-
Notifications
You must be signed in to change notification settings - Fork 198
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement updatefirmware command and firmwaredl binary #300
base: master
Are you sure you want to change the base?
Conversation
e356742
to
7a249ed
Compare
I was able to successfully update firmware for ColdCard mk2, Trezor One, and BitBox1 using I also built and tested binaries for MacOS, Windows and Linux, trying various combinations of They all seemed to work. Bugs:
Notes:
|
It looks like 3.0.0 doesn't exist anymore.
Yes. Perhaps we should also download verifiable signatures if possible? |
842f571
to
611a805
Compare
I took a look at the verification stuff. Only Coldcard publishes separate GPG signatures for their firmware. But everyone has a signature embedded into the firmware itself. Those signatures also use fixed pubkeys. Those signatures are verified on the device as well, but we can verify them before uploading too. For Trezor and Keepkey, we are already verifying them before uploading. For Bitbox and Coldcard, we could implement the same thing. Would it be useful to also check these signatures after downloading the firmware? This only really matters to the Coldcard where you may load the firmware using a SD card. Everyone else has to use an upload tool. |
c8d80a8
to
17c06df
Compare
Adds a separate module for firmware updating and adds the parser for a download command. Does nothing for now.
Added an extra 'firmwaredl' for the packages needed for firmware downloading. Added dependencies: * requests * feedparser
17c06df
to
da01782
Compare
A new command,
updatefirmware
is added which takes a firmware file and loads it onto the device. For some devices, verification of the firmware hashes and signatures is done. However, AFAICT, all devices will also verify signature themselves before applying the firmware. Adding this command requires a few new dependencies and the requisite dependencies and libraries have been added. Additionally, a full dependency bump was done.A new binary,
firmwaredl
has been added to download the firmware for a particular device model. The-f
option can be used to specify a particular version to download. A--bitcoinonly
option allows you to download the Bitcoin only firmware if one is available. This is a separate binary as it requires network access and having the dependencies for that inhwi
itself is not desirable. So it is separate. For the most part, the current bootloader and firmware versions are not needed to know what firmware is downloaded. There are some devices where sometimes an upgrade to a particular version is needed before upgrading to later versions. For now, users will need to figure that out themselves. In the future, we can modifyfirmwaredl
to also connect to a device and figure out what firmware versions can be installed based on that.NOTE: Ledger devices are not supported in this PR. You cannot download their firmware or apply firmware to their devices, and I am not sure whether that will be possible to do. Further information and discussion about Ledger firmware updating can be found in #112
Closes #112