Problems reproducing the firmware build (compiling fails)

[Giszmo]

I have not found a claim of the firmware to be reproducible but assume this to be the case as else the project would be at the whim of the release manager who might be a good guy but he under duress or his PC thanks to a virus could plant back doors ...

Anyway, I did not get to compare builds as the build following the build instructions failed.

The build instructions for my purpose could be better structured. I did not follow steps about "On-Chip Debugger" as I don't intend to debug stuff. I might have done other steps unnecessary to the actual build.

For reproducibility I used docker with an Ubuntu image:

$ git clone https://github.com/Foundation-Devices/passport-firmware.git
$ cd passport-firmware/
$ git checkout v1.0.6
$ docker run --rm -it --volume=$(pwd):/work/ --privileged ubuntu:20.04 bash
root@b36e920efbac:/# apt update
root@b36e920efbac:/# apt install --yes git python3-pip gcc-arm-none-eabi autotools-dev automake libusb-1.0-0-dev libtool
root@b36e920efbac:/# cd ~
root@b36e920efbac:~# git clone https://github.com/dhylands/rshell
root@b36e920efbac:~# pip3 install rshell
root@b36e920efbac:~# cd /work/
root@b36e920efbac:/work# make -C mpy-cross
root@b36e920efbac:/work# cd /work/ports/stm32/
root@b36e920efbac:/work/ports/stm32# make BOARD=Passport
...
boards/Passport/modtcc-codecs.c: In function 'modtcc_bech32_decode':
boards/Passport/modtcc-codecs.c:266:13: error: argument to variable-length array may be too large [-Werror=vla-larger-than=]
  266 |     uint8_t packed[tmp_len];
      |             ^~~~~~
cc1: all warnings being treated as errors
make: *** [../../py/mkrules.mk:47: build-Passport/boards/Passport/modtcc-codecs.o] Error 1

My findings will also be published on WalletScrutiny.

[FoundationKen]

Please try with Ubuntu 18.04. This is what we use for builds.

[FoundationKen]

Also note that when you build, the firmware.bin file can be found in /ports/stm32/build-Passport/firmware.bin. This should have the same SHA256 hash as the Build Hash reported on the GitHub release notes for a given release tag.

The firmware.bin file is the unsigned code. When distributing the firmware, it requires 2 separate signatures from 4 possible Foundation Devices team members, so it's not possible for a single person to sign and release an update. The signatures and other metadata are included in a header that is prepended to the firmware.bin file. As you point out, reproducible builds are the most important thing, but this two signature requirement provides a bit of additional protection against the duress situation you described above.

It is this final double-signed release file that is uploaded as a GitHub release for Passport owners to install. The SHA256 and MD5 reported on GitHub are for this double-signed file.

On a related note, we are planning to create a Dockerfile in the next week or so to make the build process much easier.

Happy to help answer any questions you may still have, and open to improving the documentation of course.

[FoundationKen]

I was just able to reproduce the Build Hash for v1.0.6 on a fresh Ubuntu 18.04 using the following sequence:

git clone https://github.com/Foundation-Devices/passport-firmware.git
cd passport-firmware
git checkout v1.0.6
sudo apt install gcc-arm-none-eabi
make -C mpy-cross
sudo apt install autotools-dev
sudo apt install automake
sudo apt install libusb-1.0-0-dev
sudo apt install libtool
cd ports/stm32/
make BOARD=Passport

Ran the following to verify:

~/dev/passport-firmware/ports/stm32$ shasum -b -a 256 build-Passport/firmware.bin 
ab485dcf3a5f803b5649b84d864a2945c5b0191c67de32a7bbe6b85301b2cfab *build-Passport/firmware.bin

[Giszmo]

Ok. I get the same hash. Will update my analysis asap.

$ docker run --rm -it --volume $pwd:/work ubuntu:18.04 bash
...
root@1cce86011d1a:/passport-firmware/ports/stm32# sha256sum build-Passport/firmware.bin;echo ab485dcf3a5f803b5649b84d864a2945c5b0191c67de32a7bbe6b85301b2cfab
ab485dcf3a5f803b5649b84d864a2945c5b0191c67de32a7bbe6b85301b2cfab  build-Passport/firmware.bin
ab485dcf3a5f803b5649b84d864a2945c5b0191c67de32a7bbe6b85301b2cfab
root@1cce86011d1a:/passport-firmware/ports/stm32# history
    1  apt update ; apt install --yes git python3-pip gcc-arm-none-eabi autotools-dev automake libusb-1.0-0-dev libtool
    2  git clone https://github.com/Foundation-Devices/passport-firmware.git
    3  cd passport-firmware
    4  git checkout v1.0.6
    5  make -C mpy-cross
    6  cd ports/stm32/
    7  make BOARD=Passport
    8  sha256sum build-Passport/firmware.bin;echo ab485dcf3a5f803b5649b84d864a2945c5b0191c67de32a7bbe6b85301b2cfab

[zachherbert]

Thanks @Giszmo for giving us the push to update our instructions so they are more clear. Big fan of your site.

[Giszmo]

@zachherbert thanks for the kind words! Linking to our verdict of your product, preferably using the widget, so the verdict reflects the latest state would be much appreciated.

[zachherbert]

Will do @Giszmo let us know when it's updated and we will see if we can embed your widget.

[Giszmo]

Firmware is reproducible. Analysis updated. Thanks for quick replies!