diff --git a/build-docker.sh b/build-docker.sh index 46c01c5e2..8cdb3e453 100755 --- a/build-docker.sh +++ b/build-docker.sh @@ -45,6 +45,9 @@ for BITCOIN_ONLY in 0 1; do git submodule update --init --recursive && \ pipenv install && \ pipenv run make clean vendor build_firmware && \ + pipenv run ../python/tools/firmware-fingerprint.py \ + -o build/firmware/firmware.bin.fingerprint \ + build/firmware/firmware.bin && \ chown -R $USER:$GROUP /build" done @@ -74,6 +77,24 @@ for BITCOIN_ONLY in 0 1; do mkdir -p build/firmware && \ cp firmware/trezor.bin build/firmware/firmware.bin && \ cp firmware/trezor.elf build/firmware/firmware.elf && \ + pipenv run ../python/tools/firmware-fingerprint.py \ + -o build/firmware/firmware.bin.fingerprint \ + build/firmware/firmware.bin && \ chown -R $USER:$GROUP /build" done + +# all built, show fingerprints + +echo "Fingerprints:" +for VARIANT in core legacy; do + for BITCOIN_ONLY in 0 1; do + + DIRSUFFIX=${BITCOIN_ONLY/1/-bitcoinonly} + DIRSUFFIX=${DIRSUFFIX/0/} + + FWPATH=build/${VARIANT}${DIRSUFFIX}/firmware/firmware.bin + FINGERPRINT=$(tr -d '\n' < $FWPATH.fingerprint) + echo "$FINGERPRINT $FWPATH" + done +done diff --git a/python/tools/firmware-fingerprint.py b/python/tools/firmware-fingerprint.py new file mode 100755 index 000000000..e4c5674c7 --- /dev/null +++ b/python/tools/firmware-fingerprint.py @@ -0,0 +1,27 @@ +#!/usr/bin/env python3 + +import sys +import click + +from trezorlib import firmware + + +@click.command() +@click.argument("filename", type=click.File("rb")) +@click.option("-o", "--output", type=click.File("w"), default="-") +def firmware_fingerprint(filename, output): + """Display fingerprint of a firmware file.""" + data = filename.read() + + try: + version, fw = firmware.parse(data) + except Exception as e: + click.echo(e, err=True) + sys.exit(2) + + fingerprint = firmware.digest(version, fw).hex() + click.echo(fingerprint, file=output) + + +if __name__ == "__main__": + firmware_fingerprint()