core: improve building of vendor headers

2025-03-28 22:15:42 +00:00 · 2020-01-03 16:43:44 +01:00 · 2020-01-03 16:43:44 +01:00 · 9341f0d584
commit 9341f0d584
parent c03ac3f8dd
5 changed files with 67 additions and 70 deletions
--- a/core/embed/vendorheader/generate.sh
+++ b/core/embed/vendorheader/generate.sh
@ -1,13 +1,12 @@
 BINCTL=../../tools/binctl
 KEYCTL=../../tools/keyctl
 BUILDVH=../../tools/build_vendorheader
 BINCTL=../../tools/headertool.py
-# construct the default unsafe vendor header
+# construct all vendor headers
-$BUILDVH e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 xxx...x "UNSAFE, DO NOT USE!" vendor_unsafe.toif vendorheader_unsafe_unsigned.bin
+for fn in *.json; do
    name=$(echo $fn | sed 's/vendor_\(.*\)\.json/\1/')
    $BUILDVH vendor_${name}.json vendor_${name}.toif vendorheader_${name}_unsigned.bin
 done
-# sign the default unsafe vendor header using development keys
+# sign dev vendor header
 cp -a vendorheader_unsafe_unsigned.bin vendorheader_unsafe_signed_dev.bin
-$BINCTL vendorheader_unsafe_signed_dev.bin -s 1:2 `$KEYCTL sign vendorheader vendorheader_unsafe_signed_dev.bin 4444444444444444444444444444444444444444444444444444444444444444 4545454545454545454545454545454545454545454545454545454545454545`
+$BINCTL -D vendorheader_unsafe_signed_dev.bin
 # construct SatoshiLabs vendor header
 $BUILDVH 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:9af22a52ab47a93091403612b3d6731a2dfef8a33383048ed7556a20e8b03c81:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 ....... SatoshiLabs vendor_satoshilabs.toif vendorheader_satoshilabs_unsigned.bin
--- a/core/embed/vendorheader/vendor_satoshilabs.json
+++ b/core/embed/vendorheader/vendor_satoshilabs.json
@ -0,0 +1,20 @@
 {
    "text": "SatoshiLabs",
    "expiry": 0,
    "version": {
        "major": 0,
        "minor": 0
    },
    "sig_m": 2,
    "trust": {
        "show_vendor_string": false,
        "require_user_click": false,
        "red_background": false,
        "delay": 0
    },
    "pubkeys": [
        "47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d",
        "9af22a52ab47a93091403612b3d6731a2dfef8a33383048ed7556a20e8b03c81",
        "2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830"
    ]
 }
--- a/core/embed/vendorheader/vendor_unsafe.json
+++ b/core/embed/vendorheader/vendor_unsafe.json
@ -0,0 +1,20 @@
 {
    "text": "UNSAFE, DO NOT USE!",
    "expiry": 0,
    "version": {
        "major": 0,
        "minor": 0
    },
    "sig_m": 2,
    "trust": {
        "show_vendor_string": true,
        "require_user_click": true,
        "red_background": true,
        "delay": 1
    },
    "pubkeys": [
        "e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351",
        "d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869",
        "772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef"
    ]
 }
--- a/core/tools/build_vendorheader
+++ b/core/tools/build_vendorheader
@ -1,65 +1,23 @@
 #!/usr/bin/env python3
-import sys
+import json
-import struct
+
-import binascii
+import click
 from trezorlib import firmware
-# encode vendor name, add length byte and padding to multiple of 4
+@click.command()
-def encode_vendor(vname):
+@click.argument("specfile", type=click.File("r"))
-    vbin = vname.encode()
+@click.argument("image", type=click.File("rb"))
-    vbin = struct.pack("<B", len(vbin)) + vbin
+@click.argument("outfile", type=click.File("wb"))
-    vbin += b"\0" * (-len(vbin) & 3)
+def build_vendorheader(specfile, image, outfile):
-    return vbin
+    spec = json.load(specfile)
    spec["pubkeys"] = [bytes.fromhex(k) for k in spec["pubkeys"]]
    spec["image"] = firmware.Toif.parse(image.read())
    spec["sigmask"] = 0
    spec["signature"] = b"\x00" * 64
    outfile.write(firmware.VendorHeader.build(spec))
-def encode_pubkey(pubkey):
+if __name__ == "__main__":
-    if len(pubkey) != 64:
+    build_vendorheader()
        raise Exception("Wrong public key length")
    return binascii.unhexlify(pubkey)
 def decode_vtrust(vtrust):
    t = 0xFFFF
    for i, b in enumerate(reversed(vtrust)):
        if b != ".":
            t &= ~(1 << i)
    return t
 def main():
    if len(sys.argv) < 7:
        print(
            'Usage build_vendorheader "pubkey1hex:pubkey2hex:..." m version vendortrust vendorname vendorimage.toif vendorheader.bin'
        )
        return 1
    keys = [encode_pubkey(x) for x in sys.argv[1].split(":")]
    m = int(sys.argv[2])
    (vmajor, vminor) = [int(x) for x in sys.argv[3].split(".")]
    vtrust = decode_vtrust(sys.argv[4])
    vname = sys.argv[5]
    ifn = sys.argv[6]
    ofn = sys.argv[7]
    if not ifn.endswith(".toif"):
        print("Must provide TOIF file")
        return 2
    expiry = 0
    vheader = b"TRZV" + struct.pack(
        "<IIBBBBH", 0, expiry, vmajor, vminor, m, len(keys), vtrust
    )
    vheader += 14 * b"\0"
    for k in keys:
        vheader += k
    vheader += encode_vendor(vname) + open(ifn, "rb").read()
    padding = 65 + (-len(vheader) - 65) & 511
    vheader += b"\0" * padding
    # put in length
    vheader = vheader[0:4] + struct.pack("<I", len(vheader)) + vheader[8:]
    with open(ofn, "wb") as f:
        f.write(vheader)
 main()
--- a/python/src/trezorlib/_internal/firmware_headers.py
+++ b/python/src/trezorlib/_internal/firmware_headers.py
@ -173,7 +173,7 @@ class SignableImage:
        raise NotImplementedError
    def rehash(self) -> None:
-        raise NotImplementedError
+        pass
    def insert_signature(self, signature: bytes, sigmask: int) -> None:
        self.header.signature = signature