1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-03 20:11:00 +00:00
trezor-firmware/core/SConscript.prodtest
matejcik b35854471b build(core): improve CPPDEFINES quoting
Here we change all FOO=VALUE defines to be tuples ("FOO", "VALUE").
Also, VALUE is always the raw string you want to end up in the C file,
instead of attempting to shell-escape it while specifying.

By all rights scons _should_ be using shlex.quote() on the CPPDEFINES,
but it doesn't, so we hack it by specifying the define prefix as `-D'`
and suffix as `'`. That way the arguments in shell are '-escaped, and
we're (currently) not using ' in any argument value so this should work
fine.

At the same time, when passing the flags to cargo, we can shlex.quote
the whole thing and get the right strings passed all the way into
build.rs -- as long as no argument contains a comma, which is the split
character...
2024-11-21 14:33:52 +01:00

245 lines
7.4 KiB
Plaintext

# pylint: disable=E0602
import os
import tools, models, ui
TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T')
CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0))
PRODUCTION = ARGUMENTS.get('PRODUCTION', '0') == '1'
BOOTLOADER_DEVEL = ARGUMENTS.get('BOOTLOADER_DEVEL', '0') == '1'
HW_REVISION = ARGUMENTS.get('HW_REVISION', None)
FEATURES_WANTED = ["input", "sbu", "sd_card", "rdb_led", "usb", "consumption_mask", "optiga", "haptic"]
CCFLAGS_MOD = ''
CPPPATH_MOD = []
CPPDEFINES_MOD = [
'KERNEL_MODE',
'AES_128',
'USE_INSECURE_PRNG',
]
SOURCE_MOD = []
SOURCE_MOD_CRYPTO = []
CPPDEFINES_HAL = []
SOURCE_HAL = []
PATH_HAL = []
RUST_UI_FEATURES = []
# modtrezorcrypto
CPPPATH_MOD += [
'vendor/trezor-crypto',
'vendor/trezor-storage',
]
SOURCE_MOD += [
'vendor/trezor-storage/flash_area.c',
]
SOURCE_MOD_CRYPTO += [
'vendor/trezor-crypto/aes/aes_modes.c',
'vendor/trezor-crypto/aes/aesccm.c',
'vendor/trezor-crypto/aes/aescrypt.c',
'vendor/trezor-crypto/aes/aeskey.c',
'vendor/trezor-crypto/aes/aestab.c',
'vendor/trezor-crypto/bignum.c',
'vendor/trezor-crypto/buffer.c',
'vendor/trezor-crypto/chacha_drbg.c',
'vendor/trezor-crypto/chacha20poly1305/chacha_merged.c',
'vendor/trezor-crypto/der.c',
'vendor/trezor-crypto/ecdsa.c',
'vendor/trezor-crypto/hmac.c',
'vendor/trezor-crypto/hmac_drbg.c',
'vendor/trezor-crypto/memzero.c',
'vendor/trezor-crypto/nist256p1.c',
'vendor/trezor-crypto/rand.c',
'vendor/trezor-crypto/rfc6979.c',
'vendor/trezor-crypto/secp256k1.c',
'vendor/trezor-crypto/sha2.c',
'vendor/trezor-crypto/tls_prf.c',
]
# modtrezorui
CPPPATH_MOD += [
'vendor/micropython/lib/uzlib',
]
SOURCE_MOD += [
'embed/gfx/bitblt/gfx_bitblt.c',
'embed/gfx/bitblt/gfx_bitblt_rgb565.c',
'embed/gfx/bitblt/gfx_bitblt_rgba8888.c',
'embed/gfx/bitblt/gfx_bitblt_mono8.c',
'embed/gfx/fonts/font_bitmap.c',
'embed/gfx/fonts/fonts.c',
'embed/gfx/gfx_color.c',
'embed/gfx/gfx_draw.c',
'embed/gfx/terminal.c',
'embed/gfx/qrcode/qrcodegen.c',
'embed/io/display/display_utils.c',
'embed/util/image/image.c',
'embed/util/rsod/rsod.c',
'embed/rtl/error_handling.c',
'embed/rtl/mini_printf.c',
'vendor/micropython/lib/uzlib/adler32.c',
'vendor/micropython/lib/uzlib/crc32.c',
'vendor/micropython/lib/uzlib/tinflate.c',
]
ui.init_ui(TREZOR_MODEL, "prodtest", CPPDEFINES_MOD, SOURCE_MOD, RUST_UI_FEATURES)
env = Environment(
ENV=os.environ,
CFLAGS='%s -DPRODUCTION=%s' % (ARGUMENTS.get('CFLAGS', ''), ARGUMENTS.get('PRODUCTION', '0')),
CPPDEFINES_IMPLICIT=[],
CPPDEFPREFIX="-D'",
CPPDEFSUFFIX="'",
)
FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL)
FILE_SUFFIX= env.get('ENV')['SUFFIX']
SOURCE_PRODTEST = [
f'embed/sys/startup/{FILE_SUFFIX}/startup_stage_2.s',
'embed/projects/prodtest/header.S',
'embed/projects/prodtest/main.c',
'embed/projects/prodtest/prodtest_common.c',
]
if 'optiga' in FEATURES_AVAILABLE:
SOURCE_PRODTEST += [
'embed/projects/prodtest/optiga_prodtest.c',
]
env.Replace(
CAT='cat',
CP='cp',
AS='arm-none-eabi-as',
AR='arm-none-eabi-ar',
CC='arm-none-eabi-gcc',
LINK='arm-none-eabi-gcc',
SIZE='arm-none-eabi-size',
STRIP='arm-none-eabi-strip',
OBJCOPY='arm-none-eabi-objcopy',
PYTHON='python',
MAKECMAKELISTS='$PYTHON tools/make_cmakelists.py',)
env.Replace(
TREZOR_MODEL=TREZOR_MODEL, )
env.Replace(
COPT=env.get('ENV').get('OPTIMIZE', '-Os'),
CCFLAGS='$COPT '
'-g3 '
'-nostdlib '
'-std=gnu11 -Wall -Werror -Wdouble-promotion -Wpointer-arith -Wno-missing-braces -fno-common '
'-fsingle-precision-constant -fdata-sections -ffunction-sections '
'-ffreestanding '
'-fstack-protector-all '
+ env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD,
CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB',
LINKFLAGS=f'-T build/prodtest/memory.ld -Wl,--gc-sections -Wl,-Map=build/prodtest/prodtest.map -Wl,--warn-common',
CPPPATH=[
'embed/projects/prodtest',
'embed/rtl/inc',
'embed/models',
'embed/gfx/inc',
'embed/sys/bsp/inc',
'embed/util/image/inc',
'embed/util/rsod/inc',
'embed/upymod/modtrezorui',
] + CPPPATH_MOD + PATH_HAL,
CPPDEFINES=[
'TREZOR_PRODTEST',
'TREZOR_MODEL_'+TREZOR_MODEL,
'ARM_USER_MODE',
'USE_HAL_DRIVER',
] + CPPDEFINES_MOD + CPPDEFINES_HAL,
ASFLAGS=env.get('ENV')['CPU_ASFLAGS'],
ASPPFLAGS='$CFLAGS $CCFLAGS',
)
env.Replace(
HEADERTOOL='headertool',
)
env.Replace(
ALLSOURCES=SOURCE_MOD + SOURCE_MOD_CRYPTO + SOURCE_PRODTEST + SOURCE_HAL,
ALLDEFS=tools.get_defs_for_cmake(env['CPPDEFINES'] + env['CPPDEFINES_IMPLICIT']))
cmake_gen = env.Command(
target='CMakeLists.txt',
source='',
action='$MAKECMAKELISTS --sources $ALLSOURCES --dirs $CPPPATH --defs $ALLDEFS',
)
#
# Program objects
#
obj_program = []
obj_program.extend(env.Object(source=SOURCE_MOD))
obj_program.extend(env.Object(source=SOURCE_MOD_CRYPTO, CCFLAGS='$CCFLAGS -ftrivial-auto-var-init=zero'))
obj_program.extend(env.Object(source=SOURCE_PRODTEST))
obj_program.extend(env.Object(source=SOURCE_HAL))
MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL)
if (vh := ARGUMENTS.get("VENDOR_HEADER", None)):
VENDORHEADER = vh
elif (vh := os.environ.get("VENDOR_HEADER", None)):
# TODO looking at envvars in a build script is not very nice. But justifiable in case
# of vendor header which does not affect reproducibility of the build. Nonetheless,
# we should figure out a cleaner way to pass in this argument, without having to teach
# the Makefile about it.
VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/{vh}'
elif PRODUCTION:
VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_prodtest_signed_prod.bin'
elif BOOTLOADER_DEVEL:
VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin'
else:
VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_unsafe_signed_prod.bin'
tools.embed_raw_binary(
obj_program,
env,
'vendorheader',
'embed/projects/firmware/vendorheader.o',
VENDORHEADER,
)
linkerscript_gen = env.Command(
target='memory.ld',
source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='prodtest')],
action='$CAT $SOURCES > $TARGET',
)
program_elf = env.Command(
target='prodtest.elf',
source=obj_program,
action=
'$LINK -o $TARGET $CCFLAGS $CFLAGS $LINKFLAGS $SOURCES -lc_nano -lgcc',
)
env.Depends(program_elf, linkerscript_gen)
BINARY_NAME = f"build/prodtest/prodtest-{models.get_model_identifier(TREZOR_MODEL)}"
BINARY_NAME += "-" + tools.get_version('embed/projects/prodtest/version.h')
BINARY_NAME += "-" + tools.get_git_revision_short_hash()
BINARY_NAME += "-dirty" if tools.get_git_modified() else ""
BINARY_NAME += ".bin"
if CMAKELISTS != 0:
env.Depends(program_elf, cmake_gen)
program_bin = env.Command(
target='prodtest.bin',
source=program_elf,
action=[
'$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data -j .confidential $SOURCE $TARGET',
'$HEADERTOOL $TARGET ' + ('-D' if ARGUMENTS.get('PRODUCTION', '0') == '0' else ''),
'$CP $TARGET ' + BINARY_NAME,
], )