diff --git a/core/Makefile b/core/Makefile index ffb8893aa5a..8138e35b101 100644 --- a/core/Makefile +++ b/core/Makefile @@ -116,7 +116,8 @@ STORAGE_2_OFFSET := $(shell expr $(STORAGE_2_START) - $(FLASH_START)) OPENOCD = openocd -f interface/$(OPENOCD_INTERFACE).cfg -c "transport select $(OPENOCD_TRANSPORT)" -f $(OPENOCD_TARGET) -CFLAGS += -DSCM_REVISION='\"$(shell git rev-parse HEAD | sed 's:\(..\):\\x\1:g')\"' +SCM_REVISION = '$(shell git rev-parse HEAD)' +CFLAGS += -DSCM_REVISION_INIT='{$(shell echo ${SCM_REVISION} | sed 's:\(..\):0x\1,:g')}' TESTPATH = $(CURDIR)/../tests @@ -145,6 +146,7 @@ SCONS_VARS = \ PRODUCTION="$(PRODUCTION)" \ PYOPT="$(PYOPT)" \ QUIET_MODE="$(QUIET_MODE)" \ + SCM_REVISION="$(SCM_REVISION)" \ STORAGE_INSECURE_TESTING_MODE="$(STORAGE_INSECURE_TESTING_MODE)" \ THP="$(THP)" \ TREZOR_DISABLE_ANIMATION="$(TREZOR_DISABLE_ANIMATION)" \ diff --git a/core/SConscript.boardloader b/core/SConscript.boardloader index 103a73caf49..1e87eb20df4 100644 --- a/core/SConscript.boardloader +++ b/core/SConscript.boardloader @@ -65,6 +65,7 @@ SOURCE_MOD += [ 'embed/util/flash/flash_utils.c', 'embed/util/image/image.c', 'embed/util/rsod/rsod.c', + 'embed/util/scm_revision/scm_revision.c', 'embed/rtl/error_handling.c', 'embed/rtl/mini_printf.c', ] @@ -128,6 +129,7 @@ env.Replace( 'embed/sys/bsp/inc', 'embed/util/image/inc', 'embed/util/rsod/inc', + 'embed/util/scm_revision/inc', 'vendor/micropython/lib/cmsis/inc', ] + CPPPATH_MOD + PATH_HAL, CPPDEFINES=[ diff --git a/core/SConscript.bootloader b/core/SConscript.bootloader index ab1e3fcc085..cba4646a7b4 100644 --- a/core/SConscript.bootloader +++ b/core/SConscript.bootloader @@ -76,6 +76,7 @@ SOURCE_MOD += [ 'embed/util/flash/flash_utils.c', 'embed/util/image/image.c', 'embed/util/rsod/rsod.c', + 'embed/util/scm_revision/scm_revision.c', 'embed/rtl/error_handling.c', 'embed/rtl/mini_printf.c', 'vendor/micropython/lib/uzlib/adler32.c', @@ -142,6 +143,7 @@ ALLPATHS = [ 'embed/util/translations/inc', 'embed/util/image/inc', 'embed/util/rsod/inc', + 'embed/util/scm_revision/inc', 'embed/upymod/modtrezorui', 'vendor/nanopb', ] + CPPPATH_MOD + PATH_HAL diff --git a/core/SConscript.bootloader_ci b/core/SConscript.bootloader_ci index 144ed689be9..7cb2d65baa3 100644 --- a/core/SConscript.bootloader_ci +++ b/core/SConscript.bootloader_ci @@ -70,6 +70,7 @@ SOURCE_MOD += [ 'embed/util/flash/flash_utils.c', 'embed/util/image/image.c', 'embed/util/rsod/rsod.c', + 'embed/util/scm_revision/scm_revision.c', 'embed/rtl/error_handling.c', 'embed/rtl/mini_printf.c', 'vendor/micropython/lib/uzlib/adler32.c', @@ -145,6 +146,7 @@ env.Replace( 'embed/sys/bsp/inc', 'embed/util/image/inc', 'embed/util/rsod/inc', + 'embed/util/scm_revision/inc', 'embed/upymod/modtrezorui', 'vendor/nanopb', ] + CPPPATH_MOD + PATH_HAL, diff --git a/core/SConscript.bootloader_emu b/core/SConscript.bootloader_emu index 4d6bbbbbe92..c86949e8b49 100644 --- a/core/SConscript.bootloader_emu +++ b/core/SConscript.bootloader_emu @@ -82,6 +82,7 @@ SOURCE_MOD += [ 'embed/util/flash/flash_utils.c', 'embed/util/image/image.c', 'embed/util/rsod/rsod.c', + 'embed/util/scm_revision/scm_revision.c', 'embed/rtl/error_handling.c', 'embed/rtl/mini_printf.c', 'vendor/micropython/lib/uzlib/adler32.c', @@ -178,6 +179,7 @@ ALLPATHS = ['embed/rust', 'embed/util/flash/inc', 'embed/util/image/inc', 'embed/util/rsod/inc', + 'embed/util/scm_revision/inc', 'embed/util/translations/inc', 'embed/util/unit_properties/inc', 'vendor/nanopb', diff --git a/core/SConscript.firmware b/core/SConscript.firmware index bf7427ec610..74c30734152 100644 --- a/core/SConscript.firmware +++ b/core/SConscript.firmware @@ -4,6 +4,7 @@ import os import shlex import tools, models, ui +import random BITCOIN_ONLY = ARGUMENTS.get('BITCOIN_ONLY', '0') PRODUCTION = ARGUMENTS.get('PRODUCTION', '0') == '1' @@ -15,6 +16,7 @@ CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0)) PYOPT = ARGUMENTS.get('PYOPT', '1') DISABLE_OPTIGA = ARGUMENTS.get('DISABLE_OPTIGA', '0') == '1' HW_REVISION = ARGUMENTS.get('HW_REVISION', None) +SCM_REVISION = ARGUMENTS.get('SCM_REVISION', None) THP = ARGUMENTS.get('THP', '0') == '1' # Trezor-Host Protocol MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL) BENCHMARK = ARGUMENTS.get('BENCHMARK', '0') == '1' @@ -219,6 +221,7 @@ SOURCE_MOD += [ 'embed/util/image/image.c', 'embed/util/translations/translations.c', 'embed/util/rsod/rsod.c', + 'embed/util/scm_revision/scm_revision.c', 'embed/rtl/error_handling.c', 'embed/rtl/mini_printf.c', 'vendor/micropython/lib/uzlib/adler32.c', @@ -438,6 +441,7 @@ ALLPATHS = [ 'embed/sys/bsp/inc', 'embed/util/image/inc', 'embed/util/rsod/inc', + 'embed/util/scm_revision/inc', 'embed/util/translations/inc', 'embed/upymod/modtrezorui', 'vendor/micropython', @@ -722,6 +726,8 @@ obj_program.extend(env.Object(source=SOURCE_HAL)) if FROZEN: obj_program.extend(env.Object(source=source_mpyc)) +random.Random(SCM_REVISION).shuffle(obj_program) + env.Replace( ALLSOURCES=source_files, ALLDEFS=tools.get_defs_for_cmake(env['CPPDEFINES'] + env['CPPDEFINES_IMPLICIT'] + [f"PRODUCTION={int(PRODUCTION)}", f"BOOTLOADER_QA={int(BOOTLOADER_QA)}", f"PYOPT={PYOPT}", f"BITCOIN_ONLY={BITCOIN_ONLY}"])) diff --git a/core/SConscript.kernel b/core/SConscript.kernel index 1862f1ce4c5..232052785ea 100644 --- a/core/SConscript.kernel +++ b/core/SConscript.kernel @@ -250,7 +250,7 @@ if STORAGE_INSECURE_TESTING_MODE: env = Environment( ENV=os.environ, - CFLAGS=f"{ARGUMENTS.get('CFLAGS', '')} -DPRODUCTION={int(PRODUCTION)} -DPYOPT={PYOPT} -DBOOTLOADER_QA={int(BOOTLOADER_QA)} -DBITCOIN_ONLY={BITCOIN_ONLY}", + CFLAGS=f"{ARGUMENTS.get('CFLAGS', '')} -DPRODUCTION={int(PRODUCTION)} -DPYOPT={PYOPT} -DBOOTLOADER_QA={int(BOOTLOADER_QA)} -DBITCOIN_ONLY={BITCOIN_ONLY} -USCM_REVISION_INIT", CPPDEFINES_IMPLICIT=[], CPPDEFPREFIX="-D'", CPPDEFSUFFIX="'", diff --git a/core/SConscript.prodtest b/core/SConscript.prodtest index f039a24d683..88a593d999e 100644 --- a/core/SConscript.prodtest +++ b/core/SConscript.prodtest @@ -75,6 +75,7 @@ SOURCE_MOD += [ 'embed/io/display/display_utils.c', 'embed/util/image/image.c', 'embed/util/rsod/rsod.c', + 'embed/util/scm_revision/scm_revision.c', 'embed/rtl/error_handling.c', 'embed/rtl/mini_printf.c', 'vendor/micropython/lib/uzlib/adler32.c', @@ -145,6 +146,7 @@ env.Replace( 'embed/sys/bsp/inc', 'embed/util/image/inc', 'embed/util/rsod/inc', + 'embed/util/scm_revision/inc', 'embed/upymod/modtrezorui', ] + CPPPATH_MOD + PATH_HAL, CPPDEFINES=[ diff --git a/core/SConscript.reflash b/core/SConscript.reflash index c77a8e0706b..4d0ad53ff1d 100644 --- a/core/SConscript.reflash +++ b/core/SConscript.reflash @@ -60,6 +60,7 @@ SOURCE_MOD += [ 'embed/io/display/display_utils.c', 'embed/util/image/image.c', 'embed/util/rsod/rsod.c', + 'embed/util/scm_revision/scm_revision.c', 'embed/rtl/error_handling.c', 'embed/rtl/mini_printf.c', 'vendor/micropython/lib/uzlib/adler32.c', @@ -124,6 +125,7 @@ env.Replace( 'embed/sys/bsp/inc', 'embed/util/image/inc', 'embed/util/rsod/inc', + 'embed/util/scm_revision/inc', 'embed/upymod/modtrezorui', ] + CPPPATH_MOD + PATH_HAL, CPPDEFINES=[ diff --git a/core/SConscript.unix b/core/SConscript.unix index a7d98ad47c7..e4f1ca56b08 100644 --- a/core/SConscript.unix +++ b/core/SConscript.unix @@ -219,6 +219,7 @@ SOURCE_MOD += [ 'embed/util/image/image.c', 'embed/util/translations/translations.c', 'embed/util/rsod/rsod.c', + 'embed/util/scm_revision/scm_revision.c', 'embed/rtl/error_handling.c', 'embed/rtl/mini_printf.c', 'vendor/micropython/lib/uzlib/adler32.c', @@ -496,6 +497,7 @@ ALLPATHS=['.', 'embed/util/fwutils/inc', 'embed/util/image/inc', 'embed/util/rsod/inc', + 'embed/util/scm_revision/inc', 'embed/util/translations/inc', 'embed/util/unit_properties/inc', 'vendor/micropython', diff --git a/core/embed/upymod/modtrezorutils/modtrezorutils.c b/core/embed/upymod/modtrezorutils/modtrezorutils.c index 43ba838d295..748c6ff6b01 100644 --- a/core/embed/upymod/modtrezorutils/modtrezorutils.c +++ b/core/embed/upymod/modtrezorutils/modtrezorutils.c @@ -34,6 +34,7 @@ #include #include #include +#include #include #include "blake2s.h" @@ -347,7 +348,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorutils_bootloader_locked_obj, mod_trezorutils_bootloader_locked); STATIC mp_obj_str_t mod_trezorutils_revision_obj = { - {&mp_type_bytes}, 0, sizeof(SCM_REVISION) - 1, (const byte *)SCM_REVISION}; + {&mp_type_bytes}, 0, sizeof(SCM_REVISION), (const byte *)SCM_REVISION}; STATIC mp_obj_str_t mod_trezorutils_model_name_obj = { {&mp_type_str}, 0, sizeof(MODEL_NAME) - 1, (const byte *)MODEL_NAME}; diff --git a/core/embed/util/rsod/rsod.c b/core/embed/util/rsod/rsod.c index da0196d76e8..c23a91744b5 100644 --- a/core/embed/util/rsod/rsod.c +++ b/core/embed/util/rsod/rsod.c @@ -24,6 +24,10 @@ #include #include +#ifdef SCM_REVISION_INIT +#include +#endif + #define RSOD_DEFAULT_TITLE "INTERNAL ERROR"; #define RSOD_DEFAULT_MESSAGE "UNSPECIFIED"; #define RSOD_DEFAULT_FOOTER "PLEASE VISIT TREZOR.IO/RSOD"; @@ -89,8 +93,8 @@ void rsod_terminal(const systask_postmortem_t* pminfo) { term_printf("file: %s:%d\n", file, line); } -#ifdef SCM_REVISION - const uint8_t* rev = (const uint8_t*)SCM_REVISION; +#ifdef SCM_REVISION_INIT + const uint8_t* rev = SCM_REVISION; term_printf("rev : %02x%02x%02x%02x%02x\n", rev[0], rev[1], rev[2], rev[3], rev[4]); #endif diff --git a/core/embed/util/scm_revision/inc/util/scm_revision.h b/core/embed/util/scm_revision/inc/util/scm_revision.h new file mode 100644 index 00000000000..d7cf37b65fa --- /dev/null +++ b/core/embed/util/scm_revision/inc/util/scm_revision.h @@ -0,0 +1,27 @@ +/* + * This file is part of the Trezor project, https://trezor.io/ + * + * Copyright (c) SatoshiLabs + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef SCM_REVISION_H +#define SCM_REVISION_H + +#include + +extern const uint8_t SCM_REVISION[sizeof((const uint8_t[])SCM_REVISION_INIT)]; + +#endif diff --git a/core/embed/util/scm_revision/scm_revision.c b/core/embed/util/scm_revision/scm_revision.c new file mode 100644 index 00000000000..399b6ef419c --- /dev/null +++ b/core/embed/util/scm_revision/scm_revision.c @@ -0,0 +1,22 @@ +/* + * This file is part of the Trezor project, https://trezor.io/ + * + * Copyright (c) SatoshiLabs + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include + +const uint8_t SCM_REVISION[] = SCM_REVISION_INIT;