mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-03 20:11:00 +00:00
b35854471b
Here we change all FOO=VALUE defines to be tuples ("FOO", "VALUE"). Also, VALUE is always the raw string you want to end up in the C file, instead of attempting to shell-escape it while specifying. By all rights scons _should_ be using shlex.quote() on the CPPDEFINES, but it doesn't, so we hack it by specifying the define prefix as `-D'` and suffix as `'`. That way the arguments in shell are '-escaped, and we're (currently) not using ' in any argument value so this should work fine. At the same time, when passing the flags to cargo, we can shlex.quote the whole thing and get the right strings passed all the way into build.rs -- as long as no argument contains a comma, which is the split character...
245 lines
7.4 KiB
Plaintext
245 lines
7.4 KiB
Plaintext
# pylint: disable=E0602
|
|
|
|
import os
|
|
import tools, models, ui
|
|
|
|
TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T')
|
|
CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0))
|
|
PRODUCTION = ARGUMENTS.get('PRODUCTION', '0') == '1'
|
|
BOOTLOADER_DEVEL = ARGUMENTS.get('BOOTLOADER_DEVEL', '0') == '1'
|
|
HW_REVISION = ARGUMENTS.get('HW_REVISION', None)
|
|
|
|
FEATURES_WANTED = ["input", "sbu", "sd_card", "rdb_led", "usb", "consumption_mask", "optiga", "haptic"]
|
|
|
|
CCFLAGS_MOD = ''
|
|
CPPPATH_MOD = []
|
|
CPPDEFINES_MOD = [
|
|
'KERNEL_MODE',
|
|
'AES_128',
|
|
'USE_INSECURE_PRNG',
|
|
]
|
|
SOURCE_MOD = []
|
|
SOURCE_MOD_CRYPTO = []
|
|
CPPDEFINES_HAL = []
|
|
SOURCE_HAL = []
|
|
PATH_HAL = []
|
|
RUST_UI_FEATURES = []
|
|
|
|
# modtrezorcrypto
|
|
CPPPATH_MOD += [
|
|
'vendor/trezor-crypto',
|
|
'vendor/trezor-storage',
|
|
]
|
|
SOURCE_MOD += [
|
|
'vendor/trezor-storage/flash_area.c',
|
|
]
|
|
SOURCE_MOD_CRYPTO += [
|
|
'vendor/trezor-crypto/aes/aes_modes.c',
|
|
'vendor/trezor-crypto/aes/aesccm.c',
|
|
'vendor/trezor-crypto/aes/aescrypt.c',
|
|
'vendor/trezor-crypto/aes/aeskey.c',
|
|
'vendor/trezor-crypto/aes/aestab.c',
|
|
'vendor/trezor-crypto/bignum.c',
|
|
'vendor/trezor-crypto/buffer.c',
|
|
'vendor/trezor-crypto/chacha_drbg.c',
|
|
'vendor/trezor-crypto/chacha20poly1305/chacha_merged.c',
|
|
'vendor/trezor-crypto/der.c',
|
|
'vendor/trezor-crypto/ecdsa.c',
|
|
'vendor/trezor-crypto/hmac.c',
|
|
'vendor/trezor-crypto/hmac_drbg.c',
|
|
'vendor/trezor-crypto/memzero.c',
|
|
'vendor/trezor-crypto/nist256p1.c',
|
|
'vendor/trezor-crypto/rand.c',
|
|
'vendor/trezor-crypto/rfc6979.c',
|
|
'vendor/trezor-crypto/secp256k1.c',
|
|
'vendor/trezor-crypto/sha2.c',
|
|
'vendor/trezor-crypto/tls_prf.c',
|
|
]
|
|
|
|
# modtrezorui
|
|
CPPPATH_MOD += [
|
|
'vendor/micropython/lib/uzlib',
|
|
]
|
|
|
|
SOURCE_MOD += [
|
|
'embed/gfx/bitblt/gfx_bitblt.c',
|
|
'embed/gfx/bitblt/gfx_bitblt_rgb565.c',
|
|
'embed/gfx/bitblt/gfx_bitblt_rgba8888.c',
|
|
'embed/gfx/bitblt/gfx_bitblt_mono8.c',
|
|
'embed/gfx/fonts/font_bitmap.c',
|
|
'embed/gfx/fonts/fonts.c',
|
|
'embed/gfx/gfx_color.c',
|
|
'embed/gfx/gfx_draw.c',
|
|
'embed/gfx/terminal.c',
|
|
'embed/gfx/qrcode/qrcodegen.c',
|
|
'embed/io/display/display_utils.c',
|
|
'embed/util/image/image.c',
|
|
'embed/util/rsod/rsod.c',
|
|
'embed/rtl/error_handling.c',
|
|
'embed/rtl/mini_printf.c',
|
|
'vendor/micropython/lib/uzlib/adler32.c',
|
|
'vendor/micropython/lib/uzlib/crc32.c',
|
|
'vendor/micropython/lib/uzlib/tinflate.c',
|
|
]
|
|
|
|
ui.init_ui(TREZOR_MODEL, "prodtest", CPPDEFINES_MOD, SOURCE_MOD, RUST_UI_FEATURES)
|
|
|
|
env = Environment(
|
|
ENV=os.environ,
|
|
CFLAGS='%s -DPRODUCTION=%s' % (ARGUMENTS.get('CFLAGS', ''), ARGUMENTS.get('PRODUCTION', '0')),
|
|
CPPDEFINES_IMPLICIT=[],
|
|
CPPDEFPREFIX="-D'",
|
|
CPPDEFSUFFIX="'",
|
|
)
|
|
|
|
FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL)
|
|
|
|
FILE_SUFFIX= env.get('ENV')['SUFFIX']
|
|
|
|
|
|
SOURCE_PRODTEST = [
|
|
f'embed/sys/startup/{FILE_SUFFIX}/startup_stage_2.s',
|
|
'embed/projects/prodtest/header.S',
|
|
'embed/projects/prodtest/main.c',
|
|
'embed/projects/prodtest/prodtest_common.c',
|
|
]
|
|
|
|
if 'optiga' in FEATURES_AVAILABLE:
|
|
SOURCE_PRODTEST += [
|
|
'embed/projects/prodtest/optiga_prodtest.c',
|
|
]
|
|
|
|
env.Replace(
|
|
CAT='cat',
|
|
CP='cp',
|
|
AS='arm-none-eabi-as',
|
|
AR='arm-none-eabi-ar',
|
|
CC='arm-none-eabi-gcc',
|
|
LINK='arm-none-eabi-gcc',
|
|
SIZE='arm-none-eabi-size',
|
|
STRIP='arm-none-eabi-strip',
|
|
OBJCOPY='arm-none-eabi-objcopy',
|
|
PYTHON='python',
|
|
MAKECMAKELISTS='$PYTHON tools/make_cmakelists.py',)
|
|
|
|
env.Replace(
|
|
TREZOR_MODEL=TREZOR_MODEL, )
|
|
|
|
env.Replace(
|
|
COPT=env.get('ENV').get('OPTIMIZE', '-Os'),
|
|
CCFLAGS='$COPT '
|
|
'-g3 '
|
|
'-nostdlib '
|
|
'-std=gnu11 -Wall -Werror -Wdouble-promotion -Wpointer-arith -Wno-missing-braces -fno-common '
|
|
'-fsingle-precision-constant -fdata-sections -ffunction-sections '
|
|
'-ffreestanding '
|
|
'-fstack-protector-all '
|
|
+ env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD,
|
|
CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB',
|
|
LINKFLAGS=f'-T build/prodtest/memory.ld -Wl,--gc-sections -Wl,-Map=build/prodtest/prodtest.map -Wl,--warn-common',
|
|
CPPPATH=[
|
|
'embed/projects/prodtest',
|
|
'embed/rtl/inc',
|
|
'embed/models',
|
|
'embed/gfx/inc',
|
|
'embed/sys/bsp/inc',
|
|
'embed/util/image/inc',
|
|
'embed/util/rsod/inc',
|
|
'embed/upymod/modtrezorui',
|
|
] + CPPPATH_MOD + PATH_HAL,
|
|
CPPDEFINES=[
|
|
'TREZOR_PRODTEST',
|
|
'TREZOR_MODEL_'+TREZOR_MODEL,
|
|
'ARM_USER_MODE',
|
|
'USE_HAL_DRIVER',
|
|
] + CPPDEFINES_MOD + CPPDEFINES_HAL,
|
|
ASFLAGS=env.get('ENV')['CPU_ASFLAGS'],
|
|
ASPPFLAGS='$CFLAGS $CCFLAGS',
|
|
)
|
|
|
|
env.Replace(
|
|
HEADERTOOL='headertool',
|
|
)
|
|
|
|
|
|
env.Replace(
|
|
ALLSOURCES=SOURCE_MOD + SOURCE_MOD_CRYPTO + SOURCE_PRODTEST + SOURCE_HAL,
|
|
ALLDEFS=tools.get_defs_for_cmake(env['CPPDEFINES'] + env['CPPDEFINES_IMPLICIT']))
|
|
|
|
cmake_gen = env.Command(
|
|
target='CMakeLists.txt',
|
|
source='',
|
|
action='$MAKECMAKELISTS --sources $ALLSOURCES --dirs $CPPPATH --defs $ALLDEFS',
|
|
)
|
|
|
|
|
|
#
|
|
# Program objects
|
|
#
|
|
|
|
obj_program = []
|
|
obj_program.extend(env.Object(source=SOURCE_MOD))
|
|
obj_program.extend(env.Object(source=SOURCE_MOD_CRYPTO, CCFLAGS='$CCFLAGS -ftrivial-auto-var-init=zero'))
|
|
obj_program.extend(env.Object(source=SOURCE_PRODTEST))
|
|
obj_program.extend(env.Object(source=SOURCE_HAL))
|
|
|
|
MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL)
|
|
|
|
|
|
if (vh := ARGUMENTS.get("VENDOR_HEADER", None)):
|
|
VENDORHEADER = vh
|
|
elif (vh := os.environ.get("VENDOR_HEADER", None)):
|
|
# TODO looking at envvars in a build script is not very nice. But justifiable in case
|
|
# of vendor header which does not affect reproducibility of the build. Nonetheless,
|
|
# we should figure out a cleaner way to pass in this argument, without having to teach
|
|
# the Makefile about it.
|
|
VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/{vh}'
|
|
elif PRODUCTION:
|
|
VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_prodtest_signed_prod.bin'
|
|
elif BOOTLOADER_DEVEL:
|
|
VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin'
|
|
else:
|
|
VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_unsafe_signed_prod.bin'
|
|
|
|
|
|
tools.embed_raw_binary(
|
|
obj_program,
|
|
env,
|
|
'vendorheader',
|
|
'embed/projects/firmware/vendorheader.o',
|
|
VENDORHEADER,
|
|
)
|
|
|
|
linkerscript_gen = env.Command(
|
|
target='memory.ld',
|
|
source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='prodtest')],
|
|
action='$CAT $SOURCES > $TARGET',
|
|
)
|
|
|
|
program_elf = env.Command(
|
|
target='prodtest.elf',
|
|
source=obj_program,
|
|
action=
|
|
'$LINK -o $TARGET $CCFLAGS $CFLAGS $LINKFLAGS $SOURCES -lc_nano -lgcc',
|
|
)
|
|
|
|
env.Depends(program_elf, linkerscript_gen)
|
|
|
|
BINARY_NAME = f"build/prodtest/prodtest-{models.get_model_identifier(TREZOR_MODEL)}"
|
|
BINARY_NAME += "-" + tools.get_version('embed/projects/prodtest/version.h')
|
|
BINARY_NAME += "-" + tools.get_git_revision_short_hash()
|
|
BINARY_NAME += "-dirty" if tools.get_git_modified() else ""
|
|
BINARY_NAME += ".bin"
|
|
|
|
if CMAKELISTS != 0:
|
|
env.Depends(program_elf, cmake_gen)
|
|
|
|
program_bin = env.Command(
|
|
target='prodtest.bin',
|
|
source=program_elf,
|
|
action=[
|
|
'$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data -j .confidential $SOURCE $TARGET',
|
|
'$HEADERTOOL $TARGET ' + ('-D' if ARGUMENTS.get('PRODUCTION', '0') == '0' else ''),
|
|
'$CP $TARGET ' + BINARY_NAME,
|
|
], )
|