diff --git a/core/Makefile b/core/Makefile index fddf4de11..3cbbdccb2 100644 --- a/core/Makefile +++ b/core/Makefile @@ -23,6 +23,7 @@ PRODUCTION ?= 0 PYOPT ?= 1 BITCOIN_ONLY ?= 0 BOOTLOADER_QA ?= 0 +BOOTLOADER_DEVEL ?= 0 TREZOR_MODEL ?= T TREZOR_MEMPERF ?= 0 ADDRESS_SANITIZER ?= 0 @@ -177,7 +178,7 @@ build_boardloader: ## build boardloader build_bootloader: ## build bootloader $(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" TREZOR_MODEL="$(TREZOR_MODEL)" \ - CMAKELISTS="$(CMAKELISTS)" BOOTLOADER_QA="$(BOOTLOADER_QA)" $(BOOTLOADER_BUILD_DIR)/bootloader.bin + CMAKELISTS="$(CMAKELISTS)" BOOTLOADER_QA="$(BOOTLOADER_QA)" BOOTLOADER_DEVEL="$(BOOTLOADER_DEVEL)" $(BOOTLOADER_BUILD_DIR)/bootloader.bin build_bootloader_ci: ## build CI device testing bootloader $(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" TREZOR_MODEL="$(TREZOR_MODEL)" \ @@ -188,7 +189,7 @@ build_bootloader_emu: ## build the unix bootloader emulator build_prodtest: ## build production test firmware $(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" TREZOR_MODEL="$(TREZOR_MODEL)" \ - CMAKELISTS="$(CMAKELISTS)" $(PRODTEST_BUILD_DIR)/prodtest.bin + CMAKELISTS="$(CMAKELISTS)" BOOTLOADER_DEVEL="$(BOOTLOADER_DEVEL)" $(PRODTEST_BUILD_DIR)/prodtest.bin build_reflash: ## build reflash firmware + reflash image $(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" TREZOR_MODEL="$(TREZOR_MODEL)" \ @@ -200,7 +201,7 @@ build_firmware: templates build_cross ## build firmware with frozen modules $(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" \ TREZOR_MODEL="$(TREZOR_MODEL)" CMAKELISTS="$(CMAKELISTS)" \ PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" \ - BOOTLOADER_QA="$(BOOTLOADER_QA)" $(FIRMWARE_BUILD_DIR)/firmware.bin + BOOTLOADER_QA="$(BOOTLOADER_QA)" BOOTLOADER_DEVEL="$(BOOTLOADER_DEVEL)" $(FIRMWARE_BUILD_DIR)/firmware.bin build_unix: templates ## build unix port $(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) \ diff --git a/core/SConscript.firmware b/core/SConscript.firmware index 61c774a34..80d905229 100644 --- a/core/SConscript.firmware +++ b/core/SConscript.firmware @@ -7,6 +7,7 @@ import tools BITCOIN_ONLY = ARGUMENTS.get('BITCOIN_ONLY', '0') PRODUCTION = ARGUMENTS.get('PRODUCTION', '0') == '1' BOOTLOADER_QA = ARGUMENTS.get('BOOTLOADER_QA', '0') == '1' +BOOTLOADER_DEVEL = ARGUMENTS.get('BOOTLOADER_DEVEL', '0') == '1' EVERYTHING = BITCOIN_ONLY != '1' TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T') CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0)) @@ -747,6 +748,8 @@ if BOOTLOADER_QA: BOOTLOADER_SUFFIX = MODEL_IDENTIFIER + '_qa' elif PRODUCTION: VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_satoshilabs_signed_prod.bin' +elif BOOTLOADER_DEVEL: + VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_dev.bin' else: VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_prod.bin' diff --git a/core/SConscript.prodtest b/core/SConscript.prodtest index e679bca12..91ca10753 100644 --- a/core/SConscript.prodtest +++ b/core/SConscript.prodtest @@ -5,6 +5,8 @@ import tools TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T') CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0)) +PRODUCTION = ARGUMENTS.get('PRODUCTION', '0') == '1' +BOOTLOADER_DEVEL = ARGUMENTS.get('BOOTLOADER_DEVEL', '0') == '1' if TREZOR_MODEL in ('DISC1', ): # skip prodtest build @@ -162,7 +164,14 @@ obj_program.extend(env.Object(source=SOURCE_HAL)) MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL) -VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_' + ('unsafe_signed_prod.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'prodtest_signed_prod.bin') +if PRODUCTION: + VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_prodtest_signed_prod.bin' +elif BOOTLOADER_DEVEL: + VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_dev.bin' +else: + VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_prod.bin' + + obj_program.extend( env.Command( diff --git a/core/embed/bootloader/.changelog.d/+84ec609d.changed b/core/embed/bootloader/.changelog.d/+84ec609d.changed new file mode 100644 index 000000000..59a197ce9 --- /dev/null +++ b/core/embed/bootloader/.changelog.d/+84ec609d.changed @@ -0,0 +1 @@ +When building a `PRODUCTION=0` bootloader, it will recognize the development signing keys instead of production ones. diff --git a/core/embed/bootloader/main.c b/core/embed/bootloader/main.c index b22b75361..009801291 100644 --- a/core/embed/bootloader/main.c +++ b/core/embed/bootloader/main.c @@ -68,7 +68,7 @@ const uint8_t BOOTLOADER_KEY_M = 2; const uint8_t BOOTLOADER_KEY_N = 3; static const uint8_t * const BOOTLOADER_KEYS[] = { -#if BOOTLOADER_QA +#if !PRODUCTION /*** DEVEL/QA KEYS ***/ (const uint8_t *)"\xd7\x59\x79\x3b\xbc\x13\xa2\x81\x9a\x82\x7c\x76\xad\xb6\xfb\xa8\xa4\x9a\xee\x00\x7f\x49\xf2\xd0\x99\x2d\x99\xb8\x25\xad\x2c\x48", (const uint8_t *)"\x63\x55\x69\x1c\x17\x8a\x8f\xf9\x10\x07\xa7\x47\x8a\xfb\x95\x5e\xf7\x35\x2c\x63\xe7\xb2\x57\x03\x98\x4c\xf7\x8b\x26\xe2\x1a\x56",