- Install Docker (from docker.com or from your distribution repositories)
git clone https://github.com/trezor/trezor-mcu.git
cd trezor-mcu
./firmware-docker-build.sh TAG
(where TAG is v1.3.2 for example, if left blank the script builds latest commit)
This creates file output/trezor-TAG.bin
and prints its fingerprint at the last line of the build log.
- Pick version of firmware binary listed on https://mytrezor.com/data/firmware/releases.json
- Download it:
wget -O trezor.signed.bin.hex https://mytrezor.com/data/firmware/trezor-1.1.0.bin.hex
xxd -r -p trezor.signed.bin.hex trezor.signed.bin
./firmware-fingerprint.sh trezor.signed.bin
Step 4 should produce the same sha256 fingerprint like your local build (for the same version tag).
The reasoning for firmware-fingerprint.sh
script is that signed firmware has special header holding signatures themselves, which must be avoided while calculating the fingerprint.