- Install Docker (from docker.com or from your distribution repositories)
git clone https://github.com/trezor/trezor-mcu.gitcd trezor-mcu./firmware-docker-build.sh TAG(where TAG is v1.3.2 for example, if left blank the script builds latest commit)
This will build a docker image mazaclub/trezor-mcu-build:$FIRMWARETAG
Mazaclub versions reflect the upstream versions, with additional mazaclub enhancements (coins)
This creates trezor.bin in current directory and prints its fingerprint from inside and out of the container at the last lines of the build log.
- Build as above
- Put device into bootloader mode - restart device pressing both buttons
python bootloader/firmware_sign.py -f ./trezor.bintrezorctl firmware_update -f ./trezor.bin- Ensure shasums match
trezorctl list_coinsto see the new coins available
- Pick version of firmware binary listed on https://mytrezor.com/data/firmware/releases.json
- Download it:
wget -O trezor.signed.bin.hex https://mytrezor.com/data/firmware/trezor-1.1.0.bin.hex xxd -r -p trezor.signed.bin.hex trezor.signed.bin./firmware-fingerprint.sh trezor.signed.bin
Step 4 should produce the same sha256 fingerprint like your local build (for the same version tag).
The reasoning for firmware-fingerprint.sh script is that signed firmware has special header holding signatures themselves, which must be avoided while calculating the fingerprint.