trezor-firmware/docs/bootloader.md

# TREZOR Core Bootloader

TREZOR initialization in split into two stages.
See [Memory Layout](memory.md) for info about in which sectors each stage is stored.

First stage (boardloader) is stored in write-protected area, which means it is non-upgradable.
Only second stage (bootloader) update is allowed.

## First Stage - Boardloader

First stage checks the integrity and signatures of the second stage
and runs it if everything is OK.

If first stage boardloader finds a valid second stage bootloader image
on the SD card (in raw format, no filesystem), it will replace the internal
second stage, allowing a second stage update via SD card.

## Second Stage - Bootloader

Second stage checks the integrity and signatures of the firmware and runs
it if everything is OK.

If second stage bootloader detects a pressed finger on the display or there
is no firmware loaded in the device, it will start in a firmware update mode,
allowing a firmware update via USB.

## Common notes

* Hash function used for computing data digest for signatures is BLAKE2s.
* Signature system is Ed25519 (allows combining signatures by multiple keys
  into one).
* All multibyte integer values are little endian.
* There is a tool called [binctl](../tools/binctl) which checks validity
  of the bootloader/firmware images including their headers.

## Bootloader Format

TREZOR Core (second stage) bootloader consists of 2 parts:

1. bootloader header
2. bootloader code

### Bootloader Header

Total length of bootloader header is always 512 bytes.

| offset | length | name | description |
|-------:|-------:|------|-------------|
| 0x0000 | 4      | magic | firmware magic `TRZB` |
| 0x0004 | 4      | hdrlen | length of the bootloader header |
| 0x0008 | 4      | expiry | valid until timestamp (0=infinity) |
| 0x000C | 4      | codelen | length of the bootloader code (without the header) |
| 0x0010 | 1      | vmajor | version (major) |
| 0x0011 | 1      | vminor | version (minor) |
| 0x0012 | 1      | vpatch | version (patch) |
| 0x0013 | 1      | vbuild | version (build) |
| 0x0014 | 427    | reserved | not used yet (zeroed) |
| 0x01BF | 1      | sigmask | SatoshiLabs signature indexes (bitmap) |
| 0x01C0 | 64     | sig | SatoshiLabs aggregated signature |

## Firmware Format

TREZOR Core firmware consists of 3 parts:

1. vendor header
2. firmware header
3. firmware code

### Vendor Header

Total length of vendor header is 84 + 32 * (number of pubkeys) +
(length of vendor string rounded up to multiple of 4) +
(length of vendor image) bytes rounded up to the closest multiple
of 512 bytes.

| offset | length | name | description |
|-------:|-------:|------|-------------|
| 0x0000 | 4      | magic | firmware magic `TRZV` |
| 0x0004 | 4      | hdrlen | length of the vendor header (multiple of 512) |
| 0x0008 | 4      | expiry | valid until timestamp (0=infinity) |
| 0x000C | 1      | vmajor | version (major) |
| 0x000D | 1      | vminor | version (minor) |
| 0x000E | 1      | vsig_m | number of signatures needed to run the firmware from this vendor |
| 0x000F | 1      | vsig_n | number of different pubkeys vendor provides for signing |
| 0x0010 | 32     | vpub1 | vendor pubkey 1 |
| ...    | ...    | ... | ... |
| ?      | 32     | vpubn | vendor pubkey n |
| ?      | 1      | vstr_len | vendor string length |
| ?      | ?      | vstr | vendor string |
| ?      | ?      | vstrpad | padding to a multiple of 4 bytes |
| ?      | ?      | vimg | vendor image (in [TOIf format](toif.md)) |
| ?      | ?      | reserved | padding to an address that is -65 modulo 512 |
| ?      | 1      | sigmask | SatoshiLabs signature indexes (bitmap) |
| ?      | 64     | sig | SatoshiLabs aggregated signature |

### Firmware Header

Total length of firmware header is always 512 bytes.

| offset | length | name | description |
|-------:|-------:|------|-------------|
| 0x0000 | 4      | magic | firmware magic `TRZF` |
| 0x0004 | 4      | hdrlen | length of the firmware header |
| 0x0008 | 4      | expiry | valid until timestamp (0=infinity) |
| 0x000C | 4      | codelen | length of the firmware code (without the header) |
| 0x0010 | 1      | vmajor | version (major) |
| 0x0011 | 1      | vminor | version (minor) |
| 0x0012 | 1      | vpatch | version (patch) |
| 0x0013 | 1      | vbuild | version (build) |
| 0x0014 | 427    | reserved | not used yet (zeroed) |
| 0x01BF | 1      | sigmask | vendor signature indexes (bitmap) |
| 0x01C0 | 64     | sig | vendor aggregated signature |

## Various ideas

* Bootloader should be able to read vendor + firmware header and send info
  about FW to client in features message.
* Bootloader should not try to run firmware if there is not any.
* Storage wiping rule: Don't erase storage when old FW and new FW are signed
  using the same key set. Otherwise erase.
* Bootloader should send error to client when firmware update fails and allow
  client to try one more time. This prevents storage area erasure by accident.
markdown: follow commonmark spec 7 years ago			`# TREZOR Core Bootloader`
add firmware format documentation 8 years ago
docs: update markdown according to lint 7 years ago			`TREZOR initialization in split into two stages.`
			`See [Memory Layout](memory.md) for info about in which sectors each stage is stored.`
rework note about endianity 8 years ago
rename bootloader to boardloader 7 years ago			`First stage (boardloader) is stored in write-protected area, which means it is non-upgradable.`
rename loader to bootloader 7 years ago			`Only second stage (bootloader) update is allowed.`
add firmware format documentation 8 years ago
rename bootloader to boardloader 7 years ago			`## First Stage - Boardloader`
bootloader: cleanup, more documentation, added scripts for checking 7 years ago
docs: update markdown according to lint 7 years ago			`First stage checks the integrity and signatures of the second stage`
			`and runs it if everything is OK.`
bootloader: cleanup, more documentation, added scripts for checking 7 years ago
docs: update markdown according to lint 7 years ago			`If first stage boardloader finds a valid second stage bootloader image`
			`on the SD card (in raw format, no filesystem), it will replace the internal`
			`second stage, allowing a second stage update via SD card.`
bootloader: cleanup, more documentation, added scripts for checking 7 years ago
rename loader to bootloader 7 years ago			`## Second Stage - Bootloader`
bootloader: cleanup, more documentation, added scripts for checking 7 years ago
docs: update markdown according to lint 7 years ago			`Second stage checks the integrity and signatures of the firmware and runs`
			`it if everything is OK.`
bootloader: cleanup, more documentation, added scripts for checking 7 years ago
docs: update markdown according to lint 7 years ago			`If second stage bootloader detects a pressed finger on the display or there`
			`is no firmware loaded in the device, it will start in a firmware update mode,`
			`allowing a firmware update via USB.`
update bootloader documentation 7 years ago
markdown: follow commonmark spec 7 years ago			`## Common notes`
update bootloader documentation 7 years ago
bootloader/loader: use blake2s instead of sha256 for digests 7 years ago			`* Hash function used for computing data digest for signatures is BLAKE2s.`
docs: update markdown according to lint 7 years ago			`* Signature system is Ed25519 (allows combining signatures by multiple keys`
			`into one).`
update bootloader documentation 7 years ago			`* All multibyte integer values are little endian.`
docs: update markdown according to lint 7 years ago			`* There is a tool called [binctl](../tools/binctl) which checks validity`
			`of the bootloader/firmware images including their headers.`
update bootloader documentation 7 years ago
rename loader to bootloader 7 years ago			`## Bootloader Format`
update bootloader documentation 7 years ago
rename loader to bootloader 7 years ago			`TREZOR Core (second stage) bootloader consists of 2 parts:`
update bootloader documentation 7 years ago
rename loader to bootloader 7 years ago			`1. bootloader header`
			`2. bootloader code`
update bootloader documentation 7 years ago
rename loader to bootloader 7 years ago			`### Bootloader Header`
update bootloader documentation 7 years ago
rename loader to bootloader 7 years ago			`Total length of bootloader header is always 512 bytes.`
update bootloader documentation 7 years ago
			`\| offset \| length \| name \| description \|`
			`\|-------:\|-------:\|------\|-------------\|`
rename loader to bootloader 7 years ago			\| 0x0000 \| 4 \| magic \| firmware magic `TRZB` \|
			`\| 0x0004 \| 4 \| hdrlen \| length of the bootloader header \|`
update bootloader documentation 7 years ago			`\| 0x0008 \| 4 \| expiry \| valid until timestamp (0=infinity) \|`
rename loader to bootloader 7 years ago			`\| 0x000C \| 4 \| codelen \| length of the bootloader code (without the header) \|`
update bootloader documentation 7 years ago			`\| 0x0010 \| 1 \| vmajor \| version (major) \|`
			`\| 0x0011 \| 1 \| vminor \| version (minor) \|`
			`\| 0x0012 \| 1 \| vpatch \| version (patch) \|`
			`\| 0x0013 \| 1 \| vbuild \| version (build) \|`
trezorhal: fix alignment in headers to 512 bytes 7 years ago			`\| 0x0014 \| 427 \| reserved \| not used yet (zeroed) \|`
build: refactor binctl and firmware/loader image stuff 7 years ago			`\| 0x01BF \| 1 \| sigmask \| SatoshiLabs signature indexes (bitmap) \|`
			`\| 0x01C0 \| 64 \| sig \| SatoshiLabs aggregated signature \|`
update bootloader documentation 7 years ago
markdown: follow commonmark spec 7 years ago			`## Firmware Format`
update bootloader documentation 7 years ago
			`TREZOR Core firmware consists of 3 parts:`
add firmware format documentation 8 years ago
			`1. vendor header`
			`2. firmware header`
			`3. firmware code`

markdown: follow commonmark spec 7 years ago			`### Vendor Header`
add firmware format documentation 8 years ago
docs: update markdown according to lint 7 years ago			`Total length of vendor header is 84 + 32 * (number of pubkeys) +`
			`(length of vendor string rounded up to multiple of 4) +`
			`(length of vendor image) bytes rounded up to the closest multiple`
			`of 512 bytes.`
update info about bootloader format 8 years ago
add firmware format documentation 8 years ago			`\| offset \| length \| name \| description \|`
			`\|-------:\|-------:\|------\|-------------\|`
			\| 0x0000 \| 4 \| magic \| firmware magic `TRZV` \|
Implemented vendor header. Header is generated with ./tools/build_vendorheader 'key1,key2,key3' 2 1.1 SatoshiLabs assets/satoshilabs.png micropython/firmware/vendorheader.bin where - keyN is a 64 character hex string encoding the public key - 2 encodes 2/3 key scheme - 1.1 is the version number (major, minor) - SatoshiLabs is the vendor name - satoshilabs.png is the vendor image Updated the firmware compilation that it adds vendor header and updated loader that it handles vendor header to be present. 7 years ago			`\| 0x0004 \| 4 \| hdrlen \| length of the vendor header (multiple of 512) \|`
update bootloader documentation 7 years ago			`\| 0x0008 \| 4 \| expiry \| valid until timestamp (0=infinity) \|`
tools: join check_bootloader and check_firmware into firmwarectl tool 7 years ago			`\| 0x000C \| 1 \| vmajor \| version (major) \|`
			`\| 0x000D \| 1 \| vminor \| version (minor) \|`
			`\| 0x000E \| 1 \| vsig_m \| number of signatures needed to run the firmware from this vendor \|`
			`\| 0x000F \| 1 \| vsig_n \| number of different pubkeys vendor provides for signing \|`
update info about bootloader format 8 years ago			`\| 0x0010 \| 32 \| vpub1 \| vendor pubkey 1 \|`
add firmware format documentation 8 years ago			`\| ... \| ... \| ... \| ... \|`
			`\| ? \| 32 \| vpubn \| vendor pubkey n \|`
update info about bootloader format 8 years ago			`\| ? \| 1 \| vstr_len \| vendor string length \|`
			`\| ? \| ? \| vstr \| vendor string \|`
Implemented vendor header. Header is generated with ./tools/build_vendorheader 'key1,key2,key3' 2 1.1 SatoshiLabs assets/satoshilabs.png micropython/firmware/vendorheader.bin where - keyN is a 64 character hex string encoding the public key - 2 encodes 2/3 key scheme - 1.1 is the version number (major, minor) - SatoshiLabs is the vendor name - satoshilabs.png is the vendor image Updated the firmware compilation that it adds vendor header and updated loader that it handles vendor header to be present. 7 years ago			`\| ? \| ? \| vstrpad \| padding to a multiple of 4 bytes \|`
update info about bootloader format 8 years ago			`\| ? \| ? \| vimg \| vendor image (in [TOIf format](toif.md)) \|`
Implemented vendor header. Header is generated with ./tools/build_vendorheader 'key1,key2,key3' 2 1.1 SatoshiLabs assets/satoshilabs.png micropython/firmware/vendorheader.bin where - keyN is a 64 character hex string encoding the public key - 2 encodes 2/3 key scheme - 1.1 is the version number (major, minor) - SatoshiLabs is the vendor name - satoshilabs.png is the vendor image Updated the firmware compilation that it adds vendor header and updated loader that it handles vendor header to be present. 7 years ago			`\| ? \| ? \| reserved \| padding to an address that is -65 modulo 512 \|`
build: refactor binctl and firmware/loader image stuff 7 years ago			`\| ? \| 1 \| sigmask \| SatoshiLabs signature indexes (bitmap) \|`
			`\| ? \| 64 \| sig \| SatoshiLabs aggregated signature \|`
add firmware format documentation 8 years ago
markdown: follow commonmark spec 7 years ago			`### Firmware Header`
add firmware format documentation 8 years ago
trezorhal: fix alignment in headers to 512 bytes 7 years ago			`Total length of firmware header is always 512 bytes.`
update info about bootloader format 8 years ago
add firmware format documentation 8 years ago			`\| offset \| length \| name \| description \|`
			`\|-------:\|-------:\|------\|-------------\|`
			\| 0x0000 \| 4 \| magic \| firmware magic `TRZF` \|
bootloader: cleanup, more documentation, added scripts for checking 7 years ago			`\| 0x0004 \| 4 \| hdrlen \| length of the firmware header \|`
update bootloader documentation 7 years ago			`\| 0x0008 \| 4 \| expiry \| valid until timestamp (0=infinity) \|`
bootloader: cleanup, more documentation, added scripts for checking 7 years ago			`\| 0x000C \| 4 \| codelen \| length of the firmware code (without the header) \|`
add validity timestamp 8 years ago			`\| 0x0010 \| 1 \| vmajor \| version (major) \|`
			`\| 0x0011 \| 1 \| vminor \| version (minor) \|`
			`\| 0x0012 \| 1 \| vpatch \| version (patch) \|`
			`\| 0x0013 \| 1 \| vbuild \| version (build) \|`
trezorhal: fix alignment in headers to 512 bytes 7 years ago			`\| 0x0014 \| 427 \| reserved \| not used yet (zeroed) \|`
build: refactor binctl and firmware/loader image stuff 7 years ago			`\| 0x01BF \| 1 \| sigmask \| vendor signature indexes (bitmap) \|`
			`\| 0x01C0 \| 64 \| sig \| vendor aggregated signature \|`
add bootloader ideas 8 years ago
markdown: follow commonmark spec 7 years ago			`## Various ideas`
add bootloader ideas 8 years ago
docs: update markdown according to lint 7 years ago			`* Bootloader should be able to read vendor + firmware header and send info`
			`about FW to client in features message.`
rename loader to bootloader 7 years ago			`* Bootloader should not try to run firmware if there is not any.`
docs: update markdown according to lint 7 years ago			`* Storage wiping rule: Don't erase storage when old FW and new FW are signed`
			`using the same key set. Otherwise erase.`
			`* Bootloader should send error to client when firmware update fails and allow`
			`client to try one more time. This prevents storage area erasure by accident.`