1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 04:18:10 +00:00

chore(core): add T2B1 vendor header data

This commit is contained in:
matejcik 2023-05-31 14:47:22 +02:00
parent b6c2f2e5ba
commit 319a665d0d
32 changed files with 90 additions and 18 deletions

View File

@ -794,15 +794,17 @@ cmake_gen = env.Command(
MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
if BOOTLOADER_QA:
VENDORHEADER = 'embed/vendorheader/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin'
VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin'
BOOTLOADER_SUFFIX = MODEL_IDENTIFIER + '_qa'
elif PRODUCTION:
VENDORHEADER = 'embed/vendorheader/vendorheader_satoshilabs_signed_prod.bin'
BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_satoshilabs_signed_prod.bin'
elif TREZOR_MODEL == 'R':
# XXX workaround for currently missing prod-signed vendorheader for T2B1
VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_dev.bin'
else:
VENDORHEADER = 'embed/vendorheader/vendorheader_unsafe_signed_prod.bin'
BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_prod.bin'
obj_program.extend(
env.Command(

View File

@ -193,7 +193,9 @@ obj_program.extend(env.Object(source=SOURCE_PRODTEST))
obj_program.extend(env.Object(source=SOURCE_STMHAL))
obj_program.extend(env.Object(source=SOURCE_TREZORHAL))
VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_prod.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'prodtest_signed_prod.bin')
MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_' + ('unsafe_signed_prod.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'prodtest_signed_prod.bin')
obj_program.extend(
env.Command(

View File

@ -181,7 +181,9 @@ obj_program += env.Object(source=SOURCE_REFLASH)
obj_program += env.Object(source=SOURCE_STMHAL)
obj_program += env.Object(source=SOURCE_TREZORHAL)
VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
obj_program.extend(
env.Command(

View File

@ -0,0 +1,19 @@
{
"header_len": 4608,
"text": "QA ONLY, DO NOT USE!",
"hw_model": "T2B1",
"expiry": 0,
"version": [0, 0],
"sig_m": 2,
"trust": {
"show_vendor_string": false,
"require_user_click": false,
"red_background": false,
"delay": 0
},
"pubkeys": [
"e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351",
"d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869",
"772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef"
]
}

View File

@ -0,0 +1,19 @@
{
"header_len": 4608,
"text": "SatoshiLabs",
"hw_model": "T2B1",
"expiry": 0,
"version": [0, 0],
"sig_m": 2,
"trust": {
"show_vendor_string": false,
"require_user_click": false,
"red_background": false,
"delay": 0
},
"pubkeys": [
"bf4e6f004fcb32cec683f22c88c1a86c1518c6de8ac97002d84a63bea3e375dd",
"d2def691c1e9d809d8190cf7af935c10688f68983479b4ee9abac19104878ec1",
"07c85134946bf89fa19bdc2c5e5ff9ce01296508ee0863d0ff6d63331d1a2516"
]
}

Binary file not shown.

View File

@ -0,0 +1,19 @@
{
"header_len": 4608,
"text": "UNSAFE, DO NOT USE!",
"hw_model": "T2B1",
"expiry": 0,
"version": [0, 0],
"sig_m": 2,
"trust": {
"show_vendor_string": true,
"require_user_click": true,
"red_background": true,
"delay": 1
},
"pubkeys": [
"e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351",
"d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869",
"772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef"
]
}

Binary file not shown.

View File

@ -0,0 +1 @@
vendor_satoshilabs.toif

View File

@ -1,16 +1,24 @@
BUILDVH=../../tools/build_vendorheader
BINCTL=../../tools/headertool.py
#!/usr/bin/env bash
cd $(dirname $0)
# construct all vendor headers
for fn in *.json; do
name=$(echo $fn | sed 's/vendor_\(.*\)\.json/\1/')
$BUILDVH vendor_${name}.json vendor_${name}.toif vendorheader_${name}_unsigned.bin
done
BUILDVH=$(realpath ../../tools/build_vendorheader)
BINCTL=$(realpath ../../tools/headertool.py)
# sign dev and QA vendor header
for name in unsafe qa_DO_NOT_SIGN; do
cp -a vendorheader_${name}_unsigned.bin vendorheader_${name}_signed_dev.bin
$BINCTL -D vendorheader_${name}_signed_dev.bin
MODELS=(T2T1 T2B1)
for MODEL in ${MODELS[@]}; do
cd $MODEL
# construct all vendor headers
for fn in *.json; do
name=$(echo $fn | sed 's/vendor_\(.*\)\.json/\1/')
$BUILDVH vendor_${name}.json vendor_${name}.toif vendorheader_${name}_unsigned.bin
done
# sign dev and QA vendor header
for name in unsafe qa_DO_NOT_SIGN; do
cp -a vendorheader_${name}_unsigned.bin vendorheader_${name}_signed_dev.bin
$BINCTL -D vendorheader_${name}_signed_dev.bin
done
cd ..
done