mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-13 19:18:56 +00:00
tools: use combine_sign to compute signatures, binctl just for adding to binary
This commit is contained in:
parent
57f2eee5bf
commit
46fdb8bcb4
5
Makefile
5
Makefile
@ -150,13 +150,12 @@ gdb_firmware: $(FIRMWARE_BUILD_DIR)/firmware.elf ## start remote gdb session to
|
||||
|
||||
## misc commands:
|
||||
|
||||
vendorheader: ## construct default vendor header
|
||||
vendorheader: ## construct and sign the default vendor header
|
||||
./tools/build_vendorheader e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 10 DEVELOPMENT assets/vendor_devel.toif embed/firmware/vendorheader.bin
|
||||
./tools/binctl embed/firmware/vendorheader.bin -s 1:2 4444444444444444444444444444444444444444444444444444444444444444:4545454545454545454545454545454545454545454545454545454545454545
|
||||
./tools/binctl embed/firmware/vendorheader.bin -s 1:2 `./tools/combine_sign vendorheader embed/firmware/vendorheader.bin 4444444444444444444444444444444444444444444444444444444444444444 4545454545454545454545454545454545454545454545454545454545454545`
|
||||
|
||||
vendorheader_sl: ## construct SatoshiLabs vendor header
|
||||
./tools/build_vendorheader 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:03fdd9a9c3911652d5effca4540d96ed92d85850a47d256ab0a2d728c0d1a298:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 80 SatoshiLabs assets/vendor_satoshilabs.toif embed/firmware/vendorheader_sl.bin
|
||||
./tools/binctl embed/firmware/vendorheader_sl.bin -s 1:2 trezor:trezor
|
||||
|
||||
binctl: ## print info about binary files
|
||||
./tools/binctl $(BOOTLOADER_BUILD_DIR)/bootloader.bin
|
||||
|
@ -146,7 +146,9 @@ env.Replace(
|
||||
ASPPFLAGS='$CFLAGS $CCFLAGS', )
|
||||
|
||||
env.Replace(
|
||||
BINCTL='tools/binctl', )
|
||||
BINCTL='tools/binctl',
|
||||
COMBINE_SIGN='tools/combine_sign',
|
||||
)
|
||||
|
||||
#
|
||||
# Program objects
|
||||
@ -170,5 +172,5 @@ program_bin = env.Command(
|
||||
source=program_elf,
|
||||
action=[
|
||||
'$OBJCOPY -O binary -j .header -j .flash -j .data $SOURCE $TARGET',
|
||||
'$BINCTL $TARGET -s 1:2 4141414141414141414141414141414141414141414141414141414141414141:4242424242424242424242424242424242424242424242424242424242424242',
|
||||
'$BINCTL $TARGET -s 1:2 `$COMBINE_SIGN bootloader $TARGET 4141414141414141414141414141414141414141414141414141414141414141 4242424242424242424242424242424242424242424242424242424242424242`',
|
||||
], )
|
||||
|
@ -353,7 +353,9 @@ env.Replace(
|
||||
MAKEVERSIONHDR='$PYTHON vendor/micropython/py/makeversionhdr.py',
|
||||
MPY_TOOL='$PYTHON vendor/micropython/tools/mpy-tool.py',
|
||||
MPY_CROSS='vendor/micropython/mpy-cross/mpy-cross',
|
||||
BINCTL='tools/binctl', )
|
||||
BINCTL='tools/binctl',
|
||||
COMBINE_SIGN='tools/combine_sign',
|
||||
)
|
||||
|
||||
#
|
||||
# Micropython version
|
||||
@ -428,5 +430,5 @@ program_bin = env.Command(
|
||||
source=program_elf,
|
||||
action=[
|
||||
'$OBJCOPY -O binary -j .header -j .flash -j .data $SOURCE $TARGET',
|
||||
'$BINCTL $TARGET -s 1:2 4747474747474747474747474747474747474747474747474747474747474747:4848484848484848484848484848484848484848484848484848484848484848',
|
||||
'$BINCTL $TARGET -s 1:2 `$COMBINE_SIGN firmware $TARGET 4747474747474747474747474747474747474747474747474747474747474747 4848484848484848484848484848484848484848484848484848484848484848`',
|
||||
], )
|
||||
|
27
tools/combine_sign
Executable file
27
tools/combine_sign
Executable file
@ -0,0 +1,27 @@
|
||||
#!/bin/bash
|
||||
|
||||
TOOLDIR=$(dirname $0)
|
||||
|
||||
TYPE=$1
|
||||
FILE=$2
|
||||
shift
|
||||
shift
|
||||
SECKEYS=$*
|
||||
|
||||
COMMITS=""
|
||||
|
||||
for seckey in $SECKEYS; do
|
||||
commit=$( $TOOLDIR/keyctl commit $TYPE $FILE $seckey )
|
||||
COMMITS="$COMMITS $commit"
|
||||
done
|
||||
|
||||
global_commit=$( $TOOLDIR/keyctl global_commit $COMMITS )
|
||||
|
||||
SIGS=""
|
||||
|
||||
for seckey in $SECKEYS; do
|
||||
sig=$( $TOOLDIR/keyctl sign $TYPE $FILE $global_commit $seckey )
|
||||
SIGS="$SIGS $sig"
|
||||
done
|
||||
|
||||
$TOOLDIR/keyctl global_sign $FILE $global_commit $SIGS
|
Loading…
Reference in New Issue
Block a user