1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-26 09:28:13 +00:00

tools: use combine_sign to compute signatures, binctl just for adding to binary

This commit is contained in:
Pavol Rusnak 2017-10-25 22:51:38 +02:00
parent 57f2eee5bf
commit 46fdb8bcb4
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
4 changed files with 37 additions and 7 deletions

View File

@ -150,13 +150,12 @@ gdb_firmware: $(FIRMWARE_BUILD_DIR)/firmware.elf ## start remote gdb session to
## misc commands:
vendorheader: ## construct default vendor header
vendorheader: ## construct and sign the default vendor header
./tools/build_vendorheader e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 10 DEVELOPMENT assets/vendor_devel.toif embed/firmware/vendorheader.bin
./tools/binctl embed/firmware/vendorheader.bin -s 1:2 4444444444444444444444444444444444444444444444444444444444444444:4545454545454545454545454545454545454545454545454545454545454545
./tools/binctl embed/firmware/vendorheader.bin -s 1:2 `./tools/combine_sign vendorheader embed/firmware/vendorheader.bin 4444444444444444444444444444444444444444444444444444444444444444 4545454545454545454545454545454545454545454545454545454545454545`
vendorheader_sl: ## construct SatoshiLabs vendor header
./tools/build_vendorheader 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:03fdd9a9c3911652d5effca4540d96ed92d85850a47d256ab0a2d728c0d1a298:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 80 SatoshiLabs assets/vendor_satoshilabs.toif embed/firmware/vendorheader_sl.bin
./tools/binctl embed/firmware/vendorheader_sl.bin -s 1:2 trezor:trezor
binctl: ## print info about binary files
./tools/binctl $(BOOTLOADER_BUILD_DIR)/bootloader.bin

View File

@ -146,7 +146,9 @@ env.Replace(
ASPPFLAGS='$CFLAGS $CCFLAGS', )
env.Replace(
BINCTL='tools/binctl', )
BINCTL='tools/binctl',
COMBINE_SIGN='tools/combine_sign',
)
#
# Program objects
@ -170,5 +172,5 @@ program_bin = env.Command(
source=program_elf,
action=[
'$OBJCOPY -O binary -j .header -j .flash -j .data $SOURCE $TARGET',
'$BINCTL $TARGET -s 1:2 4141414141414141414141414141414141414141414141414141414141414141:4242424242424242424242424242424242424242424242424242424242424242',
'$BINCTL $TARGET -s 1:2 `$COMBINE_SIGN bootloader $TARGET 4141414141414141414141414141414141414141414141414141414141414141 4242424242424242424242424242424242424242424242424242424242424242`',
], )

View File

@ -353,7 +353,9 @@ env.Replace(
MAKEVERSIONHDR='$PYTHON vendor/micropython/py/makeversionhdr.py',
MPY_TOOL='$PYTHON vendor/micropython/tools/mpy-tool.py',
MPY_CROSS='vendor/micropython/mpy-cross/mpy-cross',
BINCTL='tools/binctl', )
BINCTL='tools/binctl',
COMBINE_SIGN='tools/combine_sign',
)
#
# Micropython version
@ -428,5 +430,5 @@ program_bin = env.Command(
source=program_elf,
action=[
'$OBJCOPY -O binary -j .header -j .flash -j .data $SOURCE $TARGET',
'$BINCTL $TARGET -s 1:2 4747474747474747474747474747474747474747474747474747474747474747:4848484848484848484848484848484848484848484848484848484848484848',
'$BINCTL $TARGET -s 1:2 `$COMBINE_SIGN firmware $TARGET 4747474747474747474747474747474747474747474747474747474747474747 4848484848484848484848484848484848484848484848484848484848484848`',
], )

27
tools/combine_sign Executable file
View File

@ -0,0 +1,27 @@
#!/bin/bash
TOOLDIR=$(dirname $0)
TYPE=$1
FILE=$2
shift
shift
SECKEYS=$*
COMMITS=""
for seckey in $SECKEYS; do
commit=$( $TOOLDIR/keyctl commit $TYPE $FILE $seckey )
COMMITS="$COMMITS $commit"
done
global_commit=$( $TOOLDIR/keyctl global_commit $COMMITS )
SIGS=""
for seckey in $SECKEYS; do
sig=$( $TOOLDIR/keyctl sign $TYPE $FILE $global_commit $seckey )
SIGS="$SIGS $sig"
done
$TOOLDIR/keyctl global_sign $FILE $global_commit $SIGS