Howto for deterministic builds

10 years ago · a6105fbcb8
parent c97b9348ff
commit a6105fbcb8
1 changed files with 22 additions and 1 deletions
--- a/23
+++ b/23
@ -1,3 +1,24 @@
-Embedded software for TREZOR
+TREZOR firmware

 http://bitcointrezor.com/
+
+How to build Trezor firmware?
+=============================
+1. Install Docker (docker.com)
+2. git clone git@github.com:trezor/trezor-mcu.git
+3. cd trezor-mcu
+4. ./firmware-docker-build.sh
+
+This generates trezor.bin in current directory and prints sha256 fingerprint on last line of build log.
+
+How to get sha256 fingerprint of firmware signed and distributed by SatoshiLabs?
+================================================================================
+1. Pick proper version of firmware binary listed on https://mytrezor.com/data/firmware/releases.json
+2. Download it: wget -O trezor.signed.bin.hex https://mytrezor.com/data/firmware/trezor-1.1.0.bin.hex
+3. xxd -r -p trezor.signed.bin.hex trezor.signed.bin
+4. ./firmware-fingerprint.sh trezor.signed.bin
+
+Step 4 should produce the same sha256 fingerprint like your local build.
+
+The reasoning behind "firmware-fingerprint.sh" is that signed firmware has special header holding signatures themselves,
+which must be removed before calculating fingerprint.