trezor-firmware/docs/bootloader.md

# TREZOR Core Bootloader

TREZOR initialization in split into two stages. See [Memory Layout](memory.md) for info about in which sectors each stage is stored.

First stage (bootloader) is stored in write-protected area, which means it is non-upgradable.
Only second stage (loader) update is allowed.

## First Stage - Bootloader

First stage checks the integrity and signatures of the second stage and runs it if everything is OK.

If first stage bootloader finds a valid second stage loader image on the SD card (in raw format, no filesystem),
it will replace the internal second stage, allowing a second stage update via SD card.

## Second Stage - Loader

Second stage checks the integrity and signatures of the firmware and runs it if everything is OK.

If second stage loader detects a pressed finger on the display or there is no firmware loaded in the device,
it will start in a firmware update mode, allowing a firmware update via USB.

## Common notes

* Hash function used for computing data digest for signatures is BLAKE2s.
* Signature system is Ed25519 (allows combining signatures by multiple keys into one).
* All multibyte integer values are little endian.
* There is a tool called [binctl](../tools/binctl) which checks validity of the loader/firmware images including their headers.

## Loader Format

TREZOR Core (second stage) loader consists of 2 parts:

1. loader header
2. loader code

### Loader Header

Total length of loader header is always 512 bytes.

| offset | length | name | description |
|-------:|-------:|------|-------------|
| 0x0000 | 4      | magic | firmware magic `TRZL` |
| 0x0004 | 4      | hdrlen | length of the loader header |
| 0x0008 | 4      | expiry | valid until timestamp (0=infinity) |
| 0x000C | 4      | codelen | length of the loader code (without the header) |
| 0x0010 | 1      | vmajor | version (major) |
| 0x0011 | 1      | vminor | version (minor) |
| 0x0012 | 1      | vpatch | version (patch) |
| 0x0013 | 1      | vbuild | version (build) |
| 0x0014 | 427    | reserved | not used yet (zeroed) |
| 0x01BF | 1      | sigmask | SatoshiLabs signature indexes (bitmap) |
| 0x01C0 | 64     | sig | SatoshiLabs aggregated signature |

## Firmware Format

TREZOR Core firmware consists of 3 parts:

1. vendor header
2. firmware header
3. firmware code

### Vendor Header

Total length of vendor header is 84 + 32 * (number of pubkeys) + (length of vendor string rounded up to multiple of 4) + (length of vendor image) bytes rounded up to the closest multiple of 512 bytes.

| offset | length | name | description |
|-------:|-------:|------|-------------|
| 0x0000 | 4      | magic | firmware magic `TRZV` |
| 0x0004 | 4      | hdrlen | length of the vendor header (multiple of 512) |
| 0x0008 | 4      | expiry | valid until timestamp (0=infinity) |
| 0x000C | 1      | vmajor | version (major) |
| 0x000D | 1      | vminor | version (minor) |
| 0x000E | 1      | vsig_m | number of signatures needed to run the firmware from this vendor |
| 0x000F | 1      | vsig_n | number of different pubkeys vendor provides for signing |
| 0x0010 | 32     | vpub1 | vendor pubkey 1 |
| ...    | ...    | ... | ... |
| ?      | 32     | vpubn | vendor pubkey n |
| ?      | 1      | vstr_len | vendor string length |
| ?      | ?      | vstr | vendor string |
| ?      | ?      | vstrpad | padding to a multiple of 4 bytes |
| ?      | ?      | vimg | vendor image (in [TOIf format](toif.md)) |
| ?      | ?      | reserved | padding to an address that is -65 modulo 512 |
| ?      | 1      | sigmask | SatoshiLabs signature indexes (bitmap) |
| ?      | 64     | sig | SatoshiLabs aggregated signature |

### Firmware Header

Total length of firmware header is always 512 bytes.

| offset | length | name | description |
|-------:|-------:|------|-------------|
| 0x0000 | 4      | magic | firmware magic `TRZF` |
| 0x0004 | 4      | hdrlen | length of the firmware header |
| 0x0008 | 4      | expiry | valid until timestamp (0=infinity) |
| 0x000C | 4      | codelen | length of the firmware code (without the header) |
| 0x0010 | 1      | vmajor | version (major) |
| 0x0011 | 1      | vminor | version (minor) |
| 0x0012 | 1      | vpatch | version (patch) |
| 0x0013 | 1      | vbuild | version (build) |
| 0x0014 | 427    | reserved | not used yet (zeroed) |
| 0x01BF | 1      | sigmask | vendor signature indexes (bitmap) |
| 0x01C0 | 64     | sig | vendor aggregated signature |

## Various ideas

* Loader should be able to read vendor + firmware header and send info about FW to client in features message.
* Loader should not try to run firmware if there is not any.
* Storage wiping rule: Don't erase storage when old FW and new FW are signed using the same key set. Otherwise erase.
* Loader should send error to client when firmware update fails and allow client to try one more time. This prevents storage area erasure by accident.
markdown: follow commonmark spec 7 years ago			`# TREZOR Core Bootloader`
add firmware format documentation 8 years ago
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`TREZOR initialization in split into two stages. See [Memory Layout](memory.md) for info about in which sectors each stage is stored.`
rework note about endianity 8 years ago
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`First stage (bootloader) is stored in write-protected area, which means it is non-upgradable.`
			`Only second stage (loader) update is allowed.`
add firmware format documentation 8 years ago
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`## First Stage - Bootloader`
bootloader: cleanup, more documentation, added scripts for checking 7 years ago
			`First stage checks the integrity and signatures of the second stage and runs it if everything is OK.`

bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`If first stage bootloader finds a valid second stage loader image on the SD card (in raw format, no filesystem),`
bootloader: cleanup, more documentation, added scripts for checking 7 years ago			`it will replace the internal second stage, allowing a second stage update via SD card.`

bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`## Second Stage - Loader`
bootloader: cleanup, more documentation, added scripts for checking 7 years ago
			`Second stage checks the integrity and signatures of the firmware and runs it if everything is OK.`

bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`If second stage loader detects a pressed finger on the display or there is no firmware loaded in the device,`
bootloader: cleanup, more documentation, added scripts for checking 7 years ago			`it will start in a firmware update mode, allowing a firmware update via USB.`
update bootloader documentation 7 years ago
markdown: follow commonmark spec 7 years ago			`## Common notes`
update bootloader documentation 7 years ago
bootloader/loader: use blake2s instead of sha256 for digests 7 years ago			`* Hash function used for computing data digest for signatures is BLAKE2s.`
			`* Signature system is Ed25519 (allows combining signatures by multiple keys into one).`
update bootloader documentation 7 years ago			`* All multibyte integer values are little endian.`
tools: rename firmwarectl to binctl, minor reformat 7 years ago			`* There is a tool called [binctl](../tools/binctl) which checks validity of the loader/firmware images including their headers.`
update bootloader documentation 7 years ago
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`## Loader Format`
update bootloader documentation 7 years ago
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`TREZOR Core (second stage) loader consists of 2 parts:`
update bootloader documentation 7 years ago
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`1. loader header`
			`2. loader code`
update bootloader documentation 7 years ago
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`### Loader Header`
update bootloader documentation 7 years ago
trezorhal: fix alignment in headers to 512 bytes 7 years ago			`Total length of loader header is always 512 bytes.`
update bootloader documentation 7 years ago
			`\| offset \| length \| name \| description \|`
			`\|-------:\|-------:\|------\|-------------\|`
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			\| 0x0000 \| 4 \| magic \| firmware magic `TRZL` \|
			`\| 0x0004 \| 4 \| hdrlen \| length of the loader header \|`
update bootloader documentation 7 years ago			`\| 0x0008 \| 4 \| expiry \| valid until timestamp (0=infinity) \|`
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`\| 0x000C \| 4 \| codelen \| length of the loader code (without the header) \|`
update bootloader documentation 7 years ago			`\| 0x0010 \| 1 \| vmajor \| version (major) \|`
			`\| 0x0011 \| 1 \| vminor \| version (minor) \|`
			`\| 0x0012 \| 1 \| vpatch \| version (patch) \|`
			`\| 0x0013 \| 1 \| vbuild \| version (build) \|`
trezorhal: fix alignment in headers to 512 bytes 7 years ago			`\| 0x0014 \| 427 \| reserved \| not used yet (zeroed) \|`
build: refactor binctl and firmware/loader image stuff 7 years ago			`\| 0x01BF \| 1 \| sigmask \| SatoshiLabs signature indexes (bitmap) \|`
			`\| 0x01C0 \| 64 \| sig \| SatoshiLabs aggregated signature \|`
update bootloader documentation 7 years ago
markdown: follow commonmark spec 7 years ago			`## Firmware Format`
update bootloader documentation 7 years ago
			`TREZOR Core firmware consists of 3 parts:`
add firmware format documentation 8 years ago
			`1. vendor header`
			`2. firmware header`
			`3. firmware code`

markdown: follow commonmark spec 7 years ago			`### Vendor Header`
add firmware format documentation 8 years ago
Implemented vendor header. Header is generated with ./tools/build_vendorheader 'key1,key2,key3' 2 1.1 SatoshiLabs assets/satoshilabs.png micropython/firmware/vendorheader.bin where - keyN is a 64 character hex string encoding the public key - 2 encodes 2/3 key scheme - 1.1 is the version number (major, minor) - SatoshiLabs is the vendor name - satoshilabs.png is the vendor image Updated the firmware compilation that it adds vendor header and updated loader that it handles vendor header to be present. 7 years ago			`Total length of vendor header is 84 + 32 * (number of pubkeys) + (length of vendor string rounded up to multiple of 4) + (length of vendor image) bytes rounded up to the closest multiple of 512 bytes.`
update info about bootloader format 8 years ago
add firmware format documentation 8 years ago			`\| offset \| length \| name \| description \|`
			`\|-------:\|-------:\|------\|-------------\|`
			\| 0x0000 \| 4 \| magic \| firmware magic `TRZV` \|
Implemented vendor header. Header is generated with ./tools/build_vendorheader 'key1,key2,key3' 2 1.1 SatoshiLabs assets/satoshilabs.png micropython/firmware/vendorheader.bin where - keyN is a 64 character hex string encoding the public key - 2 encodes 2/3 key scheme - 1.1 is the version number (major, minor) - SatoshiLabs is the vendor name - satoshilabs.png is the vendor image Updated the firmware compilation that it adds vendor header and updated loader that it handles vendor header to be present. 7 years ago			`\| 0x0004 \| 4 \| hdrlen \| length of the vendor header (multiple of 512) \|`
update bootloader documentation 7 years ago			`\| 0x0008 \| 4 \| expiry \| valid until timestamp (0=infinity) \|`
tools: join check_bootloader and check_firmware into firmwarectl tool 7 years ago			`\| 0x000C \| 1 \| vmajor \| version (major) \|`
			`\| 0x000D \| 1 \| vminor \| version (minor) \|`
			`\| 0x000E \| 1 \| vsig_m \| number of signatures needed to run the firmware from this vendor \|`
			`\| 0x000F \| 1 \| vsig_n \| number of different pubkeys vendor provides for signing \|`
update info about bootloader format 8 years ago			`\| 0x0010 \| 32 \| vpub1 \| vendor pubkey 1 \|`
add firmware format documentation 8 years ago			`\| ... \| ... \| ... \| ... \|`
			`\| ? \| 32 \| vpubn \| vendor pubkey n \|`
update info about bootloader format 8 years ago			`\| ? \| 1 \| vstr_len \| vendor string length \|`
			`\| ? \| ? \| vstr \| vendor string \|`
Implemented vendor header. Header is generated with ./tools/build_vendorheader 'key1,key2,key3' 2 1.1 SatoshiLabs assets/satoshilabs.png micropython/firmware/vendorheader.bin where - keyN is a 64 character hex string encoding the public key - 2 encodes 2/3 key scheme - 1.1 is the version number (major, minor) - SatoshiLabs is the vendor name - satoshilabs.png is the vendor image Updated the firmware compilation that it adds vendor header and updated loader that it handles vendor header to be present. 7 years ago			`\| ? \| ? \| vstrpad \| padding to a multiple of 4 bytes \|`
update info about bootloader format 8 years ago			`\| ? \| ? \| vimg \| vendor image (in [TOIf format](toif.md)) \|`
Implemented vendor header. Header is generated with ./tools/build_vendorheader 'key1,key2,key3' 2 1.1 SatoshiLabs assets/satoshilabs.png micropython/firmware/vendorheader.bin where - keyN is a 64 character hex string encoding the public key - 2 encodes 2/3 key scheme - 1.1 is the version number (major, minor) - SatoshiLabs is the vendor name - satoshilabs.png is the vendor image Updated the firmware compilation that it adds vendor header and updated loader that it handles vendor header to be present. 7 years ago			`\| ? \| ? \| reserved \| padding to an address that is -65 modulo 512 \|`
build: refactor binctl and firmware/loader image stuff 7 years ago			`\| ? \| 1 \| sigmask \| SatoshiLabs signature indexes (bitmap) \|`
			`\| ? \| 64 \| sig \| SatoshiLabs aggregated signature \|`
add firmware format documentation 8 years ago
markdown: follow commonmark spec 7 years ago			`### Firmware Header`
add firmware format documentation 8 years ago
trezorhal: fix alignment in headers to 512 bytes 7 years ago			`Total length of firmware header is always 512 bytes.`
update info about bootloader format 8 years ago
add firmware format documentation 8 years ago			`\| offset \| length \| name \| description \|`
			`\|-------:\|-------:\|------\|-------------\|`
			\| 0x0000 \| 4 \| magic \| firmware magic `TRZF` \|
bootloader: cleanup, more documentation, added scripts for checking 7 years ago			`\| 0x0004 \| 4 \| hdrlen \| length of the firmware header \|`
update bootloader documentation 7 years ago			`\| 0x0008 \| 4 \| expiry \| valid until timestamp (0=infinity) \|`
bootloader: cleanup, more documentation, added scripts for checking 7 years ago			`\| 0x000C \| 4 \| codelen \| length of the firmware code (without the header) \|`
add validity timestamp 8 years ago			`\| 0x0010 \| 1 \| vmajor \| version (major) \|`
			`\| 0x0011 \| 1 \| vminor \| version (minor) \|`
			`\| 0x0012 \| 1 \| vpatch \| version (patch) \|`
			`\| 0x0013 \| 1 \| vbuild \| version (build) \|`
trezorhal: fix alignment in headers to 512 bytes 7 years ago			`\| 0x0014 \| 427 \| reserved \| not used yet (zeroed) \|`
build: refactor binctl and firmware/loader image stuff 7 years ago			`\| 0x01BF \| 1 \| sigmask \| vendor signature indexes (bitmap) \|`
			`\| 0x01C0 \| 64 \| sig \| vendor aggregated signature \|`
add bootloader ideas 8 years ago
markdown: follow commonmark spec 7 years ago			`## Various ideas`
add bootloader ideas 8 years ago
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`* Loader should be able to read vendor + firmware header and send info about FW to client in features message.`
			`* Loader should not try to run firmware if there is not any.`
add bootloader ideas 8 years ago			`* Storage wiping rule: Don't erase storage when old FW and new FW are signed using the same key set. Otherwise erase.`
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 7 years ago			`* Loader should send error to client when firmware update fails and allow client to try one more time. This prevents storage area erasure by accident.`