From 319a665d0d1eec843ee744f599e932e48701ed58 Mon Sep 17 00:00:00 2001
From: matejcik <ja@matejcik.cz>
Date: Wed, 31 May 2023 14:47:22 +0200
Subject: [PATCH] chore(core): add T2B1 vendor header data

---
 core/SConscript.firmware                      |  12 ++++---
 core/SConscript.prodtest                      |   4 ++-
 core/SConscript.reflash                       |   4 ++-
 .../T2B1/vendor_qa_DO_NOT_SIGN.json           |  19 +++++++++++
 .../{ => T2B1}/vendor_qa_DO_NOT_SIGN.toif     |   0
 .../vendorheader/T2B1/vendor_satoshilabs.json |  19 +++++++++++
 .../vendorheader/T2B1/vendor_satoshilabs.toif | Bin 0 -> 213 bytes
 .../vendorheader/T2B1/vendor_unsafe.json      |  19 +++++++++++
 .../vendorheader/T2B1/vendor_unsafe.toif      | Bin 0 -> 219 bytes
 ...vendorheader_qa_DO_NOT_SIGN_signed_dev.bin | Bin 0 -> 4608 bytes
 .../vendorheader_qa_DO_NOT_SIGN_unsigned.bin  | Bin 0 -> 4608 bytes
 .../vendorheader_satoshilabs_unsigned.bin     | Bin 0 -> 4608 bytes
 .../T2B1/vendorheader_unsafe_signed_dev.bin   | Bin 0 -> 4608 bytes
 .../T2B1/vendorheader_unsafe_unsigned.bin     | Bin 0 -> 4608 bytes
 .../{ => T2T1}/vendor_prodtest.json           |   0
 .../{ => T2T1}/vendor_prodtest.toif           |   0
 .../{ => T2T1}/vendor_qa_DO_NOT_SIGN.json     |   0
 .../T2T1/vendor_qa_DO_NOT_SIGN.toif           |   1 +
 .../{ => T2T1}/vendor_satoshilabs.json        |   0
 .../{ => T2T1}/vendor_satoshilabs.toif        | Bin
 .../{ => T2T1}/vendor_unsafe.json             |   0
 .../{ => T2T1}/vendor_unsafe.toif             | Bin
 .../vendorheader_prodtest_signed_prod.bin     | Bin
 .../vendorheader_prodtest_unsigned.bin        | Bin
 ...vendorheader_qa_DO_NOT_SIGN_signed_dev.bin | Bin
 .../vendorheader_qa_DO_NOT_SIGN_unsigned.bin  | Bin
 .../vendorheader_satoshilabs_signed_prod.bin  | Bin
 .../vendorheader_satoshilabs_unsigned.bin     | Bin
 .../vendorheader_unsafe_signed_dev.bin        | Bin
 .../vendorheader_unsafe_signed_prod.bin       | Bin
 .../vendorheader_unsafe_unsigned.bin          | Bin
 core/embed/vendorheader/generate.sh           |  30 +++++++++++-------
 32 files changed, 90 insertions(+), 18 deletions(-)
 create mode 100644 core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.json
 rename core/embed/vendorheader/{ => T2B1}/vendor_qa_DO_NOT_SIGN.toif (100%)
 create mode 100644 core/embed/vendorheader/T2B1/vendor_satoshilabs.json
 create mode 100644 core/embed/vendorheader/T2B1/vendor_satoshilabs.toif
 create mode 100644 core/embed/vendorheader/T2B1/vendor_unsafe.json
 create mode 100644 core/embed/vendorheader/T2B1/vendor_unsafe.toif
 create mode 100644 core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin
 create mode 100644 core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin
 create mode 100644 core/embed/vendorheader/T2B1/vendorheader_satoshilabs_unsigned.bin
 create mode 100644 core/embed/vendorheader/T2B1/vendorheader_unsafe_signed_dev.bin
 create mode 100644 core/embed/vendorheader/T2B1/vendorheader_unsafe_unsigned.bin
 rename core/embed/vendorheader/{ => T2T1}/vendor_prodtest.json (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendor_prodtest.toif (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendor_qa_DO_NOT_SIGN.json (100%)
 create mode 120000 core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.toif
 rename core/embed/vendorheader/{ => T2T1}/vendor_satoshilabs.json (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendor_satoshilabs.toif (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendor_unsafe.json (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendor_unsafe.toif (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendorheader_prodtest_signed_prod.bin (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendorheader_prodtest_unsigned.bin (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendorheader_qa_DO_NOT_SIGN_unsigned.bin (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendorheader_satoshilabs_signed_prod.bin (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendorheader_satoshilabs_unsigned.bin (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendorheader_unsafe_signed_dev.bin (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendorheader_unsafe_signed_prod.bin (100%)
 rename core/embed/vendorheader/{ => T2T1}/vendorheader_unsafe_unsigned.bin (100%)

diff --git a/core/SConscript.firmware b/core/SConscript.firmware
index 30cb32f2ec..8fb1f7d8ff 100644
--- a/core/SConscript.firmware
+++ b/core/SConscript.firmware
@@ -794,15 +794,17 @@ cmake_gen = env.Command(
 
 
 MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
+BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
 if BOOTLOADER_QA:
-    VENDORHEADER = 'embed/vendorheader/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin'
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin'
     BOOTLOADER_SUFFIX = MODEL_IDENTIFIER + '_qa'
 elif PRODUCTION:
-    VENDORHEADER = 'embed/vendorheader/vendorheader_satoshilabs_signed_prod.bin'
-    BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_satoshilabs_signed_prod.bin'
+elif TREZOR_MODEL == 'R':
+    # XXX workaround for currently missing prod-signed vendorheader for T2B1
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_dev.bin'
 else:
-    VENDORHEADER = 'embed/vendorheader/vendorheader_unsafe_signed_prod.bin'
-    BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_prod.bin'
 
 obj_program.extend(
     env.Command(
diff --git a/core/SConscript.prodtest b/core/SConscript.prodtest
index efb2a4aeaa..cf196f4540 100644
--- a/core/SConscript.prodtest
+++ b/core/SConscript.prodtest
@@ -193,7 +193,9 @@ obj_program.extend(env.Object(source=SOURCE_PRODTEST))
 obj_program.extend(env.Object(source=SOURCE_STMHAL))
 obj_program.extend(env.Object(source=SOURCE_TREZORHAL))
 
-VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_prod.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'prodtest_signed_prod.bin')
+MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
+
+VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_' + ('unsafe_signed_prod.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'prodtest_signed_prod.bin')
 
 obj_program.extend(
     env.Command(
diff --git a/core/SConscript.reflash b/core/SConscript.reflash
index e3114886db..17528270da 100644
--- a/core/SConscript.reflash
+++ b/core/SConscript.reflash
@@ -181,7 +181,9 @@ obj_program += env.Object(source=SOURCE_REFLASH)
 obj_program += env.Object(source=SOURCE_STMHAL)
 obj_program += env.Object(source=SOURCE_TREZORHAL)
 
-VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
+MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
+
+VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
 
 obj_program.extend(
     env.Command(
diff --git a/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.json b/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.json
new file mode 100644
index 0000000000..77aa812863
--- /dev/null
+++ b/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.json
@@ -0,0 +1,19 @@
+{
+    "header_len": 4608,
+    "text": "QA ONLY, DO NOT USE!",
+    "hw_model": "T2B1",
+    "expiry": 0,
+    "version": [0, 0],
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": false,
+        "require_user_click": false,
+        "red_background": false,
+        "delay": 0
+    },
+    "pubkeys": [
+        "e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351",
+        "d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869",
+        "772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef"
+    ]
+}
diff --git a/core/embed/vendorheader/vendor_qa_DO_NOT_SIGN.toif b/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.toif
similarity index 100%
rename from core/embed/vendorheader/vendor_qa_DO_NOT_SIGN.toif
rename to core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.toif
diff --git a/core/embed/vendorheader/T2B1/vendor_satoshilabs.json b/core/embed/vendorheader/T2B1/vendor_satoshilabs.json
new file mode 100644
index 0000000000..f89f57049e
--- /dev/null
+++ b/core/embed/vendorheader/T2B1/vendor_satoshilabs.json
@@ -0,0 +1,19 @@
+{
+    "header_len": 4608,
+    "text": "SatoshiLabs",
+    "hw_model": "T2B1",
+    "expiry": 0,
+    "version": [0, 0],
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": false,
+        "require_user_click": false,
+        "red_background": false,
+        "delay": 0
+    },
+    "pubkeys": [
+        "bf4e6f004fcb32cec683f22c88c1a86c1518c6de8ac97002d84a63bea3e375dd",
+        "d2def691c1e9d809d8190cf7af935c10688f68983479b4ee9abac19104878ec1",
+        "07c85134946bf89fa19bdc2c5e5ff9ce01296508ee0863d0ff6d63331d1a2516"
+    ]
+}
diff --git a/core/embed/vendorheader/T2B1/vendor_satoshilabs.toif b/core/embed/vendorheader/T2B1/vendor_satoshilabs.toif
new file mode 100644
index 0000000000000000000000000000000000000000..4ba1fc365acf2a9eae19a517d4e5b894e4269e65
GIT binary patch
literal 213
zcmV;`04o1fPf15W06+lA0002(lFJbUAqYgtfc&%U4A{~d9OR?U>>igJ{iG3;=yw6>
z!3CBPi{i=xLq>YQYKSf7l5had(dVHdCIiHgriyH0qaj<F5%Yx&75T=8Tyk025B)Aj
z-=azRgx~g#U&QjBd(IW_4Y1`@aXR6$;<DyVaOs~v<?^04hHv=6|Dr7yZKnVIR_K81
z1p>doj@u1Qp}LvS2DY4?QEp!tz`a9VZmwc6mszZUJK*!SG@h`8e)e7CeVV54A(9N-
PWev_3w#37tpzq=XvxaVY

literal 0
HcmV?d00001

diff --git a/core/embed/vendorheader/T2B1/vendor_unsafe.json b/core/embed/vendorheader/T2B1/vendor_unsafe.json
new file mode 100644
index 0000000000..41699ae41c
--- /dev/null
+++ b/core/embed/vendorheader/T2B1/vendor_unsafe.json
@@ -0,0 +1,19 @@
+{
+    "header_len": 4608,
+    "text": "UNSAFE, DO NOT USE!",
+    "hw_model": "T2B1",
+    "expiry": 0,
+    "version": [0, 0],
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": true,
+        "require_user_click": true,
+        "red_background": true,
+        "delay": 1
+    },
+    "pubkeys": [
+        "e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351",
+        "d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869",
+        "772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef"
+    ]
+}
diff --git a/core/embed/vendorheader/T2B1/vendor_unsafe.toif b/core/embed/vendorheader/T2B1/vendor_unsafe.toif
new file mode 100644
index 0000000000000000000000000000000000000000..bb96de5fcb09cf98ea6883d9317e6ab7811acbe4
GIT binary patch
literal 219
zcmV<103`oZPf15W06+lG0002ZlED?kAP7Y5fd0Fr19#sVjKDBtZ}Fn=l|f*PH?8?y
z4JH?KapBL)0Qy6909`LjegUln%wKT5xsdRsK*J9&6wuqLh|iNx79I+8+_`{&6}Kp{
zdG;poce;BdRqvpH*~X(l$IaB^@CV=4?GE*lFk}9Q6Y+^hgZCS9cjWVi_?e13O8$z=
zT5>7CufpV^o*$LWRRhE71R4%z*$Mbj3~iUx=wPK6DO$tRAch1<`YSii#{(`E)+fBL
VZxO-3B+Kp*OfJZv7i7F(eE<gBYRdos

literal 0
HcmV?d00001

diff --git a/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin b/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin
new file mode 100644
index 0000000000000000000000000000000000000000..fac4d1b4652417f636c47b17ec5665ce0478bca2
GIT binary patch
literal 4608
zcmWFuiV9;8Vt@iB=KudgjGPQ%d<KR`U7ZD`#zuRK{(TXCwqetIX|J`nsumq|{A66H
zl~J}i@XEV`ZSyzoSn@(VFzf0{!_b<o8LWq2i@o@~g87>J{ff+Toh}#c+6{SPIlm8{
z*|X<fzTK{}B`^Cv|34}jpk#jSy-1*=g1?_nq>h4%zk;8Ch(c(vt0K_)5Pwg12L=a*
zlR);{Nv8!_6ggZ@HvHNAhUdm5DVZmW&%KeGF8z0j;FK5Tj4uzeP7~~Ybc)H@t?EEl
zhwigU1q|mdK3}M)#(ZSrvaXz@#fs501wXg)ivB#-9#a%~lmD-t`~5|pKU?m9>x)0~
zX<qd?(f7O?o`w`!J>2wY(=*?Km-FqPewt_AmjC16|3$juxy%0l4SUh>nw4q)fxg?k
zz6*EFyuh|?&fLJfc!>jhon!OXB^geST+?9v;PW<<c^g{lzQsPSowe+};v}9ssl4aJ
zw;egWXu<nO%!pteWsQcwXb6mkz-S1JhQMeDjE2By2#kinXb6mkz-S1JhQMeDjD`TQ
zA;A1R`PK5&thA}Q42Jyjxi)L3PurBw@ZiA02mgN_YhpLJ6Shj8VXnUOiyevaF7v`R
X<r(XJdwP40`Szecvu@Nxw6g#J>$%O4

literal 0
HcmV?d00001

diff --git a/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin b/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin
new file mode 100644
index 0000000000000000000000000000000000000000..5c4a762e524cf01a2ade684468747b8bd720f4f7
GIT binary patch
literal 4608
zcmWFuiV9;8Vt@iB=KudgjGPQ%d<KR`U7ZD`#zuRK{(TXCwqetIX|J`nsumq|{A66H
zl~J}i@XEV`ZSyzoSn@(VFzf0{!_b<o8LWq2i@o@~g87>J{ff+Toh}#c+6{SPIlm8{
z*|X<fzTK{}B`^Cv|34}jpk#jSy-1*=g1?_nq>h4%zk;8Ch(c(vt0K_)5Pwg12L=a*
zlR);{Nv8!_6ggZ@HvHNAhUdm5DVZmW&%KeGF8z0j;FK5Tj4uzeP7~~Ybc)H@t?EEl
zhwigU1q|mdK3}M)#(ZSrvaXz@#fs501wXg)ivB#-9#a%~lmD-t`~5|pKU?m9>x)0~
zX<qd?(f7O?o`w`!J>2wY(=*?Km-FqPewt_AmjC16|3$juxy%0l4SUh>nw4q)fxg?k
zz6*EFyuh|?&fLJfc!>jhon!OXB^geST+?9v;PW<<c^g{lzQsPSowe+};v}9ssl4aJ
zw;egWXu<nO%!pteWsQcwXb6mkz-S1JhQMeDjE2By2#kinXb6mkz-S1JhQMeDjD`T+
GLI42cRIOeB

literal 0
HcmV?d00001

diff --git a/core/embed/vendorheader/T2B1/vendorheader_satoshilabs_unsigned.bin b/core/embed/vendorheader/T2B1/vendorheader_satoshilabs_unsigned.bin
new file mode 100644
index 0000000000000000000000000000000000000000..e0c06fb39e5de93352ea16e301ac41db4b8cd879
GIT binary patch
literal 4608
zcmWFuiV9;8Vt@iB=KudgjGPQ%d<KU7e)$akr;W}XYyPCuad1VBsKl{*T_+2eZg?f{
zTl~26?xlO*CLVlwgY$+Y&-e9{V+1n#GiI1nZh1Fr*TIP_?R^K?PXwAw$^J2a;p{s)
zaq&OTF>0oAyyHl|@IN=%SXN3^j5|27B)>Q#(<d>hIK<!6-GRY@;Uv)dx06l_vM6%6
zoNV~B`3=vFOHwjV7N2_~H(mPg62U1i${AlCWSu71{pb{vvs=}HtPb60lL{ElU3|V!
zQH}Y?#ARJMNsASuX9|99<rV#TtUabE@+SXZJ@@;IJb$*_|JE0O<kP(BbE5BgH#`j~
zw0gMd(WYm<1uy5@Km9b%ye<F7!T*bN#dDYa{~PwA;WaDM{sVotd3_h|nt6e3+nl+9
zdGQhl_BzMrtxGbT9=WE$`oZUICi6D5)P0M6Tsv#od&NmScT#!JiEle{c+rCQkC+ib
vIm#Lhfzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C0SN&BepRSo

literal 0
HcmV?d00001

diff --git a/core/embed/vendorheader/T2B1/vendorheader_unsafe_signed_dev.bin b/core/embed/vendorheader/T2B1/vendorheader_unsafe_signed_dev.bin
new file mode 100644
index 0000000000000000000000000000000000000000..df3c90c1ec52633c8d2548550e45ba71444a8e4c
GIT binary patch
literal 4608
zcmWFuiV9;8Vt@iB=Dz<SMoxw>J_Ey}uFir|W23!A|Go%6+py`qwAb2ORf`Tfeljl9
z$|&0$c;(%}w)q=(EO{Xwn00lfVQ9_P4A#T1#a?_~!F<jAenn=vPM3>z?S?$DoZkn}
z?AdcK-)>jgl9zp-{~whMP%^*vUO3b**wM{ZN5REk!OuTLAvD-kF~r}~-GRY@;XKe8
zXD1yLJ)*$j^0wjM?j_9S_oaFc7^LKXT=Ze8V?vMl+Mlt!YT_k@56_=w_~l&65UcN9
z$GDc|OnkxKofAGRbvVqgFLL4b%8v7s{l(<CO784zXb|15v9a=-+K2L8)heOy7c|^F
zw%FnL*(;Afu;0J-mhbB%gXDkh!XG=`o4-pJl|T91_G4z3wb#F{(@{m52i6~YvT&aK
z)H9*XhhMQs@ul75{1M2LJN?Rwgr(w|QHL)pw6S>p(l$SLoLNuwn);sg`GN-zsGNQ$
z=%aUHfq2TEgjz(nj<QBWU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%%E
z$Pi$DEjlxFNA?l{yNdx+*4W25*H{)WVfR=%b>*9OHU5LmKJ4K;4E>hv3{g-I{jgtZ
XIfu&x!#|qWgc{n7Ht=7yt7HcNm2<>^

literal 0
HcmV?d00001

diff --git a/core/embed/vendorheader/T2B1/vendorheader_unsafe_unsigned.bin b/core/embed/vendorheader/T2B1/vendorheader_unsafe_unsigned.bin
new file mode 100644
index 0000000000000000000000000000000000000000..3fe85ef073327b905544513bb876de617f8c5e0a
GIT binary patch
literal 4608
zcmWFuiV9;8Vt@iB=Dz<SMoxw>J_Ey}uFir|W23!A|Go%6+py`qwAb2ORf`Tfeljl9
z$|&0$c;(%}w)q=(EO{Xwn00lfVQ9_P4A#T1#a?_~!F<jAenn=vPM3>z?S?$DoZkn}
z?AdcK-)>jgl9zp-{~whMP%^*vUO3b**wM{ZN5REk!OuTLAvD-kF~r}~-GRY@;XKe8
zXD1yLJ)*$j^0wjM?j_9S_oaFc7^LKXT=Ze8V?vMl+Mlt!YT_k@56_=w_~l&65UcN9
z$GDc|OnkxKofAGRbvVqgFLL4b%8v7s{l(<CO784zXb|15v9a=-+K2L8)heOy7c|^F
zw%FnL*(;Afu;0J-mhbB%gXDkh!XG=`o4-pJl|T91_G4z3wb#F{(@{m52i6~YvT&aK
z)H9*XhhMQs@ul75{1M2LJN?Rwgr(w|QHL)pw6S>p(l$SLoLNuwn);sg`GN-zsGNQ$
z=%aUHfq2TEgjz(nj<QBWU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%%E
HULgPg{lKXV

literal 0
HcmV?d00001

diff --git a/core/embed/vendorheader/vendor_prodtest.json b/core/embed/vendorheader/T2T1/vendor_prodtest.json
similarity index 100%
rename from core/embed/vendorheader/vendor_prodtest.json
rename to core/embed/vendorheader/T2T1/vendor_prodtest.json
diff --git a/core/embed/vendorheader/vendor_prodtest.toif b/core/embed/vendorheader/T2T1/vendor_prodtest.toif
similarity index 100%
rename from core/embed/vendorheader/vendor_prodtest.toif
rename to core/embed/vendorheader/T2T1/vendor_prodtest.toif
diff --git a/core/embed/vendorheader/vendor_qa_DO_NOT_SIGN.json b/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.json
similarity index 100%
rename from core/embed/vendorheader/vendor_qa_DO_NOT_SIGN.json
rename to core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.json
diff --git a/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.toif b/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.toif
new file mode 120000
index 0000000000..32ec8b2595
--- /dev/null
+++ b/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.toif
@@ -0,0 +1 @@
+vendor_satoshilabs.toif
\ No newline at end of file
diff --git a/core/embed/vendorheader/vendor_satoshilabs.json b/core/embed/vendorheader/T2T1/vendor_satoshilabs.json
similarity index 100%
rename from core/embed/vendorheader/vendor_satoshilabs.json
rename to core/embed/vendorheader/T2T1/vendor_satoshilabs.json
diff --git a/core/embed/vendorheader/vendor_satoshilabs.toif b/core/embed/vendorheader/T2T1/vendor_satoshilabs.toif
similarity index 100%
rename from core/embed/vendorheader/vendor_satoshilabs.toif
rename to core/embed/vendorheader/T2T1/vendor_satoshilabs.toif
diff --git a/core/embed/vendorheader/vendor_unsafe.json b/core/embed/vendorheader/T2T1/vendor_unsafe.json
similarity index 100%
rename from core/embed/vendorheader/vendor_unsafe.json
rename to core/embed/vendorheader/T2T1/vendor_unsafe.json
diff --git a/core/embed/vendorheader/vendor_unsafe.toif b/core/embed/vendorheader/T2T1/vendor_unsafe.toif
similarity index 100%
rename from core/embed/vendorheader/vendor_unsafe.toif
rename to core/embed/vendorheader/T2T1/vendor_unsafe.toif
diff --git a/core/embed/vendorheader/vendorheader_prodtest_signed_prod.bin b/core/embed/vendorheader/T2T1/vendorheader_prodtest_signed_prod.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_prodtest_signed_prod.bin
rename to core/embed/vendorheader/T2T1/vendorheader_prodtest_signed_prod.bin
diff --git a/core/embed/vendorheader/vendorheader_prodtest_unsigned.bin b/core/embed/vendorheader/T2T1/vendorheader_prodtest_unsigned.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_prodtest_unsigned.bin
rename to core/embed/vendorheader/T2T1/vendorheader_prodtest_unsigned.bin
diff --git a/core/embed/vendorheader/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin b/core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin
rename to core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin
diff --git a/core/embed/vendorheader/vendorheader_qa_DO_NOT_SIGN_unsigned.bin b/core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_qa_DO_NOT_SIGN_unsigned.bin
rename to core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin
diff --git a/core/embed/vendorheader/vendorheader_satoshilabs_signed_prod.bin b/core/embed/vendorheader/T2T1/vendorheader_satoshilabs_signed_prod.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_satoshilabs_signed_prod.bin
rename to core/embed/vendorheader/T2T1/vendorheader_satoshilabs_signed_prod.bin
diff --git a/core/embed/vendorheader/vendorheader_satoshilabs_unsigned.bin b/core/embed/vendorheader/T2T1/vendorheader_satoshilabs_unsigned.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_satoshilabs_unsigned.bin
rename to core/embed/vendorheader/T2T1/vendorheader_satoshilabs_unsigned.bin
diff --git a/core/embed/vendorheader/vendorheader_unsafe_signed_dev.bin b/core/embed/vendorheader/T2T1/vendorheader_unsafe_signed_dev.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_unsafe_signed_dev.bin
rename to core/embed/vendorheader/T2T1/vendorheader_unsafe_signed_dev.bin
diff --git a/core/embed/vendorheader/vendorheader_unsafe_signed_prod.bin b/core/embed/vendorheader/T2T1/vendorheader_unsafe_signed_prod.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_unsafe_signed_prod.bin
rename to core/embed/vendorheader/T2T1/vendorheader_unsafe_signed_prod.bin
diff --git a/core/embed/vendorheader/vendorheader_unsafe_unsigned.bin b/core/embed/vendorheader/T2T1/vendorheader_unsafe_unsigned.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_unsafe_unsigned.bin
rename to core/embed/vendorheader/T2T1/vendorheader_unsafe_unsigned.bin
diff --git a/core/embed/vendorheader/generate.sh b/core/embed/vendorheader/generate.sh
index ae8b1d7579..1ef321f003 100755
--- a/core/embed/vendorheader/generate.sh
+++ b/core/embed/vendorheader/generate.sh
@@ -1,16 +1,24 @@
-BUILDVH=../../tools/build_vendorheader
-BINCTL=../../tools/headertool.py
+#!/usr/bin/env bash
 
 cd $(dirname $0)
 
-# construct all vendor headers
-for fn in *.json; do
-    name=$(echo $fn | sed 's/vendor_\(.*\)\.json/\1/')
-    $BUILDVH vendor_${name}.json vendor_${name}.toif vendorheader_${name}_unsigned.bin
-done
+BUILDVH=$(realpath ../../tools/build_vendorheader)
+BINCTL=$(realpath ../../tools/headertool.py)
 
-# sign dev and QA vendor header
-for name in unsafe qa_DO_NOT_SIGN; do
-    cp -a vendorheader_${name}_unsigned.bin vendorheader_${name}_signed_dev.bin
-    $BINCTL -D vendorheader_${name}_signed_dev.bin
+MODELS=(T2T1 T2B1)
+
+for MODEL in ${MODELS[@]}; do
+    cd $MODEL
+    # construct all vendor headers
+    for fn in *.json; do
+        name=$(echo $fn | sed 's/vendor_\(.*\)\.json/\1/')
+        $BUILDVH vendor_${name}.json vendor_${name}.toif vendorheader_${name}_unsigned.bin
+    done
+
+    # sign dev and QA vendor header
+    for name in unsafe qa_DO_NOT_SIGN; do
+        cp -a vendorheader_${name}_unsigned.bin vendorheader_${name}_signed_dev.bin
+        $BINCTL -D vendorheader_${name}_signed_dev.bin
+    done
+    cd ..
 done