# pylint: disable=E0602 import os import tools, models TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T') CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0)) PRODUCTION = ARGUMENTS.get('PRODUCTION', '0') == '1' BOOTLOADER_DEVEL = ARGUMENTS.get('BOOTLOADER_DEVEL', '0') == '1' HW_REVISION = ARGUMENTS.get('HW_REVISION', None) NEW_RENDERING = ARGUMENTS.get('NEW_RENDERING', '1') == '1' if TREZOR_MODEL in ('DISC1', 'DISC2'): # skip prodtest build env = Environment() def build_prodtest(target,source,env): print(f'Prodtest: nothing to build for Model {TREZOR_MODEL}') program_bin = env.Command( target='prodtest.bin', source=None, action=build_prodtest) Return() FEATURES_WANTED = ["input", "sbu", "sd_card", "rdb_led", "usb", "consumption_mask", "optiga", "haptic"] if NEW_RENDERING: FEATURES_WANTED.append("new_rendering") CCFLAGS_MOD = '' CPPPATH_MOD = [] CPPDEFINES_MOD = [ 'KERNEL_MODE', 'AES_128', 'USE_INSECURE_PRNG', ] SOURCE_MOD = [] SOURCE_MOD_CRYPTO = [] CPPDEFINES_HAL = [] SOURCE_HAL = [] PATH_HAL = [] if TREZOR_MODEL in ('1', 'R', 'T3B1'): FONT_NORMAL=None FONT_DEMIBOLD=None FONT_BOLD='Font_PixelOperator_Bold_8' FONT_MONO=None FONT_BIG=None FONT_NORMAL_UPPER=None FONT_BOLD_UPPER=None FONT_SUB=None elif TREZOR_MODEL in ('T',): FONT_NORMAL=None FONT_DEMIBOLD=None FONT_BOLD='Font_Roboto_Bold_20' FONT_MONO=None FONT_BIG=None FONT_NORMAL_UPPER=None FONT_BOLD_UPPER=None FONT_SUB=None elif TREZOR_MODEL in ('T3T1',): FONT_NORMAL='Font_TTSatoshi_DemiBold_21' FONT_DEMIBOLD=None FONT_BOLD='Font_TTSatoshi_DemiBold_21' FONT_MONO='Font_RobotoMono_Medium_21' FONT_BIG=None FONT_NORMAL_UPPER=None FONT_BOLD_UPPER=None FONT_SUB=None # modtrezorcrypto CPPPATH_MOD += [ 'vendor/trezor-crypto', 'vendor/trezor-storage', ] SOURCE_MOD += [ 'vendor/trezor-storage/flash_area.c', ] SOURCE_MOD_CRYPTO += [ 'vendor/trezor-crypto/aes/aes_modes.c', 'vendor/trezor-crypto/aes/aesccm.c', 'vendor/trezor-crypto/aes/aescrypt.c', 'vendor/trezor-crypto/aes/aeskey.c', 'vendor/trezor-crypto/aes/aestab.c', 'vendor/trezor-crypto/bignum.c', 'vendor/trezor-crypto/buffer.c', 'vendor/trezor-crypto/chacha_drbg.c', 'vendor/trezor-crypto/chacha20poly1305/chacha_merged.c', 'vendor/trezor-crypto/der.c', 'vendor/trezor-crypto/ecdsa.c', 'vendor/trezor-crypto/hmac.c', 'vendor/trezor-crypto/hmac_drbg.c', 'vendor/trezor-crypto/memzero.c', 'vendor/trezor-crypto/nist256p1.c', 'vendor/trezor-crypto/rand.c', 'vendor/trezor-crypto/rfc6979.c', 'vendor/trezor-crypto/secp256k1.c', 'vendor/trezor-crypto/sha2.c', 'vendor/trezor-crypto/tls_prf.c', ] # modtrezorui CPPPATH_MOD += [ 'vendor/micropython/lib/uzlib', ] SOURCE_MOD += [ 'embed/lib/colors.c', 'embed/lib/display_utils.c', 'embed/lib/error_handling.c', 'embed/lib/fonts/font_bitmap.c', 'embed/lib/fonts/fonts.c', 'embed/lib/gfx_color.c', 'embed/lib/gfx_bitblt_rgb565.c', 'embed/lib/gfx_bitblt_rgba8888.c', 'embed/lib/gfx_bitblt_mono8.c', 'embed/lib/image.c', 'embed/lib/mini_printf.c', 'embed/lib/rsod.c', 'embed/lib/qr-code-generator/qrcodegen.c', 'embed/lib/terminal.c', 'vendor/micropython/lib/uzlib/adler32.c', 'vendor/micropython/lib/uzlib/crc32.c', 'vendor/micropython/lib/uzlib/tinflate.c', ] if NEW_RENDERING: CPPDEFINES_MOD += ['NEW_RENDERING'] SOURCE_MOD += [ 'embed/lib/gfx_draw.c', ] else: SOURCE_MOD += [ 'embed/lib/display_draw.c', ] # fonts tools.add_font('NORMAL', FONT_NORMAL, CPPDEFINES_MOD, SOURCE_MOD) tools.add_font('BOLD', FONT_BOLD, CPPDEFINES_MOD, SOURCE_MOD) tools.add_font('DEMIBOLD', FONT_DEMIBOLD, CPPDEFINES_MOD, SOURCE_MOD) tools.add_font('MONO', FONT_MONO, CPPDEFINES_MOD, SOURCE_MOD) tools.add_font('BIG', FONT_BIG, CPPDEFINES_MOD, SOURCE_MOD) tools.add_font('NORMAL_UPPER', FONT_NORMAL_UPPER, CPPDEFINES_MOD, SOURCE_MOD) tools.add_font('BOLD_UPPER', FONT_BOLD_UPPER, CPPDEFINES_MOD, SOURCE_MOD) tools.add_font('SUB', FONT_SUB, CPPDEFINES_MOD, SOURCE_MOD) env = Environment( ENV=os.environ, CFLAGS='%s -DPRODUCTION=%s' % (ARGUMENTS.get('CFLAGS', ''), ARGUMENTS.get('PRODUCTION', '0')), CPPDEFINES_IMPLICIT=[]) FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL) FILE_SUFFIX= env.get('ENV')['SUFFIX'] SOURCE_PRODTEST = [ f'embed/trezorhal/{FILE_SUFFIX}/startup_stage_2.s', 'embed/prodtest/header.S', 'embed/prodtest/main.c', 'embed/prodtest/prodtest_common.c', ] if 'optiga' in FEATURES_AVAILABLE: SOURCE_PRODTEST += [ 'embed/prodtest/optiga_prodtest.c', ] env.Replace( CAT='cat', CP='cp', AS='arm-none-eabi-as', AR='arm-none-eabi-ar', CC='arm-none-eabi-gcc', LINK='arm-none-eabi-gcc', SIZE='arm-none-eabi-size', STRIP='arm-none-eabi-strip', OBJCOPY='arm-none-eabi-objcopy', PYTHON='python', MAKECMAKELISTS='$PYTHON tools/make_cmakelists.py',) env.Replace( TREZOR_MODEL=TREZOR_MODEL, ) env.Replace( COPT=env.get('ENV').get('OPTIMIZE', '-Os'), CCFLAGS='$COPT ' '-g3 ' '-nostdlib ' '-std=gnu11 -Wall -Werror -Wdouble-promotion -Wpointer-arith -Wno-missing-braces -fno-common ' '-fsingle-precision-constant -fdata-sections -ffunction-sections ' '-ffreestanding ' '-fstack-protector-all ' + env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD, CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB', LINKFLAGS=f'-T build/prodtest/memory.ld -Wl,--gc-sections -Wl,-Map=build/prodtest/prodtest.map -Wl,--warn-common', CPPPATH=[ 'embed/prodtest', 'embed/lib', 'embed/models', 'embed/trezorhal', 'embed/extmod/modtrezorui', ] + CPPPATH_MOD + PATH_HAL, CPPDEFINES=[ 'TREZOR_PRODTEST', 'TREZOR_MODEL_'+TREZOR_MODEL, 'ARM_USER_MODE', 'USE_HAL_DRIVER', ] + CPPDEFINES_MOD + CPPDEFINES_HAL, ASFLAGS=env.get('ENV')['CPU_ASFLAGS'], ASPPFLAGS='$CFLAGS $CCFLAGS', ) env.Replace( HEADERTOOL='headertool', ) env.Replace( ALLSOURCES=SOURCE_MOD + SOURCE_MOD_CRYPTO + SOURCE_PRODTEST + SOURCE_HAL, ALLDEFS=tools.get_defs_for_cmake(env['CPPDEFINES'] + env['CPPDEFINES_IMPLICIT'])) cmake_gen = env.Command( target='CMakeLists.txt', source='', action='$MAKECMAKELISTS --sources $ALLSOURCES --dirs $CPPPATH --defs $ALLDEFS', ) # # Program objects # obj_program = [] obj_program.extend(env.Object(source=SOURCE_MOD)) obj_program.extend(env.Object(source=SOURCE_MOD_CRYPTO, CCFLAGS='$CCFLAGS -ftrivial-auto-var-init=zero')) obj_program.extend(env.Object(source=SOURCE_PRODTEST)) obj_program.extend(env.Object(source=SOURCE_HAL)) MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL) if (vh := ARGUMENTS.get("VENDOR_HEADER", None)): VENDORHEADER = vh elif (vh := os.environ.get("VENDOR_HEADER", None)): # TODO looking at envvars in a build script is not very nice. But justifiable in case # of vendor header which does not affect reproducibility of the build. Nonetheless, # we should figure out a cleaner way to pass in this argument, without having to teach # the Makefile about it. VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/{vh}' elif PRODUCTION: VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_prodtest_signed_prod.bin' elif BOOTLOADER_DEVEL: VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin' else: VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_unsafe_signed_prod.bin' obj_program.extend( env.Command( target='embed/prodtest/vendorheader.o', source=VENDORHEADER, action='$OBJCOPY -I binary -O elf32-littlearm -B arm' ' --rename-section .data=.vendorheader,alloc,load,readonly,contents' ' $SOURCE $TARGET', )) linkerscript_gen = env.Command( target='memory.ld', source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='prodtest')], action='$CAT $SOURCES > $TARGET', ) program_elf = env.Command( target='prodtest.elf', source=obj_program, action= '$LINK -o $TARGET $CCFLAGS $CFLAGS $LINKFLAGS $SOURCES -lc_nano -lgcc', ) env.Depends(program_elf, linkerscript_gen) BINARY_NAME = f"build/prodtest/prodtest-{models.get_model_identifier(TREZOR_MODEL)}" BINARY_NAME += "-" + tools.get_version('embed/prodtest/version.h') BINARY_NAME += "-" + tools.get_git_revision_short_hash() BINARY_NAME += "-dirty" if tools.get_git_modified() else "" BINARY_NAME += ".bin" if CMAKELISTS != 0: env.Depends(program_elf, cmake_gen) program_bin = env.Command( target='prodtest.bin', source=program_elf, action=[ '$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data -j .confidential $SOURCE $TARGET', '$HEADERTOOL $TARGET ' + ('-D' if ARGUMENTS.get('PRODUCTION', '0') == '0' else ''), '$CP $TARGET ' + BINARY_NAME, ], )