mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-14 03:30:02 +00:00
1d83eee3b3
NIS deserializes then serializes transactions in order to verify the
signature. This means that transactions must be serialized canonically,
otherwise the signature will not match. Due to [1], mosaics are sorted
and deduplicated in transfer transactions.
[1]:
|
||
---|---|---|
bootloader | ||
demo | ||
fastflash | ||
firmware | ||
gen | ||
gitian | ||
vendor | ||
.gitignore | ||
.gitmodules | ||
.travis.yml | ||
build-bootloader.sh | ||
build-firmware.sh | ||
buttons.c | ||
buttons.h | ||
COPYING | ||
Dockerfile | ||
layout.c | ||
layout.h | ||
Makefile | ||
Makefile.include | ||
memory_app_0.0.0.ld | ||
memory_app_1.0.0.ld | ||
memory_app_fastflash.ld | ||
memory.c | ||
memory.h | ||
memory.ld | ||
oled.c | ||
oled.h | ||
README.md | ||
rng.c | ||
rng.h | ||
serialno.c | ||
serialno.h | ||
setup.c | ||
setup.h | ||
startup.s | ||
timer.c | ||
timer.h | ||
util.c | ||
util.h |
TREZOR Firmware
How to build TREZOR firmware?
- Install Docker
git clone https://github.com/trezor/trezor-mcu.git
cd trezor-mcu
./build-firmware.sh TAG
(where TAG is v1.5.0 for example, if left blank the script builds latest commit in master branch)
This creates file build/trezor-TAG.bin
and prints its fingerprint and size at the end of the build log.
How to build TREZOR bootloader?
- Install Docker
git clone https://github.com/trezor/trezor-mcu.git
cd trezor-mcu
./build-bootloader.sh TAG
(where TAG is bl1.3.2 for example, if left blank the script builds latest commit in master branch)
This creates file build/bootloader-TAG.bin
and prints its fingerprint and size at the end of the build log.
How to get fingerprint of firmware signed and distributed by SatoshiLabs?
- Pick version of firmware binary listed on https://wallet.trezor.io/data/firmware/releases.json
- Download it:
wget -O trezor.signed.bin https://wallet.trezor.io/data/firmware/trezor-1.3.6.bin
- Compute fingerprint:
tail -c +257 trezor.signed.bin | sha256sum
Step 3 should produce the same sha256 fingerprint like your local build (for the same version tag). Firmware has a special header (of length 256 bytes) holding signatures themselves, which must be avoided while calculating the fingerprint, that's why tail command has to be used.