arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-07-28 01:18:16 +00:00
Code Issues Releases Wiki Activity

chore(core): use precompiled and pre-signed secmon for unsafe FW

Browse Source 
[no changelog]
This commit is contained in:
tychovrahe 2025-06-16 09:47:23 +02:00 committed by TychoVrahe
parent 98c5bb7686
commit 918cae17eb
5 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/Makefile
View File

@ -327,7 +327,7 @@ build_kernel: ## build kernel image
$(SCONS) $(KERNEL_BUILD_DIR)/kernel.bin $(SCONS) $(KERNEL_BUILD_DIR)/kernel.bin
build_firmware: MICROPY_ENABLE_SOURCE_LINE ?= 0 build_firmware: MICROPY_ENABLE_SOURCE_LINE ?= 0
build_firmware: templates build_cross build_secmon build_kernel ## build firmware with frozen modules build_firmware: templates build_cross $(if $(or $(filter 1,$(PRODUCTION)),$(filter 1,$(UNSAFE_FW))),,build_secmon) build_kernel ## build firmware with frozen modules
$(SCONS) $(FIRMWARE_BUILD_DIR)/firmware.bin $(SCONS) $(FIRMWARE_BUILD_DIR)/firmware.bin
build_unix: MICROPY_ENABLE_SOURCE_LINE ?= 1 build_unix: MICROPY_ENABLE_SOURCE_LINE ?= 1

17
core/SConscript.kernel
View File

@ -8,6 +8,7 @@ BITCOIN_ONLY = ARGUMENTS.get('BITCOIN_ONLY', '0')
PRODUCTION = ARGUMENTS.get('PRODUCTION', '0') == '1' PRODUCTION = ARGUMENTS.get('PRODUCTION', '0') == '1'
BOOTLOADER_QA = ARGUMENTS.get('BOOTLOADER_QA', '0') == '1' BOOTLOADER_QA = ARGUMENTS.get('BOOTLOADER_QA', '0') == '1'
BOOTLOADER_DEVEL = ARGUMENTS.get('BOOTLOADER_DEVEL', '0') == '1' BOOTLOADER_DEVEL = ARGUMENTS.get('BOOTLOADER_DEVEL', '0') == '1'
UNSAFE_FW = ARGUMENTS.get('UNSAFE_FW', '0') == '1'
EVERYTHING = BITCOIN_ONLY != '1' EVERYTHING = BITCOIN_ONLY != '1'
TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T2T1') TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T2T1')
CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0)) CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0))
@ -400,6 +401,18 @@ else:
VENDORHEADER = f'embed/models/{TREZOR_MODEL}/vendorheader/vendorheader_{vendor}.bin' VENDORHEADER = f'embed/models/{TREZOR_MODEL}/vendorheader/vendorheader_{vendor}.bin'
if BOOTLOADER_DEVEL:
if UNSAFE_FW:
SECMON = f'embed/models/{TREZOR_MODEL}/secmon/secmon_DEV.bin'
SECMON_API = f'embed/models/{TREZOR_MODEL}/secmon/secmon_api_DEV.o'
else:
SECMON = f'build/secmon/secmon.bin'
SECMON_API = f'build/secmon/secmon_api.o'
else:
SECMON = f'embed/models/{TREZOR_MODEL}/secmon/secmon.bin'
SECMON_API = f'embed/models/{TREZOR_MODEL}/secmon/secmon_api.o'
obj_program.extend( obj_program.extend(
env.Command( env.Command(
@ -415,7 +428,7 @@ if "secmon_layout" in FEATURES_AVAILABLE:
env, env,
'secmon', 'secmon',
'build/secmon/secmon.o', 'build/secmon/secmon.o',
f'build/secmon/secmon.bin', SECMON,
) )
linkerscript_gen = env.Command( linkerscript_gen = env.Command(
@ -440,7 +453,7 @@ rust = tools.add_rust_lib(
if "secmon_layout" in FEATURES_AVAILABLE: if "secmon_layout" in FEATURES_AVAILABLE:
SECMON_LIB = 'build/secmon/secmon_api.o' SECMON_LIB = SECMON_API
else: else:
SECMON_LIB = '' SECMON_LIB = ''

1
core/SConscript.secmon
View File

@ -8,6 +8,7 @@ BITCOIN_ONLY = ARGUMENTS.get('BITCOIN_ONLY', '0')
PRODUCTION = ARGUMENTS.get('PRODUCTION', '0') == '1' PRODUCTION = ARGUMENTS.get('PRODUCTION', '0') == '1'
BOOTLOADER_QA = ARGUMENTS.get('BOOTLOADER_QA', '0') == '1' BOOTLOADER_QA = ARGUMENTS.get('BOOTLOADER_QA', '0') == '1'
BOOTLOADER_DEVEL = ARGUMENTS.get('BOOTLOADER_DEVEL', '0') == '1' BOOTLOADER_DEVEL = ARGUMENTS.get('BOOTLOADER_DEVEL', '0') == '1'
UNSAFE_FW = ARGUMENTS.get('UNSAFE_FW', '0') == '1'
EVERYTHING = BITCOIN_ONLY != '1' EVERYTHING = BITCOIN_ONLY != '1'
TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T2T1') TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T2T1')
CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0)) CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0))

BIN
core/embed/models/T3W1/secmon/secmon_DEV.bin Executable file
View File

Binary file not shown.

BIN
core/embed/models/T3W1/secmon/secmon_api_DEV.o Normal file
View File

Binary file not shown.