Skip to content

Releases: BitBoxSwiss/mcu

Release 2.1.1

26 Mar 16:00
Compare
Choose a tag to compare

Compatible with desktop app versions v2.1.2 or newer. Adds U2F support and implements ISO 7816-4 USB communication.

  • To reproduce and verify the deterministic build:
# Clone the repository
git clone https://github.com/digitalbitbox/mcu.git
cd mcu

# Build deterministically (requires Vagrant and Virtualbox and OSX or Linux)
vagrant up
cp build-vagrant/bin/firmware.bin firmware.deterministic.2.1.1.bin

# Verify the deterministic binary
shasum -a 256 firmware.deterministic.2.1.1.bin  #  073197f33db3e4840945ac4d46af5cbf3b92812e1bd24fde38b831d942c667ff

# Append signatures of the firmware
py/append_signatures_firmware_binary.py firmware.deterministic.2.1.1.bin firmware.deterministic.2.1.1.signed.bin 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000713b243546825f155bc6527d27dd53331c963def45249fcce07079b13b95264f43889ac3a895621925d0a014fea9dc06fac25472c679ace3604a22e9b8a0bbd7e47e909617f401064b579665961e0535c9618ea525e0dd325623834e451e1bb63eec6fd7ea3d259d42ca776bac992d86933e89b589c04322d253a18080122c9f5d080a6cbbdceed080c13721bdd093eb3ad60881abf8b03146e28086e8f9b40f0a3921f0796079f196527cc037fe7451a426815f9c85043e0776e85975492b3aca225002e2cf45d5580187d6564ab4f664a480867fa6f767a999c065a829e3c5599f21c06a26b473f9b303e2aca245ea899f67b7b156935b384ccfabc1069669

# Verify the signed deterministic binary
shasum -a 256 firmware.deterministic.2.1.1.signed.bin  #  9f842d0706074e78e84bc04932320d3c2f4465402d02bf735c422faf1f9b2f41

# Signed deterministic binaries can be loaded into the Digital Bitbox 
# using the Upgrade Firmware button in the desktop app.

# In case of problems, check that:
vagrant box list  #  ubuntu/trusty64 (virtualbox, 20170313.0.7)
virtualbox --help  #  Oracle VM VirtualBox Manager 5.0.36
  • ECC secp256k1 public keys and signatures of the double SHA256 hash of firmware.deterministic.X.Y.Z.bin:
0263b742d9873405c609814da884324ab0f4c1597a5fd152b388899857f4d041df : 713b243546825f155bc6527d27dd53331c963def45249fcce07079b13b95264f43889ac3a895621925d0a014fea9dc06fac25472c679ace3604a22e9b8a0bbd7
02b95dc22d293376222ef896f74a8436a8b6672e7e416299f3c4e23b49c38ad366 : e47e909617f401064b579665961e0535c9618ea525e0dd325623834e451e1bb63eec6fd7ea3d259d42ca776bac992d86933e89b589c04322d253a18080122c9f
03ef4c48dc308ace971c025db3edd4bc5d5110e28e14bdd925fffafd4d21002800 : 5d080a6cbbdceed080c13721bdd093eb3ad60881abf8b03146e28086e8f9b40f0a3921f0796079f196527cc037fe7451a426815f9c85043e0776e85975492b3a
030d8b0b86fca70bfd3a8d842cdb3ff8362c02f455fd092b080f1bb137dfc1d25f : ca225002e2cf45d5580187d6564ab4f664a480867fa6f767a999c065a829e3c5599f21c06a26b473f9b303e2aca245ea899f67b7b156935b384ccfabc1069669
  • Signature blob appended to firmware.deterministic.X.Y.Z.bin
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000713b243546825f155bc6527d27dd53331c963def45249fcce07079b13b95264f43889ac3a895621925d0a014fea9dc06fac25472c679ace3604a22e9b8a0bbd7e47e909617f401064b579665961e0535c9618ea525e0dd325623834e451e1bb63eec6fd7ea3d259d42ca776bac992d86933e89b589c04322d253a18080122c9f5d080a6cbbdceed080c13721bdd093eb3ad60881abf8b03146e28086e8f9b40f0a3921f0796079f196527cc037fe7451a426815f9c85043e0776e85975492b3aca225002e2cf45d5580187d6564ab4f664a480867fa6f767a999c065a829e3c5599f21c06a26b473f9b303e2aca245ea899f67b7b156935b384ccfabc1069669

Release 2.0.0

30 Jul 11:01
Compare
Choose a tag to compare

Deterministic Vagrant build result:

  • Double SHA256 hash of firmware.deterministic.2.0.0.bin padded by 0xFF to length 0x37000 bytes
91fa6b5b58fe3d8c01d596e34da2d6b7fe4466e9cefe5ca97dbca28a22605e0c
  • MD5 of firmware.deterministic.2.0.0.bin
4f04b0a1aadc6ad90423180519f3b0c9
  • MD5 of firmware.deterministic.2.0.0.signed.bin
6c5bdda8cddd5e2b145ec772103cfb2a
  • ECC secp256k1 public keys and signatures of the double SHA256 hash of the firmware given above
0263b742d9873405c609814da884324ab0f4c1597a5fd152b388899857f4d041df : 302731115cafd4eb0d25747e604fe2a45f541c5e238dd5e946a34d608be104575b781b06f6b629e9debdfa1fe9cd27615fb0613bd90ccc527f5c9b838459c36e 
02b95dc22d293376222ef896f74a8436a8b6672e7e416299f3c4e23b49c38ad366 : 20b6aa64e7f1dfce652cf69966abdda71a76560011159620d6704036ee96705e019e5bc8de2ddfa1656879744611b6909568f07deec7cfc6b6a967431b9ce81a 
03ef4c48dc308ace971c025db3edd4bc5d5110e28e14bdd925fffafd4d21002800 : f82b0f23ebf8cfec971150580343327801a6a4f4a30473929ff681e9791f79bb5d645157378acdeaa1fdce6f3fea418829a04a2c6c5a4c27b3707b77a134f5d2 
030d8b0b86fca70bfd3a8d842cdb3ff8362c02f455fd092b080f1bb137dfc1d25f : 4c9b22dbc81d5765b6d9bc008777dae96df90162b54b7802699f4d197d8eb28c27323bcf218b0f2437f9fdd1e1f06ccfabca6a26605115c131fb5bbd9195a11e 
  • Signature blob appended to firmware.deterministic.2.0.0.bin by append_signatures_firmware_binary.py to create firmware.deterministic.2.0.0.signed.bin, which is the file used to upload firmware via the desktop app. Unsigned firmware will not run.
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000302731115cafd4eb0d25747e604fe2a45f541c5e238dd5e946a34d608be104575b781b06f6b629e9debdfa1fe9cd27615fb0613bd90ccc527f5c9b838459c36e20b6aa64e7f1dfce652cf69966abdda71a76560011159620d6704036ee96705e019e5bc8de2ddfa1656879744611b6909568f07deec7cfc6b6a967431b9ce81af82b0f23ebf8cfec971150580343327801a6a4f4a30473929ff681e9791f79bb5d645157378acdeaa1fdce6f3fea418829a04a2c6c5a4c27b3707b77a134f5d24c9b22dbc81d5765b6d9bc008777dae96df90162b54b7802699f4d197d8eb28c27323bcf218b0f2437f9fdd1e1f06ccfabca6a26605115c131fb5bbd9195a11e
  • vagrant box list # ubuntu/trusty32 (virtualbox, 20160714.0.0)
  • virtualbox --help # Oracle VM VirtualBox Manager 5.0.26

Pre-release v2.0.0-rc.1

30 Jun 10:43
Compare
Choose a tag to compare
Pre-release

Deterministic Vagrant build result:

  • Double SHA256 hash of firmware padded by 0xFF to length 0x37000 bytes
bf8c5e5fab6752d0fff557f682f1dbe3b1c2a496074a8b2fc77cfa1f329b2980
  • ECC secp256k1 public keys and signatures of hashed firmware
0263b742d9873405c609814da884324ab0f4c1597a5fd152b388899857f4d041df : 8e15469a940b24e8c126c2a3a64f07001dcfd75d542a22145b5beca62207e01c3e4ed93368568c9d36a6dfdfe1535dbb8d028081842dd2a373af4c76ee49f83e
02b95dc22d293376222ef896f74a8436a8b6672e7e416299f3c4e23b49c38ad366 : 15fa91ee935a9d501690e9d5d12487cc980db0f5d116bc22154b046b15e173d102e7f4063cbd87843763168079db7dcf2cb80093dea6a5c11f91c44b3d873035
03ef4c48dc308ace971c025db3edd4bc5d5110e28e14bdd925fffafd4d21002800 : 7e79b30cc71bbf748142f5f35ab7574cbaacb2fb60985f161e8b9d592b2c04103fc10677eb48674f683df3e1d5fcf5117f75bb5ad4b4bf23568dccac2e1fd620
030d8b0b86fca70bfd3a8d842cdb3ff8362c02f455fd092b080f1bb137dfc1d25f : 0de53c52dd6b82f69c956b968d4b960c64a0c82db75a1dfdb86df404514c27c64a845983631b04ed9456d317d9f68e5bbeb9c8c53146f0f646b79490b93f8651

Signature blob used by the bootloader

0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008e15469a940b24e8c126c2a3a64f07001dcfd75d542a22145b5beca62207e01c3e4ed93368568c9d36a6dfdfe1535dbb8d028081842dd2a373af4c76ee49f83e15fa91ee935a9d501690e9d5d12487cc980db0f5d116bc22154b046b15e173d102e7f4063cbd87843763168079db7dcf2cb80093dea6a5c11f91c44b3d8730357e79b30cc71bbf748142f5f35ab7574cbaacb2fb60985f161e8b9d592b2c04103fc10677eb48674f683df3e1d5fcf5117f75bb5ad4b4bf23568dccac2e1fd6200de53c52dd6b82f69c956b968d4b960c64a0c82db75a1dfdb86df404514c27c64a845983631b04ed9456d317d9f68e5bbeb9c8c53146f0f646b79490b93f8651

Release 1.3.2

24 Mar 21:35
Compare
Choose a tag to compare

Deterministic Vagrant build result:

  • Double SHA256 hash of firmware padded by 0xFF to length 0x37000 bytes
92bd5db9e13aa12aa109ad5756333a4ae17b33cccfd11c3efab5ce5ca1ee4c2a
  • ECC secp256k1 public keys and signatures of hashed firmware
0263b742d9873405c609814da884324ab0f4c1597a5fd152b388899857f4d041df : 4356bff6caf8e72885b5b280e413b4d63ef301197c818a10fda1ce63ee2360890cc097469c791043c503b655ce8be682bd114362bc23a636ba812cd949401c2b
02b95dc22d293376222ef896f74a8436a8b6672e7e416299f3c4e23b49c38ad366 : e25bc6f477adda36634f87133262c7700e78ac55c738ac238ce3225b6b38603b921a3b5ebeee3b086f507f354752138eb9522b7f9fe091f9b8672d1e77972cdc
03ef4c48dc308ace971c025db3edd4bc5d5110e28e14bdd925fffafd4d21002800 : ab40c629dc4d535aaf09fa79115849629f1fdca5b71995ffcdfadd005e8c0486a610069e39d87837584d60a28a119eb4e3b2905a0dfbfb3cca5768bc4cef9607
030d8b0b86fca70bfd3a8d842cdb3ff8362c02f455fd092b080f1bb137dfc1d25f : 2de5977ef06db2b59fc8f144d2273cca85b4e60fbb32936d02f8f905ad86b4c787c80b8c5519da58a2b87602caf09a80123cbf28af9e173dacf0b86ae5792723

Signature blob used by the bootloader

0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004356bff6caf8e72885b5b280e413b4d63ef301197c818a10fda1ce63ee2360890cc097469c791043c503b655ce8be682bd114362bc23a636ba812cd949401c2be25bc6f477adda36634f87133262c7700e78ac55c738ac238ce3225b6b38603b921a3b5ebeee3b086f507f354752138eb9522b7f9fe091f9b8672d1e77972cdcab40c629dc4d535aaf09fa79115849629f1fdca5b71995ffcdfadd005e8c0486a610069e39d87837584d60a28a119eb4e3b2905a0dfbfb3cca5768bc4cef96072de5977ef06db2b59fc8f144d2273cca85b4e60fbb32936d02f8f905ad86b4c787c80b8c5519da58a2b87602caf09a80123cbf28af9e173dacf0b86ae5792723
  • vagrant box list # ubuntu/trusty32 (virtualbox, 20160224.0.0)
  • virtualbox --help # Oracle VM VirtualBox Manager 5.0.14

Release 1.3.1

02 Mar 08:34
Compare
Choose a tag to compare

Deterministic Vagrant build result:

  • Double SHA256 hash of firmware padded by 0xFF to length 0x37000 bytes
e69a80ce5f7bc1336bed95023a92175513c57de36e8dc1c2d67441c3468071a2
  • ECC secp256k1 public keys and signatures of hashed firmware
0263b742d9873405c609814da884324ab0f4c1597a5fd152b388899857f4d041df : eb1e8f653addd1e72c2cf8c6466bd15b1e07bfa22c17485b86ce82b7bcfb1171970768aaf63adc174c39a3c6969688ba831932b196195668b00cec0fd9ae3e56
02b95dc22d293376222ef896f74a8436a8b6672e7e416299f3c4e23b49c38ad366 : 68d80baa2d60782b3309ddd749a01dbcb53a124e4206a68ab7ee605435e5f4f566c7a4db5ddfa6f2c6def76d86f3e8e82f4391718fbc463acd7e106e180b8bbf
03ef4c48dc308ace971c025db3edd4bc5d5110e28e14bdd925fffafd4d21002800 : fc1ac3a7732e43b8b41730359a3cf878305212dc5c9c617a1c118ffcff3d08b4c7bdede9c77fbe57a9562a6abd3c3604535a4f301ed224fa07275dffcc52c6cb
030d8b0b86fca70bfd3a8d842cdb3ff8362c02f455fd092b080f1bb137dfc1d25f : 586eef9e69ac6e1bec5b40d99b595818b2a55cd344f335fa87594cea9135a88806947d87058447234b2a9025a287fe10ae6cbc0e49a1c0d1b1ef5a32a93f535d

Signature blob used by the bootloader

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eb1e8f653addd1e72c2cf8c6466bd15b1e07bfa22c17485b86ce82b7bcfb1171970768aaf63adc174c39a3c6969688ba831932b196195668b00cec0fd9ae3e5668d80baa2d60782b3309ddd749a01dbcb53a124e4206a68ab7ee605435e5f4f566c7a4db5ddfa6f2c6def76d86f3e8e82f4391718fbc463acd7e106e180b8bbffc1ac3a7732e43b8b41730359a3cf878305212dc5c9c617a1c118ffcff3d08b4c7bdede9c77fbe57a9562a6abd3c3604535a4f301ed224fa07275dffcc52c6cb586eef9e69ac6e1bec5b40d99b595818b2a55cd344f335fa87594cea9135a88806947d87058447234b2a9025a287fe10ae6cbc0e49a1c0d1b1ef5a32a93f535d
  • vagrant box list # ubuntu/trusty32 (virtualbox, 20160224.0.0)
  • virtualbox --help # Oracle VM VirtualBox Manager 5.0.14

Release 1

24 Jan 23:34
Compare
Choose a tag to compare

Deterministic Vagrant build result:

  • Double SHA256 hash of firmware padded by 0xFF to length 0x37000 bytes
256785d31a7c42cbeedd06df18d5c4e9f9d37cfbf4940ae097e03b0b99c78ca7
  • ECC secp256k1 public keys and signatures of hashed firmware
02a1137c6bdd497358537df77d1375a741ed75461b706a612a3717d32748e5acf1:9f9e651544350d873f60f56ef86ddb09c62527101a26e178207df37667f96ad5f3503619c0000717a49bb89457436f180d008d4b0729d3a4322341c3909ca86b
0263b742d9873405c609814da884324ab0f4c1597a5fd152b388899857f4d041df:f4c8a843810186e03c5bb9431b6ce818997fca1f02a959141de30658f6aae31a0fb6aefbce36a122dc11c9e161d867411477224afb7bd412f9995ebcef6c4dbf
02b95dc22d293376222ef896f74a8436a8b6672e7e416299f3c4e23b49c38ad366:9a4f9712dab92d8cc4ebb2503b98925b18f509301faff7809fbc574f983358066e8d15100959dc0d960e4fd9c013e0784c52421cf47594d9be87e4c55f0d66e7
03ef4c48dc308ace971c025db3edd4bc5d5110e28e14bdd925fffafd4d21002800:8ecee86afb845ea35de38a4391db49f8f2bd7779bcc4b3c4cb0297008dd7aefbeb11e82660ff7cf00b32c76032e1d2c1e7605bc083ac1f3297874c583ad89856
  • vagrant box list # ubuntu/trusty32 (virtualbox, 20160120.0.1)
  • virtualbox --help # Oracle VM VirtualBox Manager 5.0.12

Add error codes

27 Sep 10:01
Compare
Choose a tag to compare
Add error codes Pre-release
Pre-release
Merge pull request #63 from dbitbox/cleaning

house cleaning, add error codes

Updated sign protocol

06 Sep 11:38
Compare
Choose a tag to compare
Updated sign protocol Pre-release
Pre-release
Merge pull request #43 from dbitbox/hashMeta

change sign strategy to hash and meta data

Census Labs security audit passed

28 Jul 21:42
Compare
Choose a tag to compare
Pre-release
Merge pull request #33 from dbitbox/security-fixes

Security fixes