e87f..0e3189561f0 100644
--- a/data/schemas/xap.jsonschema
+++ b/data/schemas/xap.jsonschema
@@ -30,8 +30,7 @@
         },
         "permission": {
             "enum": [
-                "secure",
-                "ignore"
+                "secure"
             ]
         },
         "struct": {
diff --git a/data/xap/xap_0.1.0.hjson b/data/xap/xap_0.1.0.hjson
index 5eb1459d655..c4988a22464 100755
--- a/data/xap/xap_0.1.0.hjson
+++ b/data/xap/xap_0.1.0.hjson
@@ -38,22 +38,6 @@
                     When this bit is set, the requested _route_ was marked _secure_ but an _unlock sequence_ has not completed.
                     '''
             }
-            6: {
-                name: Unlocking
-                define: UNLOCK_IN_PROGRESS
-                description:
-                    '''
-                    When this bit is set, an _unlock sequence_ is in progress.
-                    '''
-            }
-            7: {
-                name: Unlocked
-                define: UNLOCKED
-                description:
-                    '''
-                    When this bit is set, an _unlock sequence_ has completed, and _secure routes_ may be invoked.
-                    '''
-            }
         }
     }
 
@@ -202,7 +186,6 @@
                         * 2 means secure routes are allowed
                         * any other value should be interpreted as disabled
                         '''
-                    permissions: ignore
                     return_type: u8
                     return_execute: secure_status
                 }
@@ -217,7 +200,6 @@
                     type: command
                     name: Secure Lock
                     define: SECURE_LOCK
-                    permissions: ignore
                     description: Disable secure routes
                     return_execute: secure_lock
                 }
diff --git a/docs/xap_0.1.0.md b/docs/xap_0.1.0.md
index bdfd62df343..3fa4dc00ff9 100644
--- a/docs/xap_0.1.0.md
+++ b/docs/xap_0.1.0.md
@@ -57,10 +57,8 @@ Response messages will always be prefixed by the originating request _token_, di
 
 | Bit 7 | Bit 6 | Bit 5 | Bit 4 | Bit 3 | Bit 2 | Bit 1 | Bit 0 |
 | -- | -- | -- | -- | -- | -- | -- | -- |
-| `UNLOCKED` | `UNLOCK_IN_PROGRESS` | `-` | `-` | `-` | `-` | `SECURE_FAILURE` | `SUCCESS` |
+| `-` | `-` | `-` | `-` | `-` | `-` | `SECURE_FAILURE` | `SUCCESS` |
 
-* Bit 7 (`UNLOCKED`): When this bit is set, an _unlock sequence_ has completed, and _secure routes_ may be invoked.
-* Bit 6 (`UNLOCK_IN_PROGRESS`): When this bit is set, an _unlock sequence_ is in progress.
 * Bit 1 (`SECURE_FAILURE`): When this bit is set, the requested _route_ was marked _secure_ but an _unlock sequence_ has not completed.
 * Bit 0 (`SUCCESS`): When this bit is set, the request was successfully handled. If not set, all payload data should be disregarded, and the request retried if appropriate (with a new token).
 
@@ -111,7 +109,7 @@ This subsystem is always present, and provides the ability to address QMK-specif
 | Board identifiers | `0x01 0x02` |  |__Response:__<br>&nbsp;&nbsp;&nbsp;&nbsp;* Vendor ID: `u16`<br>&nbsp;&nbsp;&nbsp;&nbsp;* Product ID: `u16`<br>&nbsp;&nbsp;&nbsp;&nbsp;* Product Version: `u16`<br>&nbsp;&nbsp;&nbsp;&nbsp;* QMK Unique Identifier: `u32`| Retrieves the set of identifying information for the board.|
 | Board Manufacturer | `0x01 0x03` |  |__Response:__ `string`| Retrieves the name of the manufacturer|
 | Product Name | `0x01 0x04` |  |__Response:__ `string`| Retrieves the product name|
-| Config Blob Length | `0x01 0x05` |  |__Response:__ `u32`| Retrieves the length of the configuration data bundled within the firmware|
+| Config Blob Length | `0x01 0x05` |  |__Response:__ `u16`| Retrieves the length of the configuration data bundled within the firmware|
 | Config Blob Chunk | `0x01 0x06` |  |__Request:__ `u16`<br><br>__Response:__ `u8[32]`| Retrieves a chunk of the configuration data bundled within the firmware|
 | Jump to bootloader | `0x01 0x07` | __Secure__ |__Response:__ `u8`| Jump to bootloader<br><br>May not be present – if QMK capabilities query returns “true”, then jump to bootloader is supported<br><br>* 0 means secure routes are disabled, and should be considered as a failure<br>* 1 means successful, board will jump to bootloader|
 | Hardware Identifier | `0x01 0x08` |  |__Response:__ `u32[4]`| Retrieves a unique identifier for the board.|
diff --git a/docs/xap_0.2.0.md b/docs/xap_0.2.0.md
index 1b3bedc7fcc..560e141fdd2 100644
--- a/docs/xap_0.2.0.md
+++ b/docs/xap_0.2.0.md
@@ -57,10 +57,8 @@ Response messages will always be prefixed by the originating request _token_, di
 
 | Bit 7 | Bit 6 | Bit 5 | Bit 4 | Bit 3 | Bit 2 | Bit 1 | Bit 0 |
 | -- | -- | -- | -- | -- | -- | -- | -- |
-| `UNLOCKED` | `UNLOCK_IN_PROGRESS` | `-` | `-` | `-` | `-` | `SECURE_FAILURE` | `SUCCESS` |
+| `-` | `-` | `-` | `-` | `-` | `-` | `SECURE_FAILURE` | `SUCCESS` |
 
-* Bit 7 (`UNLOCKED`): When this bit is set, an _unlock sequence_ has completed, and _secure routes_ may be invoked.
-* Bit 6 (`UNLOCK_IN_PROGRESS`): When this bit is set, an _unlock sequence_ is in progress.
 * Bit 1 (`SECURE_FAILURE`): When this bit is set, the requested _route_ was marked _secure_ but an _unlock sequence_ has not completed.
 * Bit 0 (`SUCCESS`): When this bit is set, the request was successfully handled. If not set, all payload data should be disregarded, and the request retried if appropriate (with a new token).
 
@@ -111,7 +109,7 @@ This subsystem is always present, and provides the ability to address QMK-specif
 | Board identifiers | `0x01 0x02` |  |__Response:__<br>&nbsp;&nbsp;&nbsp;&nbsp;* Vendor ID: `u16`<br>&nbsp;&nbsp;&nbsp;&nbsp;* Product ID: `u16`<br>&nbsp;&nbsp;&nbsp;&nbsp;* Product Version: `u16`<br>&nbsp;&nbsp;&nbsp;&nbsp;* QMK Unique Identifier: `u32`| Retrieves the set of identifying information for the board.|
 | Board Manufacturer | `0x01 0x03` |  |__Response:__ `string`| Retrieves the name of the manufacturer|
 | Product Name | `0x01 0x04` |  |__Response:__ `string`| Retrieves the product name|
-| Config Blob Length | `0x01 0x05` |  |__Response:__ `u32`| Retrieves the length of the configuration data bundled within the firmware|
+| Config Blob Length | `0x01 0x05` |  |__Response:__ `u16`| Retrieves the length of the configuration data bundled within the firmware|
 | Config Blob Chunk | `0x01 0x06` |  |__Request:__ `u16`<br><br>__Response:__ `u8[32]`| Retrieves a chunk of the configuration data bundled within the firmware|
 | Jump to bootloader | `0x01 0x07` | __Secure__ |__Response:__ `u8`| Jump to bootloader<br><br>May not be present – if QMK capabilities query returns “true”, then jump to bootloader is supported<br><br>* 0 means secure routes are disabled, and should be considered as a failure<br>* 1 means successful, board will jump to bootloader|
 | Hardware Identifier | `0x01 0x08` |  |__Response:__ `u32[4]`| Retrieves a unique identifier for the board.|
diff --git a/lib/python/qmk/cli/xap/xap_client.py b/lib/python/qmk/cli/xap/xap_client.py
index fbb18245a97..a12f54e35bc 100644
--- a/lib/python/qmk/cli/xap/xap_client.py
+++ b/lib/python/qmk/cli/xap/xap_client.py
@@ -42,8 +42,6 @@ class XAPFlags(IntFlag):
     FAILURE = 0
     SUCCESS = 1 << 0
     SECURE_FAILURE = 1 << 1
-    UNLOCK_IN_PROGRESS = 1 << 6
-    UNLOCKED = 1 << 7
 
 
 class XAPEventType(IntEnum):
@@ -136,7 +134,7 @@ class XAPDevice:
             return None
 
         r = ResponsePacket._make(ResponseStruct.unpack(event._ret))
-        if r.flags != XAPFlags.SUCCESS:
+        if r.flags & XAPFlags.SUCCESS == 0:
             return None
 
         return r.data[:r.length]
diff --git a/lib/python/qmk/xap/gen_firmware/inline_generator.py b/lib/python/qmk/xap/gen_firmware/inline_generator.py
index 44170a18acd..f8291b5e06a 100755
--- a/lib/python/qmk/xap/gen_firmware/inline_generator.py
+++ b/lib/python/qmk/xap/gen_firmware/inline_generator.py
@@ -128,7 +128,6 @@ def _append_routing_table_entry_flags(lines, container, container_id, route_stac
     pem_map = {
         None: 'ROUTE_PERMISSIONS_INSECURE',
         'secure': 'ROUTE_PERMISSIONS_SECURE',
-        'ignore': 'ROUTE_PERMISSIONS_IGNORE',
     }
 
     is_secure = pem_map[container.get('permissions', None)]
diff --git a/quantum/xap/xap.c b/quantum/xap/xap.c
index 83bdbe13f39..741851b0251 100644
--- a/quantum/xap/xap.c
+++ b/quantum/xap/xap.c
@@ -46,7 +46,6 @@ typedef enum xap_route_type_t {
 typedef enum xap_route_secure_t {
     ROUTE_PERMISSIONS_INSECURE,
     ROUTE_PERMISSIONS_SECURE,
-    ROUTE_PERMISSIONS_IGNORE,
 } xap_route_secure_t;
 
 #define XAP_ROUTE_SECURE_BIT_COUNT 2
@@ -92,11 +91,6 @@ bool xap_pre_execute_route(xap_token_t token, const xap_route_t *route) {
         return true;
     }
 
-    if (secure_is_unlocking() && (route->flags.type != XAP_ROUTE) && (route->flags.secure != ROUTE_PERMISSIONS_IGNORE)) {
-        xap_respond_failure(token, XAP_RESPONSE_FLAG_UNLOCK_IN_PROGRESS);
-        return true;
-    }
-
     // TODO: XAP messages extend unlocked timeout?
     secure_activity_event();
 #endif