diff --git a/Dockerfile.dev b/Dockerfile.dev
new file mode 100644
index 00000000..44c7d19f
--- /dev/null
+++ b/Dockerfile.dev
@@ -0,0 +1,31 @@
+# Copyright 2018 Shift Devices AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Run with Docker:
+# docker build --tag shift/mcu-base -f Dockerfile.dev .
+#
+
+FROM debian:stretch
+ENV DEBIAN_FRONTEND noninteractive
+WORKDIR /app
+COPY . /app
+
+RUN apt update && apt-get install -y cmake git gcc-arm-none-eabi locales python python-pip
+RUN apt install -y libbz2-1.0 libncurses5 libz1 valgrind astyle clang libudev-dev python-urllib3 libssl1.0-dev
+RUN apt install -y libbz2-dev libbz2-dev libbz2-1.0 libncurses5 libz1 valgrind astyle clang libudev-dev python-urllib3
+RUN pip install --prefix /usr/local  cpp-coveralls
+RUN locale-gen UTF-8
+ENV CC gcc
+RUN cd /app/ && mkdir docker-build && cd docker-build && cmake .. -DBUILD_TYPE=firmware -DUSE_SECP256K1_LIB=ON && make TEST=yes
+RUN sha256sum docker-build/bin/*
diff --git a/Dockerfile.tests b/Dockerfile.tests
new file mode 100644
index 00000000..77318be6
--- /dev/null
+++ b/Dockerfile.tests
@@ -0,0 +1,56 @@
+# Copyright 2018 Shift Devices AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Run with Docker:
+# docker build --tag shift/mcu-base-tests -f Dockerfile.tests .
+#
+
+FROM shift/mcu-base
+ENV DEBIAN_FRONTEND noninteractive
+WORKDIR /app
+COPY . /app
+
+
+RUN gcc -v
+RUN clang -v
+ENV CC gcc
+RUN cd /app/ && rm -rf docker-build
+RUN cd /app/ && mkdir docker-build && cd docker-build && cmake .. -DBUILD_TYPE=test -DCONTINUOUS_INTEGRATION=1 && make && make test
+RUN cd /app/docker-build/ && valgrind --leak-check=full --num-callers=40 --suppressions=../.valgrind.supp --error-exitcode=1 bin/tests_api;
+RUN cd /app/docker-build/ && valgrind --leak-check=full --num-callers=40 --error-exitcode=1 bin/tests_u2f_hid;
+RUN cd /app/docker-build/ && valgrind --leak-check=full --num-callers=40 --error-exitcode=1 bin/tests_u2f_standard;
+RUN cd /app/docker-build/ && valgrind --leak-check=full --num-callers=40 --error-exitcode=1 bin/tests_unit;
+RUN cd /app && rm -rf /app/docker-build
+
+RUN cd /app/ && mkdir docker-build && cd docker-build && cmake .. -DBUILD_TYPE=test -DCONTINUOUS_INTEGRATION=1 -DUSE_SECP256K1_LIB=ON && make && make test
+RUN rm -rf /app/docker-build
+RUN cd /app/ && mkdir docker-build && cd docker-build && cmake .. -DBUILD_TYPE=test -DUSE_SECP256K1_LIB=OFF && make
+RUN rm -rf /app/docker-build
+RUN cd /app/ && mkdir docker-build && cd docker-build && cmake .. -DBUILD_TYPE=bootloader -DUSE_SECP256K1_LIB=OFF && make
+RUN rm -rf /app/docker-build
+RUN cd /app/ && mkdir docker-build && cd docker-build && cmake .. -DBUILD_TYPE=firmware -DUSE_SECP256K1_LIB=ON && make
+RUN rm -rf /app/docker-build
+RUN cd /app/ && mkdir docker-build && cd docker-build && cmake .. -DBUILD_TYPE=firmware && make
+RUN rm -rf /app/docker-build
+ENV CC clang
+RUN cd /app/ && mkdir docker-build && cd docker-build && cmake .. -DBUILD_TYPE=test -DUSE_SECP256K1_LIB=ON && make
+RUN rm -rf /app/docker-build
+RUN cd /app/ && mkdir docker-build && cd docker-build && cmake .. -DBUILD_TYPE=test -DUSE_SECP256K1_LIB=OFF && make
+RUN rm -rf /app/docker-build
+RUN cd /app/ && mkdir docker-build && cd docker-build && cmake .. -DBUILD_TYPE=bootloader -DUSE_SECP256K1_LIB=OFF && make
+RUN rm -rf /app/docker-build
+RUN cd /app/ && mkdir docker-build && cd docker-build && cmake .. -DBUILD_TYPE=firmware -DUSE_SECP256K1_LIB=ON && make
+RUN rm -rf /app/docker-build
+RUN cd /app/ && mkdir docker-build && cd docker-build && cmake .. -DBUILD_TYPE=firmware && make
+RUN sha256sum docker-build/bin/*
diff --git a/README.md b/README.md
index baf70ecf..f39c771c 100644
--- a/README.md
+++ b/README.md
@@ -44,17 +44,29 @@ Build:
 
 #### Deterministic build of firmware:
 
+### Build environment with Docker and Debian Stretch:
+
 Requires:
 
-- [Vagrant](http://www.vagrantup.com/downloads)
-- [Virtual Box](https://www.virtualbox.org/wiki/Downloads)
+- [Docker CE](https://download.docker.com/)
 
-Build:
+To build the base image:
 
-    git clone https://github.com/digitalbitbox/mcu && cd mcu
-    vagrant up # Creates: build-vagrant/bin/firmware.bin
-    vagrant halt
-    
+    docker build --tag shift/mcu-base -f Dockerfile.dev .
+
+To build and run the full set of tests with both gcc and clang:
+
+    docker build --tag shift/mcu-base-ci -f Dockerfile.tests .
+
+To use the base container:
+
+    docker run -it shift/mcu-base
+
+To use the contious integration container:
+
+    docker run -it shift/mcu-base-ci
+
+This build process Debian Stable (Stretch).
 
 ## Contributing
 Please do not use an editor that automatically reformats.
diff --git a/Vagrantfile b/Vagrantfile
deleted file mode 100644
index 86bc9aa2..00000000
--- a/Vagrantfile
+++ /dev/null
@@ -1,19 +0,0 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-Vagrant.configure(2) do |config|
-  config.vm.box = "ubuntu/trusty64"
-
-  config.vm.provision "shell", privileged: false, inline: <<-SHELL
-    sudo locale-gen UTF-8
-    sudo add-apt-repository ppa:team-gcc-arm-embedded/ppa -y
-    sudo apt-get update
-    sudo apt-get install -y cmake git gcc-arm-embedded=6-2017q1-1~trusty3
-  SHELL
-
-  config.vm.provision "shell", run: "always", privileged: false, inline: <<-SHELL
-    mkdir -p /vagrant/build-vagrant
-    cd /vagrant/build-vagrant
-    rm -rf * && cmake .. -DBUILD_TYPE=firmware && make
-  SHELL
-end
diff --git a/contrib/contributors_gpg_keys/jv-pubkey.asc b/contrib/contributors_gpg_keys/jv-pubkey.asc
new file mode 100644
index 00000000..3823d2e3
--- /dev/null
+++ b/contrib/contributors_gpg_keys/jv-pubkey.asc
@@ -0,0 +1,74 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFsQjIIBEADkNtqD6xLJFwB1i7rfwzoWUO5oycwwEDh/0m9K1DfWsz2wiUHF
+fsEp0tP5NhuPF1/FyHmVEAKckKJTgw+RdKSdAdkd598fs+2F0vZ3Qf+wb5hL9iXc
+btw5Udqc7FnUtSXaIumDOFnapA3vTW3RJxsBCM70mSGkgd39qOiOf78dhzUsOmW0
+JTCYyL2IB53BnSzoxWbsvz/8yERBXHx0h3hsFa3byAJOlCp4NL+/VeUMoy6iEK32
+AQ87++DONQoQI+5gF/OTDGtjYKKzJZyEmv4a0ALwlZQ+es0ZgBH2B17QRY+WzqnC
+9eVRmnhBTHx2snp3OSFY/kl00+Z9Fw2Qmu5dnLB3Im0SaXUI155i0WEPkCmFpLRA
+59R+0Jbb/7l36q4KEr2ppYRqTSaKI0RKAESYNtcQTKV9ilDrF9EM8LYP0eDpkOhh
+dGQlc7dEDMDtzOs37fr6YB/gbJahWJW2ZAgY/7Zf/zEHGz2IOFj3UAZan7sVtGuQ
+g5idGY0K5KBPT+rr6OOQhs1EFEc3z6WX/AifTq/MN9y9uMAZ9Gme8qH8pX0xE7VJ
+vJXb2zDFDBJVqWQwKfC4MbFI3o3dFDNjBnWU+Hr4CSCNaZInQTnbt/uHlfhDfKBE
+I4mn9F4fJN4nPaco1r3HEqabd/3c6nvo3cjvcPerDapnyLOCB7hbVtpuSwARAQAB
+tCpKYWtvYiBWYWx0aW4gPGpha29iLnZhbHRpbkBzaGlmdGNyeXB0by5jaD6JAkgE
+EwEKADIWIQSGsp3B/vnb9iOk2boDA5wtWq5WOAUCWxCMggIbAwILCQIVCgUWAgMB
+AAIeAQIXgAAKCRADA5wtWq5WOA+0EACpak2fYQWOtPXiBF8zlRf6co+RddT1k6ft
+A/YMYmsCdgufFrWwze+Fa4CEA2/yJOb2Zbo96+6prO184KsoUIJ+wbRkiTtXm8iW
+n8+V59DKtCjwHTWH7qMS/k+WDw3SOcDpA3ahitGiVT8L/mQPd6QH2ha3aqzNf4E0
+XvTmdI08pm7GPp8QP1wjnH03vnmd4Y1zNTdEnhXn6OOg0NUgDpwscntazG1TTjMR
+AWDriQU4ACh1ulBdqI/C7EJQXyYVewetkH7U6ic2QnfHc0qzU7N3mAd/qNZgYxBd
+TmPpkgVz/hOXisB7KTItcEIv+HqLL32T9YI+B8X5vga8H7pE48oKv4LQ792nUO7F
+9pSc1HZDn1ohpmELPjDoGUSTXUAi5NRggWDoGNN5DfS7hrBan7yIwD/KmS8Zy9Tm
+pdrlC9XfppUtolNu6W7vZkhkDoZPJsfHLpndKYNa8kFHYxlUMFAsLCxQRp/KTaSj
+6rcwGWL5lEnIozS+LCtUEqcC86OgL5moRQirRA8JBdwCI25lGvgb0sWQgrlqtDKx
+lXr7kdFIkx0Lj+Mxwqd1+eWUvhSK1tLwe9pzOHMmkhC7TFkWKrW3vhySFUSLWQ1w
+aqnsiDKNKFo52WWg7DobtOlFDAw+RKieHwrQwP3Zzxp5Qx6SceT2d0jeasODw8F4
+L8Sc3vr+cbkCDQRbEIyCARAAwYzrq7pXnb+SaDgyQLKJdMSECOTYkXMW4UfGftJp
+RbR4N9J9VXUVHBbbQBarl9sEiyhwbGEGQ9XNQTK66zksHftDo4k+UQpJxTee2eXc
+6VLHebCfLxpUPLkFkgrsoRj9z7do4SXofPnLGZreIQN8z4aeN1WKCrglw62K0GFE
+7OIuGuedGd9D96J+c2rqZ9QiF0SDdMssNlAfjZi4ADhf5ac65WlcL5NKGqEj+tEm
+J8Ptsf3kWKDRms2TfVkf1nAMnv92qwiUAk/8IJOwWSUPLrHxuFJzvkz7Zz3phlO5
+aBVQZtmyuvH0eUMHgjmfitwFQbc1b4U2+gniEAIzF0Mb0nB7+FD/+FLkvN3xHF25
+qvhsM0BPCnNfJLVEX7Lwh3ySoWn6LUnmkaj9u66utdulxccwAdLJOj17qkIorBvZ
+h5cdn2CnSpkV/h6WHgdmPLTxdqtMgE5WqL2h3ontBm/S0j+wyagiP+Kytqc6QSCv
+a/K3MdPQPr0hk/NNKSnniHY6JHdorn27sqALyIG+SCFTWOlR6yFBrzhG0b59LQyJ
+p4SSrG1eV5UkVxJfNpgXhD1vxKc3bszKl3OkbHngUf2ApbjFwY14HbDtkeAyNv4q
+jcvut16zjkBCSu5fKKmzNZ3zzWuQLOavFkWE1ePm4XVYiV859ZTVP+dX7m1rV4aB
++NMAEQEAAYkCNgQYAQoAIBYhBIayncH++dv2I6TZugMDnC1arlY4BQJbEIyCAhsM
+AAoJEAMDnC1arlY4QnEQAIxc/+9VFRjvXgpxKBiLVhwRru09ZfX3PTSsdt7gUdKW
+PyLkNRUxf61tnmJ7ZKsECWbByM5LxHycvAxJ97x/q9UsSGwNDo1TWh19coI3VgDH
+G9Mlrxl+JzWHSA+jAy3oSzGy4EaGujFxnMos8Zv+OxYMTAxYnQ8ieJke92wtQnnS
+N3VdVDuHDIPt3NvZLKCR6ut7N4Kg9w9M45o012RyL03tur+h8VQted/5YLCCPq3m
+bhQVqgbM0xnv0Frj+n8tySZPyieQxyEvZxj6TJPYozf/0FymP9IG5dNsn1HMvP24
+8NN/COJxJy4kwfeFxCfW04BRP22eiPYoisj8MbCb+r4gBweWU1bfnrfjwMaS6uuk
+rYE3Slemh702B8aCES7QxhQqsDltC4PWZWHW+btdciWDQbeWmOts9ufTyIE1yAiN
+7qngNitlv1w6yCpHEo3G37+ASeXkTyky2M4fH+0FYvJRgM2raHjYqG5B0D0Nt+WN
+uSOqF4FV8FV2oAYDSc+s82/BnonGURWqLX1NOzEK/wNlXn82RDFGoA4VmwGKTn9g
+kJJ/shiqRsNVwCy13hCQel/uvBzxmrDl9zjL7BA6wKs6Dkma6O1S3tqAd5hQ5BOl
+OITWpwrsIyCwFY+XhlAsFjVg6HgRXh1mVZU+6vSWESb36O0IMRvjXI0SImr9sE6U
+uQINBFsQjJ8BEADvYcV6xm0/t1XnEyORslDTQ/ptPZ3/tM3Y4z42o//uP4ANARv+
+TMGZzVk+Gvyvlv6nVFvOdTIN4g0osNCFnjkdp10CbztXkQiuu/XxrzPenELJFBBx
+uCKQtJMz4th+MjCVBBPgzYaE6CSgSOTvTuBj7vtF74okhZSzaZYIRuNj7vRSEcW/
+qxmj73vwApPA9gWyQUQVhJQKw2tvuWlM2sPB9cxxtT0t6dRvw+4JQVoNicO/IME+
+GNc/M9hA/BBc0PtlJSQcXOFUWKgOl1zFkseR1bJzBS13319nGebcOBzU3iA6FSrS
+/R7Kl1Mn6k3juo82yAuGN0n3MarKcZj+cGsuBwTxDBVOYqgeqdAu2o6rEg6Bf4ao
+HnTC9L52dohFFMV+7KUre4jq3tAZyCtJVogUEDlCpTYpv1VnivJUiUm84N9nB/R0
+cjGsb3nZTnKMCYVMyB1x47ZtE0ClA1A6688EmuzbRc04lehHkoH2Elerasqs0QZV
+s7A3adV6vEDqwYHGMxngFsNWSRQr1SYilTrlSQ/Ie5WI/RAelmmp71lFGen4m3A+
+tbzf2NTJC4958ntYr8x9XVH0R0zXb7ORuuxVj4CZsOWF4AzF7BjMeG4F8liYd4jn
+ZsgMHkPs6ZkqtQOx5gg/pH3Ktv/Z2zFgYZxTTS1DHOgBJBG41zAPlVKWGwARAQAB
+iQI2BBgBCgAgFiEEhrKdwf752/YjpNm6AwOcLVquVjgFAlsQjJ8CGyAACgkQAwOc
+LVquVjjW5hAAuVnGV2V8sTueH4GWWaw9twUUkG0noVqDUsbA1g809G5+9BczJQz6
+YtFhw2Lm4gtJ2sU4jOlGLskBjMwZ6j7SFmTW0rtGD33gtRem4sLg9JbnsVYhlXS0
+kPsdTECShql9Cu7yum8+LKF/1AT68tvr9gJEa96dQYOYUIlGN/2mccfFTQcQYbHa
+aeaYGUOHJQei5KxSZn7ZT68olKfpsBlJzmjmTdbBmgyUIiGzRDiElv93JcEjL2Hp
+b1GourcJd2f4gCFqHg+oiE4GCPi1Wx+1aaBIx5O/603+OiMAGjuV4euba8Wptk3t
+rB4YokQSMxoBHPRWT7zhH2v8/LndXY3IMOWo4IdIWq4KNJoafq3lgLgy6IMyQ7mO
+6wq9nU2T5VHwLD01OfUZkWjgrKuhptlJNESmrYhl+qAUK1a19Pv460PLjEKbayJN
+eXjB+933SgITLACvZt+9rftgAFRZ6al5a6idsC24Fdx4xXQQxEPJztsLyWsVaM58
+2WtjoxF2N/98jCEYLTK9WpP+NyrlZCfpMeDeaa5sf8fSfowO9AUG8uZhn92MtccF
+cWOsl0JvU2RdHx+/zmV5B77GsafA0P4PZMFTt4siKTi1NIcMUj1YBWTGzu1PfnAJ
+OsxJ4qEmlaApe9m032eNU2TJxWwwQdafZjc/8slFvU6wkuoSwVypScw=
+=p7Um
+-----END PGP PUBLIC KEY BLOCK-----