0ddf443346
Only drop privileges if firmware is running with privileges. Don't change the bootloader if running without privileges. |
||
---|---|---|
bootloader | ||
demo | ||
emulator | ||
firmware | ||
gen | ||
gitian | ||
script | ||
vendor | ||
.gitignore | ||
.gitmodules | ||
.travis.yml | ||
build-emulator.sh | ||
build.sh | ||
buttons.c | ||
buttons.h | ||
COPYING | ||
Dockerfile | ||
Dockerfile.emulator | ||
layout.c | ||
layout.h | ||
Makefile | ||
Makefile.include | ||
memory_app_0.0.0.ld | ||
memory_app_1.0.0.ld | ||
memory_app_fastflash.ld | ||
memory.c | ||
memory.h | ||
memory.ld | ||
oled.c | ||
oled.h | ||
Pipfile | ||
Pipfile.lock | ||
README.md | ||
rng.c | ||
rng.h | ||
serialno.c | ||
serialno.h | ||
setup.c | ||
setup.h | ||
startup.s | ||
supervise.c | ||
supervise.h | ||
timer.c | ||
timer.h | ||
usb21_standard.c | ||
usb21_standard.h | ||
util.c | ||
util.h |
TREZOR One Bootloader and Firmware
How to build the TREZOR bootloader and firmware?
- Install Docker
git clone https://github.com/trezor/trezor-mcu.git
cd trezor-mcu
./build.sh BOOTLOADER_TAG FIRMWARE_TAG
(where BOOTLOADER_TAG is bl1.5.0 and FIRMWARE_TAG is v1.7.0 for example, if left blank the script builds latest commit in master branch)
This creates the files build/bootloader-BOOTLOADER_TAG.bin
and build/trezor-FIRMWARE_TAG.bin
and prints their fingerprints and sizes at the end of the build log.
How to build TREZOR emulator for Linux?
- Install Docker
git clone https://github.com/trezor/trezor-mcu.git
cd trezor-mcu
./build-emulator.sh TAG
(where TAG is v1.5.0 for example, if left blank the script builds latest commit in master branch)
This creates binary file build/trezor-emulator-TAG
, which can be run and works as a trezor emulator. (Use TREZOR_OLED_SCALE
env. variable to make screen bigger.)
How to get fingerprint of firmware signed and distributed by SatoshiLabs?
- Pick version of firmware binary listed on https://wallet.trezor.io/data/firmware/1/releases.json
- Download it:
wget -O trezor.signed.bin https://wallet.trezor.io/data/firmware/1/trezor-1.6.1.bin
- Compute fingerprint:
tail -c +257 trezor.signed.bin | sha256sum
Step 3 should produce the same sha256 fingerprint like your local build (for the same version tag). Firmware has a special header (of length 256 bytes) holding signatures themselves, which must be avoided while calculating the fingerprint, that's why tail command has to be used.
How to install custom built firmware?
WARNING: This will erase the recovery seed stored on the device! You should never do this on TREZOR that contains coins!
- Install python-trezor:
pip install trezor
(more info) trezorctl firmware_update -f build/trezor-TAG.bin
Building for development
If you want to build device firmware, make sure you have the GNU ARM Embedded toolchain installed.
- If you want to build the emulator instead of the firmware, run
export EMULATOR=1 TREZOR_TRANSPORT_V1=1
- If you want to build with the debug link, run
export DEBUG_LINK=1
. Use this if you want to run the device tests. - When you change these variables, use
script/setup
to clean the repository
- To initialize the repository, run
script/setup
- To build the firmware or emulator, run
script/cibuild
If you are building device firmware, the firmware will be in firmware/trezor.bin
.
You can launch the emulator using firmware/trezor.elf
. To use trezorctl
with the emulator, use
trezorctl -t udp
(for example, trezorctl -t udp get_features
).
If trezorctl -t udp
appears to hang, make sure you have run export TREZOR_TRANSPORT_V1=1
.