update bootloader padding/alignment and integrate build process for bootloader and firmware

README.md

@@ -1,17 +1,17 @@
-# TREZOR Firmware
+# TREZOR One Bootloader and Firmware
 
 [![Build Status](https://travis-ci.org/trezor/trezor-mcu.svg?branch=master)](https://travis-ci.org/trezor/trezor-mcu) [![gitter](https://badges.gitter.im/trezor/community.svg)](https://gitter.im/trezor/community)
 
 https://trezor.io/
 
-## How to build TREZOR firmware?
+## How to build the TREZOR bootloader and firmware?
 
 1. [Install Docker](https://docs.docker.com/engine/installation/)
 2. `git clone https://github.com/trezor/trezor-mcu.git`
 3. `cd trezor-mcu`
-4. `./build-firmware.sh TAG` (where TAG is v1.5.0 for example, if left blank the script builds latest commit in master branch)
+4. `./build.sh BOOTLOADER_TAG FIRMWARE_TAG` (where BOOTLOADER_TAG is bl1.5.0 and FIRMWARE_TAG is v1.7.0 for example, if left blank the script builds latest commit in master branch)
 
-This creates file `build/trezor-TAG.bin` and prints its fingerprint and size at the end of the build log.
+This creates the files `build/bootloader-BOOTLOADER_TAG.bin` and `build/trezor-FIRMWARE_TAG.bin` and prints their fingerprints and sizes at the end of the build log.
 
 ## How to build TREZOR emulator for Linux?
 
@@ -22,15 +22,6 @@ This creates file `build/trezor-TAG.bin` and prints its fingerprint and size at
 
 This creates binary file `build/trezor-emulator-TAG`, which can be run and works as a trezor emulator. (Use `TREZOR_OLED_SCALE` env. variable to make screen bigger.)
 
-## How to build TREZOR bootloader?
-
-1. [Install Docker](https://docs.docker.com/engine/installation/)
-2. `git clone https://github.com/trezor/trezor-mcu.git`
-3. `cd trezor-mcu`
-4. `./build-bootloader.sh TAG` (where TAG is bl1.3.2 for example, if left blank the script builds latest commit in master branch)
-
-This creates file `build/bootloader-TAG.bin` and prints its fingerprint and size at the end of the build log.
-
 ## How to get fingerprint of firmware signed and distributed by SatoshiLabs?
 
 1. Pick version of firmware binary listed on https://wallet.trezor.io/data/firmware/1/releases.json

bootloader/firmware_align.py

@@ -7,5 +7,5 @@ fs = os.stat(fn).st_size
 if fs > 32768:
 	raise Exception('bootloader has to be smaller than 32768 bytes')
 with open(fn, 'ab') as f:
-	f.write(b'\xFF' * (32768 - fs))
+	f.write(b'\x00' * (32768 - fs))
 	f.close()

build-bootloader.sh

@@ -1,30 +0,0 @@
-#!/bin/bash
-set -e
-
-IMAGE=trezor-mcu-build
-TAG=${1:-master}
-BINFILE=build/bootloader-$TAG.bin
-ELFFILE=build/bootloader-$TAG.elf
-
-docker build -t $IMAGE .
-docker run -t -v $(pwd)/build:/build:z $IMAGE /bin/sh -c "\
-	git clone https://github.com/trezor/trezor-mcu && \
-	cd trezor-mcu && \
-	git checkout $TAG && \
-	git submodule update --init && \
-	make -C vendor/libopencm3 && \
-	make && \
-	make -C bootloader align && \
-	cp bootloader/bootloader.bin /$BINFILE && \
-	cp bootloader/bootloader.elf /$ELFFILE"
-/usr/bin/env python -c "
-from __future__ import print_function
-import hashlib
-import sys
-fn = sys.argv[1]
-data = open(fn, 'rb').read()
-print('\n\n')
-print('Filename    :', fn)
-print('Fingerprint :', hashlib.sha256(hashlib.sha256(data).digest()).hexdigest())
-print('Size        : %d bytes (out of %d maximum)' % (len(data), 32768))
-" $BINFILE

build-firmware.sh

@@ -1,34 +0,0 @@
-#!/bin/bash
-set -e
-
-IMAGE=trezor-mcu-build
-TAG=${1:-master}
-BINFILE=build/trezor-$TAG.bin
-ELFFILE=build/trezor-$TAG.elf
-
-docker build -t $IMAGE .
-docker run -t -v $(pwd)/build:/build:z $IMAGE /bin/sh -c "\
-	git clone https://github.com/trezor/trezor-mcu && \
-	cd trezor-mcu && \
-	git checkout $TAG && \
-	git submodule update --init && \
-	make -C vendor/libopencm3 && \
-	make -C vendor/nanopb/generator/proto && \
-	make -C firmware/protob && \
-	make && \
-	make -C bootloader && \
-	make -C firmware sign && \
-	cp firmware/trezor.bin /$BINFILE && \
-	cp firmware/trezor.elf /$ELFFILE"
-
-/usr/bin/env python -c "
-from __future__ import print_function
-import hashlib
-import sys
-fn = sys.argv[1]
-data = open(fn, 'rb').read()
-print('\n\n')
-print('Filename    :', fn)
-print('Fingerprint :', hashlib.sha256(data[256:]).hexdigest())
-print('Size        : %d bytes (out of %d maximum)' % (len(data), 491520))
-" $BINFILE

build.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+set -e
+
+IMAGE=trezor-mcu-build
+
+BOOTLOADER_TAG=${1:-master}
+FIRMWARE_TAG=${2:-master}
+
+BOOTLOADER_BINFILE=build/bootloader-$BOOTLOADER_TAG.bin
+BOOTLOADER_ELFFILE=build/bootloader-$BOOTLOADER_TAG.elf
+
+FIRMWARE_BINFILE=build/trezor-$FIRMWARE_TAG.bin
+FIRMWARE_ELFFILE=build/trezor-$FIRMWARE_TAG.elf
+
+docker build -t $IMAGE .
+docker run -t -v $(pwd)/build:/build:z $IMAGE /bin/sh -c "\
+	cd /tmp && \
+	git clone https://github.com/trezor/trezor-mcu.git trezor-mcu-bl && \
+	cd trezor-mcu-bl && \
+	git checkout $BOOTLOADER_TAG && \
+	git submodule update --init --recursive && \
+	make -C vendor/libopencm3 && \
+	make && \
+	make -C bootloader align && \
+	cp bootloader/bootloader.bin /$BOOTLOADER_BINFILE && \
+	cp bootloader/bootloader.elf /$BOOTLOADER_ELFFILE && \
+	cd /tmp && \
+	git clone https://github.com/trezor/trezor-mcu.git trezor-mcu-fw && \
+	cd trezor-mcu-fw && \
+	git checkout $FIRMWARE_TAG && \
+	git submodule update --init --recursive && \
+	make -C vendor/libopencm3 && \
+	make -C vendor/nanopb/generator/proto && \
+	make -C firmware/protob && \
+	make && \
+	cp /tmp/trezor-mcu-bl/bootloader/bootloader.bin bootloader/bootloader.bin
+	make -C firmware sign && \
+	cp firmware/trezor.bin /$FIRMWARE_BINFILE && \
+	cp firmware/trezor.elf /$FIRMWARE_ELFFILE
+	"
+
+/usr/bin/env python -c "
+from __future__ import print_function
+import hashlib
+import sys
+for arg in sys.argv[1:]:
+  (fn, max_size) = arg.split(':')
+  data = open(fn, 'rb').read()
+  print('\n\n')
+  print('Filename    :', fn)
+  print('Fingerprint :', hashlib.sha256(hashlib.sha256(data).digest()).hexdigest())
+  print('Size        : %d bytes (out of %d maximum)' % (len(data), int(max_size, 10)))
+" $BOOTLOADER_BINFILE:32768 $FIRMWARE_BINFILE:491520

firmware/bl_check.c

@@ -35,6 +35,8 @@ int known_bootloader(int r, const uint8_t *hash) {
 	if (0 == memcmp(hash, "\x3a\xcf\x2e\x51\x0b\x0f\xe1\x56\xb5\x58\xbb\xf7\x9c\x7e\x48\x5e\xb0\x26\xe5\xe0\x8c\xb4\x4d\x15\x2d\x44\xd6\x4e\x0c\x6a\x41\x37", 32)) return 1;  // 1.3.0b
 	if (0 == memcmp(hash, "\x15\x85\x21\x5b\xc6\xe5\x5a\x34\x07\xa8\xb3\xee\xe2\x79\x03\x4e\x95\xb9\xc4\x34\x00\x33\xe1\xb6\xae\x16\x0c\xe6\x61\x19\x67\x15", 32)) return 1;  // 1.3.1
 	if (0 == memcmp(hash, "\x76\x51\xb7\xca\xba\x5a\xae\x0c\xc1\xc6\x5c\x83\x04\xf7\x60\x39\x6f\x77\x60\x6c\xd3\x99\x0c\x99\x15\x98\xf0\xe2\x2a\x81\xe0\x07", 32)) return 1;  // 1.3.2
+	// note to those verifying these values: bootloader versions above this comment are aligned/padded to 32KiB with trailing 0xFF bytes and versions below are padded with 0x00.
+	//                                       for more info, refer to "make -C bootloader align" and "firmware/bl_data.py".
 	if (0 == memcmp(hash, "\x8c\xe8\xd7\x9e\xdf\x43\x0c\x03\x42\x64\x68\x6c\xa9\xb1\xd7\x8d\x26\xed\xb2\xac\xab\x71\x39\xbe\x8f\x98\x5c\x2a\x3c\x6c\xae\x11", 32)) return 1;  // 1.3.3
 	if (0 == memcmp(hash, "\x63\x30\xfc\xec\x16\x72\xfa\xd3\x0b\x42\x1b\x60\xf7\x4f\x83\x9a\x39\x39\x33\x45\x65\xcb\x70\x3b\x2b\xd7\x18\x2e\xa2\xdd\xa0\x19", 32)) return 1;  // 1.4.0
 	return 0;