arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-11 16:00:57 +00:00
Code Issues Releases Wiki Activity

build: update scripts to respect PRODUCTION flag and don't sign with devel keys when it's set

Browse Source
This commit is contained in:
Pavol Rusnak 2018-01-30 15:32:53 +01:00
parent b79ea10434
commit ec52ff882f
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
5 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Makefile
View File

@ -90,15 +90,15 @@ build_bootloader: ## build bootloader
$(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" $(BOOTLOADER_BUILD_DIR)/bootloader.bin $(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" $(BOOTLOADER_BUILD_DIR)/bootloader.bin
build_prodtest: ## build production test firmware build_prodtest: ## build production test firmware
$(SCONS) CFLAGS="$(CFLAGS)" $(PRODTEST_BUILD_DIR)/prodtest.bin $(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" $(PRODTEST_BUILD_DIR)/prodtest.bin
build_reflash: ## build reflash firmware + reflash image build_reflash: ## build reflash firmware + reflash image
$(SCONS) CFLAGS="$(CFLAGS)" $(REFLASH_BUILD_DIR)/reflash.bin $(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" $(REFLASH_BUILD_DIR)/reflash.bin
dd if=build/boardloader/boardloader.bin of=$(REFLASH_BUILD_DIR)/sdimage.bin bs=1 seek=0 dd if=build/boardloader/boardloader.bin of=$(REFLASH_BUILD_DIR)/sdimage.bin bs=1 seek=0
dd if=build/bootloader/bootloader.bin of=$(REFLASH_BUILD_DIR)/sdimage.bin bs=1 seek=49152 dd if=build/bootloader/bootloader.bin of=$(REFLASH_BUILD_DIR)/sdimage.bin bs=1 seek=49152
build_firmware: res build_cross ## build firmware with frozen modules build_firmware: res build_cross ## build firmware with frozen modules
$(SCONS) CFLAGS="$(CFLAGS)" $(FIRMWARE_BUILD_DIR)/firmware.bin $(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" $(FIRMWARE_BUILD_DIR)/firmware.bin
build_unix: res ## build unix port build_unix: res ## build unix port
$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/micropython $(UNIX_PORT_OPTS) $(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/micropython $(UNIX_PORT_OPTS)
@ -187,9 +187,6 @@ vendorheader: ## construct and sign the default vendor header
vendorheader_sl: ## construct SatoshiLabs vendor header vendorheader_sl: ## construct SatoshiLabs vendor header
./tools/build_vendorheader 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:9af22a52ab47a93091403612b3d6731a2dfef8a33383048ed7556a20e8b03c81:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 ....... SatoshiLabs assets/vendor_satoshilabs.toif embed/firmware/vendorheader_sl.bin ./tools/build_vendorheader 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:9af22a52ab47a93091403612b3d6731a2dfef8a33383048ed7556a20e8b03c81:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 ....... SatoshiLabs assets/vendor_satoshilabs.toif embed/firmware/vendorheader_sl.bin
vendorheader_sl_signed: ## apply signed SatoshiLabs vendor header
cp embed/firmware/vendorheader_sl_signed.bin embed/firmware/vendorheader.bin
binctl: ## print info about binary files binctl: ## print info about binary files
./tools/binctl $(BOOTLOADER_BUILD_DIR)/bootloader.bin ./tools/binctl $(BOOTLOADER_BUILD_DIR)/bootloader.bin
./tools/binctl embed/firmware/vendorheader.bin ./tools/binctl embed/firmware/vendorheader.bin

2
SConscript.bootloader
View File

@ -182,5 +182,5 @@ program_bin = env.Command(
action=[ action=[
'$OBJCOPY -O binary -j .header -j .flash -j .data $SOURCE $TARGET', '$OBJCOPY -O binary -j .header -j .flash -j .data $SOURCE $TARGET',
'$BINCTL $TARGET -h', '$BINCTL $TARGET -h',
'$BINCTL $TARGET -s 1:2 `$KEYCTL sign bootloader $TARGET 4141414141414141414141414141414141414141414141414141414141414141 4242424242424242424242424242424242424242424242424242424242424242`', '$BINCTL $TARGET -s 1:2 `$KEYCTL sign bootloader $TARGET 4141414141414141414141414141414141414141414141414141414141414141 4242424242424242424242424242424242424242424242424242424242424242`' if ARGUMENTS.get('PRODUCTION', '0') == '0' else '',
], ) ], )

4
SConscript.firmware
View File

@ -398,7 +398,7 @@ obj_program.extend(env.Object(source=source_mpyc))
obj_program.extend( obj_program.extend(
env.Command( env.Command(
target='embed/firmware/vendorheader.o', target='embed/firmware/vendorheader.o',
source='embed/firmware/vendorheader.bin', source='embed/firmware/vendorheader.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'embed/firmware/vendorheader_sl_signed.bin',
action='$OBJCOPY -I binary -O elf32-littlearm -B arm' action='$OBJCOPY -I binary -O elf32-littlearm -B arm'
' --rename-section .data=.vendorheader,alloc,load,readonly,contents' ' --rename-section .data=.vendorheader,alloc,load,readonly,contents'
' $SOURCE $TARGET', )) ' $SOURCE $TARGET', ))
@ -418,5 +418,5 @@ program_bin = env.Command(
action=[ action=[
'$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data $SOURCE $TARGET', '$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data $SOURCE $TARGET',
'$BINCTL $TARGET -h', '$BINCTL $TARGET -h',
'$BINCTL $TARGET -s 1:2 `$KEYCTL sign firmware $TARGET 4747474747474747474747474747474747474747474747474747474747474747 4848484848484848484848484848484848484848484848484848484848484848`', '$BINCTL $TARGET -s 1:2 `$KEYCTL sign firmware $TARGET 4747474747474747474747474747474747474747474747474747474747474747 4848484848484848484848484848484848484848484848484848484848484848`' if ARGUMENTS.get('PRODUCTION', '0') == '0' else '',
], ) ], )

4
SConscript.prodtest
View File

@ -136,7 +136,7 @@ obj_program += env.Object(source=SOURCE_TREZORHAL)
obj_program.extend( obj_program.extend(
env.Command( env.Command(
target='embed/prodtest/vendorheader.o', target='embed/prodtest/vendorheader.o',
source='embed/firmware/vendorheader.bin', source='embed/firmware/vendorheader.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'embed/firmware/vendorheader_sl_signed.bin',
action='$OBJCOPY -I binary -O elf32-littlearm -B arm' action='$OBJCOPY -I binary -O elf32-littlearm -B arm'
' --rename-section .data=.vendorheader,alloc,load,readonly,contents' ' --rename-section .data=.vendorheader,alloc,load,readonly,contents'
' $SOURCE $TARGET', )) ' $SOURCE $TARGET', ))
@ -154,5 +154,5 @@ program_bin = env.Command(
action=[ action=[
'$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data $SOURCE $TARGET', '$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data $SOURCE $TARGET',
'$BINCTL $TARGET -h', '$BINCTL $TARGET -h',
'$BINCTL $TARGET -s 1:2 `$KEYCTL sign firmware $TARGET 4747474747474747474747474747474747474747474747474747474747474747 4848484848484848484848484848484848484848484848484848484848484848`', '$BINCTL $TARGET -s 1:2 `$KEYCTL sign firmware $TARGET 4747474747474747474747474747474747474747474747474747474747474747 4848484848484848484848484848484848484848484848484848484848484848`' if ARGUMENTS.get('PRODUCTION', '0') == '0' else '',
], ) ], )

4
SConscript.reflash
View File

@ -136,7 +136,7 @@ obj_program += env.Object(source=SOURCE_TREZORHAL)
obj_program.extend( obj_program.extend(
env.Command( env.Command(
target='embed/reflash/vendorheader.o', target='embed/reflash/vendorheader.o',
source='embed/firmware/vendorheader.bin', source='embed/firmware/vendorheader.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'embed/firmware/vendorheader_sl_signed.bin',
action='$OBJCOPY -I binary -O elf32-littlearm -B arm' action='$OBJCOPY -I binary -O elf32-littlearm -B arm'
' --rename-section .data=.vendorheader,alloc,load,readonly,contents' ' --rename-section .data=.vendorheader,alloc,load,readonly,contents'
' $SOURCE $TARGET', )) ' $SOURCE $TARGET', ))
@ -154,5 +154,5 @@ program_bin = env.Command(
action=[ action=[
'$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data $SOURCE $TARGET', '$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data $SOURCE $TARGET',
'$BINCTL $TARGET -h', '$BINCTL $TARGET -h',
'$BINCTL $TARGET -s 1:2 `$KEYCTL sign firmware $TARGET 4747474747474747474747474747474747474747474747474747474747474747 4848484848484848484848484848484848484848484848484848484848484848`', '$BINCTL $TARGET -s 1:2 `$KEYCTL sign firmware $TARGET 4747474747474747474747474747474747474747474747474747474747474747 4848484848484848484848484848484848484848484848484848484848484848`' if ARGUMENTS.get('PRODUCTION', '0') == '0' else '',
], ) ], )