Skip to content

Release 6.0.0
Compare
Choose a tag to compare
@douglasbakkum douglasbakkum released this 19 Jan 08:00
· 82 commits to master since this release
v6.0.0
529ad43
This commit was signed with the committer’s verified signature. The key has expired.
douglasbakkum Douglas Bakkum
GPG key ID: E9B03C3AF2D4918F
Expired
Learn about vigilant mode.

The latest desktop app contains the latest firmware and provides step-by-step instructions for upgrading. To get the latest desktop app, click here.

Release notes:

  • Fix 3-byte memory leak in U2F code
  • Require nonce also in non-full-2FA mobile pairing mode
  • Simulator added for testing/development, using UDP sockets
  • Remove API call to delete all backups at once

To reproduce and verify the deterministic build:

# Clone the repository
git clone https://github.com/digitalbitbox/mcu.git
cd mcu

# Build deterministically (requires Vagrant and Virtualbox and OSX or Linux)
vagrant up
cp build-vagrant/bin/firmware.pad.bin firmware.deterministic.6.0.0.bin
vagrant halt

# Verify the deterministic binary
shasum -a 256 firmware.deterministic.6.0.0.bin  #  13dbbd675a928d3f677d0ca10ffabeddce36453c13a0ffac5caa82dd05526bc2

# Append signatures of the firmware
py/prepend_signatures_firmware_binary.py firmware.deterministic.6.0.0.bin firmware.deterministic.6.0.0.signed.bin 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000076edbb3aec7bb595d93114cefb9062808790e631ccf7727a434c5865c71199fc0b6680a1cb6de8eb747d122a6232de475a2c6034cb11121e28a4de4987c9789f5608619e65c633ab6dac32c5fd4365591afbbd3890be66940b428f183e4fa4d56a81a18599ddc305c2285bf054283e57aa96bb2bf927c74dea41a39d0af20dff9678367ce39d3acec4d2d1de6518ab85bf06870d027e0501e292f6bc759dd2bc60b564f3d8ad5e3768fb23f3cef2ca839781f50781e42aa47fcd969eb79201d595d75b7b6820317b33e007b46ded2984638d7321bcfe230b581cb638bc38592e6391b1ceeb2cddaa4ed5cfe19cd50c87031ad0f7cb93e9c375501730f15986ad

# Verify the signed deterministic binary
shasum -a 256 firmware.deterministic.6.0.0.signed.bin  #  b12012238e724c037f7547d17de16e26f7b2151d0f8c280d470ab153e76ce6e3

# Signed deterministic binaries can be loaded into the Digital Bitbox 
# using the Upgrade Firmware button in the desktop app.

# In case of problems, check if using a different major version:
vagrant --version  #  Vagrant 1.8.5
vagrant box list   #  ubuntu/trusty64 (virtualbox, 20181103.0.0)
virtualbox --help  #  Oracle VM VirtualBox Manager 5.1.38

ECC secp256k1 public keys and signatures of the double SHA256 hash of firmware.deterministic.6.0.0.bin:

0263b742d9873405c609814da884324ab0f4c1597a5fd152b388899857f4d041df : 76edbb3aec7bb595d93114cefb9062808790e631ccf7727a434c5865c71199fc0b6680a1cb6de8eb747d122a6232de475a2c6034cb11121e28a4de4987c9789f
02b95dc22d293376222ef896f74a8436a8b6672e7e416299f3c4e23b49c38ad366 : 5608619e65c633ab6dac32c5fd4365591afbbd3890be66940b428f183e4fa4d56a81a18599ddc305c2285bf054283e57aa96bb2bf927c74dea41a39d0af20dff
03ef4c48dc308ace971c025db3edd4bc5d5110e28e14bdd925fffafd4d21002800 : 9678367ce39d3acec4d2d1de6518ab85bf06870d027e0501e292f6bc759dd2bc60b564f3d8ad5e3768fb23f3cef2ca839781f50781e42aa47fcd969eb79201d5
030d8b0b86fca70bfd3a8d842cdb3ff8362c02f455fd092b080f1bb137dfc1d25f : 95d75b7b6820317b33e007b46ded2984638d7321bcfe230b581cb638bc38592e6391b1ceeb2cddaa4ed5cfe19cd50c87031ad0f7cb93e9c375501730f15986ad

Signature blob appended to firmware.deterministic.6.0.0.bin

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000076edbb3aec7bb595d93114cefb9062808790e631ccf7727a434c5865c71199fc0b6680a1cb6de8eb747d122a6232de475a2c6034cb11121e28a4de4987c9789f5608619e65c633ab6dac32c5fd4365591afbbd3890be66940b428f183e4fa4d56a81a18599ddc305c2285bf054283e57aa96bb2bf927c74dea41a39d0af20dff9678367ce39d3acec4d2d1de6518ab85bf06870d027e0501e292f6bc759dd2bc60b564f3d8ad5e3768fb23f3cef2ca839781f50781e42aa47fcd969eb79201d595d75b7b6820317b33e007b46ded2984638d7321bcfe230b581cb638bc38592e6391b1ceeb2cddaa4ed5cfe19cd50c87031ad0f7cb93e9c375501730f15986ad
Assets 4
Loading