trezor-core/docs/bootloader.md

# TREZOR Core Bootloader

TREZOR initialization in split into two stages.
See [Memory Layout](memory.md) for info about in which sectors each stage is stored.

First stage (boardloader) is stored in write-protected area, which means it is non-upgradable.
Only second stage (bootloader) update is allowed.

## First Stage - Boardloader

First stage checks the integrity and signatures of the second stage
and runs it if everything is OK.

If first stage boardloader finds a valid second stage bootloader image
on the SD card (in raw format, no filesystem), it will replace the internal
second stage, allowing a second stage update via SD card.

## Second Stage - Bootloader

Second stage checks the integrity and signatures of the firmware and runs
it if everything is OK.

If second stage bootloader detects a pressed finger on the display or there
is no firmware loaded in the device, it will start in a firmware update mode,
allowing a firmware update via USB.

## Common notes

* Hash function used for computing data digest for signatures is BLAKE2s.
* Signature system is Ed25519 (allows combining signatures by multiple keys
  into one).
* All multibyte integer values are little endian.
* There is a tool called [binctl](../tools/binctl) which checks validity
  of the bootloader/firmware images including their headers.

## Bootloader Format

TREZOR Core (second stage) bootloader consists of 2 parts:

1. bootloader header
2. bootloader code

### Bootloader Header

Total length of bootloader header is always 512 bytes.

| offset | length | name | description |
|-------:|-------:|------|-------------|
| 0x0000 | 4      | magic | firmware magic `TRZB` |
| 0x0004 | 4      | hdrlen | length of the bootloader header |
| 0x0008 | 4      | expiry | valid until timestamp (0=infinity) |
| 0x000C | 4      | codelen | length of the bootloader code (without the header) |
| 0x0010 | 1      | vmajor | version (major) |
| 0x0011 | 1      | vminor | version (minor) |
| 0x0012 | 1      | vpatch | version (patch) |
| 0x0013 | 1      | vbuild | version (build) |
| 0x0014 | 427    | reserved | not used yet (zeroed) |
| 0x01BF | 1      | sigmask | SatoshiLabs signature indexes (bitmap) |
| 0x01C0 | 64     | sig | SatoshiLabs aggregated signature |

## Firmware Format

TREZOR Core firmware consists of 3 parts:

1. vendor header
2. firmware header
3. firmware code

### Vendor Header

Total length of vendor header is 84 + 32 * (number of pubkeys) +
(length of vendor string rounded up to multiple of 4) +
(length of vendor image) bytes rounded up to the closest multiple
of 512 bytes.

| offset | length | name | description |
|-------:|-------:|------|-------------|
| 0x0000 | 4      | magic | firmware magic `TRZV` |
| 0x0004 | 4      | hdrlen | length of the vendor header (multiple of 512) |
| 0x0008 | 4      | expiry | valid until timestamp (0=infinity) |
| 0x000C | 1      | vmajor | version (major) |
| 0x000D | 1      | vminor | version (minor) |
| 0x000E | 1      | vsig_m | number of signatures needed to run the firmware from this vendor |
| 0x000F | 1      | vsig_n | number of different pubkeys vendor provides for signing |
| 0x0010 | 1      | vtrust | level of vendor trust (0-100) |
| 0x0011 | 15     | reserved | not used yet (zeroed) |
| 0x0020 | 32     | vpub1 | vendor pubkey 1 |
| ...    | ...    | ... | ... |
| ?      | 32     | vpubn | vendor pubkey n |
| ?      | 1      | vstr_len | vendor string length |
| ?      | ?      | vstr | vendor string |
| ?      | ?      | vstrpad | padding to a multiple of 4 bytes |
| ?      | ?      | vimg | vendor image (in [TOIf format](toif.md)) |
| ?      | ?      | reserved | padding to an address that is -65 modulo 512 (zeroed) |
| ?      | 1      | sigmask | SatoshiLabs signature indexes (bitmap) |
| ?      | 64     | sig | SatoshiLabs aggregated signature |

### Firmware Header

Total length of firmware header is always 512 bytes.

| offset | length | name | description |
|-------:|-------:|------|-------------|
| 0x0000 | 4      | magic | firmware magic `TRZF` |
| 0x0004 | 4      | hdrlen | length of the firmware header |
| 0x0008 | 4      | expiry | valid until timestamp (0=infinity) |
| 0x000C | 4      | codelen | length of the firmware code (without the header) |
| 0x0010 | 1      | vmajor | version (major) |
| 0x0011 | 1      | vminor | version (minor) |
| 0x0012 | 1      | vpatch | version (patch) |
| 0x0013 | 1      | vbuild | version (build) |
| 0x0014 | 427    | reserved | not used yet (zeroed) |
| 0x01BF | 1      | sigmask | vendor signature indexes (bitmap) |
| 0x01C0 | 64     | sig | vendor aggregated signature |

## Various ideas

* Bootloader should be able to read vendor + firmware header and send info
  about FW to client in features message.
* Bootloader should not try to run firmware if there is not any.
* Storage wiping rule: Don't erase storage when old FW and new FW are signed
  using the same key set. Otherwise erase.
* Bootloader should send error to client when firmware update fails and allow
  client to try one more time. This prevents storage area erasure by accident.
markdown: follow commonmark spec 2017-03-20 07:49:11 -07:00			`# TREZOR Core Bootloader`
add firmware format documentation 2016-04-25 11:43:48 -07:00
docs: update markdown according to lint 2017-04-12 05:45:58 -07:00			`TREZOR initialization in split into two stages.`
			`See [Memory Layout](memory.md) for info about in which sectors each stage is stored.`
rework note about endianity 2016-04-25 13:02:12 -07:00
rename bootloader to boardloader 2017-04-10 10:11:44 -07:00			`First stage (boardloader) is stored in write-protected area, which means it is non-upgradable.`
rename loader to bootloader 2017-04-10 10:24:21 -07:00			`Only second stage (bootloader) update is allowed.`
add firmware format documentation 2016-04-25 11:43:48 -07:00
rename bootloader to boardloader 2017-04-10 10:11:44 -07:00			`## First Stage - Boardloader`
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00
docs: update markdown according to lint 2017-04-12 05:45:58 -07:00			`First stage checks the integrity and signatures of the second stage`
			`and runs it if everything is OK.`
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00
docs: update markdown according to lint 2017-04-12 05:45:58 -07:00			`If first stage boardloader finds a valid second stage bootloader image`
			`on the SD card (in raw format, no filesystem), it will replace the internal`
			`second stage, allowing a second stage update via SD card.`
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00
rename loader to bootloader 2017-04-10 10:24:21 -07:00			`## Second Stage - Bootloader`
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00
docs: update markdown according to lint 2017-04-12 05:45:58 -07:00			`Second stage checks the integrity and signatures of the firmware and runs`
			`it if everything is OK.`
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00
docs: update markdown according to lint 2017-04-12 05:45:58 -07:00			`If second stage bootloader detects a pressed finger on the display or there`
			`is no firmware loaded in the device, it will start in a firmware update mode,`
			`allowing a firmware update via USB.`
update bootloader documentation 2017-02-08 06:42:52 -08:00
markdown: follow commonmark spec 2017-03-20 07:49:11 -07:00			`## Common notes`
update bootloader documentation 2017-02-08 06:42:52 -08:00
bootloader/loader: use blake2s instead of sha256 for digests 2017-03-21 17:53:25 -07:00			`* Hash function used for computing data digest for signatures is BLAKE2s.`
docs: update markdown according to lint 2017-04-12 05:45:58 -07:00			`* Signature system is Ed25519 (allows combining signatures by multiple keys`
			`into one).`
update bootloader documentation 2017-02-08 06:42:52 -08:00			`* All multibyte integer values are little endian.`
docs: update markdown according to lint 2017-04-12 05:45:58 -07:00			`* There is a tool called [binctl](../tools/binctl) which checks validity`
			`of the bootloader/firmware images including their headers.`
update bootloader documentation 2017-02-08 06:42:52 -08:00
rename loader to bootloader 2017-04-10 10:24:21 -07:00			`## Bootloader Format`
update bootloader documentation 2017-02-08 06:42:52 -08:00
rename loader to bootloader 2017-04-10 10:24:21 -07:00			`TREZOR Core (second stage) bootloader consists of 2 parts:`
update bootloader documentation 2017-02-08 06:42:52 -08:00
rename loader to bootloader 2017-04-10 10:24:21 -07:00			`1. bootloader header`
			`2. bootloader code`
update bootloader documentation 2017-02-08 06:42:52 -08:00
rename loader to bootloader 2017-04-10 10:24:21 -07:00			`### Bootloader Header`
update bootloader documentation 2017-02-08 06:42:52 -08:00
rename loader to bootloader 2017-04-10 10:24:21 -07:00			`Total length of bootloader header is always 512 bytes.`
update bootloader documentation 2017-02-08 06:42:52 -08:00
			`\| offset \| length \| name \| description \|`
			`\|-------:\|-------:\|------\|-------------\|`
rename loader to bootloader 2017-04-10 10:24:21 -07:00			\| 0x0000 \| 4 \| magic \| firmware magic `TRZB` \|
			`\| 0x0004 \| 4 \| hdrlen \| length of the bootloader header \|`
update bootloader documentation 2017-02-08 06:42:52 -08:00			`\| 0x0008 \| 4 \| expiry \| valid until timestamp (0=infinity) \|`
rename loader to bootloader 2017-04-10 10:24:21 -07:00			`\| 0x000C \| 4 \| codelen \| length of the bootloader code (without the header) \|`
update bootloader documentation 2017-02-08 06:42:52 -08:00			`\| 0x0010 \| 1 \| vmajor \| version (major) \|`
			`\| 0x0011 \| 1 \| vminor \| version (minor) \|`
			`\| 0x0012 \| 1 \| vpatch \| version (patch) \|`
			`\| 0x0013 \| 1 \| vbuild \| version (build) \|`
trezorhal: fix alignment in headers to 512 bytes 2017-03-31 14:54:59 -07:00			`\| 0x0014 \| 427 \| reserved \| not used yet (zeroed) \|`
build: refactor binctl and firmware/loader image stuff 2017-03-31 17:32:05 -07:00			`\| 0x01BF \| 1 \| sigmask \| SatoshiLabs signature indexes (bitmap) \|`
			`\| 0x01C0 \| 64 \| sig \| SatoshiLabs aggregated signature \|`
update bootloader documentation 2017-02-08 06:42:52 -08:00
markdown: follow commonmark spec 2017-03-20 07:49:11 -07:00			`## Firmware Format`
update bootloader documentation 2017-02-08 06:42:52 -08:00
			`TREZOR Core firmware consists of 3 parts:`
add firmware format documentation 2016-04-25 11:43:48 -07:00
			`1. vendor header`
			`2. firmware header`
			`3. firmware code`

markdown: follow commonmark spec 2017-03-20 07:49:11 -07:00			`### Vendor Header`
add firmware format documentation 2016-04-25 11:43:48 -07:00
docs: update markdown according to lint 2017-04-12 05:45:58 -07:00			`Total length of vendor header is 84 + 32 * (number of pubkeys) +`
			`(length of vendor string rounded up to multiple of 4) +`
			`(length of vendor image) bytes rounded up to the closest multiple`
			`of 512 bytes.`
update info about bootloader format 2016-05-10 07:42:20 -07:00
add firmware format documentation 2016-04-25 11:43:48 -07:00			`\| offset \| length \| name \| description \|`
			`\|-------:\|-------:\|------\|-------------\|`
			\| 0x0000 \| 4 \| magic \| firmware magic `TRZV` \|
Implemented vendor header. Header is generated with ./tools/build_vendorheader 'key1,key2,key3' 2 1.1 SatoshiLabs assets/satoshilabs.png micropython/firmware/vendorheader.bin where - keyN is a 64 character hex string encoding the public key - 2 encodes 2/3 key scheme - 1.1 is the version number (major, minor) - SatoshiLabs is the vendor name - satoshilabs.png is the vendor image Updated the firmware compilation that it adds vendor header and updated loader that it handles vendor header to be present. 2017-04-01 06:45:50 -07:00			`\| 0x0004 \| 4 \| hdrlen \| length of the vendor header (multiple of 512) \|`
update bootloader documentation 2017-02-08 06:42:52 -08:00			`\| 0x0008 \| 4 \| expiry \| valid until timestamp (0=infinity) \|`
tools: join check_bootloader and check_firmware into firmwarectl tool 2017-02-09 07:26:15 -08:00			`\| 0x000C \| 1 \| vmajor \| version (major) \|`
			`\| 0x000D \| 1 \| vminor \| version (minor) \|`
			`\| 0x000E \| 1 \| vsig_m \| number of signatures needed to run the firmware from this vendor \|`
			`\| 0x000F \| 1 \| vsig_n \| number of different pubkeys vendor provides for signing \|`
add vendor trust to vendorheader 2017-10-05 08:31:05 -07:00			`\| 0x0010 \| 1 \| vtrust \| level of vendor trust (0-100) \|`
			`\| 0x0011 \| 15 \| reserved \| not used yet (zeroed) \|`
			`\| 0x0020 \| 32 \| vpub1 \| vendor pubkey 1 \|`
add firmware format documentation 2016-04-25 11:43:48 -07:00			`\| ... \| ... \| ... \| ... \|`
			`\| ? \| 32 \| vpubn \| vendor pubkey n \|`
update info about bootloader format 2016-05-10 07:42:20 -07:00			`\| ? \| 1 \| vstr_len \| vendor string length \|`
			`\| ? \| ? \| vstr \| vendor string \|`
Implemented vendor header. Header is generated with ./tools/build_vendorheader 'key1,key2,key3' 2 1.1 SatoshiLabs assets/satoshilabs.png micropython/firmware/vendorheader.bin where - keyN is a 64 character hex string encoding the public key - 2 encodes 2/3 key scheme - 1.1 is the version number (major, minor) - SatoshiLabs is the vendor name - satoshilabs.png is the vendor image Updated the firmware compilation that it adds vendor header and updated loader that it handles vendor header to be present. 2017-04-01 06:45:50 -07:00			`\| ? \| ? \| vstrpad \| padding to a multiple of 4 bytes \|`
update info about bootloader format 2016-05-10 07:42:20 -07:00			`\| ? \| ? \| vimg \| vendor image (in [TOIf format](toif.md)) \|`
add vendor trust to vendorheader 2017-10-05 08:31:05 -07:00			`\| ? \| ? \| reserved \| padding to an address that is -65 modulo 512 (zeroed) \|`
build: refactor binctl and firmware/loader image stuff 2017-03-31 17:32:05 -07:00			`\| ? \| 1 \| sigmask \| SatoshiLabs signature indexes (bitmap) \|`
			`\| ? \| 64 \| sig \| SatoshiLabs aggregated signature \|`
add firmware format documentation 2016-04-25 11:43:48 -07:00
markdown: follow commonmark spec 2017-03-20 07:49:11 -07:00			`### Firmware Header`
add firmware format documentation 2016-04-25 11:43:48 -07:00
trezorhal: fix alignment in headers to 512 bytes 2017-03-31 14:54:59 -07:00			`Total length of firmware header is always 512 bytes.`
update info about bootloader format 2016-05-10 07:42:20 -07:00
add firmware format documentation 2016-04-25 11:43:48 -07:00			`\| offset \| length \| name \| description \|`
			`\|-------:\|-------:\|------\|-------------\|`
			\| 0x0000 \| 4 \| magic \| firmware magic `TRZF` \|
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00			`\| 0x0004 \| 4 \| hdrlen \| length of the firmware header \|`
update bootloader documentation 2017-02-08 06:42:52 -08:00			`\| 0x0008 \| 4 \| expiry \| valid until timestamp (0=infinity) \|`
bootloader: cleanup, more documentation, added scripts for checking 2017-02-08 07:36:19 -08:00			`\| 0x000C \| 4 \| codelen \| length of the firmware code (without the header) \|`
add validity timestamp 2016-05-09 04:14:55 -07:00			`\| 0x0010 \| 1 \| vmajor \| version (major) \|`
			`\| 0x0011 \| 1 \| vminor \| version (minor) \|`
			`\| 0x0012 \| 1 \| vpatch \| version (patch) \|`
			`\| 0x0013 \| 1 \| vbuild \| version (build) \|`
trezorhal: fix alignment in headers to 512 bytes 2017-03-31 14:54:59 -07:00			`\| 0x0014 \| 427 \| reserved \| not used yet (zeroed) \|`
build: refactor binctl and firmware/loader image stuff 2017-03-31 17:32:05 -07:00			`\| 0x01BF \| 1 \| sigmask \| vendor signature indexes (bitmap) \|`
			`\| 0x01C0 \| 64 \| sig \| vendor aggregated signature \|`
add bootloader ideas 2016-09-15 04:39:19 -07:00
markdown: follow commonmark spec 2017-03-20 07:49:11 -07:00			`## Various ideas`
add bootloader ideas 2016-09-15 04:39:19 -07:00
docs: update markdown according to lint 2017-04-12 05:45:58 -07:00			`* Bootloader should be able to read vendor + firmware header and send info`
			`about FW to client in features message.`
rename loader to bootloader 2017-04-10 10:24:21 -07:00			`* Bootloader should not try to run firmware if there is not any.`
docs: update markdown according to lint 2017-04-12 05:45:58 -07:00			`* Storage wiping rule: Don't erase storage when old FW and new FW are signed`
			`using the same key set. Otherwise erase.`
			`* Bootloader should send error to client when firmware update fails and allow`
			`client to try one more time. This prevents storage area erasure by accident.`