From 746f2d8d0679b636a592d88ecf72082e82a6c406 Mon Sep 17 00:00:00 2001 From: brianddk Date: Thu, 25 May 2023 22:45:58 -0500 Subject: [PATCH] Initial Release --- .gitignore | 4 + .gitmodules | 3 + LICENSE | 2 +- README.md | 86 ++- pubkeys/brianddk.asc | 41 ++ trezor/attest/canary/attest.brianddk | 21 + trezor/attest/core/bl2.1.0/attest.brianddk | 22 + trezor/attest/core/v2.5.3/attest.brianddk | 25 + trezor/attest/core/v2.6.0/attest.brianddk | 24 + trezor/attest/legacy/bl1.12.1/attest.brianddk | 22 + trezor/attest/legacy/v1.11.1/attest.brianddk | 19 + trezor/attest/legacy/v1.11.2/attest.brianddk | 25 + trezor/attest/legacy/v1.12.1/attest.brianddk | 25 + trezor/check.sh | 16 + trezor/defaults.py | 264 ++++++++ trezor/failed/legacy/bl1.11.0/attest.brianddk | 16 + trezor/list.sh | 26 + trezor/settings.sh | 604 ++++++++++++++++++ trezor/verify.sh | 269 ++++++++ wiki | 1 + 20 files changed, 1512 insertions(+), 3 deletions(-) create mode 100644 .gitignore create mode 100644 .gitmodules create mode 100644 pubkeys/brianddk.asc create mode 100644 trezor/attest/canary/attest.brianddk create mode 100644 trezor/attest/core/bl2.1.0/attest.brianddk create mode 100644 trezor/attest/core/v2.5.3/attest.brianddk create mode 100644 trezor/attest/core/v2.6.0/attest.brianddk create mode 100644 trezor/attest/legacy/bl1.12.1/attest.brianddk create mode 100644 trezor/attest/legacy/v1.11.1/attest.brianddk create mode 100644 trezor/attest/legacy/v1.11.2/attest.brianddk create mode 100644 trezor/attest/legacy/v1.12.1/attest.brianddk create mode 100644 trezor/check.sh create mode 100644 trezor/defaults.py create mode 100644 trezor/failed/legacy/bl1.11.0/attest.brianddk create mode 100644 trezor/list.sh create mode 100644 trezor/settings.sh create mode 100644 trezor/verify.sh create mode 160000 wiki diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ec28082 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +trezor/repo +trezor/.venv +trezor/trezor-* +bk diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..7e2a4f9 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "wiki"] + path = wiki + url = https://github.com/brianddk/attestation.wiki.git diff --git a/LICENSE b/LICENSE index 261eeb9..82fde41 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright [yyyy] [name of copyright owner] + Copyright 2023 brianddk at github https://github.com/brianddk Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index 7f26bb4..b5bd0be 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,84 @@ -# attestation -Opensource Attestations Proving Source and Binaries Match +# Multi-Project Reproducible Build Attestation + +This project will be used to try to reproduce build of some of the larger and well know opensource projects. + +## Directory Structure + +The directory structure is as follows: + +* **wiki**  -  The Wiki documentation for this project. To update, fork and make a PR +* **pubkeys**  -  The pubkeys used in the various attestments posted in this project +* **trezor**  -  Directory for verifying the [trezor-firmware](https://github.com/trezor/trezor-firmware) Github repository + * **verify.sh**  -  The main verification script to verify `trezor-firmware` builds + * **repo**  -  Scratchpad to checkout the repository into (dynamically created) + * **attest**  -  Signed attestment files (and failures) + +## Trezor Attestation + +To perform Trezor attestation, you will need to install GnuPG, Docker and Git. +The process to do this varies widely based upon your OS, but it should work on +Windows, Linux and macOS without serious modification. In a general sense, the process is +fairly straight forward. + +1. Install GnuPG, Docker and Git. +2. Perform [GnuPG "gen-key"](https://www.gnupg.org/gph/en/manual/c14.html) and save off the UID (User ID) for reference +2. Clone this repo: `git clone https://github.com/brianddk/attestation.git` +3. CD to the proper directory (ie Trezor): `cd ./attestation/trezor` +4. Use your UID to attest a build: `./verify.sh --gpg-key YOUR_GPG_UID core/v2.6.0` + +All done! + +## Windows Setup + +Most builds use Docker under Linux, which is fine if you have an updated Windows OS. +Windows supports something called WSL which allows you to run a Linux kernel from Windows. +It's officially supported by Microsoft and not too terribly complex. Beyond WSL, you will +also need to install Docker and GnuPG. I'll touch on the most basic concepts of these. + +1. [Install WSL](https://learn.microsoft.com/en-us/windows/wsl/install) - The default Ubuntu distro works fine. +2. [Install Docker](https://learn.microsoft.com/en-us/windows/wsl/tutorials/wsl-containers#install-docker-desktop) - Just follow the first 6 steps to `hello-world` +2. [Enter WSL Shell](https://learn.microsoft.com/en-us/windows/wsl/basic-commands#run-a-specific-linux-distribution-from-powershell-or-cmd) - `wsl` without arguments is usually enough +3. Install GnuPG and GIT in WSL - `sudo apt update && sudo apt install gnupg git` +4. Continue with step \#2 mentioned above in ***Trezor Attestation*** + +NOTE: I use [Gpg4win](https://www.gpg4win.org/) which works fine under WSL, you just have to remember to execute `gpg.exe` instead of `gpg`. +To name which program to use, prefix the script with `GPG_BIN=gpg.exe` + +## Linux + +This should be old-hat for most Linux users, but I'll outline the basics. I'll assume Ubuntu since that is what I'm most familiar with + +1. [Install Docker](https://docs.docker.com/engine/install/ubuntu/) - Setup the `apt` repo, install docker, run `hello-world` +2. Install GnuPG and GIT - `sudo apt update && sudo apt install gpg git` +4. Continue with step \#2 mentioned above in ***Trezor Attestation*** + +## macOS Setup + +This is what I'm least familiar with. I don't own Apple HW, and they forbid virtualization, so unless someone donates a old Mac, I'll just have to go off what ChatGPT tells me. + +1. [Install Docker](https://docs.docker.com/desktop/install/mac-install/) - I'd likely suggest the `.dmg` install method +2. Verify Docker with Hello World - From a terminal window run `docker run hello-world` which should run without error +3. Install GnuPG and GIT from Terminal - `brew install git gnupg` (so says ChatGPT) +4. Continue with step \#2 mentioned above in ***Trezor Attestation*** + +## Submitting Attestation + +For all the builds that are reproducible, the goal is to get as many people to attest +to the build as possible. If you are willing to do so, please [fork the repo](https://github.com/brianddk/attestation/fork), +run the build, then [submit a PR](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request). +If you have questions on how to do that, please feel free to [post a discussion](https://github.com/brianddk/attestation/discussions) +and I'll try to help. + +## Contributing + +Please feel free to fork this repo and make PRs if you can attest a build I have +not yet determined how to. If find issues, please [open an issue](https://github.com/brianddk/attestation/issues/new/choose), +or if you just have a question [post a discussion topic](https://github.com/brianddk/attestation/discussions). Please try +to review the [Wiki](https://github.com/brianddk/attestation/wiki) + +## Todo List + +- [x] Trezor Attestation +- [ ] Coldcard Attestation +- [ ] Bitbox Attestation +- [ ] Bitcoin Core Attestation diff --git a/pubkeys/brianddk.asc b/pubkeys/brianddk.asc new file mode 100644 index 0000000..3036158 --- /dev/null +++ b/pubkeys/brianddk.asc @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBFxe8qIBCADQmXZkORAwZO2w/6LaDq2mV70rwbx4umErT3SU/2uIO1G8N65V +JJYlu6cI2YQLCQ0m60cV8ky9lAB1n6HV3aHvmkV1oTqrMEkzZzLiE6+SjOZaFkm9 +yrPJa0LnR25NnemE+N5rwTt4ObB/t3uNId9+4g3KsLJsIDbiRg3fUZH4+cj3z6KZ +w/Yl/3KFfA3SltM58Mr64hmm8SyoCRbQh8gNCz40saFy9z5QYwcALZKtL+cqQfYY +AAqkXM0tUk1YmyDJppY3oR0UMZjzMFrVFLFTHgHHS3lCHgI/f6cDMDf5jcslVdPl +gqnEkFAK89xrI0pT7I8oWd+kEilWZvTgnKDPABEBAAG0NWJyaWFuZGRrIChyZWRk +aXQuY29tL3VzZXIvYnJpYW5kZGspIDxicmlhbmRka0ByZWRkaXQ+iQE5BBMBCAAj +BQJcXvKiAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQg18EM6bVGGAD +2gf+IK+fsa4ME7x+4IaagT2NJGEeifPG8MqjqN6cRV16ApBHTZmAU5t8Wd2eYuGr +aKZauE96vF0sy8J24bUw7bVp5EtnByQPjtAaTZCdolL3twVPC77IRQ1ijAjzSERO +rMKsfFFU8qkQJobPe9Q35MTB4R8oKTj/LWP9FyUTc+iaA9xVsnHSBySKw0/Q664J +tEdPnRSDCGRvSegmYnnSKGr/cZ90ld+fu7Pc/AqC9KlvVDFLtrsYKyeoIpkUMJyb +J5jI+GjHSmXYMV5OExoXnis2rOLT8gAhFMyXd38NffF0nyfk5Sq2WSc6XD+aPoS+ +p/LT5WtdK3KyQnZQs/jczbY4cbkBDQRcXvKiAQgA1/PHuRW86+0km8TlHjYQk8xa +ylCfXmrS1HKCv31cIex51wNJA3Va44MILg+pfn6+4olnnwsBr+FevPMptFvSx8ku +qMTrzIx+MFye57TSj6dLtX4pZWWwNKZefO1GVsmBen5S8RFDHBm52ot0Tt9BGdgE +DeWWXBHNzq2G1ebjVDAHZ6lc8wGynB+mw8aeOUz8/BiHkIOBrTA4z/yJBGtyQ3/Q +Wi96gpmor0ZFujmu8SXu2uWrz8yCGp5Ukgz5JEP4cWcxXBPAognkqNTCZytOoNRh +hHMZ/kWlf2n67Vm1Jvuf2zS1n9OeugP40nGNOZSQiosP+qVAMTu63QxPiRUkVwAR +AQABiQEfBBgBCAAJBQJcXvKiAhsMAAoJEINfBDOm1Rhgdj8H/09qPA7hflpnxkPC +dEm+iD4T5xrn3xzE1R08vnZacnmNm0McbB7EcEKVYHgmIHLvt4SApcrbTFHWxkyd +m6Vc1xTZj8PJ/7p/aTUAOtpKmtwAPorgmh99A1eFqw8lmzA4g9HIQSVzo0n8bIaV +1XBntBfqq+Fg1rue4QzXy6AIbD0uChN3vjWeqdmsnygc3h3bALK3ikMI5uQ00tYY +MzEwLjOoUwovwc5R4eWb4wO2Klh+vXkUCQRu5lU39Y7YzudcFN8kYWPj0pVc0M4N +DFhVSddbcaE/OQWEtlCqRgRE7bwyRCbmuGvkvZ0UIb+z2pRLRky47ZTigHSHVXtq +AKFmvOW5AQ0EXF7y4AEIALcPN2zd2M6Rkl1Bqn1KoGfoukpnfcH/6BtihXPTSDf7 +Yyzqp4dGlVxNsGAj/h6C7jMYOMbOcSQ7gYyrxhPXRr8rus5DG+CSt9NQ9lSzaoSA +q4MxKhauvt14Q92bW0ks4crkSPEedsVamDjoS9a6xKJHgjJv5KniecxFDRwP9ot3 +AUM4tQpkhG1u11JV62pChlHAUPQdzQZNh4/jUfufKiT1hNSQhfZPF4oYvBlfOMbF +b5K3iieKcSkoHw3rRKwpyhe6HiWZqDCr6RY0jCgKgfJUsdIYy+ztbxqePvSOIzYX +JH3N3DQAkvXG7OL60uCogfP1W1iup8xzu7lDTV3yFBcAEQEAAYkBHwQYAQgACQUC +XF7y4AIbIAAKCRCDXwQzptUYYLU0CADALSNxtbdCT6xoOuSfHG4GrR2uvG6eCSuA +T1sIifog64OJgjrqkmH2x9XMNUEKpwurlH+J3NY0UKGRQ3n8YXbXQTQDY2jM9aXL +QvD4RTDF1sydJQQSEdQ00LUezM5bIuUUi4j5wyUgEaz1zZZyQDc7/3VawMsBl0Zy +NBCbpVKWxEw//19Lc8qFx4KR9nNeiic1CCQJNaV+3Im+FEMw2+gcvmc1vD7FZUDO +au/kPaq3RSWDviIaqbGRUnAVdC/6EYYZ2q1TOMrZ0Z7NJ/OHb48K/tNRGgICR9Gz +HTVkyvZbqJDO4u7lna1Y2OKTJBdTTUXYjooNbyB09uD48U4Lo7Jz +=QcPU +-----END PGP PUBLIC KEY BLOCK----- diff --git a/trezor/attest/canary/attest.brianddk b/trezor/attest/canary/attest.brianddk new file mode 100644 index 0000000..13aa81e --- /dev/null +++ b/trezor/attest/canary/attest.brianddk @@ -0,0 +1,21 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +gpg: Signature made 5/2/2023 4:13:41 AM Central Daylight Time +gpg: using RSA key 86E6792FC27BFD478860C11091F3B339B9A02A3D +gpg: Good signature from "Pavol Rusn k " [unknown] +gpg: aka "Pavol Rusn k " [unknown] +gpg: aka "Pavol Rusn k " [full] +gpg: aka "Pavol Rusn k " [unknown] +gpg: aka "[jpeg image of size 2449]" [unknown] +-----BEGIN PGP SIGNATURE----- + +iQFEBAEBCAAuFiEEYoX6CPtntyvk2kGEg18EM6bVGGAFAmRuVw4QHGJyaWFuZGRr +QHJlZGRpdAAKCRCDXwQzptUYYO/1B/93PL7o7KoYdC+W6tYfrsJEfW5VIAoTu2gM +oen1hA9bFh3lydggWKmZEg8HlDWEE3Cp6kJ4SX/yaojIxhdTkKKeuFkpOyZvVX3I +Nwlqp+bJgp8d71HYYJtPVZGhi0CEizLbYrVMKAuTAD5geUF++215z0yHLhBl/O46 +xzAsJn0Xl18O+SX2fHJ1m6MfjRErpqF+YHcuVcRpxtr+KVzI2DjDCn+58/xrS95g +qYGJiYvX+0WqvG7FBct+MEvqtc3j9IJLivegJdcNVpQPJGyxsRrAtKFr7SBfqHTJ +YnJ3ASlpGyWnqLAEsoQdoQq7Ly3nrk070cgI9JAyTjykY4w6YFZI +=kU58 +-----END PGP SIGNATURE----- diff --git a/trezor/attest/core/bl2.1.0/attest.brianddk b/trezor/attest/core/bl2.1.0/attest.brianddk new file mode 100644 index 0000000..1cf1004 --- /dev/null +++ b/trezor/attest/core/bl2.1.0/attest.brianddk @@ -0,0 +1,22 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +Intended Build Version: core/bl2.1.0 +build-docker.sh Version: core/v2.6.0 +Build Command: build-docker.sh --skip-bitcoinonly --skip-legacy core/bl2.1.0 +Source Binary tag: core/v2.6.0 +Bootloader Build?: 1 + +1b4845b2d2869eece07c3b287ad0acf036f7ba61efc39acb2cc01ed45490d2c6 repo/core/embed/firmware/bootloaders/bootloader_T2T1.bin +1b4845b2d2869eece07c3b287ad0acf036f7ba61efc39acb2cc01ed45490d2c6 repo/build/core/bootloader/bootloader.bin +-----BEGIN PGP SIGNATURE----- + +iQFEBAEBCAAuFiEEYoX6CPtntyvk2kGEg18EM6bVGGAFAmRvqU8QHGJyaWFuZGRr +QHJlZGRpdAAKCRCDXwQzptUYYG/iCAC4qENDJL7gSOwu+/RJE3Vbu8cSpuqujwly +dHggv+eO/9OIcdF3o5BLtXH5c6DZGPn+oMQzwrvMfR0L9Loyh6NUNe6VL3ir4Ycm +SY3ocOns20dzr5tT/MMEczeipmzW+cUU1A6OJfHrCGmSMIObaFUlzZ3+3wU44efF +MOh2bjkk0qGRXOAsKksL/Ys1L53NTu/A8Fk3xQ/tBCJKZx4ojpHXLvh1yQL8BuIo +ilUSyW4HAB841OQvPyxRr60ahUTWe5VyN2oVVpEvvBsX6/uP87iBm4/CWZj5lfle +SxomXC47BuKltV+w/0ZXkt3fqbTSp5v+er7lY8B2klTUnvtlAcWd +=34ND +-----END PGP SIGNATURE----- diff --git a/trezor/attest/core/v2.5.3/attest.brianddk b/trezor/attest/core/v2.5.3/attest.brianddk new file mode 100644 index 0000000..b028d0d --- /dev/null +++ b/trezor/attest/core/v2.5.3/attest.brianddk @@ -0,0 +1,25 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +Intended Build Version: core/v2.5.3 +build-docker.sh Version: core/v2.5.3 +Build Command: build-docker.sh --skip-legacy core/v2.5.3 +Source Binary tag: +Bootloader Build?: 0 + +07e9053be42873b8fc094205607d2c5624a15c84fdf323bc783217d3a7b7fc24 trezor-2.5.3.bin +07e9053be42873b8fc094205607d2c5624a15c84fdf323bc783217d3a7b7fc24 repo/build/core/firmware/firmware.bin + +b69f1b69819a281f76553e39fed4394f2a5c56eb33f95767b775800282a19f6c trezor-2.5.3-bitcoinonly.bin +b69f1b69819a281f76553e39fed4394f2a5c56eb33f95767b775800282a19f6c repo/build/core-bitcoinonly/firmware/firmware.bin +-----BEGIN PGP SIGNATURE----- + +iQFEBAEBCAAuFiEEYoX6CPtntyvk2kGEg18EM6bVGGAFAmRv0kUQHGJyaWFuZGRr +QHJlZGRpdAAKCRCDXwQzptUYYLDHB/9Re2av2grFRkkA0evTc73HFtBxTI6xpWWH +QqNtULI3XeEIHjLkaTn5nENMhiyukU2OZo0ZQKvyOv3RKYNSTyw5JDQdHy5PTmJ+ +GBp/Hq8EaP+TIA/Qv6TPBwT78B0BsmS8IUBXO8v3muZ3937nzLjrmXBgciuoOkfC +J3Ax0qWEFbAsfsUZgpB2F0fcGG73UrqKCs4rnr3XrjltCAkuc3c2naTFDZ6izlsb +ZLjQ1xq28+T7U1l+S2ufS9ya7k2wp0M5qX0GMEHJZox/HxL2V/gGT5nlLbs+xk+c +wwL4/5akpUX1sEDSbBNvCqJmKK3Bc+bMBjzvxRgKlq4FI/uFkvXj +=8iL1 +-----END PGP SIGNATURE----- diff --git a/trezor/attest/core/v2.6.0/attest.brianddk b/trezor/attest/core/v2.6.0/attest.brianddk new file mode 100644 index 0000000..a7e005f --- /dev/null +++ b/trezor/attest/core/v2.6.0/attest.brianddk @@ -0,0 +1,24 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +build-docker.sh Version: core/v2.6.0 +Build Command: build-docker.sh --skip-legacy core/v2.6.0 +Source Binary tag: core/v2.6.0 +Bootloader Build?: 0 + +c33e336869964cfb1ef193195894e8b6667955b4ea3044558c380b1787168e38 trezor-2.6.0.bin +c33e336869964cfb1ef193195894e8b6667955b4ea3044558c380b1787168e38 repo/build/core/firmware/firmware.bin + +c0b7696ce45ac9fe593eb9af1eb561f66cdf8be4d6a6bea6e538e252843e8a2f trezor-2.6.0-bitcoinonly.bin +c0b7696ce45ac9fe593eb9af1eb561f66cdf8be4d6a6bea6e538e252843e8a2f repo/build/core-bitcoinonly/firmware/firmware.bin +-----BEGIN PGP SIGNATURE----- + +iQFEBAEBCAAuFiEEYoX6CPtntyvk2kGEg18EM6bVGGAFAmRvmdQQHGJyaWFuZGRr +QHJlZGRpdAAKCRCDXwQzptUYYPVCCACynxuZDmJGJYOWvLzCkNbV4LjCITXSC+gi +4ZlbX7R3uG+tFMnjEAUAaYBaWTuosx9v/rVjtHM/e9MQwPgBzyj73bpyk4q6kREM +Z6bop7FJZ5SPMYtBhCjyvyY/76Ii1G6r8ZdR+hea1NmXsEqamHtkPuMq3ZEp8EtJ +Ikv8tlNy9eoXiHr1GvKszotgNVbeGneu3ipM9DvagYwe+S0Ob/Qg8kZkPuan1NPI +vLGbqMzW3mY56r141Tl3QMGPw/x3FKKbbLihWONI5/S8IUCXT5T86T/9xeC+xH+W +VhBf5Zay51TPFQtVQYbMH7IpWSBS7uODk3czNb1AMJrwlu0ZZJkn +=VSgg +-----END PGP SIGNATURE----- diff --git a/trezor/attest/legacy/bl1.12.1/attest.brianddk b/trezor/attest/legacy/bl1.12.1/attest.brianddk new file mode 100644 index 0000000..d1ab1e1 --- /dev/null +++ b/trezor/attest/legacy/bl1.12.1/attest.brianddk @@ -0,0 +1,22 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +Intended Build Version: legacy/bl1.12.1 +build-docker.sh Version: legacy/bl1.12.1 +Build Command: build-docker.sh --skip-bitcoinonly --skip-core legacy/bl1.12.1 +Source Binary tag: legacy/bl1.12.1 +Bootloader Build?: 1 + +2c41be8c40e74ab8acaef6e65e0c5a4b270668a6498edf5f4cbb892810986f70 repo/legacy/firmware/bootloader.dat +2c41be8c40e74ab8acaef6e65e0c5a4b270668a6498edf5f4cbb892810986f70 repo/build/legacy/bootloader/bootloader.bin +-----BEGIN PGP SIGNATURE----- + +iQFEBAEBCAAuFiEEYoX6CPtntyvk2kGEg18EM6bVGGAFAmRvuTwQHGJyaWFuZGRr +QHJlZGRpdAAKCRCDXwQzptUYYDrWB/9X0iA9YAJZq9VYHtY7oQh1cWr8gH/ep66P +/46ucdy/y6iy70onTkhB6ztFGvThOLhMUEQqpk8LYizR1rwa6mQ9Nn9Trb2VRnyJ +Dmhp51Fn271Db6a+qbGqPptex3iqtkO0q1kcnI9hw54qBiB9mER3IZpw7kwTEgf+ +HZKj1TzXTt3bCcuPDgni4ljMbAz5XoO8/lJ887pKmHGJ6povV3jC4UXbaCpiJew5 +bL3VQE4Gsfbtwq2Jge2jTkoZJ/4lg6c/XdJZstBfStsZkaIfNXTiQ1Cm+X82a77C +JOjDKWNfi/dyEFT9a5OzNTn5R6Qjcrg44BNorpd/4tddYks0p2AA +=77y5 +-----END PGP SIGNATURE----- diff --git a/trezor/attest/legacy/v1.11.1/attest.brianddk b/trezor/attest/legacy/v1.11.1/attest.brianddk new file mode 100644 index 0000000..7b40d6d --- /dev/null +++ b/trezor/attest/legacy/v1.11.1/attest.brianddk @@ -0,0 +1,19 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +880b61c6c0a4b8d26baf2698bc6163bb6c3548c9f48028e4e58c3902bc07bf71 trezor-1.11.1.bin +880b61c6c0a4b8d26baf2698bc6163bb6c3548c9f48028e4e58c3902bc07bf71 repo/build/legacy/firmware/firmware.bin + +e1cfcf53ef9bcc88bf1b8b378e793c0eda1f8cb7dc4153fed4aa54e0880e536a trezor-1.11.1-bitcoinonly.bin +e1cfcf53ef9bcc88bf1b8b378e793c0eda1f8cb7dc4153fed4aa54e0880e536a repo/build/legacy-bitcoinonly/firmware/firmware.bin +-----BEGIN PGP SIGNATURE----- + +iQFEBAEBCAAuFiEEYoX6CPtntyvk2kGEg18EM6bVGGAFAmRuy2EQHGJyaWFuZGRr +QHJlZGRpdAAKCRCDXwQzptUYYMCiB/9ZTFOqkACiCAL0JWr5vBPu4WKphzCBdoUm ++AXTyg/2tSCNBtYnO8b1KKiAF80MqHuAnwXzXins22A76Btvx/RPvrlvQ3h66gnw +tHRCRd/eFT7SWxBaOJat90N/hDCFf0inC2QvK7vrX9JdsUtRpwi3MNKIBOez38p1 +qq3Xhz65yqI+COXpTMnHy0BydX9C1SV8MirjczSVaFoP0ysjyV12vieZWzUKnUwk +RmL7z3V4fse/rFFeM7VLRZf0yL/T+XbSdVZRlgATBoh9ZstTmONX6zAvAoIc5Lb/ +5QMHrx1z1lWxHncBmrD/Sm7TWCCUWfjsrBDP7Cpfsiq2ULZjwVEC +=8lwO +-----END PGP SIGNATURE----- diff --git a/trezor/attest/legacy/v1.11.2/attest.brianddk b/trezor/attest/legacy/v1.11.2/attest.brianddk new file mode 100644 index 0000000..85dd577 --- /dev/null +++ b/trezor/attest/legacy/v1.11.2/attest.brianddk @@ -0,0 +1,25 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +Intended Build Version: legacy/v1.11.2 +build-docker.sh Version: legacy/v1.11.2 +Build Command: build-docker.sh --skip-core legacy/v1.11.2 +Source Binary tag: +Bootloader Build?: 0 + +70ffc2334d5f55758332e260719392bc208d1add449856eefaa36b6c4fe6d8f9 trezor-1.11.2.bin +70ffc2334d5f55758332e260719392bc208d1add449856eefaa36b6c4fe6d8f9 repo/build/legacy/firmware/firmware.bin + +28bbbb35ef06adaecce79440a4d4e6ec6c8d37b1a1803439c4625884d8a669ec trezor-1.11.2-bitcoinonly.bin +28bbbb35ef06adaecce79440a4d4e6ec6c8d37b1a1803439c4625884d8a669ec repo/build/legacy-bitcoinonly/firmware/firmware.bin +-----BEGIN PGP SIGNATURE----- + +iQFEBAEBCAAuFiEEYoX6CPtntyvk2kGEg18EM6bVGGAFAmRvy20QHGJyaWFuZGRr +QHJlZGRpdAAKCRCDXwQzptUYYEV6B/95LyjDDmyH843215S8gURPToLDxUMA62En +GghlU6rbnVwhlrhO2iulR6jMVMzvOKAeAc1+KZuiLTQyn0MEoW520GIgffd6xS7K +SCPdcIKLFF0TN0T2R9RoxuhOi52BYpsXcBuNQGMC778TbRkPiPDy7BfAzOhSESOe +w77flWb8kMqOGE8Xz4HE45eAxx5U78/IUvi87jED5EsbwQO+wBrL+zsRRyx9wgh5 +sWWNG0Hp5rQKl0xyn3gHPlqIeEp1GcqjvF5A8GYYb1bqN5xk1d9lohBKkrAapcEy +qWoWj9GAYxNJfWYu0C3FOUfHIr4Mre306gScp17RhRKhhGO16Kdh +=JyIu +-----END PGP SIGNATURE----- diff --git a/trezor/attest/legacy/v1.12.1/attest.brianddk b/trezor/attest/legacy/v1.12.1/attest.brianddk new file mode 100644 index 0000000..6e113c9 --- /dev/null +++ b/trezor/attest/legacy/v1.12.1/attest.brianddk @@ -0,0 +1,25 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +Intended Build Version: legacy/v1.12.1 +build-docker.sh Version: legacy/v1.12.1 +Build Command: build-docker.sh --skip-core legacy/v1.12.1 +Source Binary tag: +Bootloader Build?: 0 + +859dff49705fb81e83fe6d2efcf8f739f847081037aacf4f176624009a738ed8 trezor-1.12.1.bin +859dff49705fb81e83fe6d2efcf8f739f847081037aacf4f176624009a738ed8 repo/build/legacy/firmware/firmware.bin + +683b51fb68d0b0377f5596d6e75cc5ba2b64b88563dae2ede431031565b977fa trezor-1.12.1-bitcoinonly.bin +683b51fb68d0b0377f5596d6e75cc5ba2b64b88563dae2ede431031565b977fa repo/build/legacy-bitcoinonly/firmware/firmware.bin +-----BEGIN PGP SIGNATURE----- + +iQFEBAEBCAAuFiEEYoX6CPtntyvk2kGEg18EM6bVGGAFAmRvxpsQHGJyaWFuZGRr +QHJlZGRpdAAKCRCDXwQzptUYYMIUB/wJuAYuHqYNixIKqf8uljS48n/dWqPv9AcB +JYlf8d96YHk4lDTJc4QLPrgDPfzv5G7cz4AKOrIbeo4lnShveZTfZO84CvrQeTXU +sVWJzTWZldPwgvqbCViPLhBBr9SxZwEM57zHOiuL0Qbe4xeIB179fyS1u0jLsS7O +7L0WqT+TWWuT/1IuMlL2shI8vE+fijbvmYmB6syqj545axsvz/dBrWw9SWf6NXi+ +IC1eCvHppgoWxmd3kwqvdjlpOtdQY8iSqM/19Vd20HVjIARlmB0EAsRkPEYCyLBm +S+CHjJziAS5b2AVtXN9lyGU0l3RPPvwI/DJ4twol6VGP1BajS/a5 +=7S7c +-----END PGP SIGNATURE----- diff --git a/trezor/check.sh b/trezor/check.sh new file mode 100644 index 0000000..874fc2d --- /dev/null +++ b/trezor/check.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# [rights] Copyright 2023 brianddk at github https://github.com/brianddk +# [license] Apache 2.0 License https://www.apache.org/licenses/LICENSE-2.0 +# [repo] github.com/brianddk/attestation/ +# [btc] BTC-b32: bc1qwc2203uym96u0nmq04pcgqfs9ldqz9l3mz8fpj +# [tipjar] github.com/brianddk/reddit/blob/master/tipjar/tipjar.txt +# [req] bash, grep, dirname, realpath + +EXEC_PATH=$(dirname $(readlink -f "${BASH_SOURCE[0]}")) +REAL_PATH=$(realpath --relative-to="$PWD" "${EXEC_PATH}") +if [[ -z "${REAL_PATH}" ]]; then + REAL_PATH=. +fi + +TARG_PATH=${1:-$REAL_PATH/attest} +grep -r " repo/\| trezor-" "${TARG_PATH}" diff --git a/trezor/defaults.py b/trezor/defaults.py new file mode 100644 index 0000000..d49f928 --- /dev/null +++ b/trezor/defaults.py @@ -0,0 +1,264 @@ +#!/bin/env python3 +# [rights] Copyright 2023 brianddk at github https://github.com/brianddk +# [license] Apache 2.0 License https://www.apache.org/licenses/LICENSE-2.0 +# [repo] github.com/brianddk/attestation/ +# [btc] BTC-b32: bc1qwc2203uym96u0nmq04pcgqfs9ldqz9l3mz8fpj +# [tipjar] github.com/brianddk/reddit/blob/master/tipjar/tipjar.txt +# [req] python3 +# [note] This script is a maker program for the settings.sh file. You can +# [note] run this script then compare the output to the contents of +# [note] settings.sh to determine what's changed + + +def gen_defaults(): + for tag in core_fw.splitlines(): + tag = tag.strip() + ver = tag[6:] # core/v + dflt = default['core']['fw'] + if "" == tag: + continue + else: + print('dock_bld_ver["{}"]="{}"'.format(tag, dflt['dock_bld_ver'].format(tag))) + print('ctnr_src_ver["{}"]="{}"'.format(tag, dflt['ctnr_src_ver'].format(tag))) + print(' bld_opt["{}"]="{}"'.format(tag, dflt['bld_opt'])) + print(' prd_files["{}"]="{}"'.format(tag, dflt['prd_files'].format(ver, ver))) + print(' bld_files["{}"]="{}"'.format(tag, dflt['bld_files'])) + print('dd_zero_opts["{}"]="{}"'.format(tag, dflt['dd_zero_opts'])) + print(' is_hash_eq["{}"]=0'.format(tag)) + + print("") + + for tag in legacy_fw.splitlines(): + tag = tag.strip() + ver = tag[8:] # legacy/v + dflt = default['legacy']['fw'] + if "" == tag: + continue + else: + print('dock_bld_ver["{}"]="{}"'.format(tag, dflt['dock_bld_ver'].format(tag))) + print('ctnr_src_ver["{}"]="{}"'.format(tag, dflt['ctnr_src_ver'].format(tag))) + print(' bld_opt["{}"]="{}"'.format(tag, dflt['bld_opt'])) + print(' prd_files["{}"]="{}"'.format(tag, dflt['prd_files'].format(ver, ver))) + print(' bld_files["{}"]="{}"'.format(tag, dflt['bld_files'])) + print('dd_zero_opts["{}"]="{}"'.format(tag, dflt['dd_zero_opts'])) + print(' is_hash_eq["{}"]=0'.format(tag)) + + print("") + + for tag in core_bl.splitlines(): + tag = tag.strip() + ver = tag[7:] # core/bl + dflt = default['core']['bl'] + if "" == tag: + continue + else: + print('dock_bld_ver["{}"]="{}"'.format(tag, dflt['dock_bld_ver'].format(tag))) + print('ctnr_src_ver["{}"]="{}"'.format(tag, dflt['ctnr_src_ver'].format(tag))) + print(' prd_bin_ver["{}"]="{}"'.format(tag, dflt['prd_bin_ver'].format(tag))) + print(' bld_opt["{}"]="{}"'.format(tag, dflt['bld_opt'])) + print(' prd_files["{}"]="{}"'.format(tag, dflt['prd_files'])) + print(' bld_files["{}"]="{}"'.format(tag, dflt['bld_files'])) + print(' is_hash_eq["{}"]=0'.format(tag)) + + print("") + + for tag in legacy_bl.splitlines(): + tag = tag.strip() + ver = tag[9:] # legacy/bl + dflt = default['legacy']['bl'] + if "" == tag: + continue + else: + print('dock_bld_ver["{}"]="{}"'.format(tag, dflt['dock_bld_ver'].format(tag))) + print('ctnr_src_ver["{}"]="{}"'.format(tag, dflt['ctnr_src_ver'].format(tag))) + print(' prd_bin_ver["{}"]="{}"'.format(tag, dflt['prd_bin_ver'].format(tag))) + print(' bld_opt["{}"]="{}"'.format(tag, dflt['bld_opt'])) + print(' prd_files["{}"]="{}"'.format(tag, dflt['prd_files'])) + print(' bld_files["{}"]="{}"'.format(tag, dflt['bld_files'])) + print(' is_hash_eq["{}"]=0'.format(tag)) + + print("") + + +def mk_header(): + msg="""#!/bin/bash +# [rights] Copyright 2023 brianddk at github https://github.com/brianddk +# [license] Apache 2.0 License https://www.apache.org/licenses/LICENSE-2.0 +# [repo] github.com/brianddk/attestation/ +# [btc] BTC-b32: bc1qwc2203uym96u0nmq04pcgqfs9ldqz9l3mz8fpj +# [tipjar] github.com/brianddk/reddit/blob/master/tipjar/tipjar.txt +# [req] bash +# [note] This script is intended to be sourced from verify.sh. It serves +# [note] as a global settings data structure to do all the builds that +# [note] have source tags in Trezor's github + +# The required version for build-docker.sh and Dockerfile +declare -A dock_bld_ver +# The required tag argument to the build-docker.sh script +declare -A ctnr_src_ver +# (BL-only) The version that the Bootloader refence binary was checked-in under +declare -A prd_bin_ver +# The options passed to the build-docker.sh script +declare -A bld_opt +# The PATHs or URL fragments to the official released production binaries +declare -A prd_files +# The PATHs to the resulting built binaries to compare +declare -A bld_files +# (FW-only) The DD arguments to zero-out the firmware signatures +declare -A dd_zero_opts +# Whether or not this tag has passed reproducible build test +declare -A is_hash_eq +""" + print(msg) + + +default = { + 'core' : { + 'bl' : { + 'dock_bld_ver' : "{}", + 'ctnr_src_ver' : "{}", + 'prd_bin_ver' : "{}", + 'bld_opt' : "--skip-bitcoinonly --skip-legacy", + 'prd_files' : "${EXEC_PATH}/repo/core/embed/firmware/bootloaders/bootloader_T2T1.bin", + 'bld_files' : "${EXEC_PATH}/repo/build/core/bootloader/bootloader.bin", + 'is_hash_eq' : 0 + }, + 'fw' : { + 'dock_bld_ver' : "{}", + 'ctnr_src_ver' : "{}", + 'bld_opt' : "--skip-legacy", + 'prd_files' : "2/trezor-{}.bin 2/trezor-{}-bitcoinonly.bin", + 'bld_files' : "${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin", + 'dd_zero_opts' : "bs=1 seek=5567 count=65 conv=notrunc status=none", + 'is_hash_eq' : 0 + } + }, + 'legacy' : { + 'bl' : { + 'dock_bld_ver' : "{}", + 'ctnr_src_ver' : "{}", + 'prd_bin_ver' : "{}", + 'bld_opt' : "--skip-bitcoinonly --skip-core", + 'prd_files' : "${EXEC_PATH}/repo/legacy/firmware/bootloader.dat", + 'bld_files' : "${EXEC_PATH}/repo/build/legacy/bootloader/bootloader.bin", + 'is_hash_eq' : 0 + }, + 'fw' : { + 'dock_bld_ver' : "{}", + 'ctnr_src_ver' : "{}", + 'bld_opt' : "--skip-core", + 'prd_files' : "1/trezor-{}.bin 1/trezor-{}-bitcoinonly.bin", + 'bld_files' : "${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin", + 'dd_zero_opts' : "bs=1 seek=544 count=195 conv=notrunc status=none", + 'is_hash_eq' : 0 + } + } +} + +keys_bl=""" +dock_bld_ver +ctnr_src_ver +prd_bin_ver +bld_opt +prd_files +bld_files +is_hash_eq +""" + +keys_fw=""" +dock_bld_ver +ctnr_src_ver +bld_opt +prd_files +bld_files +dd_zero_opts +is_hash_eq +""" + +legacy_bl=""" +legacy/bl1.12.1 +legacy/bl1.12.0 +legacy/bl1.11.0 +legacy/bl1.8.0 +legacy/bl1.6.1 +legacy/bl1.6.0 +legacy/bl1.5.1 +legacy/bl1.5.0 +legacy/bl1.4.0 +""" + +core_bl=""" +core/bl2.1.0 +core/bl2.0.3 +core/bl2.0.2 +core/bl2.0.1 +core/bl2.0.0 +""" + +legacy_fw=""" +legacy/v1.12.1 +legacy/v1.12.0 +legacy/v1.11.2 +legacy/v1.11.1 +legacy/v1.10.5 +legacy/v1.10.4 +legacy/v1.10.3 +legacy/v1.10.2 +legacy/v1.10.1 +legacy/v1.10.0 +legacy/v1.9.4 +legacy/v1.9.3 +legacy/v1.9.2 +legacy/v1.9.1 +legacy/v1.9.0 +legacy/v1.8.3 +legacy/v1.8.2 +legacy/v1.8.1 +legacy/v1.8.0 +legacy/v1.7.3 +legacy/v1.7.2 +legacy/v1.7.1 +legacy/v1.7.0 +legacy/v1.6.3 +legacy/v1.6.2 +legacy/v1.6.1 +legacy/v1.6.0 +""" + +core_fw=""" +core/v2.6.0 +core/v2.5.3 +core/v2.5.2 +core/v2.5.1 +core/v2.4.3 +core/v2.4.2 +core/v2.4.1 +core/v2.4.0 +core/v2.3.6 +core/v2.3.5 +core/v2.3.4 +core/v2.3.3 +core/v2.3.2 +core/v2.3.1 +core/v2.3.0 +core/v2.2.0 +core/v2.1.8 +core/v2.1.7 +core/v2.1.6 +core/v2.1.5 +core/v2.1.4 +core/v2.1.3 +core/v2.1.2 +core/v2.1.1 +core/v2.1.0 +core/v2.0.10 +core/v2.0.9 +core/v2.0.8 +core/v2.0.7 +core/v2.0.6 +core/v2.0.5 +""" + +if __name__ == "__main__": + mk_header() + gen_defaults() diff --git a/trezor/failed/legacy/bl1.11.0/attest.brianddk b/trezor/failed/legacy/bl1.11.0/attest.brianddk new file mode 100644 index 0000000..9cadf31 --- /dev/null +++ b/trezor/failed/legacy/bl1.11.0/attest.brianddk @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +0283ec8ca08064e6b4a4dadac01b2777c9bc08334a5e0bf39a6f9e6ae08ef788 repo/legacy/firmware/bootloader.dat +c002abe3d713b155cc1817c34e0c63472c4caa36980c96291d87d255fc61901f repo/build/legacy/bootloader/bootloader.bin +-----BEGIN PGP SIGNATURE----- + +iQFEBAEBCAAuFiEEYoX6CPtntyvk2kGEg18EM6bVGGAFAmRueHQQHGJyaWFuZGRr +QHJlZGRpdAAKCRCDXwQzptUYYP7mB/4wn7kjd99XR3zF/hYuYCcZbx2I4UY+UrNv +QYEPVyNewD1DM/7aUG7mNf31gaI78SHplXpWYbslFylbQn349XVAqL4hMviWCymu +Jt2FqAlIJUTg5BU2svx6UAUnHMOT48/IN8zhGNH4FhKCevgobEN6lZySQqB43jfO +/dbqsQ734bVNBR/6EMm2O74TAcMOW4XmCcmc3x1+2fys+rvas6jKZWeoHx3PXdw2 +jS4maTZ4V+00DqA5nruU6jxODuTqMyf/Va5lULqWto5C3DNxpAwMt3kNFiGZhHon +gAtMfrLl/4LjIYOCipjcwoBp4MifJHvds0vswbgQpspY9CoCXflw +=wIDE +-----END PGP SIGNATURE----- diff --git a/trezor/list.sh b/trezor/list.sh new file mode 100644 index 0000000..9990fac --- /dev/null +++ b/trezor/list.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# [rights] Copyright 2023 brianddk at github https://github.com/brianddk +# [license] Apache 2.0 License https://www.apache.org/licenses/LICENSE-2.0 +# [btc] BTC-b32: bc1qwc2203uym96u0nmq04pcgqfs9ldqz9l3mz8fpj +# [tipjar] github.com/brianddk/reddit/blob/master/tipjar/tipjar.txt +# [req] bash, dirname, realpath, basename, find + +EXEC_PATH=$(dirname $(readlink -f "${BASH_SOURCE[0]}")) +REAL_PATH=$(realpath --relative-to="$PWD" "${EXEC_PATH}") +if [[ -z "${REAL_PATH}" ]]; then + REAL_PATH=. +fi + +echo "SUCCEEDED" +for i in $(find "${REAL_PATH}/attest" -name "attest.*") +do + echo " $(basename $(dirname $i))" +done + +if [ -d "${REAL_PATH}/failed" ]; then + echo ""; echo "FAILED" + for i in $(find "${REAL_PATH}/failed" -name "attest.*") + do + echo " $(basename $(dirname $i))" + done +fi diff --git a/trezor/settings.sh b/trezor/settings.sh new file mode 100644 index 0000000..2f4023f --- /dev/null +++ b/trezor/settings.sh @@ -0,0 +1,604 @@ +#!/bin/bash +# [rights] Copyright 2023 brianddk at github https://github.com/brianddk +# [license] Apache 2.0 License https://www.apache.org/licenses/LICENSE-2.0 +# [repo] github.com/brianddk/attestation/ +# [btc] BTC-b32: bc1qwc2203uym96u0nmq04pcgqfs9ldqz9l3mz8fpj +# [tipjar] github.com/brianddk/reddit/blob/master/tipjar/tipjar.txt +# [req] bash +# [note] This script is intended to be sourced from verify.sh. It serves +# [note] as a global settings data structure to do all the builds that +# [note] have source tags in Trezor's github + +# The required version for build-docker.sh and Dockerfile +declare -A dock_bld_ver +# The required tag argument to the build-docker.sh script +declare -A ctnr_src_ver +# (BL-only) The version that the Bootloader refence binary was checked-in under +declare -A prd_bin_ver +# The options passed to the build-docker.sh script +declare -A bld_opt +# The PATHs or URL fragments to the official released production binaries +declare -A prd_files +# The PATHs to the resulting built binaries to compare +declare -A bld_files +# (FW-only) The DD arguments to zero-out the firmware signatures +declare -A dd_zero_opts +# Whether or not this tag has passed reproducible build test +declare -A is_hash_eq + +dock_bld_ver["core/v2.6.0"]="core/v2.6.0" +ctnr_src_ver["core/v2.6.0"]="core/v2.6.0" + bld_opt["core/v2.6.0"]="--skip-legacy" + prd_files["core/v2.6.0"]="2/trezor-2.6.0.bin 2/trezor-2.6.0-bitcoinonly.bin" + bld_files["core/v2.6.0"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.6.0"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.6.0"]=1 + +dock_bld_ver["core/v2.5.3"]="core/v2.5.3" +ctnr_src_ver["core/v2.5.3"]="core/v2.5.3" + bld_opt["core/v2.5.3"]="--skip-legacy" + prd_files["core/v2.5.3"]="2/trezor-2.5.3.bin 2/trezor-2.5.3-bitcoinonly.bin" + bld_files["core/v2.5.3"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.5.3"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.5.3"]=1 + +dock_bld_ver["core/v2.5.2"]="core/v2.5.2" +ctnr_src_ver["core/v2.5.2"]="core/v2.5.2" + bld_opt["core/v2.5.2"]="--skip-legacy" + prd_files["core/v2.5.2"]="2/trezor-2.5.2.bin 2/trezor-2.5.2-bitcoinonly.bin" + bld_files["core/v2.5.2"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.5.2"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.5.2"]=0 + +dock_bld_ver["core/v2.5.1"]="core/v2.5.1" +ctnr_src_ver["core/v2.5.1"]="core/v2.5.1" + bld_opt["core/v2.5.1"]="--skip-legacy" + prd_files["core/v2.5.1"]="2/trezor-2.5.1.bin 2/trezor-2.5.1-bitcoinonly.bin" + bld_files["core/v2.5.1"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.5.1"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.5.1"]=0 + +dock_bld_ver["core/v2.4.3"]="core/v2.4.3" +ctnr_src_ver["core/v2.4.3"]="core/v2.4.3" + bld_opt["core/v2.4.3"]="--skip-legacy" + prd_files["core/v2.4.3"]="2/trezor-2.4.3.bin 2/trezor-2.4.3-bitcoinonly.bin" + bld_files["core/v2.4.3"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.4.3"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.4.3"]=0 + +dock_bld_ver["core/v2.4.2"]="core/v2.4.2" +ctnr_src_ver["core/v2.4.2"]="core/v2.4.2" + bld_opt["core/v2.4.2"]="--skip-legacy" + prd_files["core/v2.4.2"]="2/trezor-2.4.2.bin 2/trezor-2.4.2-bitcoinonly.bin" + bld_files["core/v2.4.2"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.4.2"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.4.2"]=0 + +dock_bld_ver["core/v2.4.1"]="core/v2.4.1" +ctnr_src_ver["core/v2.4.1"]="core/v2.4.1" + bld_opt["core/v2.4.1"]="--skip-legacy" + prd_files["core/v2.4.1"]="2/trezor-2.4.1.bin 2/trezor-2.4.1-bitcoinonly.bin" + bld_files["core/v2.4.1"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.4.1"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.4.1"]=0 + +dock_bld_ver["core/v2.4.0"]="core/v2.4.0" +ctnr_src_ver["core/v2.4.0"]="core/v2.4.0" + bld_opt["core/v2.4.0"]="--skip-legacy" + prd_files["core/v2.4.0"]="2/trezor-2.4.0.bin 2/trezor-2.4.0-bitcoinonly.bin" + bld_files["core/v2.4.0"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.4.0"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.4.0"]=0 + +dock_bld_ver["core/v2.3.6"]="core/v2.3.6" +ctnr_src_ver["core/v2.3.6"]="core/v2.3.6" + bld_opt["core/v2.3.6"]="--skip-legacy" + prd_files["core/v2.3.6"]="2/trezor-2.3.6.bin 2/trezor-2.3.6-bitcoinonly.bin" + bld_files["core/v2.3.6"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.3.6"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.3.6"]=0 + +dock_bld_ver["core/v2.3.5"]="core/v2.3.5" +ctnr_src_ver["core/v2.3.5"]="core/v2.3.5" + bld_opt["core/v2.3.5"]="--skip-legacy" + prd_files["core/v2.3.5"]="2/trezor-2.3.5.bin 2/trezor-2.3.5-bitcoinonly.bin" + bld_files["core/v2.3.5"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.3.5"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.3.5"]=0 + +dock_bld_ver["core/v2.3.4"]="core/v2.3.4" +ctnr_src_ver["core/v2.3.4"]="core/v2.3.4" + bld_opt["core/v2.3.4"]="--skip-legacy" + prd_files["core/v2.3.4"]="2/trezor-2.3.4.bin 2/trezor-2.3.4-bitcoinonly.bin" + bld_files["core/v2.3.4"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.3.4"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.3.4"]=0 + +dock_bld_ver["core/v2.3.3"]="core/v2.3.3" +ctnr_src_ver["core/v2.3.3"]="core/v2.3.3" + bld_opt["core/v2.3.3"]="--skip-legacy" + prd_files["core/v2.3.3"]="2/trezor-2.3.3.bin 2/trezor-2.3.3-bitcoinonly.bin" + bld_files["core/v2.3.3"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.3.3"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.3.3"]=0 + +dock_bld_ver["core/v2.3.2"]="core/v2.3.2" +ctnr_src_ver["core/v2.3.2"]="core/v2.3.2" + bld_opt["core/v2.3.2"]="--skip-legacy" + prd_files["core/v2.3.2"]="2/trezor-2.3.2.bin 2/trezor-2.3.2-bitcoinonly.bin" + bld_files["core/v2.3.2"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.3.2"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.3.2"]=0 + +dock_bld_ver["core/v2.3.1"]="core/v2.3.1" +ctnr_src_ver["core/v2.3.1"]="core/v2.3.1" + bld_opt["core/v2.3.1"]="--skip-legacy" + prd_files["core/v2.3.1"]="2/trezor-2.3.1.bin 2/trezor-2.3.1-bitcoinonly.bin" + bld_files["core/v2.3.1"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.3.1"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.3.1"]=0 + +dock_bld_ver["core/v2.3.0"]="core/v2.3.0" +ctnr_src_ver["core/v2.3.0"]="core/v2.3.0" + bld_opt["core/v2.3.0"]="--skip-legacy" + prd_files["core/v2.3.0"]="2/trezor-2.3.0.bin 2/trezor-2.3.0-bitcoinonly.bin" + bld_files["core/v2.3.0"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.3.0"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.3.0"]=0 + +dock_bld_ver["core/v2.2.0"]="core/v2.2.0" +ctnr_src_ver["core/v2.2.0"]="core/v2.2.0" + bld_opt["core/v2.2.0"]="--skip-legacy" + prd_files["core/v2.2.0"]="2/trezor-2.2.0.bin 2/trezor-2.2.0-bitcoinonly.bin" + bld_files["core/v2.2.0"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.2.0"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.2.0"]=0 + +dock_bld_ver["core/v2.1.8"]="core/v2.1.8" +ctnr_src_ver["core/v2.1.8"]="core/v2.1.8" + bld_opt["core/v2.1.8"]="--skip-legacy" + prd_files["core/v2.1.8"]="2/trezor-2.1.8.bin 2/trezor-2.1.8-bitcoinonly.bin" + bld_files["core/v2.1.8"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.1.8"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.1.8"]=0 + +dock_bld_ver["core/v2.1.7"]="core/v2.1.7" +ctnr_src_ver["core/v2.1.7"]="core/v2.1.7" + bld_opt["core/v2.1.7"]="--skip-legacy" + prd_files["core/v2.1.7"]="2/trezor-2.1.7.bin 2/trezor-2.1.7-bitcoinonly.bin" + bld_files["core/v2.1.7"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.1.7"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.1.7"]=0 + +dock_bld_ver["core/v2.1.6"]="core/v2.1.6" +ctnr_src_ver["core/v2.1.6"]="core/v2.1.6" + bld_opt["core/v2.1.6"]="--skip-legacy" + prd_files["core/v2.1.6"]="2/trezor-2.1.6.bin 2/trezor-2.1.6-bitcoinonly.bin" + bld_files["core/v2.1.6"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.1.6"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.1.6"]=0 + +dock_bld_ver["core/v2.1.5"]="core/v2.1.5" +ctnr_src_ver["core/v2.1.5"]="core/v2.1.5" + bld_opt["core/v2.1.5"]="--skip-legacy" + prd_files["core/v2.1.5"]="2/trezor-2.1.5.bin 2/trezor-2.1.5-bitcoinonly.bin" + bld_files["core/v2.1.5"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.1.5"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.1.5"]=0 + +dock_bld_ver["core/v2.1.4"]="core/v2.1.4" +ctnr_src_ver["core/v2.1.4"]="core/v2.1.4" + bld_opt["core/v2.1.4"]="--skip-legacy" + prd_files["core/v2.1.4"]="2/trezor-2.1.4.bin 2/trezor-2.1.4-bitcoinonly.bin" + bld_files["core/v2.1.4"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.1.4"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.1.4"]=0 + +dock_bld_ver["core/v2.1.3"]="core/v2.1.3" +ctnr_src_ver["core/v2.1.3"]="core/v2.1.3" + bld_opt["core/v2.1.3"]="--skip-legacy" + prd_files["core/v2.1.3"]="2/trezor-2.1.3.bin 2/trezor-2.1.3-bitcoinonly.bin" + bld_files["core/v2.1.3"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.1.3"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.1.3"]=0 + +dock_bld_ver["core/v2.1.2"]="core/v2.1.2" +ctnr_src_ver["core/v2.1.2"]="core/v2.1.2" + bld_opt["core/v2.1.2"]="--skip-legacy" + prd_files["core/v2.1.2"]="2/trezor-2.1.2.bin 2/trezor-2.1.2-bitcoinonly.bin" + bld_files["core/v2.1.2"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.1.2"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.1.2"]=0 + +dock_bld_ver["core/v2.1.1"]="core/v2.1.1" +ctnr_src_ver["core/v2.1.1"]="core/v2.1.1" + bld_opt["core/v2.1.1"]="--skip-legacy" + prd_files["core/v2.1.1"]="2/trezor-2.1.1.bin 2/trezor-2.1.1-bitcoinonly.bin" + bld_files["core/v2.1.1"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.1.1"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.1.1"]=0 + +dock_bld_ver["core/v2.1.0"]="core/v2.1.0" +ctnr_src_ver["core/v2.1.0"]="core/v2.1.0" + bld_opt["core/v2.1.0"]="--skip-legacy" + prd_files["core/v2.1.0"]="2/trezor-2.1.0.bin 2/trezor-2.1.0-bitcoinonly.bin" + bld_files["core/v2.1.0"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.1.0"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.1.0"]=0 + +dock_bld_ver["core/v2.0.10"]="core/v2.0.10" +ctnr_src_ver["core/v2.0.10"]="core/v2.0.10" + bld_opt["core/v2.0.10"]="--skip-legacy" + prd_files["core/v2.0.10"]="2/trezor-2.0.10.bin 2/trezor-2.0.10-bitcoinonly.bin" + bld_files["core/v2.0.10"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.0.10"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.0.10"]=0 + +dock_bld_ver["core/v2.0.9"]="core/v2.0.9" +ctnr_src_ver["core/v2.0.9"]="core/v2.0.9" + bld_opt["core/v2.0.9"]="--skip-legacy" + prd_files["core/v2.0.9"]="2/trezor-2.0.9.bin 2/trezor-2.0.9-bitcoinonly.bin" + bld_files["core/v2.0.9"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.0.9"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.0.9"]=0 + +dock_bld_ver["core/v2.0.8"]="core/v2.0.8" +ctnr_src_ver["core/v2.0.8"]="core/v2.0.8" + bld_opt["core/v2.0.8"]="--skip-legacy" + prd_files["core/v2.0.8"]="2/trezor-2.0.8.bin 2/trezor-2.0.8-bitcoinonly.bin" + bld_files["core/v2.0.8"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.0.8"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.0.8"]=0 + +dock_bld_ver["core/v2.0.7"]="core/v2.0.7" +ctnr_src_ver["core/v2.0.7"]="core/v2.0.7" + bld_opt["core/v2.0.7"]="--skip-legacy" + prd_files["core/v2.0.7"]="2/trezor-2.0.7.bin 2/trezor-2.0.7-bitcoinonly.bin" + bld_files["core/v2.0.7"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.0.7"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.0.7"]=0 + +dock_bld_ver["core/v2.0.6"]="core/v2.0.6" +ctnr_src_ver["core/v2.0.6"]="core/v2.0.6" + bld_opt["core/v2.0.6"]="--skip-legacy" + prd_files["core/v2.0.6"]="2/trezor-2.0.6.bin 2/trezor-2.0.6-bitcoinonly.bin" + bld_files["core/v2.0.6"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.0.6"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.0.6"]=0 + +dock_bld_ver["core/v2.0.5"]="core/v2.0.5" +ctnr_src_ver["core/v2.0.5"]="core/v2.0.5" + bld_opt["core/v2.0.5"]="--skip-legacy" + prd_files["core/v2.0.5"]="2/trezor-2.0.5.bin 2/trezor-2.0.5-bitcoinonly.bin" + bld_files["core/v2.0.5"]="${EXEC_PATH}/repo/build/core/firmware/firmware.bin ${EXEC_PATH}/repo/build/core-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["core/v2.0.5"]="bs=1 seek=5567 count=65 conv=notrunc status=none" + is_hash_eq["core/v2.0.5"]=0 + +dock_bld_ver["legacy/v1.12.1"]="legacy/v1.12.1" +ctnr_src_ver["legacy/v1.12.1"]="legacy/v1.12.1" + bld_opt["legacy/v1.12.1"]="--skip-core" + prd_files["legacy/v1.12.1"]="1/trezor-1.12.1.bin 1/trezor-1.12.1-bitcoinonly.bin" + bld_files["legacy/v1.12.1"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.12.1"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.12.1"]=1 + +dock_bld_ver["legacy/v1.12.0"]="legacy/v1.12.0" +ctnr_src_ver["legacy/v1.12.0"]="legacy/v1.12.0" + bld_opt["legacy/v1.12.0"]="--skip-core" + prd_files["legacy/v1.12.0"]="1/trezor-1.12.0.bin 1/trezor-1.12.0-bitcoinonly.bin" + bld_files["legacy/v1.12.0"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.12.0"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.12.0"]=0 + +dock_bld_ver["legacy/v1.11.2"]="legacy/v1.11.2" +ctnr_src_ver["legacy/v1.11.2"]="legacy/v1.11.2" + bld_opt["legacy/v1.11.2"]="--skip-core" + prd_files["legacy/v1.11.2"]="1/trezor-1.11.2.bin 1/trezor-1.11.2-bitcoinonly.bin" + bld_files["legacy/v1.11.2"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.11.2"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.11.2"]=1 + +dock_bld_ver["legacy/v1.11.1"]="legacy/v1.11.1" +ctnr_src_ver["legacy/v1.11.1"]="legacy/v1.11.1" + bld_opt["legacy/v1.11.1"]="--skip-core" + prd_files["legacy/v1.11.1"]="1/trezor-1.11.1.bin 1/trezor-1.11.1-bitcoinonly.bin" + bld_files["legacy/v1.11.1"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.11.1"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.11.1"]=0 + +dock_bld_ver["legacy/v1.10.5"]="legacy/v1.10.5" +ctnr_src_ver["legacy/v1.10.5"]="legacy/v1.10.5" + bld_opt["legacy/v1.10.5"]="--skip-core" + prd_files["legacy/v1.10.5"]="1/trezor-1.10.5.bin 1/trezor-1.10.5-bitcoinonly.bin" + bld_files["legacy/v1.10.5"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.10.5"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.10.5"]=0 + +dock_bld_ver["legacy/v1.10.4"]="legacy/v1.10.4" +ctnr_src_ver["legacy/v1.10.4"]="legacy/v1.10.4" + bld_opt["legacy/v1.10.4"]="--skip-core" + prd_files["legacy/v1.10.4"]="1/trezor-1.10.4.bin 1/trezor-1.10.4-bitcoinonly.bin" + bld_files["legacy/v1.10.4"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.10.4"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.10.4"]=0 + +dock_bld_ver["legacy/v1.10.3"]="legacy/v1.10.3" +ctnr_src_ver["legacy/v1.10.3"]="legacy/v1.10.3" + bld_opt["legacy/v1.10.3"]="--skip-core" + prd_files["legacy/v1.10.3"]="1/trezor-1.10.3.bin 1/trezor-1.10.3-bitcoinonly.bin" + bld_files["legacy/v1.10.3"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.10.3"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.10.3"]=0 + +dock_bld_ver["legacy/v1.10.2"]="legacy/v1.10.2" +ctnr_src_ver["legacy/v1.10.2"]="legacy/v1.10.2" + bld_opt["legacy/v1.10.2"]="--skip-core" + prd_files["legacy/v1.10.2"]="1/trezor-1.10.2.bin 1/trezor-1.10.2-bitcoinonly.bin" + bld_files["legacy/v1.10.2"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.10.2"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.10.2"]=0 + +dock_bld_ver["legacy/v1.10.1"]="legacy/v1.10.1" +ctnr_src_ver["legacy/v1.10.1"]="legacy/v1.10.1" + bld_opt["legacy/v1.10.1"]="--skip-core" + prd_files["legacy/v1.10.1"]="1/trezor-1.10.1.bin 1/trezor-1.10.1-bitcoinonly.bin" + bld_files["legacy/v1.10.1"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.10.1"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.10.1"]=0 + +dock_bld_ver["legacy/v1.10.0"]="legacy/v1.10.0" +ctnr_src_ver["legacy/v1.10.0"]="legacy/v1.10.0" + bld_opt["legacy/v1.10.0"]="--skip-core" + prd_files["legacy/v1.10.0"]="1/trezor-1.10.0.bin 1/trezor-1.10.0-bitcoinonly.bin" + bld_files["legacy/v1.10.0"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.10.0"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.10.0"]=0 + +dock_bld_ver["legacy/v1.9.4"]="legacy/v1.9.4" +ctnr_src_ver["legacy/v1.9.4"]="legacy/v1.9.4" + bld_opt["legacy/v1.9.4"]="--skip-core" + prd_files["legacy/v1.9.4"]="1/trezor-1.9.4.bin 1/trezor-1.9.4-bitcoinonly.bin" + bld_files["legacy/v1.9.4"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.9.4"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.9.4"]=0 + +dock_bld_ver["legacy/v1.9.3"]="legacy/v1.9.3" +ctnr_src_ver["legacy/v1.9.3"]="legacy/v1.9.3" + bld_opt["legacy/v1.9.3"]="--skip-core" + prd_files["legacy/v1.9.3"]="1/trezor-1.9.3.bin 1/trezor-1.9.3-bitcoinonly.bin" + bld_files["legacy/v1.9.3"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.9.3"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.9.3"]=0 + +dock_bld_ver["legacy/v1.9.2"]="legacy/v1.9.2" +ctnr_src_ver["legacy/v1.9.2"]="legacy/v1.9.2" + bld_opt["legacy/v1.9.2"]="--skip-core" + prd_files["legacy/v1.9.2"]="1/trezor-1.9.2.bin 1/trezor-1.9.2-bitcoinonly.bin" + bld_files["legacy/v1.9.2"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.9.2"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.9.2"]=0 + +dock_bld_ver["legacy/v1.9.1"]="legacy/v1.9.1" +ctnr_src_ver["legacy/v1.9.1"]="legacy/v1.9.1" + bld_opt["legacy/v1.9.1"]="--skip-core" + prd_files["legacy/v1.9.1"]="1/trezor-1.9.1.bin 1/trezor-1.9.1-bitcoinonly.bin" + bld_files["legacy/v1.9.1"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.9.1"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.9.1"]=0 + +dock_bld_ver["legacy/v1.9.0"]="legacy/v1.9.0" +ctnr_src_ver["legacy/v1.9.0"]="legacy/v1.9.0" + bld_opt["legacy/v1.9.0"]="--skip-core" + prd_files["legacy/v1.9.0"]="1/trezor-1.9.0.bin 1/trezor-1.9.0-bitcoinonly.bin" + bld_files["legacy/v1.9.0"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.9.0"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.9.0"]=0 + +dock_bld_ver["legacy/v1.8.3"]="legacy/v1.8.3" +ctnr_src_ver["legacy/v1.8.3"]="legacy/v1.8.3" + bld_opt["legacy/v1.8.3"]="--skip-core" + prd_files["legacy/v1.8.3"]="1/trezor-1.8.3.bin 1/trezor-1.8.3-bitcoinonly.bin" + bld_files["legacy/v1.8.3"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.8.3"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.8.3"]=0 + +dock_bld_ver["legacy/v1.8.2"]="legacy/v1.8.2" +ctnr_src_ver["legacy/v1.8.2"]="legacy/v1.8.2" + bld_opt["legacy/v1.8.2"]="--skip-core" + prd_files["legacy/v1.8.2"]="1/trezor-1.8.2.bin 1/trezor-1.8.2-bitcoinonly.bin" + bld_files["legacy/v1.8.2"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.8.2"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.8.2"]=0 + +dock_bld_ver["legacy/v1.8.1"]="legacy/v1.8.1" +ctnr_src_ver["legacy/v1.8.1"]="legacy/v1.8.1" + bld_opt["legacy/v1.8.1"]="--skip-core" + prd_files["legacy/v1.8.1"]="1/trezor-1.8.1.bin 1/trezor-1.8.1-bitcoinonly.bin" + bld_files["legacy/v1.8.1"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.8.1"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.8.1"]=0 + +dock_bld_ver["legacy/v1.8.0"]="legacy/v1.8.0" +ctnr_src_ver["legacy/v1.8.0"]="legacy/v1.8.0" + bld_opt["legacy/v1.8.0"]="--skip-core" + prd_files["legacy/v1.8.0"]="1/trezor-1.8.0.bin 1/trezor-1.8.0-bitcoinonly.bin" + bld_files["legacy/v1.8.0"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.8.0"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.8.0"]=0 + +dock_bld_ver["legacy/v1.7.3"]="legacy/v1.7.3" +ctnr_src_ver["legacy/v1.7.3"]="legacy/v1.7.3" + bld_opt["legacy/v1.7.3"]="--skip-core" + prd_files["legacy/v1.7.3"]="1/trezor-1.7.3.bin 1/trezor-1.7.3-bitcoinonly.bin" + bld_files["legacy/v1.7.3"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.7.3"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.7.3"]=0 + +dock_bld_ver["legacy/v1.7.2"]="legacy/v1.7.2" +ctnr_src_ver["legacy/v1.7.2"]="legacy/v1.7.2" + bld_opt["legacy/v1.7.2"]="--skip-core" + prd_files["legacy/v1.7.2"]="1/trezor-1.7.2.bin 1/trezor-1.7.2-bitcoinonly.bin" + bld_files["legacy/v1.7.2"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.7.2"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.7.2"]=0 + +dock_bld_ver["legacy/v1.7.1"]="legacy/v1.7.1" +ctnr_src_ver["legacy/v1.7.1"]="legacy/v1.7.1" + bld_opt["legacy/v1.7.1"]="--skip-core" + prd_files["legacy/v1.7.1"]="1/trezor-1.7.1.bin 1/trezor-1.7.1-bitcoinonly.bin" + bld_files["legacy/v1.7.1"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.7.1"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.7.1"]=0 + +dock_bld_ver["legacy/v1.7.0"]="legacy/v1.7.0" +ctnr_src_ver["legacy/v1.7.0"]="legacy/v1.7.0" + bld_opt["legacy/v1.7.0"]="--skip-core" + prd_files["legacy/v1.7.0"]="1/trezor-1.7.0.bin 1/trezor-1.7.0-bitcoinonly.bin" + bld_files["legacy/v1.7.0"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.7.0"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.7.0"]=0 + +dock_bld_ver["legacy/v1.6.3"]="legacy/v1.6.3" +ctnr_src_ver["legacy/v1.6.3"]="legacy/v1.6.3" + bld_opt["legacy/v1.6.3"]="--skip-core" + prd_files["legacy/v1.6.3"]="1/trezor-1.6.3.bin 1/trezor-1.6.3-bitcoinonly.bin" + bld_files["legacy/v1.6.3"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.6.3"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.6.3"]=0 + +dock_bld_ver["legacy/v1.6.2"]="legacy/v1.6.2" +ctnr_src_ver["legacy/v1.6.2"]="legacy/v1.6.2" + bld_opt["legacy/v1.6.2"]="--skip-core" + prd_files["legacy/v1.6.2"]="1/trezor-1.6.2.bin 1/trezor-1.6.2-bitcoinonly.bin" + bld_files["legacy/v1.6.2"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.6.2"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.6.2"]=0 + +dock_bld_ver["legacy/v1.6.1"]="legacy/v1.6.1" +ctnr_src_ver["legacy/v1.6.1"]="legacy/v1.6.1" + bld_opt["legacy/v1.6.1"]="--skip-core" + prd_files["legacy/v1.6.1"]="1/trezor-1.6.1.bin 1/trezor-1.6.1-bitcoinonly.bin" + bld_files["legacy/v1.6.1"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.6.1"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.6.1"]=0 + +dock_bld_ver["legacy/v1.6.0"]="legacy/v1.6.0" +ctnr_src_ver["legacy/v1.6.0"]="legacy/v1.6.0" + bld_opt["legacy/v1.6.0"]="--skip-core" + prd_files["legacy/v1.6.0"]="1/trezor-1.6.0.bin 1/trezor-1.6.0-bitcoinonly.bin" + bld_files["legacy/v1.6.0"]="${EXEC_PATH}/repo/build/legacy/firmware/firmware.bin ${EXEC_PATH}/repo/build/legacy-bitcoinonly/firmware/firmware.bin" +dd_zero_opts["legacy/v1.6.0"]="bs=1 seek=544 count=195 conv=notrunc status=none" + is_hash_eq["legacy/v1.6.0"]=0 + +dock_bld_ver["core/bl2.1.0"]="core/v2.6.0" +ctnr_src_ver["core/bl2.1.0"]="core/bl2.1.0" + prd_bin_ver["core/bl2.1.0"]="core/v2.6.0" + bld_opt["core/bl2.1.0"]="--skip-bitcoinonly --skip-legacy" + prd_files["core/bl2.1.0"]="${EXEC_PATH}/repo/core/embed/firmware/bootloaders/bootloader_T2T1.bin" + bld_files["core/bl2.1.0"]="${EXEC_PATH}/repo/build/core/bootloader/bootloader.bin" + is_hash_eq["core/bl2.1.0"]=1 + +dock_bld_ver["core/bl2.0.3"]="core/bl2.0.3" +ctnr_src_ver["core/bl2.0.3"]="core/bl2.0.3" + prd_bin_ver["core/bl2.0.3"]="core/bl2.0.3" + bld_opt["core/bl2.0.3"]="--skip-bitcoinonly --skip-legacy" + prd_files["core/bl2.0.3"]="${EXEC_PATH}/repo/core/embed/firmware/bootloaders/bootloader_T2T1.bin" + bld_files["core/bl2.0.3"]="${EXEC_PATH}/repo/build/core/bootloader/bootloader.bin" + is_hash_eq["core/bl2.0.3"]=0 + +dock_bld_ver["core/bl2.0.2"]="core/bl2.0.2" +ctnr_src_ver["core/bl2.0.2"]="core/bl2.0.2" + prd_bin_ver["core/bl2.0.2"]="core/bl2.0.2" + bld_opt["core/bl2.0.2"]="--skip-bitcoinonly --skip-legacy" + prd_files["core/bl2.0.2"]="${EXEC_PATH}/repo/core/embed/firmware/bootloaders/bootloader_T2T1.bin" + bld_files["core/bl2.0.2"]="${EXEC_PATH}/repo/build/core/bootloader/bootloader.bin" + is_hash_eq["core/bl2.0.2"]=0 + +dock_bld_ver["core/bl2.0.1"]="core/bl2.0.1" +ctnr_src_ver["core/bl2.0.1"]="core/bl2.0.1" + prd_bin_ver["core/bl2.0.1"]="core/bl2.0.1" + bld_opt["core/bl2.0.1"]="--skip-bitcoinonly --skip-legacy" + prd_files["core/bl2.0.1"]="${EXEC_PATH}/repo/core/embed/firmware/bootloaders/bootloader_T2T1.bin" + bld_files["core/bl2.0.1"]="${EXEC_PATH}/repo/build/core/bootloader/bootloader.bin" + is_hash_eq["core/bl2.0.1"]=0 + +dock_bld_ver["core/bl2.0.0"]="core/bl2.0.0" +ctnr_src_ver["core/bl2.0.0"]="core/bl2.0.0" + prd_bin_ver["core/bl2.0.0"]="core/bl2.0.0" + bld_opt["core/bl2.0.0"]="--skip-bitcoinonly --skip-legacy" + prd_files["core/bl2.0.0"]="${EXEC_PATH}/repo/core/embed/firmware/bootloaders/bootloader_T2T1.bin" + bld_files["core/bl2.0.0"]="${EXEC_PATH}/repo/build/core/bootloader/bootloader.bin" + is_hash_eq["core/bl2.0.0"]=0 + +dock_bld_ver["legacy/bl1.12.1"]="legacy/bl1.12.1" +ctnr_src_ver["legacy/bl1.12.1"]="legacy/bl1.12.1" + prd_bin_ver["legacy/bl1.12.1"]="legacy/bl1.12.1" + bld_opt["legacy/bl1.12.1"]="--skip-bitcoinonly --skip-core" + prd_files["legacy/bl1.12.1"]="${EXEC_PATH}/repo/legacy/firmware/bootloader.dat" + bld_files["legacy/bl1.12.1"]="${EXEC_PATH}/repo/build/legacy/bootloader/bootloader.bin" + is_hash_eq["legacy/bl1.12.1"]=1 + +dock_bld_ver["legacy/bl1.12.0"]="legacy/bl1.12.0" +ctnr_src_ver["legacy/bl1.12.0"]="legacy/bl1.12.0" + prd_bin_ver["legacy/bl1.12.0"]="legacy/bl1.12.0" + bld_opt["legacy/bl1.12.0"]="--skip-bitcoinonly --skip-core" + prd_files["legacy/bl1.12.0"]="${EXEC_PATH}/repo/legacy/firmware/bootloader.dat" + bld_files["legacy/bl1.12.0"]="${EXEC_PATH}/repo/build/legacy/bootloader/bootloader.bin" + is_hash_eq["legacy/bl1.12.0"]=0 + +dock_bld_ver["legacy/bl1.11.0"]="legacy/bl1.11.0" +ctnr_src_ver["legacy/bl1.11.0"]="legacy/bl1.11.0" + prd_bin_ver["legacy/bl1.11.0"]="legacy/bl1.11.0" + bld_opt["legacy/bl1.11.0"]="--skip-core --skip-bitcoinonly" + prd_files["legacy/bl1.11.0"]="${EXEC_PATH}/repo/legacy/firmware/bootloader.dat" + bld_files["legacy/bl1.11.0"]="${EXEC_PATH}/repo/build/legacy/bootloader/bootloader.bin" + is_hash_eq["legacy/bl1.11.0"]=0 + +dock_bld_ver["legacy/bl1.8.0"]="legacy/bl1.8.0" +ctnr_src_ver["legacy/bl1.8.0"]="legacy/bl1.8.0" + prd_bin_ver["legacy/bl1.8.0"]="legacy/bl1.8.0" + bld_opt["legacy/bl1.8.0"]="--skip-bitcoinonly --skip-core" + prd_files["legacy/bl1.8.0"]="${EXEC_PATH}/repo/legacy/firmware/bootloader.dat" + bld_files["legacy/bl1.8.0"]="${EXEC_PATH}/repo/build/legacy/bootloader/bootloader.bin" + is_hash_eq["legacy/bl1.8.0"]=0 + +dock_bld_ver["legacy/bl1.6.1"]="legacy/bl1.6.1" +ctnr_src_ver["legacy/bl1.6.1"]="legacy/bl1.6.1" + prd_bin_ver["legacy/bl1.6.1"]="legacy/bl1.6.1" + bld_opt["legacy/bl1.6.1"]="--skip-bitcoinonly --skip-core" + prd_files["legacy/bl1.6.1"]="${EXEC_PATH}/repo/legacy/firmware/bootloader.dat" + bld_files["legacy/bl1.6.1"]="${EXEC_PATH}/repo/build/legacy/bootloader/bootloader.bin" + is_hash_eq["legacy/bl1.6.1"]=0 + +dock_bld_ver["legacy/bl1.6.0"]="legacy/bl1.6.0" +ctnr_src_ver["legacy/bl1.6.0"]="legacy/bl1.6.0" + prd_bin_ver["legacy/bl1.6.0"]="legacy/bl1.6.0" + bld_opt["legacy/bl1.6.0"]="--skip-bitcoinonly --skip-core" + prd_files["legacy/bl1.6.0"]="${EXEC_PATH}/repo/legacy/firmware/bootloader.dat" + bld_files["legacy/bl1.6.0"]="${EXEC_PATH}/repo/build/legacy/bootloader/bootloader.bin" + is_hash_eq["legacy/bl1.6.0"]=0 + +dock_bld_ver["legacy/bl1.5.1"]="legacy/bl1.5.1" +ctnr_src_ver["legacy/bl1.5.1"]="legacy/bl1.5.1" + prd_bin_ver["legacy/bl1.5.1"]="legacy/bl1.5.1" + bld_opt["legacy/bl1.5.1"]="--skip-bitcoinonly --skip-core" + prd_files["legacy/bl1.5.1"]="${EXEC_PATH}/repo/legacy/firmware/bootloader.dat" + bld_files["legacy/bl1.5.1"]="${EXEC_PATH}/repo/build/legacy/bootloader/bootloader.bin" + is_hash_eq["legacy/bl1.5.1"]=0 + +dock_bld_ver["legacy/bl1.5.0"]="legacy/bl1.5.0" +ctnr_src_ver["legacy/bl1.5.0"]="legacy/bl1.5.0" + prd_bin_ver["legacy/bl1.5.0"]="legacy/bl1.5.0" + bld_opt["legacy/bl1.5.0"]="--skip-bitcoinonly --skip-core" + prd_files["legacy/bl1.5.0"]="${EXEC_PATH}/repo/legacy/firmware/bootloader.dat" + bld_files["legacy/bl1.5.0"]="${EXEC_PATH}/repo/build/legacy/bootloader/bootloader.bin" + is_hash_eq["legacy/bl1.5.0"]=0 + +dock_bld_ver["legacy/bl1.4.0"]="legacy/bl1.4.0" +ctnr_src_ver["legacy/bl1.4.0"]="legacy/bl1.4.0" + prd_bin_ver["legacy/bl1.4.0"]="legacy/bl1.4.0" + bld_opt["legacy/bl1.4.0"]="--skip-bitcoinonly --skip-core" + prd_files["legacy/bl1.4.0"]="${EXEC_PATH}/repo/legacy/firmware/bootloader.dat" + bld_files["legacy/bl1.4.0"]="${EXEC_PATH}/repo/build/legacy/bootloader/bootloader.bin" + is_hash_eq["legacy/bl1.4.0"]=0 + diff --git a/trezor/verify.sh b/trezor/verify.sh new file mode 100644 index 0000000..87cb6b6 --- /dev/null +++ b/trezor/verify.sh @@ -0,0 +1,269 @@ +#!/bin/bash +# [rights] Copyright 2023 brianddk at github https://github.com/brianddk +# [license] Apache 2.0 License https://www.apache.org/licenses/LICENSE-2.0 +# [repo] github.com/brianddk/attestation/ +# [ref] reddit.com/r/TREZOR/comments/to2e6h/ +# [ref] reddit.com/r/TREZOR/comments/13k92nw/ +# [ref] github.com/trezor/data/tree/master/firmware +# [ref] github.com/trezor/trezor-firmware/issues/2189#issuecomment-1558802760 +# [ref] github.com/trezor/trezor-firmware/blob/30a77a7/docs/common/reproducible-build.md +# [btc] BTC-b32: bc1qwc2203uym96u0nmq04pcgqfs9ldqz9l3mz8fpj +# [tipjar] github.com/brianddk/reddit/blob/master/tipjar/tipjar.txt +# [req] bash, docker, git, gpg, wget, dd, sha256sum, python-venv +# [note] This script will run the official `docker-build.sh` script from +# [note] the `trezor-firmware` github repository to make a reproducible +# [note] build binary. It also performs the added steps of removing the +# [note] signature and comparing local and publish builds for 'sameness' +# [windows] wsl GPG_BIN=gpg.exe trezor/verify.sh --gpg-key YOUR_UID core/v2.6.0 +# [linux] trezor/verify.sh --gpg-key YOUR_UID --latest-rel +# [macOS] trezor/verify.sh --gpg-key YOUR_UID --canary-rel + +VERSION=0.1 +LATEST="core/bl2.1.0 core/v2.6.0 legacy/bl1.12.1 legacy/v1.12.1" +CANARY="core/bl2.1.0 core/v2.6.0 legacy/bl1.12.1 legacy/v1.12.1" +# bl2.0.3 is SO old it will require some archeology to build. +# bl1.11.0 fails, and I don't know why +#PREVIOUS="core/bl2.0.3 core/v2.5.3 legacy/bl1.11.0 legacy/v1.11.2" +PREVIOUS="core/v2.5.3 legacy/v1.11.2" +CANARY_URL="https://trezor.io/transparency/canary.txt" +REPOSITORY="https://github.com/trezor/trezor-firmware.git" +GPG_BIN=${GPG_BIN:-gpg} +TEMPFILE="$(mktemp)" +EXEC_PATH=$(dirname $(readlink -f "${BASH_SOURCE[0]}")) +source "${EXEC_PATH}/settings.sh" + +# Helper function to compare version strings +function version_a_lt_b () { + if [[ $1 == $2 ]]; then + return 1 # False + fi + ORIG=$(echo -e "$1\n$2") + RESULT=$(echo -e "$ORIG" | sort --version-sort) + if [[ "$ORIG" == "$RESULT" ]]; then + return 0 # True (non error return) + else + return 1 # False (error return) + fi +} + + +# Main verify function +function verify () { + TAG=$1 + FILE="attest/${TAG}/attest" + + # Make VENV for headertool.py + if [ -d .venv ]; then + source .venv/bin/activate + else + # sudo apt install python3-venv python3-wheel python3-setuptools python3-pip + python3 -m venv .venv + source .venv/bin/activate + python3 -m pip install --upgrade pip setuptools wheel + python3 -m pip install repo/python/. || exit 9 + fi + + # determine if we are bootloader or not, and core -vs- legacy + case "$TAG" in + "core/v"*) + VER="${TAG:6}" + IS_CORE=1 + IS_BLDR=0 + ;; + "legacy/v"*) + VER="${TAG:8}" + IS_CORE=0 + IS_BLDR=0 + ;; + "core/bl"*) + VER="${TAG:7}" + IS_CORE=1 + IS_BLDR=1 + ;; + "legacy/bl"*) + VER="${TAG:9}" + IS_CORE=0 + IS_BLDR=1 + ;; + *) + echo "BAD TAG!!" + exit 10 + ;; + esac + + # Make directories and repos as needed + mkdir -p "attest/$TAG" + if [ ! -d repo ]; then + git clone "${REPOSITORY}" repo + fi + + # Using explicit paths in GIT due to WSL weirdness + 1> /dev/null pushd repo + git restore "$PWD" || exit 1 + git clean --force || exit 2 + git checkout "${dock_bld_ver[$TAG]}" || exit 3 + echo bash build-docker.sh ${bld_opt[$TAG]} "${ctnr_src_ver[$TAG]}" + # read + bash build-docker.sh ${bld_opt[$TAG]} "${ctnr_src_ver[$TAG]}" + if [ $IS_BLDR -eq 1 ]; then + cd $(dirname "${prd_files[$TAG]}") + git restore -s "${prd_bin_ver[$TAG]}" -- $(basename "${prd_files[$TAG]}") || exit 3 + fi + 1> /dev/null popd + + # Do checksum'ing in one block to catch and log + ( + echo "Intended Build Version: $TAG" + echo "build-docker.sh Version: ${dock_bld_ver[$TAG]}" + echo "Build Command: build-docker.sh ${bld_opt[$TAG]} ${ctnr_src_ver[$TAG]}" + echo "Bootloader Build?: $IS_BLDR" + if [ $IS_BLDR -eq 1 ]; then # is_bootloader=True + echo "Source Binary tag: ${prd_bin_ver[$TAG]}" + else + echo "DD Zero Sig Options: ${dd_zero_opts[$TAG]}" + fi + echo "" + if [ $IS_BLDR -eq 1 ]; then # is_bootloader=True + if [ $IS_CORE -eq 1 ]; then # is_core=True + for i in ${prd_files[$TAG]} ${bld_files[$TAG]} + do + # Let headertool.py pull out the important bits, then swap field order + bldr=$(realpath --relative-to="${EXEC_PATH}" "${i}") + 2>/dev/null repo/core/tools/headertool.py -h $bldr | grep "^Finger" | sed "s#^Finger.*:#$bldr#g" | awk '{print $2 " " $1}' + done + else # is_core=False + sha256sum $(realpath --relative-to=${EXEC_PATH} ${prd_files[$TAG]}) $(realpath --relative-to=${EXEC_PATH} ${bld_files[$TAG]}) + fi # is_core + else # is_bootloader=False + read PRD_NRML PRD_BO <<< "${prd_files[$TAG]}" + read BLD_NRML BLD_BO <<< "${bld_files[$TAG]}" + + for i in $PRD_BO $PRD_NRML; + do + BINFILE="$(basename $i)" + # Get the official production bins + wget -qO ${BINFILE} https://data.trezor.io/firmware/${i} || exit 4 + + # Strip off legacy header + if version_a_lt_b "${VER}" "1.12.1"; then + tail -c +257 ${BINFILE} > ${BINFILE}.nohdr + mv ${BINFILE}.nohdr ${BINFILE} + fi + + # Thunk out the header signature + dd if=/dev/zero of=${BINFILE} ${dd_zero_opts[$TAG]} + done + + sha256sum $(basename $PRD_NRML) $(realpath --relative-to=$EXEC_PATH $BLD_NRML); echo "" + sha256sum $(basename $PRD_BO) $(realpath --relative-to=$EXEC_PATH $BLD_BO) + fi # is_bootloader + ) | tee "${TEMPFILE}" + < "${TEMPFILE}" ${GPG_BIN} --clear-sign -u "${GPG_KEY}" > "${FILE}.${GPG_KEY}" +} + + +# Attest that the Canary is reachable and signed +function do_canary() { + FILE="attest/canary/attest" + + mkdir -p attest/canary + curl -s "${CANARY_URL}" | ${GPG_BIN} --verify 2>&1 \ + | ${GPG_BIN} --clear-sign -u "${GPG_KEY}" > "${FILE}.${GPG_KEY}" +} + + +# Verify that the named key is in your keyring +function test_key() { + KEYFILE="../pubkeys/${GPG_KEY}.asc" + # Attempt to save the key into the repo "keyring" + if ${GPG_BIN} -a --export "${GPG_KEY}" 1> "${KEYFILE}" 2> /dev/null; then + echo "Using GPG key UID=${GPG_KEY}" + else + echo "FAILED Key test of UID ${GPG_KEY}" + exit 11 + fi +} + + +# Show help +function help_and_die() { + echo "Version ${VERSION}" + echo "" + echo "Usage: $0 --gpg-key UID [options] [tag]" + echo "Options:" + echo " --gpg-key UID - do attestment with the named UID" + echo " --canary-file - attest that the canary URL is signed and reachable" + echo " --latest-rel - attest firmware based on the latest releases" + echo " --prev-rel - attest firmware based on 'latest - 1'" + echo " --canary-rel - attest latest firmware released before the last canary" + exit 0 +} + + +# The main entrypoint +function main () { + # move to this scripts directory + cd "${EXEC_PATH}" + # parse args + while true; do + case "$1" in + -h|--help) + help_and_die + ;; + --gpg-key) + GPG_KEY="$2" + shift 2 + ;; + --canary-file) + DO_CANARY=1 + shift + ;; + --latest-rel) + TAGS="${LATEST}" + shift + ;; + --prev-rel) + TAGS="${PREVIOUS}" + shift + ;; + --canary-rel) + TAGS="${CANARY}" + shift + ;; + *) + break + ;; + esac + done + + # if no "--at-" options named, pull tags from args() + TAGS=${TAGS:-$*} + + # must name a GPG key + if [[ -z "${GPG_KEY}" ]]; then + help_and_die + else + test_key + fi + + # attest the canary if told to do so + if [[ -v DO_CANARY ]]; then + do_canary + fi + + # attest based on tags + for i in $TAGS; do + if [ ! ${is_hash_eq[$i]} -eq 1 ]; then + echo "Build of '$i' is UNTESTED, proceed with caution" + echo "PRESS ANY KEY to continue" + read + fi + verify "$i" + done + + # collect garbage + rm "${TEMPFILE}" +} + +# The actual entrypoint +main $* diff --git a/wiki b/wiki new file mode 160000 index 0000000..532a8f4 --- /dev/null +++ b/wiki @@ -0,0 +1 @@ +Subproject commit 532a8f4d3bb7392a082ae1628be8f54a8989148b