mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-22 21:30:56 +00:00
35d40cc164
Previously we checked whether the current vendor header and the new vendor header are the same by comparing the embedded keyset. What originally looked like a good idea is not that good, because this disallows us from ever changing the vendor header signing keys without causing erasure of the storage during the version update. This commit fixes that by changing the logic to comparing just the vendor string. Change of function names is purely cosmetic: * vendor_keys_hash -> vendor_header_hash * check_vendor_keys_lock -> check_vendor_header_lock |
||
|---|---|---|
| .. | ||
| .changelog.d | ||
| .towncrier.template.md | ||
| bootloader_flash.jlink | ||
| bootui.c | ||
| bootui.h | ||
| CHANGELOG.md | ||
| CHANGELOG.unreleased | ||
| header.S | ||
| icon_done.h | ||
| icon_fail.h | ||
| icon_install.h | ||
| icon_welcome.h | ||
| icon_wipe.h | ||
| main.c | ||
| memory.ld | ||
| messages.c | ||
| messages.h | ||
| protob | ||
| README.md | ||
| startup.s | ||
| towncrier.toml | ||
| version.h | ||
Bootloader for CI device tests
This bootloader always runs into bootloader mode, waits for firmware to be uploaded, then runs the firmware.
Storage is not erased. If you wish to erase storage you can send WipeDevice message to the bootloader.
All user interaction is removed (no clicking or confirmations required) so that it can be used in an automated way for tests.
The bootloader will run any firmware that looks "sane" (good header, hashes), but does not check any trust flags.
Firmware must be compiled with PRODUCTION=0 because otherwise it would
replace the bootloader and lock device.