Developers guide:Deterministic firmware build
From Trezor Wiki
We want to invite the wider community to participate in the verification of the firmware built by SatoshiLabs. To do this, one has to check the source code of the particular tag and compare the fingerprints of the built firmware with the fingerprints of the official firmware.
Trezor One firmware[edit]
- clone the sources using
git clone --recursive https://github.com/trezor/trezor-firmware.git
- select the tag you want to build, e.g.,
git checkout legacy/v1.9.0
- run
./build-docker.sh legacy/v1.9.0
- you need to have Docker installed for this to work - download the official firmware from https://wallet.trezor.io/data/firmware/1/trezor-1.9.0.bin
The firmware headers have changed in firmware 1.8.0, so if you are building firmware >= 1.8.0 you need to strip those. You can download the official firmware and then run:
tail -c +1280 trezor-1.9.0.bin | sha256sum
tail -c +1024 trezor-1.9.0-your-build.bin | sha256sum
Those two hashes should equal. See this issue for more details.
Trezor Model T firmware[edit]
- clone the sources using
git clone --recursive https://github.com/trezor/trezor-firmware.git
- select the tag you want to build, e.g.,
git checkout core/v2.3.0
- run
./build-docker.sh core/v2.3.0
you need to have Docker installed for this to work - compare the fingerprint computed via the command above with fingerprint in releases.json