mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-08 22:40:59 +00:00
build: rework docker build scripts, update readme
This commit is contained in:
parent
184529bbfc
commit
37e55bf5a6
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,4 +1,5 @@
|
|||||||
_attic/
|
_attic/
|
||||||
|
build/
|
||||||
*.o
|
*.o
|
||||||
*.a
|
*.a
|
||||||
*.d
|
*.d
|
||||||
|
14
README.md
14
README.md
@ -9,25 +9,23 @@ https://trezor.io/
|
|||||||
1. <a href="https://docs.docker.com/engine/installation/">Install Docker</a>
|
1. <a href="https://docs.docker.com/engine/installation/">Install Docker</a>
|
||||||
2. `git clone https://github.com/trezor/trezor-mcu.git`
|
2. `git clone https://github.com/trezor/trezor-mcu.git`
|
||||||
3. `cd trezor-mcu`
|
3. `cd trezor-mcu`
|
||||||
4. `./firmware-docker-build.sh TAG` (where TAG is v1.3.2 for example, if left blank the script builds latest commit)
|
4. `./build-firmware.sh TAG` (where TAG is v1.5.0 for example, if left blank the script builds latest commit in master branch)
|
||||||
|
|
||||||
This creates file `output/trezor-TAG.bin` and prints its fingerprint at the last line of the build log.
|
This creates file `build/trezor-TAG.bin` and prints its fingerprint and size at the end of the build log.
|
||||||
|
|
||||||
## How to build TREZOR bootloader?
|
## How to build TREZOR bootloader?
|
||||||
|
|
||||||
1. <a href="https://docs.docker.com/engine/installation/">Install Docker</a>
|
1. <a href="https://docs.docker.com/engine/installation/">Install Docker</a>
|
||||||
2. `git clone https://github.com/trezor/trezor-mcu.git`
|
2. `git clone https://github.com/trezor/trezor-mcu.git`
|
||||||
3. `cd trezor-mcu`
|
3. `cd trezor-mcu`
|
||||||
4. `./bootloader-docker-build.sh`
|
4. `./build-bootloader.sh TAG` (where TAG is bl1.3.2 for example, if left blank the script builds latest commit in master branch)
|
||||||
|
|
||||||
This creates file `output/bootloader.bin` and prints its fingerprint and size at the last line of the build log.
|
This creates file `build/bootloader-TAG.bin` and prints its fingerprint and size at the end of the build log.
|
||||||
|
|
||||||
## How to get fingerprint of firmware signed and distributed by SatoshiLabs?
|
## How to get fingerprint of firmware signed and distributed by SatoshiLabs?
|
||||||
|
|
||||||
1. Pick version of firmware binary listed on https://wallet.trezor.io/data/firmware/releases.json
|
1. Pick version of firmware binary listed on https://wallet.trezor.io/data/firmware/releases.json
|
||||||
2. Download it: `wget -O trezor.signed.bin https://wallet.trezor.io/data/firmware/trezor-1.3.6.bin`
|
2. Download it: `wget -O trezor.signed.bin https://wallet.trezor.io/data/firmware/trezor-1.3.6.bin`
|
||||||
3. `./firmware-fingerprint.sh trezor.signed.bin`
|
3. Compute fingerprint: `tail -c +257 trezor.signed.bin | sha256sum`
|
||||||
|
|
||||||
Step 3 should produce the same sha256 fingerprint like your local build (for the same version tag).
|
Step 3 should produce the same sha256 fingerprint like your local build (for the same version tag). Firmware has a special header (of length 256 bytes) holding signatures themselves, which must be avoided while calculating the fingerprint, that's why tail command has to be used.
|
||||||
|
|
||||||
The reasoning for `firmware-fingerprint.sh` script is that signed firmware has special header holding signatures themselves, which must be avoided while calculating the fingerprint.
|
|
||||||
|
@ -1,23 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -e
|
|
||||||
|
|
||||||
IMAGETAG=trezor-mcu-build
|
|
||||||
FIRMWARETAG=${1:-master}
|
|
||||||
|
|
||||||
docker build -t $IMAGETAG .
|
|
||||||
docker run -t -v $(pwd)/output:/output $IMAGETAG /bin/sh -c "\
|
|
||||||
git clone https://github.com/trezor/trezor-mcu && \
|
|
||||||
cd trezor-mcu && \
|
|
||||||
git checkout $FIRMWARETAG && \
|
|
||||||
git submodule update --init && \
|
|
||||||
CFLAGS='-std=c99' make -C vendor/libopencm3 && \
|
|
||||||
make && \
|
|
||||||
make -C bootloader align && \
|
|
||||||
cp bootloader/bootloader.bin /output/bootloader-$FIRMWARETAG.bin"
|
|
||||||
|
|
||||||
echo "---------------------"
|
|
||||||
echo "Bootloader fingerprint:"
|
|
||||||
FILENAME=output/bootloader-$FIRMWARETAG.bin
|
|
||||||
/usr/bin/env python -c "import hashlib ; print(hashlib.sha256(hashlib.sha256(open('$FILENAME', 'rb').read()).digest()).hexdigest())"
|
|
||||||
FILESIZE=$(stat -c%s "$FILENAME")
|
|
||||||
echo "Bootloader size: $FILESIZE bytes (out of 32768 maximum)"
|
|
30
build-bootloader.sh
Executable file
30
build-bootloader.sh
Executable file
@ -0,0 +1,30 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
IMAGE=trezor-mcu-build
|
||||||
|
TAG=${1:-master}
|
||||||
|
BINFILE=build/bootloader-$TAG.bin
|
||||||
|
|
||||||
|
docker build -t $IMAGE .
|
||||||
|
docker run -t -v $(pwd)/build:/build $IMAGE /bin/sh -c "\
|
||||||
|
git clone https://github.com/trezor/trezor-mcu && \
|
||||||
|
cd trezor-mcu && \
|
||||||
|
git checkout $TAG && \
|
||||||
|
git submodule update --init && \
|
||||||
|
CFLAGS='-std=c99' make -C vendor/libopencm3 && \
|
||||||
|
make && \
|
||||||
|
make -C bootloader && \
|
||||||
|
make -C bootloader align && \
|
||||||
|
cp bootloader/bootloader.bin /$BINFILE"
|
||||||
|
|
||||||
|
/usr/bin/env python -c "
|
||||||
|
from __future__ import print_function
|
||||||
|
import hashlib
|
||||||
|
import sys
|
||||||
|
fn = sys.argv[1]
|
||||||
|
data = open(fn, 'rb').read()
|
||||||
|
print('\n\n')
|
||||||
|
print('Filename :', fn)
|
||||||
|
print('Fingerprint :', hashlib.sha256(hashlib.sha256(data).digest()).hexdigest())
|
||||||
|
print('Size : %d bytes (out of %d maximum)' % (len(data), 32768))
|
||||||
|
" $BINFILE
|
30
build-firmware.sh
Executable file
30
build-firmware.sh
Executable file
@ -0,0 +1,30 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
IMAGE=trezor-mcu-build
|
||||||
|
TAG=${1:-master}
|
||||||
|
BINFILE=build/trezor-$TAG.bin
|
||||||
|
|
||||||
|
docker build -t $IMAGE .
|
||||||
|
docker run -t -v $(pwd)/build:/build $IMAGE /bin/sh -c "\
|
||||||
|
git clone https://github.com/trezor/trezor-mcu && \
|
||||||
|
cd trezor-mcu && \
|
||||||
|
git checkout $TAG && \
|
||||||
|
git submodule update --init && \
|
||||||
|
CFLAGS='-std=c99' make -C vendor/libopencm3 && \
|
||||||
|
make && \
|
||||||
|
make -C firmware && \
|
||||||
|
make -C firmware sign && \
|
||||||
|
cp firmware/trezor.bin /$BINFILE"
|
||||||
|
|
||||||
|
/usr/bin/env python -c "
|
||||||
|
from __future__ import print_function
|
||||||
|
import hashlib
|
||||||
|
import sys
|
||||||
|
fn = sys.argv[1]
|
||||||
|
data = open(fn, 'rb').read()
|
||||||
|
print('\n\n')
|
||||||
|
print('Filename :', fn)
|
||||||
|
print('Fingerprint :', hashlib.sha256(data[256:]).hexdigest())
|
||||||
|
print('Size : %d bytes (out of %d maximum)' % (len(data), 491520))
|
||||||
|
" $BINFILE
|
@ -1,24 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -e
|
|
||||||
|
|
||||||
IMAGETAG=trezor-mcu-build
|
|
||||||
FIRMWARETAG=${1:-master}
|
|
||||||
|
|
||||||
docker build -t $IMAGETAG .
|
|
||||||
docker run -t -v $(pwd)/output:/output $IMAGETAG /bin/sh -c "\
|
|
||||||
git clone https://github.com/trezor/trezor-mcu && \
|
|
||||||
cd trezor-mcu && \
|
|
||||||
git checkout $FIRMWARETAG && \
|
|
||||||
git submodule update --init && \
|
|
||||||
CFLAGS='-std=c99' make -C vendor/libopencm3 && \
|
|
||||||
make && \
|
|
||||||
make -C firmware && \
|
|
||||||
make -C firmware sign && \
|
|
||||||
cp firmware/trezor.bin /output/trezor-$FIRMWARETAG.bin"
|
|
||||||
|
|
||||||
echo "---------------------"
|
|
||||||
echo "Firmware fingerprint:"
|
|
||||||
FILENAME=output/trezor-$FIRMWARETAG.bin
|
|
||||||
tail -c +257 "$FILENAME" | sha256sum
|
|
||||||
FILESIZE=$(stat -c%s "$FILENAME")
|
|
||||||
echo "Firmware size: $FILESIZE bytes (out of 491520 maximum)"
|
|
@ -1,18 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -e
|
|
||||||
|
|
||||||
if [ -z "$1" ]; then
|
|
||||||
echo "Please provide filename as argument"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
MAGIC=`head -c +4 $1`
|
|
||||||
|
|
||||||
if [ "x$MAGIC" != "xTRZR" ]; then
|
|
||||||
echo "Missing magic characters 'TRZR', invalid firmware"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "---------------------"
|
|
||||||
echo "Firmware fingerprint:"
|
|
||||||
tail -c +257 $1 | sha256sum
|
|
Loading…
Reference in New Issue
Block a user