Skip to content

Instantly share code, notes, and snippets.

@eriknylund
Last active September 27, 2021 11:04
Show Gist options
  • Save eriknylund/cfc778c4d0424b13d1dbd2abdd418174 to your computer and use it in GitHub Desktop.
Save eriknylund/cfc778c4d0424b13d1dbd2abdd418174 to your computer and use it in GitHub Desktop.
Trezor T v2.4.2 reproducible build

Trezor T v2.4.2 reproducible build

General instructions

VPS

  • Digital Ocean Debian 10 x64

Setup

sudo apt-get update && sudo apt-get install -y \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg \
    lsb-release

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

echo \
  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update && sudo apt-get install -y docker-ce docker-ce-cli containerd.io

Build

git clone -b core/v2.4.2 https://github.com/trezor/trezor-firmware.git
pushd trezor-firmware/
./build-docker.sh core/v2.4.2
popd

Verify

curl -O https://data.trezor.io/firmware/2/trezor-2.4.2.bin
# Strip 65 bytes of signature data from downloaded binary
dd if=/dev/zero of=trezor-2.4.2.bin bs=1 seek=5567 count=65 conv=notrunc

sha256sum trezor-2.4.2.bin trezor-firmware/build/core/firmware/firmware.bin

Video

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment