tools: update how vtrust is being passed to build_vendorheader

Makefile

@@ -181,11 +181,11 @@ gdb_firmware: $(FIRMWARE_BUILD_DIR)/firmware.elf ## start remote gdb session to
 ## misc commands:
 
 vendorheader: ## construct and sign the default vendor header
-	./tools/build_vendorheader e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 65534 DEVELOPMENT assets/vendor_devel.toif embed/firmware/vendorheader.bin
+	./tools/build_vendorheader e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 x.....x DEVELOPMENT assets/vendor_devel.toif embed/firmware/vendorheader.bin
 	./tools/binctl embed/firmware/vendorheader.bin -s 1:2 `./tools/combine_sign vendorheader embed/firmware/vendorheader.bin 4444444444444444444444444444444444444444444444444444444444444444 4545454545454545454545454545454545454545454545454545454545454545`
 
 vendorheader_sl: ## construct SatoshiLabs vendor header
-	./tools/build_vendorheader 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:03fdd9a9c3911652d5effca4540d96ed92d85850a47d256ab0a2d728c0d1a298:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 65534 SatoshiLabs assets/vendor_satoshilabs.toif embed/firmware/vendorheader_sl.bin
+	./tools/build_vendorheader 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:03fdd9a9c3911652d5effca4540d96ed92d85850a47d256ab0a2d728c0d1a298:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 ......x SatoshiLabs assets/vendor_satoshilabs.toif embed/firmware/vendorheader_sl.bin
 
 binctl: ## print info about binary files
 	./tools/binctl $(BOOTLOADER_BUILD_DIR)/bootloader.bin

tools/binctl

@@ -16,6 +16,11 @@ def format_sigmask(sigmask):
     return '0x%02x = [%s]' % (sigmask, ' '.join(bits))
 
 
+def format_vtrust(vtrust):
+    bits = [str(b) if vtrust & (1 << b) == 0 else '.' for b in range(16)]
+    return '%d = [%s]' % (vtrust, ' '.join(bits))
+
+
 # bootloader/firmware headers specification: https://github.com/trezor/trezor-core/blob/master/docs/bootloader.md
 
 IMAGE_HEADER_SIZE = 1024
@@ -199,7 +204,7 @@ class VendorHeader(object):
         print('  * expiry  :', self.expiry)
         print('  * version : %d.%d' % (self.vmajor, self.vminor))
         print('  * scheme  : %d out of %d' % (self.vsig_m, self.vsig_n))
-        print('  * trust   :', self.vtrust, '=', bin(self.vtrust))
+        print('  * trust   :', format_vtrust(self.vtrust))
         for i in range(self.vsig_n):
             print('  * vpub #%d :' % (i + 1), binascii.hexlify(self.vpub[i]).decode())
         print('  * vstr    :', self.vstr.decode())

tools/build_vendorheader

@@ -4,10 +4,8 @@ import struct
 import binascii
 
 # encode vendor name, add length byte and padding to multiple of 4
-
-
 def encode_vendor(vname):
-    vbin = vname.encode('utf-8')
+    vbin = vname.encode()
     vbin = struct.pack('<B', len(vbin)) + vbin
     vbin += b'\0' * (-len(vbin) & 3)
     return vbin
@@ -19,6 +17,14 @@ def encode_pubkey(pubkey):
     return binascii.unhexlify(pubkey)
 
 
+def decode_vtrust(vtrust):
+    t = 0xFFFF
+    for i, b in enumerate(reversed(vtrust)):
+        if b != '.':
+            t &= ~(1 << i)
+    return t
+
+
 def main():
     if len(sys.argv) < 7:
         print('Usage build_vendorheader "pubkey1hex:pubkey2hex:..." m version vendortrust vendorname vendorimage.toif vendorheader.bin')
@@ -27,7 +33,7 @@ def main():
     keys = [encode_pubkey(x) for x in sys.argv[1].split(':')]
     m = int(sys.argv[2])
     (vmajor, vminor) = [int(x) for x in sys.argv[3].split('.')]
-    vtrust = int(sys.argv[4])
+    vtrust = decode_vtrust(sys.argv[4])
     vname = sys.argv[5]
     ifn = sys.argv[6]
     ofn = sys.argv[7]