1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-26 16:18:22 +00:00

build: rework vendorheader handling, move them to embed/vendorheader

This commit is contained in:
Pavol Rusnak 2018-01-31 14:45:02 +01:00
parent 2625c940db
commit cf9c97288e
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
15 changed files with 25 additions and 15 deletions

View File

@ -180,16 +180,8 @@ gdb_firmware: $(FIRMWARE_BUILD_DIR)/firmware.elf ## start remote gdb session to
## misc commands:
vendorheader: ## construct and sign the default vendor header
./tools/build_vendorheader e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 x.....x DEVELOPMENT assets/vendor_devel.toif embed/firmware/vendorheader.bin
./tools/binctl embed/firmware/vendorheader.bin -s 1:2 `./tools/keyctl sign vendorheader embed/firmware/vendorheader.bin 4444444444444444444444444444444444444444444444444444444444444444 4545454545454545454545454545454545454545454545454545454545454545`
vendorheader_sl: ## construct SatoshiLabs vendor header
./tools/build_vendorheader 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:9af22a52ab47a93091403612b3d6731a2dfef8a33383048ed7556a20e8b03c81:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 ....... SatoshiLabs assets/vendor_satoshilabs.toif embed/firmware/vendorheader_sl.bin
binctl: ## print info about binary files
./tools/binctl $(BOOTLOADER_BUILD_DIR)/bootloader.bin
./tools/binctl embed/firmware/vendorheader.bin
./tools/binctl $(PRODTEST_BUILD_DIR)/prodtest.bin
./tools/binctl $(FIRMWARE_BUILD_DIR)/firmware.bin

View File

@ -286,7 +286,7 @@ SOURCE_PY.extend(Glob('src/*/*/*/*.py'))
SOURCE_PY.extend(Glob('src/*/*/*/*/*.py'))
SOURCE_PY_DIR = 'src/'
env = Environment(ENV=os.environ, CFLAGS=ARGUMENTS.get('CFLAGS', ''))
env = Environment(ENV=os.environ, CFLAGS='%s -DPRODUCTION=%s' % (ARGUMENTS.get('CFLAGS', ''), ARGUMENTS.get('PRODUCTION', '0')))
env.Tool('micropython')
@ -395,10 +395,12 @@ obj_program.extend(env.Object(source=SOURCE_STMHAL))
obj_program.extend(env.Object(source=SOURCE_TREZORHAL))
obj_program.extend(env.Object(source=source_mpyc))
VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
obj_program.extend(
env.Command(
target='embed/firmware/vendorheader.o',
source='embed/firmware/vendorheader.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'embed/firmware/vendorheader_sl_signed.bin',
source=VENDORHEADER,
action='$OBJCOPY -I binary -O elf32-littlearm -B arm'
' --rename-section .data=.vendorheader,alloc,load,readonly,contents'
' $SOURCE $TARGET', ))

View File

@ -133,10 +133,12 @@ obj_program += env.Object(source=SOURCE_PRODTEST)
obj_program += env.Object(source=SOURCE_STMHAL)
obj_program += env.Object(source=SOURCE_TREZORHAL)
VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
obj_program.extend(
env.Command(
target='embed/prodtest/vendorheader.o',
source='embed/firmware/vendorheader.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'embed/firmware/vendorheader_sl_signed.bin',
source=VENDORHEADER,
action='$OBJCOPY -I binary -O elf32-littlearm -B arm'
' --rename-section .data=.vendorheader,alloc,load,readonly,contents'
' $SOURCE $TARGET', ))

View File

@ -133,10 +133,12 @@ obj_program += env.Object(source=SOURCE_REFLASH)
obj_program += env.Object(source=SOURCE_STMHAL)
obj_program += env.Object(source=SOURCE_TREZORHAL)
VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
obj_program.extend(
env.Command(
target='embed/reflash/vendorheader.o',
source='embed/firmware/vendorheader.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'embed/firmware/vendorheader_sl_signed.bin',
source=VENDORHEADER,
action='$OBJCOPY -I binary -O elf32-littlearm -B arm'
' --rename-section .data=.vendorheader,alloc,load,readonly,contents'
' $SOURCE $TARGET', ))

Binary file not shown.

View File

@ -12,4 +12,4 @@ docker run -t -v $(pwd)/build-docker:/build:z $IMAGE /bin/sh -c "\
ln -s /build build &&
git checkout $TAG && \
git submodule update --init --recursive && \
make clean vendor vendorheader build_boardloader build_bootloader build_prodtest build_firmware"
make clean vendor build_boardloader build_bootloader build_prodtest build_firmware"

View File

@ -12,4 +12,4 @@ docker run -t -v $(pwd)/build-docker:/build:z $IMAGE /bin/sh -c "\
ln -s /build build &&
git checkout $TAG && \
git submodule update --init --recursive && \
make clean vendor vendorheader build_boardloader build_bootloader build_prodtest build_firmware"
make clean vendor build_boardloader build_bootloader build_prodtest build_firmware"

View File

@ -1 +0,0 @@
vendorheader.bin

13
embed/vendorheader/generate.sh Executable file
View File

@ -0,0 +1,13 @@
BINCTL=../../tools/binctl
KEYCTL=../../tools/keyctl
BUILDVH=../../tools/build_vendorheader
# construct the default unsafe vendor header
$BUILDVH e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 xxx...x "UNSAFE, DO NOT USE!" vendor_unsafe.toif vendorheader_unsafe_unsigned.bin
# sign the default unsafe vendor header using development keys
cp -a vendorheader_unsafe_unsigned.bin vendorheader_unsafe_signed_dev.bin
$BINCTL vendorheader_unsafe_signed_dev.bin -s 1:2 `$KEYCTL sign vendorheader vendorheader_unsafe_signed_dev.bin 4444444444444444444444444444444444444444444444444444444444444444 4545454545454545454545454545454545454545454545454545454545454545`
# construct SatoshiLabs vendor header
$BUILDVH 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:9af22a52ab47a93091403612b3d6731a2dfef8a33383048ed7556a20e8b03c81:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 ....... SatoshiLabs vendor_satoshilabs.toif vendorheader_satoshilabs_unsigned.bin

Binary file not shown.

Binary file not shown.

Binary file not shown.