diff --git a/build-docker.sh b/build-docker.sh index a77dfbeb4..f77563348 100755 --- a/build-docker.sh +++ b/build-docker.sh @@ -62,7 +62,6 @@ fi TAG=${1:-master} REPOSITORY=${2:-/local} PRODUCTION=${PRODUCTION:-1} -MEMORY_PROTECT=${MEMORY_PROTECT:-1} if which wget > /dev/null ; then @@ -164,7 +163,7 @@ EOF -v "$DIR:/local" \ -v "$DIR/build/legacy$DIRSUFFIX":/build:z \ --env BITCOIN_ONLY="$BITCOIN_ONLY" \ - --env MEMORY_PROTECT="$MEMORY_PROTECT" \ + --env PRODUCTION="$PRODUCTION" \ --init \ "$CONTAINER_NAME" \ /nix/var/nix/profiles/default/bin/nix-shell --run "bash /local/build/$SCRIPT_NAME" diff --git a/ci/build.yml b/ci/build.yml index 72d8e5fda..d2d7c958d 100644 --- a/ci/build.yml +++ b/ci/build.yml @@ -220,9 +220,9 @@ legacy fw regular build: <<: *gitlab_caching needs: [] script: - - nix-shell --run "export MEMORY_PROTECT=1 && poetry run legacy/script/cibuild" + - nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild" - nix-shell --run "poetry run legacy/script/setup" - - nix-shell --run "export MEMORY_PROTECT=0 && poetry run legacy/script/cibuild" + - nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild" - nix-shell --run "poetry run make -C legacy/demo" - mv legacy/firmware/trezor.bin trezor-fw-regular-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin artifacts: @@ -238,9 +238,9 @@ legacy fw regular debug build: variables: DEBUG_LINK: "1" script: - - nix-shell --run "export MEMORY_PROTECT=1 && poetry run legacy/script/cibuild" + - nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild" - nix-shell --run "poetry run legacy/script/setup" - - nix-shell --run "export MEMORY_PROTECT=0 && poetry run legacy/script/cibuild" + - nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild" - mv legacy/firmware/trezor.bin trezor-fw-regular-debug-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin artifacts: name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA" @@ -255,9 +255,9 @@ legacy fw btconly build: variables: BITCOIN_ONLY: "1" script: - - nix-shell --run "export MEMORY_PROTECT=1 && poetry run legacy/script/cibuild" + - nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild" - nix-shell --run "poetry run legacy/script/setup" - - nix-shell --run "export MEMORY_PROTECT=0 && poetry run legacy/script/cibuild" + - nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild" - mv legacy/firmware/trezor.bin legacy/firmware/trezor-bitcoinonly.bin - nix-shell --run "poetry run ./tools/check-bitcoin-only legacy/firmware/trezor-bitcoinonly.bin" - mv legacy/firmware/trezor-bitcoinonly.bin trezor-fw-btconly-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin @@ -275,9 +275,9 @@ legacy fw btconly debug build: BITCOIN_ONLY: "1" DEBUG_LINK: "1" script: - - nix-shell --run "export MEMORY_PROTECT=1 && poetry run legacy/script/cibuild" + - nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild" - nix-shell --run "poetry run legacy/script/setup" - - nix-shell --run "export MEMORY_PROTECT=0 && poetry run legacy/script/cibuild" + - nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild" - nix-shell --run "poetry run ./tools/check-bitcoin-only legacy/firmware/trezor.bin" - mv legacy/firmware/trezor.bin trezor-fw-btconly-debug-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin artifacts: diff --git a/core/embed/firmware/startup.S b/core/embed/firmware/startup.S index 9d916951a..d715f75ee 100644 --- a/core/embed/firmware/startup.S +++ b/core/embed/firmware/startup.S @@ -6,7 +6,7 @@ .type reset_handler, STT_FUNC reset_handler: -// The following loading of VTOR address only works if T1 bootloader was built with MEMORY_PROTECT=0 +// The following loading of VTOR address only works if T1 bootloader was built with PRODUCTION=0 // or the firmware was properly signed. All other variants end up in hard fault due to MPU // (cf mpu_config_firmware in legacy bootloader) diff --git a/docs/common/reproducible-build.md b/docs/common/reproducible-build.md index 24d2e15cf..9b489f444 100644 --- a/docs/common/reproducible-build.md +++ b/docs/common/reproducible-build.md @@ -78,4 +78,4 @@ _Note: Fingerprints displayed for T1 at the end of `build-docker.sh` do not matc official firmware due to the legacy header._ _Note: T1 firmware built this way won't boot because unsigned firmware needs to be built with -[`MEMORY_PROTECT=0`](../legacy/index.md#combining-bootloader-and-firmware-with-various-memory_protect-settings-signedunsigned)._ +[`PRODUCTION=0`](../legacy/index.md#combining-bootloader-and-firmware-with-various-production-settings-signedunsigned)._ diff --git a/docs/legacy/index.md b/docs/legacy/index.md index cf53ad77c..52c587d9e 100644 --- a/docs/legacy/index.md +++ b/docs/legacy/index.md @@ -46,7 +46,7 @@ The build process is configured via environment variables: * `EMULATOR=1` specifies that an emulator should be built, instead of the device firmware. * `DEBUG_LINK=1` specifies that DebugLink should be available in the built image. -* `MEMORY_PROTECT=0` disables memory protection. This is necessary for installing unofficial firmware. +* `PRODUCTION=0` disables memory protection. This is necessary for installing unofficial firmware. * `DEBUG_LOG=1` enables debug messages to be printed on device screen. * `BITCOIN_ONLY=1` specifies Bitcoin-only version of the firmware. @@ -99,21 +99,21 @@ Step 3 should produce the same fingerprint like your local build (for the same v **WARNING: This will erase the recovery seed stored on the device! You should never do this on Trezor that contains coins!** -Build with `MEMORY_PROTECT=0` or you will get a hard fault on your device. +Build with `PRODUCTION=0` or you will get a hard fault on your device. Switch your device to bootloader mode, then execute: ```sh trezorctl firmware-update -f build/legacy/firmware/firmware.bin ``` -## Combining bootloader and firmware with various `MEMORY_PROTECT` settings, signed/unsigned +## Combining bootloader and firmware with various `PRODUCTION` settings, signed/unsigned Not all combinations of bootloader and firmware will work. This depends on -3 variables: MEMORY_PROTECT of bootloader, MEMORY_PROTECT of firmware, whether firmware is signed +3 variables: PRODUCTION of bootloader, PRODUCTION of firmware, whether firmware is signed This table shows the result for bootloader 1.8.0+ and 1.9.1+: -| Bootloader MEMORY_PROTECT | Firmware MEMORY_PROTECT | Is firmware officially signed? | Result | +| Bootloader PRODUCTION | Firmware PRODUCTION | Is firmware officially signed? | Result | | ------------------------- | ----------------------- | ------------------------------ | ------------------------------------------------------------------------------------------ | | 1 | 1 | yes | works, official configuration | | 1 | 1 | no | hardfault in header.S when setting VTOR and stack | @@ -121,5 +121,5 @@ This table shows the result for bootloader 1.8.0+ and 1.9.1+: | 0 | 0 | no | hard fault because header.S doesn't set VTOR and stack right | | 1 | 0 | no | works | -The other three possibilities with signed firmware and `MEMORY_PROTECT!=0` for bootloader/firmware don't exist. +The other three possibilities with signed firmware and `PRODUCTION!=0` for bootloader/firmware don't exist. diff --git a/legacy/Makefile.include b/legacy/Makefile.include index 81a571e49..004c836d2 100644 --- a/legacy/Makefile.include +++ b/legacy/Makefile.include @@ -140,14 +140,14 @@ CFLAGS += -DBITCOIN_ONLY=0 CFLAGS += -DU2F_ENABLED=1 endif -ifeq ($(MEMORY_PROTECT), 0) -CFLAGS += -DMEMORY_PROTECT=0 -CPUFLAGS += -DMEMORY_PROTECT=0 -$(info MEMORY_PROTECT=0) +ifeq ($(PRODUCTION), 0) +CFLAGS += -DPRODUCTION=0 +CPUFLAGS += -DPRODUCTION=0 +$(info PRODUCTION=0) else -CFLAGS += -DMEMORY_PROTECT=1 -CPUFLAGS += -DMEMORY_PROTECT=1 -$(info MEMORY_PROTECT=1) +CFLAGS += -DPRODUCTION=1 +CPUFLAGS += -DPRODUCTION=1 +$(info PRODUCTION=1) endif ifeq ($(DEBUG_RNG), 1) diff --git a/legacy/firmware/bl_check.c b/legacy/firmware/bl_check.c index 809cd2502..d38cb8fa5 100644 --- a/legacy/firmware/bl_check.c +++ b/legacy/firmware/bl_check.c @@ -26,7 +26,7 @@ #include "memory.h" #include "util.h" -#if MEMORY_PROTECT +#if PRODUCTION static int known_bootloader(int r, const uint8_t *hash) { if (r != 32) return 0; @@ -143,7 +143,7 @@ static int known_bootloader(int r, const uint8_t *hash) { * @param shutdown_on_replace: if true, shuts down device instead of return */ void check_and_replace_bootloader(bool shutdown_on_replace) { -#if MEMORY_PROTECT +#if PRODUCTION uint8_t hash[32] = {0}; int r = memory_bootloader_hash(hash); @@ -206,6 +206,6 @@ void check_and_replace_bootloader(bool shutdown_on_replace) { _("contact our support."), NULL); shutdown(); #endif - // prevent compiler warning when MEMORY_PROTECT==0 + // prevent compiler warning when PRODUCTION==0 (void)shutdown_on_replace; } diff --git a/legacy/memory.c b/legacy/memory.c index fc89fbb00..32853140e 100644 --- a/legacy/memory.c +++ b/legacy/memory.c @@ -26,7 +26,7 @@ #define FLASH_OPTION_BYTES_2 (*(const uint64_t *)0x1FFFC008) void memory_protect(void) { -#if MEMORY_PROTECT +#if PRODUCTION // Reference STM32F205 Flash programming manual revision 5 // http://www.st.com/resource/en/programming_manual/cd00233952.pdf Section 2.6 // Option bytes diff --git a/legacy/setup.c b/legacy/setup.c index 282be9cca..21ad3c37d 100644 --- a/legacy/setup.c +++ b/legacy/setup.c @@ -221,7 +221,7 @@ void mpu_config_bootloader(void) { // Never use in bootloader! Disables access to PPB (including MPU, NVIC, SCB) void mpu_config_firmware(void) { -#if MEMORY_PROTECT +#if PRODUCTION // Disable MPU MPU_CTRL = 0; diff --git a/legacy/startup.S b/legacy/startup.S index 25c239c92..85478934a 100644 --- a/legacy/startup.S +++ b/legacy/startup.S @@ -20,7 +20,7 @@ memset_reg: .type reset_handler, STT_FUNC reset_handler: -#if MEMORY_PROTECT +#if PRODUCTION // we need to perform this in case an old bootloader (<1.8.0) // is starting the new firmware, these will be set incorrectly ldr r0, =0xE000ED08 // r0 = VTOR address