trezor-core/docs/bootloader.md

# TREZOR Core Bootloader

TREZOR initialization in split into two stages. See [Memory Layout](memory.md) for info about in which sectors each stage is stored.

First stage (bootloader) is stored in write-protected area, which means it is non-upgradable.
Only second stage (loader) update is allowed.

## First Stage - Bootloader

First stage checks the integrity and signatures of the second stage and runs it if everything is OK.

If first stage bootloader finds a valid second stage loader image on the SD card (in raw format, no filesystem),
it will replace the internal second stage, allowing a second stage update via SD card.

## Second Stage - Loader

Second stage checks the integrity and signatures of the firmware and runs it if everything is OK.

If second stage loader detects a pressed finger on the display or there is no firmware loaded in the device,
it will start in a firmware update mode, allowing a firmware update via USB.

## Common notes

* Hash function used for computing data digest for signatures is BLAKE2s.
* Signature system is Ed25519 (allows combining signatures by multiple keys into one).
* All multibyte integer values are little endian.
* There is a tool called [binctl](../tools/binctl) which checks validity of the loader/firmware images including their headers.

## Loader Format

TREZOR Core (second stage) loader consists of 2 parts:

1. loader header
2. loader code

### Loader Header

Total length of loader header is always 512 bytes.

| offset | length | name | description |
|-------:|-------:|------|-------------|
| 0x0000 | 4      | magic | firmware magic `TRZL` |
| 0x0004 | 4      | hdrlen | length of the loader header |
| 0x0008 | 4      | expiry | valid until timestamp (0=infinity) |
| 0x000C | 4      | codelen | length of the loader code (without the header) |
| 0x0010 | 1      | vmajor | version (major) |
| 0x0011 | 1      | vminor | version (minor) |
| 0x0012 | 1      | vpatch | version (patch) |
| 0x0013 | 1      | vbuild | version (build) |
| 0x0014 | 427    | reserved | not used yet (zeroed) |
| 0x01BF | 1      | sigmask | SatoshiLabs signature indexes (bitmap) |
| 0x01C0 | 64     | sig | SatoshiLabs aggregated signature |

## Firmware Format

TREZOR Core firmware consists of 3 parts:

1. vendor header
2. firmware header
3. firmware code

### Vendor Header

Total length of vendor header is 84 + 32 * (number of pubkeys) + (length of vendor string) + (length of vendor image) bytes rounded up to the closest multiply of 512 bytes.

| offset | length | name | description |
|-------:|-------:|------|-------------|
| 0x0000 | 4      | magic | firmware magic `TRZV` |
| 0x0004 | 4      | hdrlen | length of the vendor header |
| 0x0008 | 4      | expiry | valid until timestamp (0=infinity) |
| 0x000C | 1      | vmajor | version (major) |
| 0x000D | 1      | vminor | version (minor) |
| 0x000E | 1      | vsig_m | number of signatures needed to run the firmware from this vendor |
| 0x000F | 1      | vsig_n | number of different pubkeys vendor provides for signing |
| 0x0010 | 32     | vpub1 | vendor pubkey 1 |
| ...    | ...    | ... | ... |
| ?      | 32     | vpubn | vendor pubkey n |
| ?      | 1      | vstr_len | vendor string length |
| ?      | ?      | vstr | vendor string |
| ?      | 2      | vimg_len | vendor image length |
| ?      | ?      | vimg | vendor image (in [TOIf format](toif.md)) |
| ?      | 1      | sigmask | SatoshiLabs signature indexes (bitmap) |
| ?      | 64     | sig | SatoshiLabs aggregated signature |

### Firmware Header

Total length of firmware header is always 512 bytes.

| offset | length | name | description |
|-------:|-------:|------|-------------|
| 0x0000 | 4      | magic | firmware magic `TRZF` |
| 0x0004 | 4      | hdrlen | length of the firmware header |
| 0x0008 | 4      | expiry | valid until timestamp (0=infinity) |
| 0x000C | 4      | codelen | length of the firmware code (without the header) |
| 0x0010 | 1      | vmajor | version (major) |
| 0x0011 | 1      | vminor | version (minor) |
| 0x0012 | 1      | vpatch | version (patch) |
| 0x0013 | 1      | vbuild | version (build) |
| 0x0014 | 427    | reserved | not used yet (zeroed) |
| 0x01BF | 1      | sigmask | vendor signature indexes (bitmap) |
| 0x01C0 | 64     | sig | vendor aggregated signature |

## Various ideas

* Loader should be able to read vendor + firmware header and send info about FW to client in features message.
* Loader should not try to run firmware if there is not any.
* Storage wiping rule: Don't erase storage when old FW and new FW are signed using the same key set. Otherwise erase.
* Loader should send error to client when firmware update fails and allow client to try one more time. This prevents storage area erasure by accident.
markdown: follow commonmark spec 2017-03-20 07:49:11 -07:00			`# TREZOR Core Bootloader`
add firmware format documentation 2016-04-25 11:43:48 -07:00
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`TREZOR initialization in split into two stages. See [Memory Layout](memory.md) for info about in which sectors each stage is stored.`
rework note about endianity 2016-04-25 13:02:12 -07:00
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`First stage (bootloader) is stored in write-protected area, which means it is non-upgradable.`
			`Only second stage (loader) update is allowed.`
add firmware format documentation 2016-04-25 11:43:48 -07:00
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`## First Stage - Bootloader`
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00
			`First stage checks the integrity and signatures of the second stage and runs it if everything is OK.`

bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`If first stage bootloader finds a valid second stage loader image on the SD card (in raw format, no filesystem),`
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00			`it will replace the internal second stage, allowing a second stage update via SD card.`

bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`## Second Stage - Loader`
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00
			`Second stage checks the integrity and signatures of the firmware and runs it if everything is OK.`

bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`If second stage loader detects a pressed finger on the display or there is no firmware loaded in the device,`
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00			`it will start in a firmware update mode, allowing a firmware update via USB.`
update bootloader documentation 2017-02-08 06:42:52 -08:00
markdown: follow commonmark spec 2017-03-20 07:49:11 -07:00			`## Common notes`
update bootloader documentation 2017-02-08 06:42:52 -08:00
bootloader/loader: use blake2s instead of sha256 for digests 2017-03-21 17:53:25 -07:00			`* Hash function used for computing data digest for signatures is BLAKE2s.`
			`* Signature system is Ed25519 (allows combining signatures by multiple keys into one).`
update bootloader documentation 2017-02-08 06:42:52 -08:00			`* All multibyte integer values are little endian.`
tools: rename firmwarectl to binctl, minor reformat 2017-03-30 13:58:00 -07:00			`* There is a tool called [binctl](../tools/binctl) which checks validity of the loader/firmware images including their headers.`
update bootloader documentation 2017-02-08 06:42:52 -08:00
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`## Loader Format`
update bootloader documentation 2017-02-08 06:42:52 -08:00
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`TREZOR Core (second stage) loader consists of 2 parts:`
update bootloader documentation 2017-02-08 06:42:52 -08:00
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`1. loader header`
			`2. loader code`
update bootloader documentation 2017-02-08 06:42:52 -08:00
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`### Loader Header`
update bootloader documentation 2017-02-08 06:42:52 -08:00
trezorhal: fix alignment in headers to 512 bytes 2017-03-31 14:54:59 -07:00			`Total length of loader header is always 512 bytes.`
update bootloader documentation 2017-02-08 06:42:52 -08:00
			`\| offset \| length \| name \| description \|`
			`\|-------:\|-------:\|------\|-------------\|`
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			\| 0x0000 \| 4 \| magic \| firmware magic `TRZL` \|
			`\| 0x0004 \| 4 \| hdrlen \| length of the loader header \|`
update bootloader documentation 2017-02-08 06:42:52 -08:00			`\| 0x0008 \| 4 \| expiry \| valid until timestamp (0=infinity) \|`
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`\| 0x000C \| 4 \| codelen \| length of the loader code (without the header) \|`
update bootloader documentation 2017-02-08 06:42:52 -08:00			`\| 0x0010 \| 1 \| vmajor \| version (major) \|`
			`\| 0x0011 \| 1 \| vminor \| version (minor) \|`
			`\| 0x0012 \| 1 \| vpatch \| version (patch) \|`
			`\| 0x0013 \| 1 \| vbuild \| version (build) \|`
trezorhal: fix alignment in headers to 512 bytes 2017-03-31 14:54:59 -07:00			`\| 0x0014 \| 427 \| reserved \| not used yet (zeroed) \|`
build: refactor binctl and firmware/loader image stuff 2017-03-31 17:32:05 -07:00			`\| 0x01BF \| 1 \| sigmask \| SatoshiLabs signature indexes (bitmap) \|`
			`\| 0x01C0 \| 64 \| sig \| SatoshiLabs aggregated signature \|`
update bootloader documentation 2017-02-08 06:42:52 -08:00
markdown: follow commonmark spec 2017-03-20 07:49:11 -07:00			`## Firmware Format`
update bootloader documentation 2017-02-08 06:42:52 -08:00
			`TREZOR Core firmware consists of 3 parts:`
add firmware format documentation 2016-04-25 11:43:48 -07:00
			`1. vendor header`
			`2. firmware header`
			`3. firmware code`

markdown: follow commonmark spec 2017-03-20 07:49:11 -07:00			`### Vendor Header`
add firmware format documentation 2016-04-25 11:43:48 -07:00
trezorhal: fix alignment in headers to 512 bytes 2017-03-31 14:54:59 -07:00			`Total length of vendor header is 84 + 32 * (number of pubkeys) + (length of vendor string) + (length of vendor image) bytes rounded up to the closest multiply of 512 bytes.`
update info about bootloader format 2016-05-10 07:42:20 -07:00
add firmware format documentation 2016-04-25 11:43:48 -07:00			`\| offset \| length \| name \| description \|`
			`\|-------:\|-------:\|------\|-------------\|`
			\| 0x0000 \| 4 \| magic \| firmware magic `TRZV` \|
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00			`\| 0x0004 \| 4 \| hdrlen \| length of the vendor header \|`
update bootloader documentation 2017-02-08 06:42:52 -08:00			`\| 0x0008 \| 4 \| expiry \| valid until timestamp (0=infinity) \|`
tools: join check_bootloader and check_firmware into firmwarectl tool 2017-02-09 07:26:15 -08:00			`\| 0x000C \| 1 \| vmajor \| version (major) \|`
			`\| 0x000D \| 1 \| vminor \| version (minor) \|`
			`\| 0x000E \| 1 \| vsig_m \| number of signatures needed to run the firmware from this vendor \|`
			`\| 0x000F \| 1 \| vsig_n \| number of different pubkeys vendor provides for signing \|`
update info about bootloader format 2016-05-10 07:42:20 -07:00			`\| 0x0010 \| 32 \| vpub1 \| vendor pubkey 1 \|`
add firmware format documentation 2016-04-25 11:43:48 -07:00			`\| ... \| ... \| ... \| ... \|`
			`\| ? \| 32 \| vpubn \| vendor pubkey n \|`
update info about bootloader format 2016-05-10 07:42:20 -07:00			`\| ? \| 1 \| vstr_len \| vendor string length \|`
			`\| ? \| ? \| vstr \| vendor string \|`
tools: join check_bootloader and check_firmware into firmwarectl tool 2017-02-09 07:26:15 -08:00			`\| ? \| 2 \| vimg_len \| vendor image length \|`
update info about bootloader format 2016-05-10 07:42:20 -07:00			`\| ? \| ? \| vimg \| vendor image (in [TOIf format](toif.md)) \|`
build: refactor binctl and firmware/loader image stuff 2017-03-31 17:32:05 -07:00			`\| ? \| 1 \| sigmask \| SatoshiLabs signature indexes (bitmap) \|`
			`\| ? \| 64 \| sig \| SatoshiLabs aggregated signature \|`
add firmware format documentation 2016-04-25 11:43:48 -07:00
markdown: follow commonmark spec 2017-03-20 07:49:11 -07:00			`### Firmware Header`
add firmware format documentation 2016-04-25 11:43:48 -07:00
trezorhal: fix alignment in headers to 512 bytes 2017-03-31 14:54:59 -07:00			`Total length of firmware header is always 512 bytes.`
update info about bootloader format 2016-05-10 07:42:20 -07:00
add firmware format documentation 2016-04-25 11:43:48 -07:00			`\| offset \| length \| name \| description \|`
			`\|-------:\|-------:\|------\|-------------\|`
			\| 0x0000 \| 4 \| magic \| firmware magic `TRZF` \|
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00			`\| 0x0004 \| 4 \| hdrlen \| length of the firmware header \|`
update bootloader documentation 2017-02-08 06:42:52 -08:00			`\| 0x0008 \| 4 \| expiry \| valid until timestamp (0=infinity) \|`
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00			`\| 0x000C \| 4 \| codelen \| length of the firmware code (without the header) \|`
add validity timestamp 2016-05-09 04:14:55 -07:00			`\| 0x0010 \| 1 \| vmajor \| version (major) \|`
			`\| 0x0011 \| 1 \| vminor \| version (minor) \|`
			`\| 0x0012 \| 1 \| vpatch \| version (patch) \|`
			`\| 0x0013 \| 1 \| vbuild \| version (build) \|`
trezorhal: fix alignment in headers to 512 bytes 2017-03-31 14:54:59 -07:00			`\| 0x0014 \| 427 \| reserved \| not used yet (zeroed) \|`
build: refactor binctl and firmware/loader image stuff 2017-03-31 17:32:05 -07:00			`\| 0x01BF \| 1 \| sigmask \| vendor signature indexes (bitmap) \|`
			`\| 0x01C0 \| 64 \| sig \| vendor aggregated signature \|`
add bootloader ideas 2016-09-15 04:39:19 -07:00
markdown: follow commonmark spec 2017-03-20 07:49:11 -07:00			`## Various ideas`
add bootloader ideas 2016-09-15 04:39:19 -07:00
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`* Loader should be able to read vendor + firmware header and send info about FW to client in features message.`
			`* Loader should not try to run firmware if there is not any.`
add bootloader ideas 2016-09-15 04:39:19 -07:00			`* Storage wiping rule: Don't erase storage when old FW and new FW are signed using the same key set. Otherwise erase.`
bootloader+loader: rework build, make clear what is bootloader and what is loader in docu 2017-03-20 07:58:47 -07:00			`* Loader should send error to client when firmware update fails and allow client to try one more time. This prevents storage area erasure by accident.`