chore(core): add T2B1 vendor header data

core/SConscript.firmware

@@ -794,15 +794,17 @@ cmake_gen = env.Command(
 
 
 MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
+BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
 if BOOTLOADER_QA:
-    VENDORHEADER = 'embed/vendorheader/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin'
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin'
     BOOTLOADER_SUFFIX = MODEL_IDENTIFIER + '_qa'
 elif PRODUCTION:
-    VENDORHEADER = 'embed/vendorheader/vendorheader_satoshilabs_signed_prod.bin'
-    BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_satoshilabs_signed_prod.bin'
+elif TREZOR_MODEL == 'R':
+    # XXX workaround for currently missing prod-signed vendorheader for T2B1
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_dev.bin'
 else:
-    VENDORHEADER = 'embed/vendorheader/vendorheader_unsafe_signed_prod.bin'
-    BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_prod.bin'
 
 obj_program.extend(
     env.Command(

core/SConscript.prodtest

@@ -193,7 +193,9 @@ obj_program.extend(env.Object(source=SOURCE_PRODTEST))
 obj_program.extend(env.Object(source=SOURCE_STMHAL))
 obj_program.extend(env.Object(source=SOURCE_TREZORHAL))
 
-VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_prod.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'prodtest_signed_prod.bin')
+MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
+
+VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_' + ('unsafe_signed_prod.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'prodtest_signed_prod.bin')
 
 obj_program.extend(
     env.Command(

core/SConscript.reflash

@@ -181,7 +181,9 @@ obj_program += env.Object(source=SOURCE_REFLASH)
 obj_program += env.Object(source=SOURCE_STMHAL)
 obj_program += env.Object(source=SOURCE_TREZORHAL)
 
-VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
+MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
+
+VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
 
 obj_program.extend(
     env.Command(

core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.json

@@ -0,0 +1,19 @@
+{
+    "header_len": 4608,
+    "text": "QA ONLY, DO NOT USE!",
+    "hw_model": "T2B1",
+    "expiry": 0,
+    "version": [0, 0],
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": false,
+        "require_user_click": false,
+        "red_background": false,
+        "delay": 0
+    },
+    "pubkeys": [
+        "e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351",
+        "d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869",
+        "772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef"
+    ]
+}

core/embed/vendorheader/T2B1/vendor_satoshilabs.json

@@ -0,0 +1,19 @@
+{
+    "header_len": 4608,
+    "text": "SatoshiLabs",
+    "hw_model": "T2B1",
+    "expiry": 0,
+    "version": [0, 0],
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": false,
+        "require_user_click": false,
+        "red_background": false,
+        "delay": 0
+    },
+    "pubkeys": [
+        "bf4e6f004fcb32cec683f22c88c1a86c1518c6de8ac97002d84a63bea3e375dd",
+        "d2def691c1e9d809d8190cf7af935c10688f68983479b4ee9abac19104878ec1",
+        "07c85134946bf89fa19bdc2c5e5ff9ce01296508ee0863d0ff6d63331d1a2516"
+    ]
+}

core/embed/vendorheader/T2B1/vendor_unsafe.json

@@ -0,0 +1,19 @@
+{
+    "header_len": 4608,
+    "text": "UNSAFE, DO NOT USE!",
+    "hw_model": "T2B1",
+    "expiry": 0,
+    "version": [0, 0],
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": true,
+        "require_user_click": true,
+        "red_background": true,
+        "delay": 1
+    },
+    "pubkeys": [
+        "e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351",
+        "d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869",
+        "772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef"
+    ]
+}

core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.toif

@@ -0,0 +1 @@
+vendor_satoshilabs.toif

core/embed/vendorheader/generate.sh

@@ -1,16 +1,24 @@
-BUILDVH=../../tools/build_vendorheader
-BINCTL=../../tools/headertool.py
+#!/usr/bin/env bash
 
 cd $(dirname $0)
 
-# construct all vendor headers
-for fn in *.json; do
-    name=$(echo $fn | sed 's/vendor_\(.*\)\.json/\1/')
-    $BUILDVH vendor_${name}.json vendor_${name}.toif vendorheader_${name}_unsigned.bin
-done
+BUILDVH=$(realpath ../../tools/build_vendorheader)
+BINCTL=$(realpath ../../tools/headertool.py)
+
+MODELS=(T2T1 T2B1)
+
+for MODEL in ${MODELS[@]}; do
+    cd $MODEL
+    # construct all vendor headers
+    for fn in *.json; do
+        name=$(echo $fn | sed 's/vendor_\(.*\)\.json/\1/')
+        $BUILDVH vendor_${name}.json vendor_${name}.toif vendorheader_${name}_unsigned.bin
+    done
 
-# sign dev and QA vendor header
-for name in unsafe qa_DO_NOT_SIGN; do
-    cp -a vendorheader_${name}_unsigned.bin vendorheader_${name}_signed_dev.bin
-    $BINCTL -D vendorheader_${name}_signed_dev.bin
+    # sign dev and QA vendor header
+    for name in unsafe qa_DO_NOT_SIGN; do
+        cp -a vendorheader_${name}_unsigned.bin vendorheader_${name}_signed_dev.bin
+        $BINCTL -D vendorheader_${name}_signed_dev.bin
+    done
+    cd ..
 done