1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-31 18:40:56 +00:00
trezor-firmware/core/SConscript.firmware
matejcik ef02c4de5d feat(core): introduce storage insecure mode
reduces the number of PIN iterations and avoids erasing the other
storage bank -- if a test ever overruns, it will probably RSOD out, but
that's unlikely to happen
2024-12-03 11:02:17 +01:00

903 lines
30 KiB
Plaintext

# pylint: disable=E0602
# fmt: off
import os
import shlex
import tools, models, ui
BITCOIN_ONLY = ARGUMENTS.get('BITCOIN_ONLY', '0')
PRODUCTION = ARGUMENTS.get('PRODUCTION', '0') == '1'
BOOTLOADER_QA = ARGUMENTS.get('BOOTLOADER_QA', '0') == '1'
BOOTLOADER_DEVEL = ARGUMENTS.get('BOOTLOADER_DEVEL', '0') == '1'
EVERYTHING = BITCOIN_ONLY != '1'
TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T')
CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0))
PYOPT = ARGUMENTS.get('PYOPT', '1')
DISABLE_OPTIGA = ARGUMENTS.get('DISABLE_OPTIGA', '0') == '1'
HW_REVISION = ARGUMENTS.get('HW_REVISION', None)
THP = ARGUMENTS.get('THP', '0') == '1' # Trezor-Host Protocol
MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL)
BENCHMARK = ARGUMENTS.get('BENCHMARK', '0') == '1'
DISABLE_ANIMATION = ARGUMENTS.get('TREZOR_DISABLE_ANIMATION', '0') == '1'
STORAGE_INSECURE_TESTING_MODE = ARGUMENTS.get('STORAGE_INSECURE_TESTING_MODE', '0') == '1'
if STORAGE_INSECURE_TESTING_MODE and PRODUCTION:
raise RuntimeError("STORAGE_INSECURE_TESTING_MODE cannot be used in production")
if STORAGE_INSECURE_TESTING_MODE:
DISABLE_OPTIGA = True
PYOPT = "0"
if BENCHMARK and PYOPT != '0':
print("BENCHMARK=1 works only with PYOPT=0.")
exit(1)
FEATURE_FLAGS = {
"RDI": True,
"SECP256K1_ZKP": True, # required for trezor.crypto.curve.bip340 (BIP340/Taproot)
"AES_GCM": BENCHMARK or THP,
}
FEATURES_WANTED = ["input", "sd_card", "rgb_led", "dma2d", "consumption_mask", "usb" ,"optiga", "haptic"]
if DISABLE_OPTIGA:
if PYOPT != '0':
raise RuntimeError("DISABLE_OPTIGA requires PYOPT=0")
FEATURES_WANTED.remove("optiga")
CCFLAGS_MOD = ''
CPPPATH_MOD = []
CPPDEFINES_MOD = []
SOURCE_MOD = []
SOURCE_MOD_CRYPTO = []
CPPDEFINES_HAL = []
SOURCE_HAL = []
PATH_HAL = []
RUST_UI_FEATURES = []
FROZEN = True
# modtrezorconfig
CPPPATH_MOD += [
'embed/upymod/modtrezorconfig',
'vendor/trezor-storage',
]
SOURCE_MOD += [
'embed/upymod/modtrezorconfig/modtrezorconfig.c',
]
# modtrezorcrypto
CCFLAGS_MOD += '-Wno-sequence-point '
CPPPATH_MOD += [
'vendor/trezor-crypto',
]
CPPDEFINES_MOD += [
'AES_128',
'AES_192',
('USE_BIP32_CACHE', '0'),
('USE_KECCAK', '1'),
('USE_ETHEREUM', '1' if EVERYTHING else '0'),
('USE_MONERO', '1' if EVERYTHING else '0'),
('USE_CARDANO', '1' if EVERYTHING else '0'),
('USE_NEM', '1' if (EVERYTHING and TREZOR_MODEL == "T") else '0'),
('USE_EOS', '1' if (EVERYTHING and TREZOR_MODEL == "T") else '0'),
('DISABLE_ANIMATION', '1' if DISABLE_ANIMATION else '0'),
]
SOURCE_MOD += [
'embed/upymod/trezorobj.c',
'embed/upymod/modtrezorcrypto/crc.c',
'embed/upymod/modtrezorcrypto/modtrezorcrypto.c',
'embed/upymod/modtrezorcrypto/rand.c',
]
SOURCE_MOD_CRYPTO += [
'vendor/trezor-crypto/address.c',
'vendor/trezor-crypto/aes/aes_modes.c',
'vendor/trezor-crypto/aes/aesccm.c',
'vendor/trezor-crypto/aes/aescrypt.c',
'vendor/trezor-crypto/aes/aeskey.c',
'vendor/trezor-crypto/aes/aestab.c',
'vendor/trezor-crypto/base32.c',
'vendor/trezor-crypto/base58.c',
'vendor/trezor-crypto/bignum.c',
'vendor/trezor-crypto/bip32.c',
'vendor/trezor-crypto/bip39.c',
'vendor/trezor-crypto/bip39_english.c',
'vendor/trezor-crypto/blake256.c',
'vendor/trezor-crypto/blake2b.c',
'vendor/trezor-crypto/blake2s.c',
'vendor/trezor-crypto/buffer.c',
'vendor/trezor-crypto/chacha20poly1305/chacha20poly1305.c',
'vendor/trezor-crypto/chacha20poly1305/chacha_merged.c',
'vendor/trezor-crypto/chacha20poly1305/poly1305-donna.c',
'vendor/trezor-crypto/chacha20poly1305/rfc7539.c',
'vendor/trezor-crypto/chacha_drbg.c',
'vendor/trezor-crypto/curves.c',
'vendor/trezor-crypto/der.c',
'vendor/trezor-crypto/ecdsa.c',
'vendor/trezor-crypto/ed25519-donna/curve25519-donna-32bit.c',
'vendor/trezor-crypto/ed25519-donna/curve25519-donna-helpers.c',
'vendor/trezor-crypto/ed25519-donna/curve25519-donna-scalarmult-base.c',
'vendor/trezor-crypto/ed25519-donna/ed25519-donna-32bit-tables.c',
'vendor/trezor-crypto/ed25519-donna/ed25519-donna-basepoint-table.c',
'vendor/trezor-crypto/ed25519-donna/ed25519-donna-impl-base.c',
'vendor/trezor-crypto/ed25519-donna/ed25519-keccak.c',
'vendor/trezor-crypto/ed25519-donna/ed25519-sha3.c',
'vendor/trezor-crypto/ed25519-donna/ed25519.c',
'vendor/trezor-crypto/ed25519-donna/modm-donna-32bit.c',
'vendor/trezor-crypto/groestl.c',
'vendor/trezor-crypto/hasher.c',
'vendor/trezor-crypto/hmac.c',
'vendor/trezor-crypto/hmac_drbg.c',
'vendor/trezor-crypto/memzero.c',
'vendor/trezor-crypto/nem.c',
'vendor/trezor-crypto/nist256p1.c',
'vendor/trezor-crypto/pbkdf2.c',
'vendor/trezor-crypto/rand.c',
'vendor/trezor-crypto/rfc6979.c',
'vendor/trezor-crypto/ripemd160.c',
'vendor/trezor-crypto/secp256k1.c',
'vendor/trezor-crypto/segwit_addr.c',
'vendor/trezor-crypto/sha2.c',
'vendor/trezor-crypto/sha3.c',
'vendor/trezor-crypto/shamir.c',
'vendor/trezor-crypto/slip39.c',
'vendor/trezor-crypto/slip39_english.c',
'vendor/trezor-crypto/tls_prf.c',
]
if EVERYTHING:
SOURCE_MOD_CRYPTO += [
'vendor/trezor-crypto/cardano.c',
'vendor/trezor-crypto/monero/base58.c',
'vendor/trezor-crypto/monero/serialize.c',
'vendor/trezor-crypto/monero/xmr.c',
]
# libsecp256k1-zkp
if FEATURE_FLAGS["SECP256K1_ZKP"]:
CPPPATH_MOD += [
'vendor/secp256k1-zkp',
'vendor/secp256k1-zkp/src',
'vendor/secp256k1-zkp/include',
]
CPPDEFINES_MOD += [
'USE_SECP256K1_ZKP',
'USE_SECP256K1_ZKP_ECDSA',
('SECP256K1_CONTEXT_SIZE', '180'),
'USE_ASM_ARM',
'USE_EXTERNAL_ASM',
'USE_EXTERNAL_DEFAULT_CALLBACKS',
('ECMULT_GEN_PREC_BITS', '2'),
('ECMULT_WINDOW_SIZE', '2'),
'ENABLE_MODULE_GENERATOR',
'ENABLE_MODULE_RECOVERY',
'ENABLE_MODULE_SCHNORRSIG',
'ENABLE_MODULE_EXTRAKEYS',
'ENABLE_MODULE_ECDH',
]
SOURCE_MOD_SECP256K1_ZKP = [
'vendor/secp256k1-zkp/src/secp256k1.c',
'vendor/secp256k1-zkp/src/precomputed_ecmult.c',
'vendor/secp256k1-zkp/src/precomputed_ecmult_gen.c',
'vendor/secp256k1-zkp/src/asm/field_10x26_arm.s'
]
SOURCE_MOD_CRYPTO += [
'vendor/trezor-crypto/zkp_context.c',
'vendor/trezor-crypto/zkp_ecdsa.c',
'vendor/trezor-crypto/zkp_bip340.c',
]
# AES-GCM
if FEATURE_FLAGS["AES_GCM"]:
CPPDEFINES_MOD += [
'USE_AES_GCM',
'AES_VAR',
]
SOURCE_MOD_CRYPTO += [
'vendor/trezor-crypto/aes/gf128mul.c',
'vendor/trezor-crypto/aes/aesgcm.c',
]
# modtrezorio
SOURCE_MOD += [
'embed/upymod/modtrezorio/modtrezorio.c',
]
# modtrezorui
CPPPATH_MOD += [
'vendor/micropython/lib/uzlib',
]
SOURCE_MOD += [
'embed/upymod/modtrezorui/modtrezorui.c',
'embed/gfx/bitblt/gfx_bitblt.c',
'embed/gfx/bitblt/gfx_bitblt_rgb565.c',
'embed/gfx/bitblt/gfx_bitblt_rgba8888.c',
'embed/gfx/bitblt/gfx_bitblt_mono8.c',
'embed/gfx/fonts/font_bitmap.c',
'embed/gfx/fonts/fonts.c',
'embed/gfx/gfx_color.c',
'embed/gfx/gfx_draw.c',
'embed/gfx/terminal.c',
'embed/io/display/display_utils.c',
'embed/util/image/image.c',
'embed/util/translations/translations.c',
'embed/util/rsod/rsod.c',
'embed/rtl/error_handling.c',
'embed/rtl/mini_printf.c',
'vendor/micropython/lib/uzlib/adler32.c',
'vendor/micropython/lib/uzlib/crc32.c',
'vendor/micropython/lib/uzlib/tinflate.c',
]
CPPDEFINES_MOD += [
'TRANSLATIONS',
'FANCY_FATAL_ERROR',
]
# modtrezorutils
SOURCE_MOD += [
'embed/upymod/modtrezorutils/modtrezorutils.c',
]
# rust mods
SOURCE_MOD += [
'embed/upymod/rustmods.c',
]
# modutime
SOURCE_MOD += [
'embed/upymod/modutime.c',
]
SOURCE_MICROPYTHON = [
'vendor/micropython/extmod/modubinascii.c',
'vendor/micropython/extmod/moductypes.c',
'vendor/micropython/extmod/moduheapq.c',
'vendor/micropython/extmod/modutimeq.c',
'vendor/micropython/extmod/utime_mphal.c',
'vendor/micropython/shared/libc/abort_.c',
'vendor/micropython/shared/libc/printf.c',
'vendor/micropython/shared/runtime/gchelper_m3.s',
'vendor/micropython/shared/runtime/gchelper_native.c',
'vendor/micropython/shared/runtime/interrupt_char.c',
'vendor/micropython/shared/runtime/pyexec.c',
'vendor/micropython/shared/runtime/stdout_helpers.c',
'vendor/micropython/shared/timeutils/timeutils.c',
'vendor/micropython/ports/stm32/gccollect.c',
'vendor/micropython/py/argcheck.c',
'vendor/micropython/py/asmarm.c',
'vendor/micropython/py/asmbase.c',
'vendor/micropython/py/asmthumb.c',
'vendor/micropython/py/asmx64.c',
'vendor/micropython/py/asmx86.c',
'vendor/micropython/py/asmxtensa.c',
'vendor/micropython/py/bc.c',
'vendor/micropython/py/binary.c',
'vendor/micropython/py/builtinevex.c',
'vendor/micropython/py/builtinhelp.c',
'vendor/micropython/py/builtinimport.c',
'vendor/micropython/py/compile.c',
'vendor/micropython/py/emitbc.c',
'vendor/micropython/py/emitcommon.c',
'vendor/micropython/py/emitglue.c',
'vendor/micropython/py/emitinlinethumb.c',
'vendor/micropython/py/emitinlinextensa.c',
'vendor/micropython/py/formatfloat.c',
'vendor/micropython/py/frozenmod.c',
'vendor/micropython/py/lexer.c',
'vendor/micropython/py/malloc.c',
'vendor/micropython/py/map.c',
'vendor/micropython/py/modarray.c',
'vendor/micropython/py/modbuiltins.c',
'vendor/micropython/py/modgc.c',
'vendor/micropython/py/modmath.c',
'vendor/micropython/py/modmicropython.c',
'vendor/micropython/py/modstruct.c',
'vendor/micropython/py/modsys.c',
'vendor/micropython/py/mpprint.c',
'vendor/micropython/py/mpstate.c',
'vendor/micropython/py/mpz.c',
'vendor/micropython/py/nativeglue.c',
'vendor/micropython/py/obj.c',
'vendor/micropython/py/objarray.c',
'vendor/micropython/py/objattrtuple.c',
'vendor/micropython/py/objbool.c',
'vendor/micropython/py/objboundmeth.c',
'vendor/micropython/py/objcell.c',
'vendor/micropython/py/objclosure.c',
'vendor/micropython/py/objcomplex.c',
'vendor/micropython/py/objdict.c',
'vendor/micropython/py/objenumerate.c',
'vendor/micropython/py/objexcept.c',
'vendor/micropython/py/objfilter.c',
'vendor/micropython/py/objfloat.c',
'vendor/micropython/py/objfun.c',
'vendor/micropython/py/objgenerator.c',
'vendor/micropython/py/objgetitemiter.c',
'vendor/micropython/py/objint.c',
'vendor/micropython/py/objint_longlong.c',
'vendor/micropython/py/objint_mpz.c',
'vendor/micropython/py/objlist.c',
'vendor/micropython/py/objmap.c',
'vendor/micropython/py/objmodule.c',
'vendor/micropython/py/objnamedtuple.c',
'vendor/micropython/py/objnone.c',
'vendor/micropython/py/objobject.c',
'vendor/micropython/py/objpolyiter.c',
'vendor/micropython/py/objproperty.c',
'vendor/micropython/py/objrange.c',
'vendor/micropython/py/objreversed.c',
'vendor/micropython/py/objset.c',
'vendor/micropython/py/objsingleton.c',
'vendor/micropython/py/objslice.c',
'vendor/micropython/py/objstr.c',
'vendor/micropython/py/objstringio.c',
'vendor/micropython/py/objstrunicode.c',
'vendor/micropython/py/objtuple.c',
'vendor/micropython/py/objtype.c',
'vendor/micropython/py/objzip.c',
'vendor/micropython/py/opmethods.c',
'vendor/micropython/py/pairheap.c',
'vendor/micropython/py/parse.c',
'vendor/micropython/py/parsenum.c',
'vendor/micropython/py/parsenumbase.c',
'vendor/micropython/py/persistentcode.c',
'vendor/micropython/py/qstr.c',
'vendor/micropython/py/reader.c',
'vendor/micropython/py/repl.c',
'vendor/micropython/py/runtime.c',
'vendor/micropython/py/runtime_utils.c',
'vendor/micropython/py/scheduler.c',
'vendor/micropython/py/scope.c',
'vendor/micropython/py/sequence.c',
'vendor/micropython/py/showbc.c',
'vendor/micropython/py/smallint.c',
'vendor/micropython/py/stackctrl.c',
'vendor/micropython/py/stream.c',
'vendor/micropython/py/unicode.c',
'vendor/micropython/py/vstr.c',
'vendor/micropython/py/warning.c',
]
SOURCE_MICROPYTHON_SPEED = [
'vendor/micropython/py/gc.c',
'vendor/micropython/py/pystack.c',
'vendor/micropython/py/vm.c',
]
CPPDEFINES_MOD += ['USE_SVC_SHUTDOWN']
if FEATURE_FLAGS["RDI"]:
CPPDEFINES_MOD += ['RDI']
TRANSLATION_DATA = [
"translations/en.json",
"translations/order.json",
]
if THP:
CPPDEFINES_MOD += ['USE_THP']
SOURCE_MOD += [
'vendor/trezor-crypto/elligator2.c',
]
if STORAGE_INSECURE_TESTING_MODE:
CPPDEFINES_MOD += ['STORAGE_INSECURE_TESTING_MODE']
ui.init_ui(TREZOR_MODEL, "firmware", CPPDEFINES_MOD, SOURCE_MOD, RUST_UI_FEATURES)
SOURCE_QSTR = SOURCE_MOD + SOURCE_MICROPYTHON + SOURCE_MICROPYTHON_SPEED
env = Environment(
ENV=os.environ,
CFLAGS=f"{ARGUMENTS.get('CFLAGS', '')} -DPRODUCTION={int(PRODUCTION)} -DPYOPT={PYOPT} -DBOOTLOADER_QA={int(BOOTLOADER_QA)} -DBITCOIN_ONLY={BITCOIN_ONLY}",
CPPDEFINES_IMPLICIT=[],
CPPDEFPREFIX="-D'",
CPPDEFSUFFIX="'",
)
FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL)
FILE_SUFFIX= env.get('ENV')['SUFFIX']
SOURCE_FIRMWARE = [
'embed/projects/firmware/header.S',
'embed/projects/firmware/main.c',
'embed/projects/firmware/mphalport.c',
'embed/projects/firmware/nlrthumb.c',
f'embed/sys/startup/{FILE_SUFFIX}/startup_stage_4.s',
]
if 'sd_card' in FEATURES_AVAILABLE:
SDCARD = True
else:
SDCARD = False
env.Tool('micropython')
env.Replace(
CAT='cat',
DD='dd',
CP='cp',
SED='sed',
AS='arm-none-eabi-as',
AR='arm-none-eabi-ar',
CC='arm-none-eabi-gcc',
LINK='arm-none-eabi-gcc',
SIZE='arm-none-eabi-size',
STRIP='arm-none-eabi-strip',
OBJCOPY='arm-none-eabi-objcopy', )
env.Replace(
TREZOR_MODEL=TREZOR_MODEL,)
ALLPATHS = [
'.',
'embed/rust',
'embed/projects/firmware',
'embed/rtl/inc',
'embed/models',
'embed/gfx/inc',
'embed/sys/bsp/inc',
'embed/util/image/inc',
'embed/util/rsod/inc',
'embed/util/translations/inc',
'embed/upymod/modtrezorui',
'vendor/micropython',
] + CPPPATH_MOD + PATH_HAL
env.Replace(
COPT=env.get('ENV').get('OPTIMIZE', '-Os'),
CCFLAGS='$COPT '
'-g3 '
'-nostdlib '
'-std=gnu11 -Wall -Werror -Wdouble-promotion -Wpointer-arith -Wno-missing-braces -fno-common '
'-fsingle-precision-constant -fdata-sections -ffunction-sections '
'-ffreestanding '
'-fstack-protector-all '
+ env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD,
CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB',
LINKFLAGS='-T build/firmware/memory.ld -Wl,--gc-sections -Wl,--print-memory-usage -Wl,-Map=build/firmware/firmware.map -Wl,--warn-common',
CPPPATH=ALLPATHS,
CPPDEFINES=[
'FIRMWARE',
'TREZOR_MODEL_'+TREZOR_MODEL,
'USE_HAL_DRIVER',
'ARM_USER_MODE',
ui.get_ui_layout(TREZOR_MODEL),
] + CPPDEFINES_MOD + CPPDEFINES_HAL,
ASFLAGS=env.get('ENV')['CPU_ASFLAGS'],
ASPPFLAGS='$CFLAGS $CCFLAGS',
)
env.Replace(
HEADERTOOL='headertool',
PYTHON='python',
MAKEQSTRDATA='$PYTHON vendor/micropython/py/makeqstrdata.py',
MAKEVERSIONHDR='$PYTHON vendor/micropython/py/makeversionhdr.py',
MAKEMODULEDEFS='$PYTHON vendor/micropython/py/makemoduledefs.py',
MAKECMAKELISTS='$PYTHON tools/make_cmakelists.py',
MPY_TOOL='$PYTHON vendor/micropython/tools/mpy-tool.py',
MPY_CROSS='vendor/micropython/mpy-cross/mpy-cross -O' + PYOPT,
PB2PY='$PYTHON ../common/protob/pb2py',
)
#
# Qstrings
#
PROTO_SOURCES_DIR = '../../../common/protob/'
exclude_list = [PROTO_SOURCES_DIR + 'messages-bootloader.proto']
if not THP:
exclude_list.append(PROTO_SOURCES_DIR + 'messages-thp.proto')
PROTO_SOURCES = Glob(PROTO_SOURCES_DIR + '*.proto',
exclude=exclude_list
)
qstr_protobuf = env.Command(
target=[
'genhdr/qstrdefs.protobuf.h',
],
source=PROTO_SOURCES,
action='$PB2PY $SOURCES --qstr-out ${TARGET} --bitcoin-only=%s' % BITCOIN_ONLY,
)
qstr_micropython = 'vendor/micropython/py/qstrdefs.h'
micropy_defines = env.MicroPyDefines(source=SOURCE_QSTR)
qstr_collected = env.CollectQstr(
target='genhdr/qstrdefs.collected.h', source=micropy_defines)
qstr_preprocessed = env.PreprocessQstr(
target='genhdr/qstrdefs.preprocessed.h',
source=[qstr_micropython, qstr_protobuf, qstr_collected])
qstr_generated = env.GenerateQstrDefs(
target='genhdr/qstrdefs.generated.h', source=qstr_preprocessed)
env.Ignore(qstr_collected, qstr_generated)
#
# Micropython module declarations
#
moduledefs_collected = env.CollectModules(
target='genhdr/moduledefs.collected.h', source=micropy_defines)
hdr_moduledefs = env.Command(
target='genhdr/moduledefs.h',
source=moduledefs_collected,
action='$MAKEMODULEDEFS $SOURCE > $TARGET', )
env.Ignore(micropy_defines, micropy_defines)
env.Ignore(micropy_defines, qstr_generated)
env.Ignore(micropy_defines, hdr_moduledefs)
#
# Micropython version
#
hdr_version = env.Command(
target='genhdr/mpversion.h',
source='',
action='$MAKEVERSIONHDR $TARGET', )
env.Ignore(hdr_moduledefs, hdr_moduledefs)
env.Ignore(hdr_moduledefs, qstr_collected)
env.Ignore(hdr_moduledefs, qstr_preprocessed)
env.Ignore(hdr_moduledefs, qstr_generated)
#
# Frozen modules
#
if FROZEN:
SOURCE_PY_DIR = 'src/'
SOURCE_PY = Glob(SOURCE_PY_DIR + '*.py')
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/*.py',
exclude=[
SOURCE_PY_DIR + 'trezor/sdcard.py',
] if not SDCARD else []
))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/crypto/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/ui/*.py'))
# UI layouts - common files and then model-specific. Exclude FIDO when BTC-only.
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/ui/layouts/*.py',
exclude=[
SOURCE_PY_DIR + 'trezor/ui/layouts/fido.py',
] if not EVERYTHING else []
))
layout_path = ui.get_ui_layout_path(TREZOR_MODEL)
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + layout_path + '*.py',
exclude=[
SOURCE_PY_DIR + layout_path + 'fido.py',
] if not EVERYTHING else []
))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/wire/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/wire/codec/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'storage/*.py',
exclude=[
SOURCE_PY_DIR + 'storage/sd_salt.py',
] if not SDCARD else []
))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/messages/__init__.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/*.py',
exclude=[
SOURCE_PY_DIR + 'trezor/enums/Binance*.py',
SOURCE_PY_DIR + 'trezor/enums/Cardano*.py',
SOURCE_PY_DIR + 'trezor/enums/DebugMonero*.py',
SOURCE_PY_DIR + 'trezor/enums/Eos*.py',
SOURCE_PY_DIR + 'trezor/enums/Ethereum*.py',
SOURCE_PY_DIR + 'trezor/enums/Monero*.py',
SOURCE_PY_DIR + 'trezor/enums/NEM*.py',
SOURCE_PY_DIR + 'trezor/enums/Ripple*.py',
SOURCE_PY_DIR + 'trezor/enums/Solana*.py',
SOURCE_PY_DIR + 'trezor/enums/Stellar*.py',
SOURCE_PY_DIR + 'trezor/enums/Tezos*.py',
SOURCE_PY_DIR + 'trezor/enums/Zcash*.py',
])
)
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/common/*.py',
exclude=[
SOURCE_PY_DIR + 'apps/common/sdcard.py',
] if not SDCARD else []
))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/debug/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/homescreen/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/management/*.py',
exclude=[
SOURCE_PY_DIR + 'apps/management/sd_protect.py',
] if not SDCARD else [])
)
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/management/*/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/misc/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/bitcoin/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/bitcoin/*/*.py',
exclude=[
SOURCE_PY_DIR + 'apps/bitcoin/sign_tx/decred.py',
SOURCE_PY_DIR + 'apps/bitcoin/sign_tx/bitcoinlike.py',
SOURCE_PY_DIR + 'apps/bitcoin/sign_tx/zcash_v4.py',
])
)
if BENCHMARK:
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/benchmark/*.py'))
if THP:
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/thp/*.py'))
if EVERYTHING:
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/binance/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Binance*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/cardano/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/cardano/*/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Cardano*.py'))
if TREZOR_MODEL == "T":
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/eos/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/eos/*/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Eos*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/ethereum/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Ethereum*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/monero/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/monero/*/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/monero/*/*/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/DebugMonero*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Monero*.py'))
if TREZOR_MODEL == "T":
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/nem/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/nem/*/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/NEM*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/ripple/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Ripple*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/solana/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/solana/*/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Solana*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/stellar/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/stellar/*/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Stellar*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/tezos/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Tezos*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/zcash/*.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/webauthn/*.py'))
if TREZOR_MODEL == "T":
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/bitcoin/sign_tx/decred.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/bitcoin/sign_tx/bitcoinlike.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'apps/bitcoin/sign_tx/zcash_v4.py'))
SOURCE_PY.extend(Glob(SOURCE_PY_DIR + 'trezor/enums/Zcash*.py'))
source_mpy = env.FrozenModule(
source=SOURCE_PY,
source_dir=SOURCE_PY_DIR,
bitcoin_only=BITCOIN_ONLY,
backlight='backlight' in FEATURES_AVAILABLE,
optiga='optiga' in FEATURES_AVAILABLE,
use_button='button' in FEATURES_AVAILABLE,
use_touch='touch' in FEATURES_AVAILABLE,
ui_layout=ui.get_ui_layout(TREZOR_MODEL),
thp=THP,
)
source_mpyc = env.FrozenCFile(
target='frozen_mpy.c', source=source_mpy, qstr_header=qstr_preprocessed)
env.Depends(source_mpyc, qstr_generated)
#
# Program objects
#
source_files = SOURCE_MOD + SOURCE_MOD_CRYPTO + SOURCE_FIRMWARE + SOURCE_MICROPYTHON + SOURCE_MICROPYTHON_SPEED + SOURCE_HAL
obj_program = []
obj_program.extend(env.Object(source=SOURCE_MOD))
obj_program.extend(env.Object(source=SOURCE_MOD_CRYPTO, CCFLAGS='$CCFLAGS -ftrivial-auto-var-init=zero'))
if FEATURE_FLAGS["SECP256K1_ZKP"]:
obj_program.extend(env.Object(source=SOURCE_MOD_SECP256K1_ZKP, CCFLAGS='$CCFLAGS -Wno-unused-function'))
source_files.extend(SOURCE_MOD_SECP256K1_ZKP)
obj_program.extend(env.Object(source=SOURCE_FIRMWARE))
obj_program.extend(env.Object(source=SOURCE_MICROPYTHON))
obj_program.extend(env.Object(source=SOURCE_MICROPYTHON_SPEED, COPT='-O3'))
obj_program.extend(env.Object(source=SOURCE_HAL))
if FROZEN:
obj_program.extend(env.Object(source=source_mpyc))
env.Replace(
ALLSOURCES=source_files,
ALLDEFS=tools.get_defs_for_cmake(env['CPPDEFINES'] + env['CPPDEFINES_IMPLICIT'] + [f"PRODUCTION={int(PRODUCTION)}", f"BOOTLOADER_QA={int(BOOTLOADER_QA)}", f"PYOPT={PYOPT}", f"BITCOIN_ONLY={BITCOIN_ONLY}"]))
cmake_gen = env.Command(
target='CMakeLists.txt',
source='',
action='$MAKECMAKELISTS --sources $ALLSOURCES --dirs $CPPPATH --defs $ALLDEFS',
)
#
# Rust library
#
protobuf_blobs = env.Command(
target=[
'rust/proto_enums.data',
'rust/proto_msgs.data',
'rust/proto_names.data',
'rust/proto_wire.data',
],
source=PROTO_SOURCES,
action='$PB2PY --bitcoin-only=%s --blob-outdir ${TARGET.dir} $SOURCES --qstr-defs build/firmware/genhdr/qstrdefs.generated.h' % BITCOIN_ONLY,
)
env.Depends(protobuf_blobs, qstr_generated)
RUST_PROFILE = 'release'
RUST_LIB = 'trezor_lib'
RUST_LIBDIR = f'build/firmware/rust/{env.get("ENV")["RUST_TARGET"]}/{RUST_PROFILE}'
RUST_LIBPATH = f'{RUST_LIBDIR}/lib{RUST_LIB}.a'
def cargo_build():
# Determine the profile build flags.
if RUST_PROFILE == 'release':
profile = '--release'
else:
profile = ''
features = ['micropython', 'protobuf']
if EVERYTHING:
features.append('universal_fw')
features.extend(RUST_UI_FEATURES)
features.append('ui')
features.append('translations')
if PYOPT == '0':
features.append('debug')
features.append('ui_debug')
features.extend(FEATURES_AVAILABLE)
cargo_opts = [
f'--target={env.get("ENV")["RUST_TARGET"]}',
f'--target-dir=../../build/firmware/rust',
'--no-default-features',
'--features ' + ','.join(features),
'-Z build-std=core',
'-Z build-std-features=panic_immediate_abort',
]
env.get('ENV')['TREZOR_MODEL'] = TREZOR_MODEL
bindgen_macros = tools.get_bindgen_defines(env.get("CPPDEFINES"), ALLPATHS)
build_dir = str(Dir('.').abspath)
return f'export BINDGEN_MACROS={shlex.quote(bindgen_macros)}; export BUILD_DIR=\'{build_dir}\'; cd embed/rust; cargo build {profile} ' + ' '.join(cargo_opts)
rust = env.Command(
target=RUST_LIBPATH,
source='',
action=cargo_build(), )
env.Depends(rust, protobuf_blobs)
env.Depends(rust, TRANSLATION_DATA)
env.Append(LINKFLAGS=f' -L{RUST_LIBDIR}')
env.Append(LINKFLAGS=f' -l{RUST_LIB}')
MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL)
BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
if BOOTLOADER_QA or BOOTLOADER_DEVEL:
BOOTLOADER_SUFFIX += '_qa'
# select vendor header
if BOOTLOADER_QA or BOOTLOADER_DEVEL:
vendor = "dev_DO_NOT_SIGN_signed_dev"
elif not PRODUCTION:
vendor = "unsafe_signed_prod"
else:
if TREZOR_MODEL in ('T',):
vendor = "satoshilabs_signed_prod"
elif BITCOIN_ONLY == '1':
vendor = "trezor_btconly_signed_prod"
else:
vendor = "trezor_signed_prod"
VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_{vendor}.bin'
tools.embed_raw_binary(
obj_program,
env,
'vendorheader',
'embed/projects/firmware/vendorheader.o',
VENDORHEADER,
)
tools.embed_raw_binary(
obj_program,
env,
'kernel',
'build/kernel/kernel.o',
f'build/kernel/kernel.bin',
)
env.Depends(obj_program, qstr_generated)
linkerscript_gen = env.Command(
target='memory.ld',
source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='firmware')],
action='$CAT $SOURCES > $TARGET',
)
program_elf = env.Command(
target='firmware.elf',
source=obj_program,
action=
'$LINK -o $TARGET $CCFLAGS $CFLAGS $SOURCES $LINKFLAGS -lc_nano -lm -lgcc',
)
env.Depends(program_elf, linkerscript_gen)
if CMAKELISTS != 0:
env.Depends(program_elf, cmake_gen)
env.Depends(program_elf, rust)
BINARY_NAME = f"build/firmware/firmware-{MODEL_IDENTIFIER}"
if not EVERYTHING:
BINARY_NAME += "-btconly"
BINARY_NAME += "-" + tools.get_version('embed/projects/firmware/version.h')
BINARY_NAME += "-" + tools.get_git_revision_short_hash()
BINARY_NAME += "-dirty" if tools.get_git_modified() else ""
BINARY_NAME += ".bin"
if 'STM32F427xx' in CPPDEFINES_HAL or 'STM32F429xx' in CPPDEFINES_HAL:
action_bin=[
'$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data -j .confidential --pad-to 0x08100000 $SOURCE ${TARGET}.p1',
'$OBJCOPY -O binary -j .flash2 $SOURCE ${TARGET}.p2',
'$CAT ${TARGET}.p1 ${TARGET}.p2 > $TARGET',
'$HEADERTOOL -h $TARGET ' + ('-D' if not PRODUCTION else ''),
'$DD if=$TARGET of=${TARGET}.p1 skip=0 bs=128k count=6',
'$CP $TARGET ' + BINARY_NAME,
]
elif 'STM32U5G9xx' in CPPDEFINES_HAL or 'STM32U585xx' in CPPDEFINES_HAL:
action_bin=[
'$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data -j .confidential $SOURCE ${TARGET}',
'$HEADERTOOL -h $TARGET ' + ('-D' if not PRODUCTION else ''),
'$CP $TARGET ' + BINARY_NAME,
]
else:
raise Exception("Unknown MCU")
if STORAGE_INSECURE_TESTING_MODE:
INSECURE_TESTING_MODE_STR = """
#########################################################
# STORAGE_INSECURE_TESTING_MODE enabled, DO NOT USE #
#########################################################
"""
action_bin.append(INSECURE_TESTING_MODE_STR)
program_bin = env.Command(
target='firmware.bin',
source=program_elf,
action=action_bin,
)