KeepKey Build Procedure
Install Docker Community Edition from:
$ docker pull kktech/firmware:v5-beta
Clone the Source
The sources can be obtained from github:
$ git clone firstname.lastname@example.org:keepkey/keepkey-firmware.git $ git submodule update --init --recursive
To build the firmware using the docker container, use the provided script:
Verifying Published Binaries
Compare the hash of a given tagged build:
$ git checkout v6.2.0 $ git submodule update --init --recursive $ ./scripts/build/docker/device/release.sh $ tail -c +257 ./bin/firmware.keepkey.bin | shasum -a 256
With that of the signed v6.2.0 binary on github, ignoring signatures and firmware metadata:
$ tail -c +257 firmware.keepkey.bin | shasum -a 256
Then inspect the metadata itself by comparing against the structure described here:
$ head -c +256 signed_firmware.bin | xxd -
- v6.2.2 and v6.3.0 had an issue with build reproducibility. See #212.
- As of v6.1.0 and later, we started prepending empty slots for signatures as part of the build, and prior firmwares were emitted without that metadata section. See 87b9ebb84
Documentation can be found here.
If license is not specified in the header of a file, it can be assumed that it is licensed under LGPLv3.