chore(legacy): rename MEMORY_PROTECT flag to PRODUCTION to match core naming (#2003)

build-docker.sh

@@ -62,7 +62,6 @@ fi
 TAG=${1:-master}
 REPOSITORY=${2:-/local}
 PRODUCTION=${PRODUCTION:-1}
-MEMORY_PROTECT=${MEMORY_PROTECT:-1}
 
 
 if which wget > /dev/null ; then
@@ -164,7 +163,7 @@ EOF
     -v "$DIR:/local" \
     -v "$DIR/build/legacy$DIRSUFFIX":/build:z \
     --env BITCOIN_ONLY="$BITCOIN_ONLY" \
-    --env MEMORY_PROTECT="$MEMORY_PROTECT" \
+    --env PRODUCTION="$PRODUCTION" \
     --init \
     "$CONTAINER_NAME" \
     /nix/var/nix/profiles/default/bin/nix-shell --run "bash /local/build/$SCRIPT_NAME"

ci/build.yml

@@ -220,9 +220,9 @@ legacy fw regular build:
   <<: *gitlab_caching
   needs: []
   script:
-    - nix-shell --run "export MEMORY_PROTECT=1 && poetry run legacy/script/cibuild"
+    - nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild"
     - nix-shell --run "poetry run legacy/script/setup"
-    - nix-shell --run "export MEMORY_PROTECT=0 && poetry run legacy/script/cibuild"
+    - nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild"
     - nix-shell --run "poetry run make -C legacy/demo"
     - mv legacy/firmware/trezor.bin trezor-fw-regular-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
   artifacts:
@@ -238,9 +238,9 @@ legacy fw regular debug build:
   variables:
     DEBUG_LINK: "1"
   script:
-    - nix-shell --run "export MEMORY_PROTECT=1 && poetry run legacy/script/cibuild"
+    - nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild"
     - nix-shell --run "poetry run legacy/script/setup"
-    - nix-shell --run "export MEMORY_PROTECT=0 && poetry run legacy/script/cibuild"
+    - nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild"
     - mv legacy/firmware/trezor.bin trezor-fw-regular-debug-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
   artifacts:
     name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
@@ -255,9 +255,9 @@ legacy fw btconly build:
   variables:
     BITCOIN_ONLY: "1"
   script:
-    - nix-shell --run "export MEMORY_PROTECT=1 && poetry run legacy/script/cibuild"
+    - nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild"
     - nix-shell --run "poetry run legacy/script/setup"
-    - nix-shell --run "export MEMORY_PROTECT=0 && poetry run legacy/script/cibuild"
+    - nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild"
     - mv legacy/firmware/trezor.bin legacy/firmware/trezor-bitcoinonly.bin
     - nix-shell --run "poetry run ./tools/check-bitcoin-only legacy/firmware/trezor-bitcoinonly.bin"
     - mv legacy/firmware/trezor-bitcoinonly.bin trezor-fw-btconly-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
@@ -275,9 +275,9 @@ legacy fw btconly debug build:
     BITCOIN_ONLY: "1"
     DEBUG_LINK: "1"
   script:
-    - nix-shell --run "export MEMORY_PROTECT=1 && poetry run legacy/script/cibuild"
+    - nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild"
     - nix-shell --run "poetry run legacy/script/setup"
-    - nix-shell --run "export MEMORY_PROTECT=0 && poetry run legacy/script/cibuild"
+    - nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild"
     - nix-shell --run "poetry run ./tools/check-bitcoin-only legacy/firmware/trezor.bin"
     - mv legacy/firmware/trezor.bin trezor-fw-btconly-debug-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
   artifacts:

core/embed/firmware/startup.S

@@ -6,7 +6,7 @@
   .type reset_handler, STT_FUNC
 reset_handler:
 
-// The following loading of VTOR address only works if T1 bootloader was built with MEMORY_PROTECT=0
+// The following loading of VTOR address only works if T1 bootloader was built with PRODUCTION=0
 // or the firmware was properly signed. All other variants end up in hard fault due to MPU
 // (cf mpu_config_firmware in legacy bootloader)
 

docs/common/reproducible-build.md

@@ -78,4 +78,4 @@ _Note: Fingerprints displayed for T1 at the end of `build-docker.sh` do not matc
 official firmware due to the legacy header._
 
 _Note: T1 firmware built this way won't boot because unsigned firmware needs to be built with
-[`MEMORY_PROTECT=0`](../legacy/index.md#combining-bootloader-and-firmware-with-various-memory_protect-settings-signedunsigned)._
+[`PRODUCTION=0`](../legacy/index.md#combining-bootloader-and-firmware-with-various-production-settings-signedunsigned)._

docs/legacy/index.md

@@ -46,7 +46,7 @@ The build process is configured via environment variables:
 
 * `EMULATOR=1` specifies that an emulator should be built, instead of the device firmware.
 * `DEBUG_LINK=1` specifies that DebugLink should be available in the built image.
-* `MEMORY_PROTECT=0` disables memory protection. This is necessary for installing unofficial firmware.
+* `PRODUCTION=0` disables memory protection. This is necessary for installing unofficial firmware.
 * `DEBUG_LOG=1` enables debug messages to be printed on device screen.
 * `BITCOIN_ONLY=1` specifies Bitcoin-only version of the firmware.
 
@@ -99,21 +99,21 @@ Step 3 should produce the same fingerprint like your local build (for the same v
 
 **WARNING: This will erase the recovery seed stored on the device! You should never do this on Trezor that contains coins!**
 
-Build with `MEMORY_PROTECT=0` or you will get a hard fault on your device.
+Build with `PRODUCTION=0` or you will get a hard fault on your device.
 
 Switch your device to bootloader mode, then execute:
 ```sh
 trezorctl firmware-update -f build/legacy/firmware/firmware.bin
 ```
 
-## Combining bootloader and firmware with various `MEMORY_PROTECT` settings, signed/unsigned
+## Combining bootloader and firmware with various `PRODUCTION` settings, signed/unsigned
 
 Not all combinations of bootloader and firmware will work. This depends on
-3 variables: MEMORY_PROTECT of bootloader, MEMORY_PROTECT of firmware, whether firmware is signed
+3 variables: PRODUCTION of bootloader, PRODUCTION of firmware, whether firmware is signed
 
 This table shows the result for bootloader 1.8.0+ and 1.9.1+:
 
-| Bootloader MEMORY_PROTECT | Firmware MEMORY_PROTECT | Is firmware officially signed? | Result                                                                                     |
+| Bootloader PRODUCTION | Firmware PRODUCTION | Is firmware officially signed? | Result                                                                                     |
 | ------------------------- | ----------------------- | ------------------------------ | ------------------------------------------------------------------------------------------ |
 |  1                        |  1                      | yes                            | works, official configuration                                                              |
 |  1                        |  1                      | no                             | hardfault in header.S when setting VTOR and stack                                          |
@@ -121,5 +121,5 @@ This table shows the result for bootloader 1.8.0+ and 1.9.1+:
 |  0                        |  0                      | no                             | hard fault because header.S doesn't set VTOR and stack right                               |
 |  1                        |  0                      | no                             | works                                                                                      |
 
-The other three possibilities with signed firmware and `MEMORY_PROTECT!=0` for bootloader/firmware don't exist.
+The other three possibilities with signed firmware and `PRODUCTION!=0` for bootloader/firmware don't exist.
 

legacy/Makefile.include

@@ -140,14 +140,14 @@ CFLAGS += -DBITCOIN_ONLY=0
 CFLAGS += -DU2F_ENABLED=1
 endif
 
-ifeq ($(MEMORY_PROTECT), 0)
-CFLAGS   += -DMEMORY_PROTECT=0
-CPUFLAGS += -DMEMORY_PROTECT=0
-$(info MEMORY_PROTECT=0)
+ifeq ($(PRODUCTION), 0)
+CFLAGS   += -DPRODUCTION=0
+CPUFLAGS += -DPRODUCTION=0
+$(info PRODUCTION=0)
 else
-CFLAGS   += -DMEMORY_PROTECT=1
-CPUFLAGS += -DMEMORY_PROTECT=1
-$(info MEMORY_PROTECT=1)
+CFLAGS   += -DPRODUCTION=1
+CPUFLAGS += -DPRODUCTION=1
+$(info PRODUCTION=1)
 endif
 
 ifeq ($(DEBUG_RNG), 1)

legacy/firmware/bl_check.c

@@ -26,7 +26,7 @@
 #include "memory.h"
 #include "util.h"
 
-#if MEMORY_PROTECT
+#if PRODUCTION
 
 static int known_bootloader(int r, const uint8_t *hash) {
   if (r != 32) return 0;
@@ -143,7 +143,7 @@ static int known_bootloader(int r, const uint8_t *hash) {
  * @param shutdown_on_replace: if true, shuts down device instead of return
  */
 void check_and_replace_bootloader(bool shutdown_on_replace) {
-#if MEMORY_PROTECT
+#if PRODUCTION
   uint8_t hash[32] = {0};
   int r = memory_bootloader_hash(hash);
 
@@ -206,6 +206,6 @@ void check_and_replace_bootloader(bool shutdown_on_replace) {
                _("contact our support."), NULL);
   shutdown();
 #endif
-  // prevent compiler warning when MEMORY_PROTECT==0
+  // prevent compiler warning when PRODUCTION==0
   (void)shutdown_on_replace;
 }

legacy/memory.c

@@ -26,7 +26,7 @@
 #define FLASH_OPTION_BYTES_2 (*(const uint64_t *)0x1FFFC008)
 
 void memory_protect(void) {
-#if MEMORY_PROTECT
+#if PRODUCTION
   // Reference STM32F205 Flash programming manual revision 5
   // http://www.st.com/resource/en/programming_manual/cd00233952.pdf Section 2.6
   // Option bytes

legacy/setup.c

@@ -221,7 +221,7 @@ void mpu_config_bootloader(void) {
 
 // Never use in bootloader! Disables access to PPB (including MPU, NVIC, SCB)
 void mpu_config_firmware(void) {
-#if MEMORY_PROTECT
+#if PRODUCTION
   // Disable MPU
   MPU_CTRL = 0;
 

legacy/startup.S

@@ -20,7 +20,7 @@ memset_reg:
   .type reset_handler, STT_FUNC
 reset_handler:
 
-#if MEMORY_PROTECT
+#if PRODUCTION
 // we need to perform this in case an old bootloader (<1.8.0)
 // is starting the new firmware, these will be set incorrectly
   ldr r0, =0xE000ED08  // r0 = VTOR address