From b962ace27dd4e19e1caf059b922d6f05b565f65a Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Wed, 4 Oct 2017 15:55:33 +0200 Subject: [PATCH] build: add production keys --- Makefile | 4 ++++ assets/vendor_satoshilabs.toif | Bin 0 -> 4237 bytes embed/boardloader/main.c | 6 ++++++ embed/bootloader/main.c | 6 ++++++ embed/firmware/.gitignore | 2 +- tools/codegen/gen_keys.py | 2 +- .../get_trezor_keys.py} | 0 7 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 assets/vendor_satoshilabs.toif rename tools/{get_sign_keys => codegen/get_trezor_keys.py} (100%) diff --git a/Makefile b/Makefile index bf678cd9..17318799 100644 --- a/Makefile +++ b/Makefile @@ -152,6 +152,10 @@ vendorheader: ## construct default vendor header ./tools/build_vendorheader 'e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef' 2 0.0 DEVELOPMENT assets/vendor_devel.toif embed/firmware/vendorheader.bin ./tools/binctl embed/firmware/vendorheader.bin -s 1:2 4444444444444444444444444444444444444444444444444444444444444444:4545454545454545454545454545454545454545454545454545454545454545 +vendorheader_sl: ## construct SatoshiLabs vendor header + ./tools/build_vendorheader '32ad994ce596a15f4c174ec85da062488e305c66397f9954fc36df301b70d06e:03fdd9a9c3911652d5effca4540d96ed92d85850a47d256ab0a2d728c0d1a298:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830' 2 0.0 SatoshiLabs assets/vendor_satoshilabs.toif embed/firmware/vendorheader_sl.bin + ./tools/binctl embed/firmware/vendorheader_sl.bin -s 1:2 trezor:trezor + binctl: ## print info about binary files ./tools/binctl $(BOOTLOADER_BUILD_DIR)/bootloader.bin ./tools/binctl embed/firmware/vendorheader.bin diff --git a/assets/vendor_satoshilabs.toif b/assets/vendor_satoshilabs.toif new file mode 100644 index 0000000000000000000000000000000000000000..e7711ba098715a14e095e95ddc8a1f28dd188beb GIT binary patch literal 4237 zcmV;85OVKSPf2EY0C)g_5C8z}(mzllPud4?>b<@y-YVZ)bPXmjfRK>QB$H`=Rmy9i ztnT?Qd6!I$EFud6=-=q_dJ|Z_^IOp(I?2|HbfYZ-`jz(<7w*a`x%X9vkdTm&w`YcC zW?+B@nf-IM{Zy^HYj@A{>F4Wk{9HfR&-HWtT-M7u$K_oK<)>2rj6M%onBQJJTKcf^ zsZv^#AC8u03vTQITz+}}hP#r^@Ak{yomQ!4kdKc#V?JTYBiCq5s&F}W&eY#)&Z7-c~VmUQvcYW*p?)#gxE3qfa552o? z$hCC!P2pv3^5Y)@zqIF@4E*x(MQ*Y@U436aYs$UPUrf&yzMr}7iM5#?(>brK=3LpL zbRYx;Uah2`=Wxr5{N&%-|BFHCFngPutiEYHS>N?x<$IX(deJ(=^>kq>TNH(s64DZp zA9ASeCI8lcr|p%5%iHqn`nlDuC&yg=+gUx}!-_?ApUSU^6q=pZ-T*Rr4Q?@b`K7Yj zo$=bt+lgYD0fZc-AgrEM=Vc(J9otvMbR&+4@<|rREp* zE0N5U(c3ah2ZgD|Q|FYIQ(sRzTaX_*v~q4z{B@AE+ZzG{ye+kKP=4L{zR2};wClx2 z#{A{VYUYr|YT<<RaO%A1#@*kC{|_1Z}6c)&GDK5!B&@asIkwp0NjvQ@dX_z2{lxP#8%|y2nOu1TuMH z%bVP6?~n7Bw+&hE=|0Wn$E96PnY3x?U{tN@g>7##fjbDf8|*TBZB2!MlSQyzM-@aTJ>O zlT?2(X7BC9bG_$xhWq5~=jUlvFKT=7a9$6HcISc5y)eup;|)GXyIwTD-p4=01JBc% zy`A~&=|$8VLl*n_@@u`v8*X$hm#=T>HT^}?8C9>ienRPS@YJgWC% zTEC^17K6`FqE_MGzy{`$)EmH2IB3E~uV9@AK6BW3dTyozPD7UE%)8;Hs|!VSCNU!0 z!J8liec0VD7YxBc6Bf}9Zh27;FA-mt^lm>@M)8)`^c!-MaegErB0}ItJ~A6O=JK36 zDG#7t4n^3!>TVwvdZ&S}ywUqzP7SMlJE5PhpIK+wN*F;Km+<|Ah6d+Z z^K$qVAph#MkCzUcGVS<2J)G7#CqL-k>@Cf*2pNRQenMk$$PWi;74I(4ynd4Ao?aN| z3zK@!ZzqQFZZGO5E2{$EGAgqGG4kFdrI2-o{k##x=4E>wF<3vNUCR&7Id-pcx|w&e zyfVcw4v-i2A`f}(meE>)+rRIwr14$6Fb-I}QK)$XgI0 z-+g%^Ome(hN%I^%Kq)U&3;B=_`|vB^C+YT+?gHe6LL>=c7$&c^K~k|v-Yo>_JNb|R z*}NX0dhwv$#tE0!SiPSr^u(34BSexBlDi#}Vx@M$E{G}x)j}~8!%7K&RJ%h%VRQWk zB8a}353_k=Nb`mUr-A?YLZ9$#fko>L>L+UdF!jz-P^o_1cX%O#7i-=y6!E~_!TLGv z{$iTNd$go`v$p~-z;TvHa-w-Tl6>WTSiD}SdeLC7z~?4u_w_ATVz5_!XzxE0gX7h< zyjb)48PcpK9%$Z8z~F__VN<4p_2MAyY(bxHVQSpd)x27oIW&ZqB!WvuAd6Svt8b{_ zN*X53nRj-0cLDVV5Th6R)cp~r{Q`eoVo!8wjqa_b$8GKMVsqXt0E!yOT)EfdKW;^4DiZ==w zy?kzxDoShpyeG$WU*kywHdmr@Y0Sno4m;|X7z>uhrBQjSiJ(Qol?p6VlS^Z zNcS|W*JZoBv9@=E)r-TBrkso?_kCy13`nf3B=k-F>iz0|^ zULuZ=Jp0+FOT5|7ZOfJ`VeP$WXTFveg5Qys?Bw_W8o~>ugNCeG8W|6;_FhSC@2Nm; zR|_gNPH!A&UN_#stlk~W@gXpjS7QI z7uw!k!0L@cE*XZB)i*7=Q2G#s#v}CxoYvkOu35cL&lTJxacUtS^5Iv&5B)HJ0yqRh zFpR=@18;%|jG$c*g;5kE3DsUkfQEPJkv`RnG;fsI8$(<^1mhrv^@@Wy5R7HmPwH3Q zyD)F8L#@1=m0SM{#cvxvr#M^Szj!D-bR2SDkiEY}AI~23BS-0MUBB(APQ@MJ!&C zyd9Sx*h!KUul&^d@!{on+lxm_A6DeF^?aQUZ_t$>rxIMEH9_SLWSAi_`P&mzGQES9 zOe@*yPP5pfd)*sj@QNsk+xFRu$FOA8QIAv7LF0*Pe1f(2V!G{3i$MX} zQJR-iy#iqIYUVIzd!4rTupv{82UvTLmgtVgqbS(r72zwOdeJc67#iw3eD-tOl5r)h zy?Y|v)0Cw{+q}rHdVN@NFrORJd-;W0IIn?q(dtO!Gb1o{m z;T%1dPtd*BWqZ8Jr2L3O9QKnm+vhF6rjm>4US3zCzD0MHr|t6w6fc?bkQp7SYNu4P zUv~6dr8T;%c4}8A#ETVg0NLl24jNBXvM}GIZyqix=Ng!K39yEG?OZi=D^3c**u z^8)Yhms5YftIb?V{c_ADxIC$ZD{-`R!^sbgj3WNagpd@+(3#O2fy9e<@aVU;l;nmO z-US;tfPBb}T|AczI8T=42W?sl^MkVNoO2~KvpYX~uwG354gF~+A4BRF)cc=r*Sv1h z=dd?*OcREnA9x|@msg}d98Si9^>dod`?Pb;!L*!nM@!oiKEai6I$QxR=>b0EC%12c zT@b@2`$)5iATH^~QON40(-g=wcW{_Y(~CTSOOliz<>iPJMU|b&+zYC0R<{=&%C@d49Yd}CvVOMlDE+qpW8{sMZ@crFw*75V9^h4`4or#f zAs5ju$)Xp=u=%(8G-EhI66%Lu=x$BZ@HMPRcQAQhY`UM%ylcw(jGS}Bd7X3egDx&i z34A+Sa0B}hNtVg2_L6KR9tThuk*Py<>K%6KjRQ4md)%5m|wyOGG z?{|CAG4xt5>gSts_Orm7ra&gC%|LZyH#T>t=#|9#LC4fdMIrGbHH+k?7$!H77xJRk zIrB}b)Q3Z`BfaM0KfchrEv-35TAwQV9rZI&uu5MH@8B>|wPw=c*7{ZChN+YJy7ON0 zGlD|oWOr%}(!7r(JK9g$mE~r2wlJF48*F6sTPmyCgw3V9mF{1)+-_`DG^L8rqwP#` zJ@$EkpG-Xp2S~LZg7viC=gF~SI2{+0Wg(T2i=yqpf!o zp)jcU%8K5j{NPGBp0TbZqxkYR&i8$3%}u63(h39Ehpe+|E%ib_+5|Cnsj4kZ8ao^{ z%XD%1+Kk~oIr~}Q2X{eJPTX))ard0J_P;)oi3o~edWyOD>#|Y1Uv@lu1)Rnk8&8>c zEaEOVnYTITWbT+u6ozqB*@?AW3{!Fb@{6&z4=awbtUb|qYyD9=WEXe3V<mE9qwE$wYn*893oyAqBut&?NZj2|$$QVt792LO{j&L+&1&_1CN+#$L@_+9 zRp2kb)X&V{Ev>WDoDaujCU;~%ch6PH@od5I4OYNeTI=qn zDOXl6Z$;r5YI0IKxGq)STijknF6W%%8!hMDe!0G7)m7uM{QB|>$v0$n^V&}7@VZo4 zZ9G}s`l;d*9N&0(!1q?+a6xx0yrn*S5&2peSVCU6#r(Yo|@w`mX!*a?0_Y zEN}2)x{>LnR;qqpJFTn~rgD?l<;ySGqwLY;?d6w`FLINGmzCApsr5W{>)VNMm*QUL zlVj^_Kd)}M<<$3PrOTCgJ8{E}OIn*bIi4*zzWe13?w4=4{`npxy_jB3xe|^aXnDYT z@%*l|HjKMAb0zJUXA9qJepwcm4>-3MPmZso(wh8G-)dy&3n+i9&D^IyRW7FY%gZTm j@JDu9E$5so!R0-`8&rzRyAuCw!k_Es`ni6tajpLcMgqaN literal 0 HcmV?d00001 diff --git a/embed/boardloader/main.c b/embed/boardloader/main.c index a0bc8626..5f69b8f3 100644 --- a/embed/boardloader/main.c +++ b/embed/boardloader/main.c @@ -107,9 +107,15 @@ bool copy_sdcard(void) const uint8_t BOARDLOADER_KEY_M = 2; const uint8_t BOARDLOADER_KEY_N = 3; static const uint8_t * const BOARDLOADER_KEYS[] = { +#ifdef PRODUCTION_KEYS + (const uint8_t *)"\x34\x38\x16\x6c\x61\x98\xe1\xb8\x55\x5a\xda\x04\x94\xb6\xda\x25\xee\x4f\xe3\xe9\x09\x21\x8a\x01\x92\x05\x2a\x67\xf2\x26\x98\xbf", + (const uint8_t *)"\xac\x8a\xb4\x0b\x32\xc9\x86\x55\x79\x8f\xd5\xda\x5e\x19\x2b\xe2\x7a\x22\x30\x6e\xa0\x5c\x6d\x27\x7c\xdf\xf4\xa3\xf4\x12\x5c\xd8", + (const uint8_t *)"\xce\x0f\xcd\x12\x54\x3e\xf5\x93\x6c\xf2\x80\x49\x82\x13\x67\x07\x86\x3d\x17\x29\x5f\xac\xed\x72\xaf\x17\x1d\x6e\x65\x13\xff\x06", +#else (const uint8_t *)"\xdb\x99\x5f\xe2\x51\x69\xd1\x41\xca\xb9\xbb\xba\x92\xba\xa0\x1f\x9f\x2e\x1e\xce\x7d\xf4\xcb\x2a\xc0\x51\x90\xf3\x7f\xcc\x1f\x9d", (const uint8_t *)"\x21\x52\xf8\xd1\x9b\x79\x1d\x24\x45\x32\x42\xe1\x5f\x2e\xab\x6c\xb7\xcf\xfa\x7b\x6a\x5e\xd3\x00\x97\x96\x0e\x06\x98\x81\xdb\x12", (const uint8_t *)"\x22\xfc\x29\x77\x92\xf0\xb6\xff\xc0\xbf\xcf\xdb\x7e\xdb\x0c\x0a\xa1\x4e\x02\x5a\x36\x5e\xc0\xe3\x42\xe8\x6e\x38\x29\xcb\x74\xb6", +#endif }; void check_and_jump(void) diff --git a/embed/bootloader/main.c b/embed/bootloader/main.c index 931ae1ed..a5fdfb2d 100644 --- a/embed/bootloader/main.c +++ b/embed/bootloader/main.c @@ -48,9 +48,15 @@ void display_vendor(const uint8_t *vimg, const char *vstr, uint32_t vstr_len, ui const uint8_t BOOTLOADER_KEY_M = 2; const uint8_t BOOTLOADER_KEY_N = 3; static const uint8_t * const BOOTLOADER_KEYS[] = { +#ifdef PRODUCTION_KEYS + (const uint8_t *)"\x70\x55\xda\xb1\x44\x42\xae\xd2\x39\xfe\x96\xad\xce\x43\x9e\xc9\x57\x07\x0c\x2e\xea\x9c\x58\x44\xc9\x6f\x93\x42\x6f\xaf\xf6\x28", + (const uint8_t *)"\x80\xd0\x36\xb0\x87\x39\xb8\x46\xf4\xcb\x77\x59\x30\x78\xde\xb2\x5d\xc9\x48\x7a\xed\xcf\x52\xe3\x0b\x4f\xb7\xcd\x70\x24\x17\x8a", + (const uint8_t *)"\xb8\x30\x7a\x71\xf5\x52\xc6\x0a\x4c\xbb\x31\x7f\xf4\x8b\x82\xcd\xbf\x6b\x6b\xb5\xf0\x4c\x92\x0f\xec\x7b\xad\xf0\x17\x88\x37\x51", +#else (const uint8_t *)"\xd7\x59\x79\x3b\xbc\x13\xa2\x81\x9a\x82\x7c\x76\xad\xb6\xfb\xa8\xa4\x9a\xee\x00\x7f\x49\xf2\xd0\x99\x2d\x99\xb8\x25\xad\x2c\x48", (const uint8_t *)"\x63\x55\x69\x1c\x17\x8a\x8f\xf9\x10\x07\xa7\x47\x8a\xfb\x95\x5e\xf7\x35\x2c\x63\xe7\xb2\x57\x03\x98\x4c\xf7\x8b\x26\xe2\x1a\x56", (const uint8_t *)"\xee\x93\xa4\xf6\x6f\x8d\x16\xb8\x19\xbb\x9b\xeb\x9f\xfc\xcd\xfc\xdc\x14\x12\xe8\x7f\xee\x6a\x32\x4c\x2a\x99\xa1\xe0\xe6\x71\x48", +#endif }; void check_and_jump(void) diff --git a/embed/firmware/.gitignore b/embed/firmware/.gitignore index ef13ad63..5c9a9d46 100644 --- a/embed/firmware/.gitignore +++ b/embed/firmware/.gitignore @@ -1,2 +1,2 @@ build/ -vendorheader.bin +vendorheader*.bin diff --git a/tools/codegen/gen_keys.py b/tools/codegen/gen_keys.py index fbb1c0c0..d8113d08 100755 --- a/tools/codegen/gen_keys.py +++ b/tools/codegen/gen_keys.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 import binascii -import ed25519raw +from trezorlib import ed25519raw def hex_to_c(s): diff --git a/tools/get_sign_keys b/tools/codegen/get_trezor_keys.py similarity index 100% rename from tools/get_sign_keys rename to tools/codegen/get_trezor_keys.py