arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 06:18:07 +00:00
Code Issues Releases Wiki Activity

Merge branch 'matejcik/signed-vhs'

Browse Source
This commit is contained in:
Pavol Rusnak 2023-06-15 22:41:12 +02:00
commit 089ff76822
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
23 changed files with 110 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
build-docker.sh
View File

@ -274,7 +274,7 @@ for TREZOR_MODEL in ${MODELS[@]}; do
set -e -o pipefail
cd /reproducible-build/trezor-firmware/core
$GIT_CLEAN_REPO
poetry run make clean vendor build_bootloader build_firmware
poetry run make clean vendor build_boardloader build_bootloader build_firmware
for item in bootloader firmware; do
poetry run ../python/tools/firmware-fingerprint.py \
-o build/\$item/\$item.bin.fingerprint \
@ -351,38 +351,41 @@ EOF
done
if [ "$OPT_BUILD_PRODTEST" -eq "1" ]; then
DIRSUFFIX="-prodtest"
SCRIPT_NAME=".build_prodtest.sh"
cat <<EOF > "build/$SCRIPT_NAME"
# DO NOT MODIFY!
# this file was generated by ${BASH_SOURCE[0]}
# variant: core build prodtest
set -e -o pipefail
cd /reproducible-build/trezor-firmware/core
$GIT_CLEAN_REPO
poetry run make clean vendor build_prodtest
poetry run ../python/tools/firmware-fingerprint.py \
-o build/prodtest/prodtest.bin.fingerprint \
build/prodtest/prodtest.bin
rm -rf /build/*
cp -r build/* /build
chown -R $USER:$GROUP /build
for TREZOR_MODEL in ${MODELS[@]}; do
DIRSUFFIX="-${TREZOR_MODEL}-prodtest"
SCRIPT_NAME=".build_${TREZOR_MODEL}-prodtest.sh"
cat <<EOF > "build/$SCRIPT_NAME"
# DO NOT MODIFY!
# this file was generated by ${BASH_SOURCE[0]}
# variant: core build prodtest
set -e -o pipefail
cd /reproducible-build/trezor-firmware/core
$GIT_CLEAN_REPO
poetry run make clean vendor build_prodtest
poetry run ../python/tools/firmware-fingerprint.py \
-o build/prodtest/prodtest.bin.fingerprint \
build/prodtest/prodtest.bin
rm -rf /build/*
cp -r build/* /build
chown -R $USER:$GROUP /build
EOF
echo
echo ">>> DOCKER RUN core prodtest PRODUCTION=$PRODUCTION"
echo
echo
echo ">>> DOCKER RUN core prodtest TREZOR_MODEL=$TREZOR_MODEL PRODUCTION=$PRODUCTION"
echo
$DOCKER run \
--network=host \
-it \
--rm \
-v "$DIR:/local" \
-v "$DIR/build/core$DIRSUFFIX":/build:z \
--env PRODUCTION="$PRODUCTION" \
--init \
"$SNAPSHOT_NAME" \
/nix/var/nix/profiles/default/bin/nix-shell --run "bash /local/build/$SCRIPT_NAME"
$DOCKER run \
--network=host \
-it \
--rm \
-v "$DIR:/local" \
-v "$DIR/build/core$DIRSUFFIX":/build:z \
--env TREZOR_MODEL="$TREZOR_MODEL" \
--env PRODUCTION="$PRODUCTION" \
--init \
"$SNAPSHOT_NAME" \
/nix/var/nix/profiles/default/bin/nix-shell --run "bash /local/build/$SCRIPT_NAME"
done
fi

3
core/SConscript.firmware
View File

@ -802,9 +802,6 @@ BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
if BOOTLOADER_QA:
VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin'
BOOTLOADER_SUFFIX = MODEL_IDENTIFIER + '_qa'
elif TREZOR_MODEL == 'R':
# XXX workaround for currently missing vendorheaders for T2B1
VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_dev.bin'
elif PRODUCTION:
VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_satoshilabs_signed_prod.bin'
else:

1
core/embed/boardloader/.changelog.d/1642.security
View File

@ -1 +0,0 @@
Avoid accidental build with broken stack protector

1
core/embed/boardloader/.changelog.d/2243.added
View File

@ -1 +0,0 @@
Add basic Trezor Model R hardware support

1
core/embed/boardloader/.changelog.d/2324.added
View File

@ -1 +0,0 @@
Boardloader capabilities structure

1
core/embed/boardloader/.changelog.d/2414.added
View File

@ -1 +0,0 @@
Using hardware acceleration (dma2d) for rendering

1
core/embed/boardloader/.changelog.d/2587.changed
View File

@ -1 +0,0 @@
CPU Frequency increased to 180 MHz

1
core/embed/boardloader/.changelog.d/2595.changed
View File

@ -1 +0,0 @@
Fixed display blinking by increasing backlight PWM frequency

1
core/embed/boardloader/.changelog.d/2623.added
View File

@ -1 +0,0 @@
Check image model when replacing bootloader

1
core/embed/boardloader/.changelog.d/3048.added
View File

@ -1 +0,0 @@
Added production public keys for T2B1.

27
core/embed/boardloader/CHANGELOG.md
View File

@ -4,3 +4,30 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## 2.1.0 [June 2023]
Internal only release for Model R prototypes.
### Added
- Add basic Trezor Model R hardware support [#2243]
- Boardloader capabilities structure [#2324]
- Using hardware acceleration (dma2d) for rendering [#2414]
- Check image model when replacing bootloader [#2623]
- Added production public keys for T2B1. [#3048]
### Changed
- CPU Frequency increased to 180 MHz [#2587]
- Fixed display blinking by increasing backlight PWM frequency [#2595]
### Security
- Avoid accidental build with broken stack protector [#1642]
[#1642]: https://github.com/trezor/trezor-firmware/pull/1642
[#2243]: https://github.com/trezor/trezor-firmware/pull/2243
[#2324]: https://github.com/trezor/trezor-firmware/pull/2324
[#2414]: https://github.com/trezor/trezor-firmware/pull/2414
[#2587]: https://github.com/trezor/trezor-firmware/pull/2587
[#2595]: https://github.com/trezor/trezor-firmware/pull/2595
[#2623]: https://github.com/trezor/trezor-firmware/pull/2623
[#3048]: https://github.com/trezor/trezor-firmware/pull/3048

4
core/embed/boardloader/version.h
View File

@ -1,4 +1,4 @@
#define VERSION_MAJOR 2
#define VERSION_MINOR 0
#define VERSION_PATCH 2
#define VERSION_MINOR 1
#define VERSION_PATCH 0
#define VERSION_BUILD 0

1
core/embed/bootloader/.changelog.d/2941.fixed
View File

@ -1 +0,0 @@
Fix installation of images smaller than 128kB.

1
core/embed/bootloader/.changelog.d/3048.added
View File

@ -1 +0,0 @@
Added production public keys for T2B1.

14
core/embed/bootloader/CHANGELOG.md
View File

@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## 2.1.1 [June 2023]
Internal only release for Model R prototypes.
### Added
- Added production public keys for T2B1. [#3048]
- Added UI for T2B1.
### Fixed
- Fix installation of images smaller than 128kB. [#2941]
## 2.1.0 [April 2023]
### Added
@ -63,3 +75,5 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
[#2623]: https://github.com/trezor/trezor-firmware/pull/2623
[#2879]: https://github.com/trezor/trezor-firmware/pull/2879
[#2896]: https://github.com/trezor/trezor-firmware/pull/2896
[#2941]: https://github.com/trezor/trezor-firmware/pull/2941
[#3048]: https://github.com/trezor/trezor-firmware/pull/3048

2
core/embed/bootloader/version.h
View File

@ -1,6 +1,6 @@
#define VERSION_MAJOR 2
#define VERSION_MINOR 1
#define VERSION_PATCH 1
#define VERSION_PATCH 2
#define VERSION_BUILD 0
#define VERSION_UINT32 \
(VERSION_MAJOR | (VERSION_MINOR << 8) | (VERSION_PATCH << 16) | \

BIN
core/embed/firmware/bootloaders/bootloader_T2B1.bin
View File

Binary file not shown.

BIN
core/embed/vendorheader/T2B1/vendorheader_satoshilabs_signed_prod.bin Normal file
View File

Binary file not shown.

BIN
core/embed/vendorheader/T2B1/vendorheader_unsafe_signed_prod.bin Normal file
View File

Binary file not shown.

37
poetry.lock generated
View File

@ -1,4 +1,4 @@
# This file is automatically @generated by Poetry and should not be changed by hand.
# This file is automatically @generated by Poetry 1.4.1 and should not be changed by hand.
[[package]]
name = "astroid"
@ -609,6 +609,25 @@ zipp = ">=0.5"
docs = ["jaraco.packaging (>=8.2)", "rst.linker (>=1.9)", "sphinx"]
testing = ["flufl.flake8", "importlib-resources (>=1.3)", "packaging", "pep517", "pyfakefs", "pytest (>=4.6)", "pytest-black (>=0.3.7)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=1.0.1)", "pytest-flake8", "pytest-mypy"]
[[package]]
name = "importlib-resources"
version = "5.12.0"
description = "Read resources from Python packages"
category = "dev"
optional = false
python-versions = ">=3.7"
files = [
{file = "importlib_resources-5.12.0-py3-none-any.whl", hash = "sha256:7b1deeebbf351c7578e09bf2f63fa2ce8b5ffec296e0d349139d43cca061a81a"},
{file = "importlib_resources-5.12.0.tar.gz", hash = "sha256:4be82589bf5c1d7999aedf2a45159d10cb3ca4f19b2271f8792bc8e6da7b22f6"},
]
[package.dependencies]
zipp = {version = ">=3.1.0", markers = "python_version < \"3.10\""}
[package.extras]
docs = ["furo", "jaraco.packaging (>=9)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-lint"]
testing = ["flake8 (<5)", "pytest (>=6)", "pytest-black (>=0.3.7)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=1.3)", "pytest-flake8", "pytest-mypy (>=0.9.1)"]
[[package]]
name = "incremental"
version = "21.3.0"
@ -1536,26 +1555,26 @@ files = [
[[package]]
name = "towncrier"
version = "21.9.0"
version = "23.6.0"
description = "Building newsfiles for your project."
category = "dev"
optional = false
python-versions = "*"
python-versions = ">=3.7"
files = [
{file = "towncrier-21.9.0-py2.py3-none-any.whl", hash = "sha256:fc5a88a2a54988e3a8ed2b60d553599da8330f65722cc607c839614ed87e0f92"},
{file = "towncrier-21.9.0.tar.gz", hash = "sha256:9cb6f45c16e1a1eec9d0e7651165e7be60cd0ab81d13a5c96ca97a498ae87f48"},
{file = "towncrier-23.6.0-py3-none-any.whl", hash = "sha256:da552f29192b3c2b04d630133f194c98e9f14f0558669d427708e203fea4d0a5"},
{file = "towncrier-23.6.0.tar.gz", hash = "sha256:fc29bd5ab4727c8dacfbe636f7fb5dc53b99805b62da1c96b214836159ff70c1"},
]
[package.dependencies]
click = "*"
click-default-group = "*"
importlib-resources = {version = ">=5", markers = "python_version < \"3.10\""}
incremental = "*"
jinja2 = "*"
setuptools = "*"
tomli = {version = "*", markers = "python_version >= \"3.6\""}
tomli = {version = "*", markers = "python_version < \"3.11\""}
[package.extras]
dev = ["packaging"]
dev = ["furo", "packaging", "sphinx (>=5)", "twisted"]
[[package]]
name = "tox"
@ -1825,4 +1844,4 @@ testing = ["func-timeout", "jaraco.itertools", "pytest (>=6)", "pytest-black (>=
[metadata]
lock-version = "2.0"
python-versions = "^3.7"
content-hash = "49f6cea32eb075f41cdc11650a525022a57bd4e497638e07f758dd7290486f4a"
content-hash = "b27dc47eab09d4e103c38ab0849fb8111c919e1a12c69c293dd9a32d1d77db16"

2
pyproject.toml
View File

@ -74,7 +74,7 @@ vulture = "^2.6"
[tool.poetry.dev-dependencies]
scan-build = "*"
towncrier = "^21.9.0"
towncrier = "^23.6.0"
#freetype-py = "^2.3.0"
[build-system]

3
tools/generate-changelog.py
View File

@ -80,7 +80,8 @@ def current_date(project):
today = datetime.datetime.now()
if (
parts[-3:] == ("core", "embed", "bootloader")
parts[-3:] == ("core", "embed", "boardloader")
or parts[-3:] == ("core", "embed", "bootloader")
or parts[-3:] == ("core", "embed", "bootloader_ci")
or parts[-2:] == ("legacy", "bootloader")
or parts[-2:] == ("legacy", "intermediate_fw")

6
tools/towncrier.template.md
View File

@ -1,15 +1,13 @@
## [{{ versiondata.version }}] ({{versiondata.date}})
{% for section, _ in sections.items() %}
{% if section %}{{section}}{% endif -%}
{% if sections[section] %}
{% for category, val in definitions.items() if category in sections[section] %}
### {{ definitions[category]['name'] }}
{% if definitions[category]['showcontent'] %}
{% for text, values in sections[section][category].items() %}
- {{ text }} {{ values|reject("eq", "[#noissue]")|join(', ') }}
- {{ text }}{% if values %} {{ values|join(', ') }}{% endif +%}
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}