# pylint: disable=E0602 # fmt: off import os import tools, models BITCOIN_ONLY = ARGUMENTS.get('BITCOIN_ONLY', '0') PRODUCTION = ARGUMENTS.get('PRODUCTION', '0') == '1' BOOTLOADER_QA = ARGUMENTS.get('BOOTLOADER_QA', '0') == '1' BOOTLOADER_DEVEL = ARGUMENTS.get('BOOTLOADER_DEVEL', '0') == '1' EVERYTHING = BITCOIN_ONLY != '1' TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T') CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0)) PYOPT = ARGUMENTS.get('PYOPT', '1') DISABLE_OPTIGA = ARGUMENTS.get('DISABLE_OPTIGA', '0') == '1' HW_REVISION = ARGUMENTS.get('HW_REVISION', None) THP = ARGUMENTS.get('THP', '0') == '1' # Trezor-Host Protocol STORAGE_INSECURE_TESTING_MODE = ARGUMENTS.get('STORAGE_INSECURE_TESTING_MODE', '0') == '1' if STORAGE_INSECURE_TESTING_MODE and PRODUCTION: raise RuntimeError("STORAGE_INSECURE_TESTING_MODE cannot be used in production") if STORAGE_INSECURE_TESTING_MODE: DISABLE_OPTIGA = True PYOPT = "0" FEATURE_FLAGS = { "RDI": True, "SECP256K1_ZKP": True, # required for trezor.crypto.curve.bip340 (BIP340/Taproot) "SYSTEM_VIEW": False, "AES_GCM": False, } FEATURES_WANTED = ["input", "sd_card", "rgb_led", "dma2d", "consumption_mask", "usb" ,"optiga", "haptic"] if DISABLE_OPTIGA: # TODO use PYOPT instead of PRODUCTION, same as in firmware, blocked on #4253 if PRODUCTION: raise RuntimeError("DISABLE_OPTIGA requires non-production build") FEATURES_WANTED.remove("optiga") CCFLAGS_MOD = '' CPPPATH_MOD = [] CPPDEFINES_MOD = [] SOURCE_MOD = [] SOURCE_MOD_CRYPTO = [] CPPDEFINES_HAL = [] SOURCE_HAL = [] PATH_HAL = [] FROZEN = True # modtrezorconfig CPPPATH_MOD += [ 'embed/upymod/modtrezorconfig', 'vendor/trezor-storage', 'vendor/micropython/lib/uzlib', ] SOURCE_MOD += [ # 'embed/upymod/modtrezorconfig/modtrezorconfig.c', 'vendor/trezor-storage/norcow.c', 'vendor/trezor-storage/storage.c', 'vendor/trezor-storage/storage_utils.c', 'vendor/trezor-storage/flash_area.c', ] # modtrezorcrypto CCFLAGS_MOD += '-Wno-sequence-point ' CPPPATH_MOD += [ 'vendor/trezor-crypto', ] CPPDEFINES_MOD += [ 'KERNEL_MODE', 'SYSCALL_DISPATCH', 'AES_128', 'AES_192', ('USE_BIP32_CACHE', '0'), ('USE_KECCAK', '1'), ('USE_ETHEREUM', '1' if EVERYTHING else '0'), ('USE_MONERO', '1' if EVERYTHING else '0'), ('USE_CARDANO', '1' if EVERYTHING else '0'), ('USE_NEM', '1' if (EVERYTHING and TREZOR_MODEL == "T") else '0'), ('USE_EOS', '1' if (EVERYTHING and TREZOR_MODEL == "T") else '0'), ] SOURCE_MOD_CRYPTO += [ 'vendor/trezor-crypto/address.c', 'vendor/trezor-crypto/aes/aes_modes.c', 'vendor/trezor-crypto/aes/aesccm.c', 'vendor/trezor-crypto/aes/aescrypt.c', 'vendor/trezor-crypto/aes/aeskey.c', 'vendor/trezor-crypto/aes/aestab.c', 'vendor/trezor-crypto/base32.c', 'vendor/trezor-crypto/base58.c', 'vendor/trezor-crypto/bignum.c', 'vendor/trezor-crypto/bip32.c', 'vendor/trezor-crypto/bip39.c', 'vendor/trezor-crypto/bip39_english.c', 'vendor/trezor-crypto/blake256.c', 'vendor/trezor-crypto/blake2b.c', 'vendor/trezor-crypto/blake2s.c', 'vendor/trezor-crypto/buffer.c', 'vendor/trezor-crypto/chacha20poly1305/chacha20poly1305.c', 'vendor/trezor-crypto/chacha20poly1305/chacha_merged.c', 'vendor/trezor-crypto/chacha20poly1305/poly1305-donna.c', 'vendor/trezor-crypto/chacha20poly1305/rfc7539.c', 'vendor/trezor-crypto/chacha_drbg.c', 'vendor/trezor-crypto/curves.c', 'vendor/trezor-crypto/der.c', 'vendor/trezor-crypto/ecdsa.c', 'vendor/trezor-crypto/ed25519-donna/curve25519-donna-32bit.c', 'vendor/trezor-crypto/ed25519-donna/curve25519-donna-helpers.c', 'vendor/trezor-crypto/ed25519-donna/curve25519-donna-scalarmult-base.c', 'vendor/trezor-crypto/ed25519-donna/ed25519-donna-32bit-tables.c', 'vendor/trezor-crypto/ed25519-donna/ed25519-donna-basepoint-table.c', 'vendor/trezor-crypto/ed25519-donna/ed25519-donna-impl-base.c', 'vendor/trezor-crypto/ed25519-donna/ed25519-keccak.c', 'vendor/trezor-crypto/ed25519-donna/ed25519-sha3.c', 'vendor/trezor-crypto/ed25519-donna/ed25519.c', 'vendor/trezor-crypto/ed25519-donna/modm-donna-32bit.c', 'vendor/trezor-crypto/groestl.c', 'vendor/trezor-crypto/hasher.c', 'vendor/trezor-crypto/hmac.c', 'vendor/trezor-crypto/hmac_drbg.c', 'vendor/trezor-crypto/memzero.c', 'vendor/trezor-crypto/nem.c', 'vendor/trezor-crypto/nist256p1.c', 'vendor/trezor-crypto/pbkdf2.c', 'vendor/trezor-crypto/rand.c', 'vendor/trezor-crypto/rfc6979.c', 'vendor/trezor-crypto/ripemd160.c', 'vendor/trezor-crypto/secp256k1.c', 'vendor/trezor-crypto/segwit_addr.c', 'vendor/trezor-crypto/sha2.c', 'vendor/trezor-crypto/sha3.c', 'vendor/trezor-crypto/shamir.c', 'vendor/trezor-crypto/slip39.c', 'vendor/trezor-crypto/slip39_english.c', 'vendor/trezor-crypto/tls_prf.c', ] if EVERYTHING: SOURCE_MOD_CRYPTO += [ 'vendor/trezor-crypto/cardano.c', 'vendor/trezor-crypto/monero/base58.c', 'vendor/trezor-crypto/monero/serialize.c', 'vendor/trezor-crypto/monero/xmr.c', ] # libsecp256k1-zkp if FEATURE_FLAGS["SECP256K1_ZKP"]: CPPPATH_MOD += [ 'vendor/secp256k1-zkp', 'vendor/secp256k1-zkp/src', 'vendor/secp256k1-zkp/include', ] CPPDEFINES_MOD += [ 'USE_SECP256K1_ZKP', 'USE_SECP256K1_ZKP_ECDSA', ('SECP256K1_CONTEXT_SIZE', '180'), 'USE_ASM_ARM', 'USE_EXTERNAL_ASM', 'USE_EXTERNAL_DEFAULT_CALLBACKS', ('ECMULT_GEN_PREC_BITS', '2'), ('ECMULT_WINDOW_SIZE', '2'), 'ENABLE_MODULE_GENERATOR', 'ENABLE_MODULE_RECOVERY', 'ENABLE_MODULE_SCHNORRSIG', 'ENABLE_MODULE_EXTRAKEYS', 'ENABLE_MODULE_ECDH', ] SOURCE_MOD_SECP256K1_ZKP = [ 'vendor/secp256k1-zkp/src/secp256k1.c', 'vendor/secp256k1-zkp/src/precomputed_ecmult.c', 'vendor/secp256k1-zkp/src/precomputed_ecmult_gen.c', 'vendor/secp256k1-zkp/src/asm/field_10x26_arm.s' ] SOURCE_MOD_CRYPTO += [ 'vendor/trezor-crypto/zkp_context.c', 'vendor/trezor-crypto/zkp_ecdsa.c', 'vendor/trezor-crypto/zkp_bip340.c', ] # AES-GCM if FEATURE_FLAGS["AES_GCM"]: CPPDEFINES_MOD += [ 'USE_AES_GCM', 'AES_VAR', ] SOURCE_MOD_CRYPTO += [ 'vendor/trezor-crypto/aes/gf128mul.c', 'vendor/trezor-crypto/aes/aesgcm.c', ] SOURCE_MOD += [ 'embed/gfx/bitblt/gfx_bitblt.c', 'embed/gfx/bitblt/gfx_bitblt_rgb565.c', 'embed/gfx/bitblt/gfx_bitblt_rgba8888.c', 'embed/gfx/bitblt/gfx_bitblt_mono8.c', 'embed/gfx/fonts/font_bitmap.c', 'embed/gfx/gfx_color.c', 'embed/gfx/gfx_draw.c', 'embed/gfx/terminal.c', 'embed/util/bl_check/bl_check.c', 'embed/util/translations/translations.c', 'embed/util/image/image.c', 'embed/util/rsod/rsod.c', 'embed/rtl/error_handling.c', 'embed/rtl/mini_printf.c', 'embed/upymod/modtrezorcrypto/rand.c', 'vendor/micropython/lib/uzlib/adler32.c', 'vendor/micropython/lib/uzlib/crc32.c', 'vendor/micropython/lib/uzlib/tinflate.c', ] CPPDEFINES_MOD += [ 'TRANSLATIONS', 'RSOD_IN_COREAPP', ] if FEATURE_FLAGS["RDI"]: CPPDEFINES_MOD += ['RDI'] if FEATURE_FLAGS["SYSTEM_VIEW"]: SOURCE_MOD += [ 'embed/sys/systemview/stm32/config/SEGGER_SYSVIEW_Config_NoOS.c', 'embed/sys/systemview/stm32/segger/SEGGER_SYSVIEW.c', 'embed/sys/systemview/stm32/segger/SEGGER_RTT.c', 'embed/sys/systemview/stm32/segger/SEGGER_RTT_ASM_ARMv7M.S', 'embed/sys/systemview/stm32/segger/Syscalls/SEGGER_RTT_Syscalls_GCC.c', 'embed/sys/systemview/systemview.c', ] CPPPATH_MOD += [ 'embed/sys/systemview/inc', 'embed/sys/systemview/stm32/config', 'embed/sys/systemview/stm32/segger', ] CPPDEFINES_MOD += ['SYSTEM_VIEW'] CCFLAGS_MOD += '-DSYSTEM_VIEW ' TRANSLATION_DATA = [ "translations/en.json", "translations/order.json", ] if THP: CPPDEFINES_MOD += ['USE_THP'] SOURCE_MOD += [ 'vendor/trezor-crypto/elligator2.c', ] if STORAGE_INSECURE_TESTING_MODE: CPPDEFINES_MOD += ['STORAGE_INSECURE_TESTING_MODE'] env = Environment( ENV=os.environ, CFLAGS=f"{ARGUMENTS.get('CFLAGS', '')} -DPRODUCTION={int(PRODUCTION)} -DPYOPT={PYOPT} -DBOOTLOADER_QA={int(BOOTLOADER_QA)} -DBITCOIN_ONLY={BITCOIN_ONLY}", CPPDEFINES_IMPLICIT=[], CPPDEFPREFIX="-D'", CPPDEFSUFFIX="'", ) FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL) FILE_SUFFIX= env.get('ENV')['SUFFIX'] SOURCE_FIRMWARE = [ 'embed/projects/kernel/main.c', f'embed/sys/startup/{FILE_SUFFIX}/startup_stage_2.s', ] if 'sd_card' in FEATURES_AVAILABLE: SDCARD = True else: SDCARD = False env.Replace( CAT='cat', DD='dd', CP='cp', SED='sed', AS='arm-none-eabi-as', AR='arm-none-eabi-ar', CC='arm-none-eabi-gcc', LINK='arm-none-eabi-gcc', SIZE='arm-none-eabi-size', STRIP='arm-none-eabi-strip', OBJCOPY='arm-none-eabi-objcopy', ) env.Replace( TREZOR_MODEL=TREZOR_MODEL,) ALLPATHS = [ '.', 'embed/projects/firmware', 'embed/rtl/inc', 'embed/models', 'embed/gfx/inc', 'embed/sys/bsp/inc', 'embed/util/bl_check/inc', 'embed/util/image/inc', 'embed/util/rsod/inc', 'embed/util/translations/inc', ] + CPPPATH_MOD + PATH_HAL env.Replace( COPT=env.get('ENV').get('OPTIMIZE', '-Os'), CCFLAGS='$COPT ' '-g3 ' '-nostdlib ' '-std=gnu11 -Wall -Werror -Wdouble-promotion -Wpointer-arith -Wno-missing-braces -fno-common ' '-fsingle-precision-constant -fdata-sections -ffunction-sections ' '-ffreestanding ' '-fstack-protector-all ' + env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD, LINKFLAGS='-T build/kernel/memory.ld -Wl,--gc-sections -Wl,--print-memory-usage -Wl,-Map=build/kernel/kernel.map -Wl,--warn-common', CPPPATH=ALLPATHS, CPPDEFINES=[ 'KERNEL', 'TREZOR_MODEL_'+TREZOR_MODEL, 'USE_HAL_DRIVER', 'ARM_USER_MODE', ] + CPPDEFINES_MOD + CPPDEFINES_HAL, ASFLAGS=env.get('ENV')['CPU_ASFLAGS'], ASPPFLAGS='$CFLAGS $CCFLAGS', ) env.Replace( HEADERTOOL='headertool', PYTHON='python', MAKECMAKELISTS='$PYTHON tools/make_cmakelists.py', ) # # Program objects # source_files = SOURCE_MOD + SOURCE_MOD_CRYPTO + SOURCE_FIRMWARE + SOURCE_HAL obj_program = [] obj_program.extend(env.Object(source=SOURCE_MOD)) obj_program.extend(env.Object(source=SOURCE_MOD_CRYPTO, CCFLAGS='$CCFLAGS -ftrivial-auto-var-init=zero')) if FEATURE_FLAGS["SECP256K1_ZKP"]: obj_program.extend(env.Object(source=SOURCE_MOD_SECP256K1_ZKP, CCFLAGS='$CCFLAGS -Wno-unused-function')) source_files.extend(SOURCE_MOD_SECP256K1_ZKP) obj_program.extend(env.Object(source=SOURCE_FIRMWARE)) obj_program.extend(env.Object(source=SOURCE_HAL)) env.Replace( ALLSOURCES=source_files, ALLDEFS=tools.get_defs_for_cmake(env['CPPDEFINES'] + env['CPPDEFINES_IMPLICIT'] + [f"PRODUCTION={int(PRODUCTION)}", f"BOOTLOADER_QA={int(BOOTLOADER_QA)}", f"PYOPT={PYOPT}", f"BITCOIN_ONLY={BITCOIN_ONLY}"])) cmake_gen = env.Command( target='CMakeLists.txt', source='', action='$MAKECMAKELISTS --sources $ALLSOURCES --dirs $CPPPATH --defs $ALLDEFS', ) MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL) BOOTLOADER_SUFFIX = MODEL_IDENTIFIER if BOOTLOADER_QA: BOOTLOADER_SUFFIX += '_qa' # select vendor header if BOOTLOADER_QA or BOOTLOADER_DEVEL: vendor = "dev_DO_NOT_SIGN_signed_dev" elif not PRODUCTION: vendor = "unsafe_signed_prod" else: if TREZOR_MODEL in ('T',): vendor = "satoshilabs_signed_prod" elif BITCOIN_ONLY == '1': vendor = "trezor_btconly_signed_prod" else: vendor = "trezor_signed_prod" VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_{vendor}.bin' obj_program.extend( env.Command( target='embed/projects/kernel/vendorheader.o', source=VENDORHEADER, action='$OBJCOPY -I binary -O elf32-littlearm -B arm' ' --rename-section .data=.vendorheader,alloc,load,readonly,contents' ' $SOURCE $TARGET', )) tools.embed_compressed_binary( obj_program, env, 'bootloader', 'embed/projects/bootloaders/bootloader.o', f'embed/models/{MODEL_IDENTIFIER}/bootloaders/bootloader_{BOOTLOADER_SUFFIX}.bin', 'kernel', 'bootloader', ) linkerscript_gen = env.Command( target='memory.ld', source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='kernel')], action='$CAT $SOURCES > $TARGET', ) program_elf = env.Command( target='kernel.elf', source=obj_program, action= '$LINK -o $TARGET $CCFLAGS $CFLAGS $SOURCES $LINKFLAGS -lc_nano -lm -lgcc', ) env.Depends(program_elf, linkerscript_gen) if CMAKELISTS != 0: env.Depends(program_elf, cmake_gen) BINARY_NAME = f"build/kernel/kernel-{models.get_model_identifier(TREZOR_MODEL)}" if not EVERYTHING: BINARY_NAME += "-btconly" BINARY_NAME += "-" + tools.get_version('embed/projects/kernel/version.h') BINARY_NAME += "-" + tools.get_git_revision_short_hash() BINARY_NAME += "-dirty" if tools.get_git_modified() else "" BINARY_NAME += ".bin" action_bin=[ '$OBJCOPY -O binary -j .flash -j .uflash -j .data -j .confidential $SOURCE ${TARGET}', '$CP $TARGET ' + BINARY_NAME, ] if STORAGE_INSECURE_TESTING_MODE: INSECURE_TESTING_MODE_STR = """ ######################################################### # STORAGE_INSECURE_TESTING_MODE enabled, DO NOT USE # ######################################################### """ action_bin.append(INSECURE_TESTING_MODE_STR) program_bin = env.Command( target='kernel.bin', source=program_elf, action=action_bin, )