Open xrviv opened 1 week ago
@xrviv please try with the updated instructions in #4255
I can confirm that version 2.8.3 is reproducible. I have updated my review in walletscrutiny, and would close issue 4254 once this is merged. Asciicast in YouTube for Trezor Safe 5 v2.8.3
Built from commit 39565d3970deb9d696217cda793dc467f2a8e3e5
Fingerprints:
02826539b47dd30ce99a769666639e5e92290c58c417f53359ce52c6dc68522b build/core-R/bootloader/bootloader.bin
bb0532e2378196b878eb7b5c50597b563eacbdb950d488409d940252cce450a4 build/core-R/firmware/firmware.bin
02826539b47dd30ce99a769666639e5e92290c58c417f53359ce52c6dc68522b build/core-R-bitcoinonly/bootloader/bootloader.bin
81c6c3a67ca2a04e9b6b0068a96c2db1e77c6cc972188d178f588c7cdb5ffd32 build/core-R-bitcoinonly/firmware/firmware.bin
819445f377568988110fe797f9163a903e48dda21c88054f686a55a5026ce819 build/core-T/bootloader/bootloader.bin
04626fe134c93f072d982c125055f14c47dba4a4671fa1b5e69a08d4a0da55f7 build/core-T/firmware/firmware.bin
819445f377568988110fe797f9163a903e48dda21c88054f686a55a5026ce819 build/core-T-bitcoinonly/bootloader/bootloader.bin
b0160661b3c87886dbb32d9dfa5a6220d7ea6af7c9f46b4d5ce2d37f0c6740d2 build/core-T-bitcoinonly/firmware/firmware.bin
dfabe8b10368f268cedaa505e284192329f489519dd71feb5fba7d610ef748fc build/core-T3T1/bootloader/bootloader.bin
0de51126c17cc0ac623800638dc851c0abd5b787cad5f3aa5843ea2c4cf8248a build/core-T3T1/firmware/firmware.bin
dfabe8b10368f268cedaa505e284192329f489519dd71feb5fba7d610ef748fc build/core-T3T1-bitcoinonly/bootloader/bootloader.bin
9eaf99a9420d2a3b9377102eb06b938f5a1886ecb06cccde7fd3cb7a39e1abd7 build/core-T3T1-bitcoinonly/firmware/firmware.bin
Hash of non-signature parts downloaded/compiled standard:
65+0 records in
65+0 records out
65 bytes copied, 0.000146538 s, 444 kB/s
83677f634f29e0f066153b599c25a8047729608d555f4c289b91df726472fd5d trezor-t3t1-2.8.3.bin.zeroed
83677f634f29e0f066153b599c25a8047729608d555f4c289b91df726472fd5d build/core-T3T1/firmware/firmware.bin
Hash of non-signature parts downloaded/compiled bitcoinonly:
65+0 records in
65+0 records out
65 bytes copied, 0.000173488 s, 375 kB/s
13273f77e41c92755ab210a28fec9b54dc9df08af96c66caeb552b48028458aa trezor-t3t1-2.8.3-bitcoinonly.bin.zeroed
13273f77e41c92755ab210a28fec9b54dc9df08af96c66caeb552b48028458aa build/core-T3T1-bitcoinonly/firmware/firmware.bin
Hash of the signed firmware:
9f68696478e09d7bf8b8f5181413d8a5386b37571dc2f5ed8511a24f4c1d35b7 trezor-t3t1-2.8.3.bin
49996a1a602f08809427cf3b959f3c70eeef1fcfd45f267bd6d058496a4cc37e trezor-t3t1-2.8.3-bitcoinonly.bin
Greetings team Trezor! 😊 Danny here from walletscrutiny
Describe the bug
Firmware version and revision 2.8.3
Desktop/smartphone setup (please complete the following information):
To Reproduce Steps to reproduce the behavior:
1. We begin by downloading the latest binary from trezor.
2. We get the hashes for the binaries.
3. We then proceed with building
The results:
4. We then begin the process for signature zeroing. We have tried several variations, based on this closed GitHub issue.
Then:
We surmise that the header size for the Trezor Safe 5 may be different which have lead to different values:
After several different results, we ran diffoscope:
For the 'regular' and 'bitcoin-only' binaries:
The results:
diffoscope_results_bitcoinonly.txt
diffoscope_results_regular.txt
Expected behavior Hashes should match.
Screenshots n/a
Additional context Requesting documentation changes to this page to include Trezor Safe 5. https://github.com/trezor/trezor-firmware/blob/main/docs/common/reproducible-build.md