mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-27 08:38:07 +00:00
build: rework vendorheader handling, move them to embed/vendorheader
This commit is contained in:
parent
2625c940db
commit
cf9c97288e
8
Makefile
8
Makefile
@ -180,16 +180,8 @@ gdb_firmware: $(FIRMWARE_BUILD_DIR)/firmware.elf ## start remote gdb session to
|
||||
|
||||
## misc commands:
|
||||
|
||||
vendorheader: ## construct and sign the default vendor header
|
||||
./tools/build_vendorheader e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 x.....x DEVELOPMENT assets/vendor_devel.toif embed/firmware/vendorheader.bin
|
||||
./tools/binctl embed/firmware/vendorheader.bin -s 1:2 `./tools/keyctl sign vendorheader embed/firmware/vendorheader.bin 4444444444444444444444444444444444444444444444444444444444444444 4545454545454545454545454545454545454545454545454545454545454545`
|
||||
|
||||
vendorheader_sl: ## construct SatoshiLabs vendor header
|
||||
./tools/build_vendorheader 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:9af22a52ab47a93091403612b3d6731a2dfef8a33383048ed7556a20e8b03c81:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 ....... SatoshiLabs assets/vendor_satoshilabs.toif embed/firmware/vendorheader_sl.bin
|
||||
|
||||
binctl: ## print info about binary files
|
||||
./tools/binctl $(BOOTLOADER_BUILD_DIR)/bootloader.bin
|
||||
./tools/binctl embed/firmware/vendorheader.bin
|
||||
./tools/binctl $(PRODTEST_BUILD_DIR)/prodtest.bin
|
||||
./tools/binctl $(FIRMWARE_BUILD_DIR)/firmware.bin
|
||||
|
||||
|
@ -286,7 +286,7 @@ SOURCE_PY.extend(Glob('src/*/*/*/*.py'))
|
||||
SOURCE_PY.extend(Glob('src/*/*/*/*/*.py'))
|
||||
SOURCE_PY_DIR = 'src/'
|
||||
|
||||
env = Environment(ENV=os.environ, CFLAGS=ARGUMENTS.get('CFLAGS', ''))
|
||||
env = Environment(ENV=os.environ, CFLAGS='%s -DPRODUCTION=%s' % (ARGUMENTS.get('CFLAGS', ''), ARGUMENTS.get('PRODUCTION', '0')))
|
||||
|
||||
env.Tool('micropython')
|
||||
|
||||
@ -395,10 +395,12 @@ obj_program.extend(env.Object(source=SOURCE_STMHAL))
|
||||
obj_program.extend(env.Object(source=SOURCE_TREZORHAL))
|
||||
obj_program.extend(env.Object(source=source_mpyc))
|
||||
|
||||
VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
|
||||
|
||||
obj_program.extend(
|
||||
env.Command(
|
||||
target='embed/firmware/vendorheader.o',
|
||||
source='embed/firmware/vendorheader.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'embed/firmware/vendorheader_sl_signed.bin',
|
||||
source=VENDORHEADER,
|
||||
action='$OBJCOPY -I binary -O elf32-littlearm -B arm'
|
||||
' --rename-section .data=.vendorheader,alloc,load,readonly,contents'
|
||||
' $SOURCE $TARGET', ))
|
||||
|
@ -133,10 +133,12 @@ obj_program += env.Object(source=SOURCE_PRODTEST)
|
||||
obj_program += env.Object(source=SOURCE_STMHAL)
|
||||
obj_program += env.Object(source=SOURCE_TREZORHAL)
|
||||
|
||||
VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
|
||||
|
||||
obj_program.extend(
|
||||
env.Command(
|
||||
target='embed/prodtest/vendorheader.o',
|
||||
source='embed/firmware/vendorheader.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'embed/firmware/vendorheader_sl_signed.bin',
|
||||
source=VENDORHEADER,
|
||||
action='$OBJCOPY -I binary -O elf32-littlearm -B arm'
|
||||
' --rename-section .data=.vendorheader,alloc,load,readonly,contents'
|
||||
' $SOURCE $TARGET', ))
|
||||
|
@ -133,10 +133,12 @@ obj_program += env.Object(source=SOURCE_REFLASH)
|
||||
obj_program += env.Object(source=SOURCE_STMHAL)
|
||||
obj_program += env.Object(source=SOURCE_TREZORHAL)
|
||||
|
||||
VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
|
||||
|
||||
obj_program.extend(
|
||||
env.Command(
|
||||
target='embed/reflash/vendorheader.o',
|
||||
source='embed/firmware/vendorheader.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'embed/firmware/vendorheader_sl_signed.bin',
|
||||
source=VENDORHEADER,
|
||||
action='$OBJCOPY -I binary -O elf32-littlearm -B arm'
|
||||
' --rename-section .data=.vendorheader,alloc,load,readonly,contents'
|
||||
' $SOURCE $TARGET', ))
|
||||
|
Binary file not shown.
@ -12,4 +12,4 @@ docker run -t -v $(pwd)/build-docker:/build:z $IMAGE /bin/sh -c "\
|
||||
ln -s /build build &&
|
||||
git checkout $TAG && \
|
||||
git submodule update --init --recursive && \
|
||||
make clean vendor vendorheader build_boardloader build_bootloader build_prodtest build_firmware"
|
||||
make clean vendor build_boardloader build_bootloader build_prodtest build_firmware"
|
||||
|
@ -12,4 +12,4 @@ docker run -t -v $(pwd)/build-docker:/build:z $IMAGE /bin/sh -c "\
|
||||
ln -s /build build &&
|
||||
git checkout $TAG && \
|
||||
git submodule update --init --recursive && \
|
||||
make clean vendor vendorheader build_boardloader build_bootloader build_prodtest build_firmware"
|
||||
make clean vendor build_boardloader build_bootloader build_prodtest build_firmware"
|
||||
|
1
embed/firmware/.gitignore
vendored
1
embed/firmware/.gitignore
vendored
@ -1 +0,0 @@
|
||||
vendorheader.bin
|
13
embed/vendorheader/generate.sh
Executable file
13
embed/vendorheader/generate.sh
Executable file
@ -0,0 +1,13 @@
|
||||
BINCTL=../../tools/binctl
|
||||
KEYCTL=../../tools/keyctl
|
||||
BUILDVH=../../tools/build_vendorheader
|
||||
|
||||
# construct the default unsafe vendor header
|
||||
$BUILDVH e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 xxx...x "UNSAFE, DO NOT USE!" vendor_unsafe.toif vendorheader_unsafe_unsigned.bin
|
||||
|
||||
# sign the default unsafe vendor header using development keys
|
||||
cp -a vendorheader_unsafe_unsigned.bin vendorheader_unsafe_signed_dev.bin
|
||||
$BINCTL vendorheader_unsafe_signed_dev.bin -s 1:2 `$KEYCTL sign vendorheader vendorheader_unsafe_signed_dev.bin 4444444444444444444444444444444444444444444444444444444444444444 4545454545454545454545454545454545454545454545454545454545454545`
|
||||
|
||||
# construct SatoshiLabs vendor header
|
||||
$BUILDVH 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:9af22a52ab47a93091403612b3d6731a2dfef8a33383048ed7556a20e8b03c81:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 ....... SatoshiLabs vendor_satoshilabs.toif vendorheader_satoshilabs_unsigned.bin
|
BIN
embed/vendorheader/vendor_unsafe.toif
Normal file
BIN
embed/vendorheader/vendor_unsafe.toif
Normal file
Binary file not shown.
BIN
embed/vendorheader/vendorheader_satoshilabs_unsigned.bin
Normal file
BIN
embed/vendorheader/vendorheader_satoshilabs_unsigned.bin
Normal file
Binary file not shown.
BIN
embed/vendorheader/vendorheader_unsafe_signed_dev.bin
Normal file
BIN
embed/vendorheader/vendorheader_unsafe_signed_dev.bin
Normal file
Binary file not shown.
BIN
embed/vendorheader/vendorheader_unsafe_unsigned.bin
Normal file
BIN
embed/vendorheader/vendorheader_unsafe_unsigned.bin
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user