SDK nanos 2.1.0-10 integration

LedgerHQ · Aug 18, 2023 · 131fb8f · 131fb8f
1 parent 40a60bc
commit 131fb8f
Show file tree

Hide file tree

Showing 12 changed files with 103 additions and 19 deletions.
diff --git a/Makefile.defines b/Makefile.defines
@@ -135,11 +135,12 @@ else
 LDFLAGS  += -nostartfiles
 endif
 
+NO_UI ?= 0
+ifeq ($(NO_UI), 0)
 ifeq ($(TARGET_NAME),TARGET_NANOS)
 DEFINES += HAVE_BAGL
 DEFINES += BAGL_WIDTH=128 BAGL_HEIGHT=32
-
-LDFLAGS  += -L$(BOLOS_SDK)/lib/
+endif
 endif
 
 ifeq ($(TARGET_NAME),TARGET_NANOX)

diff --git a/Makefile.rules b/Makefile.rules
@@ -17,8 +17,10 @@
 
 # temporary redef, to ensure wider compliance of the SDK with pre-1.6 apps
 ifeq ($(TARGET_NAME),$(filter $(TARGET_NAME),TARGET_NANOS TARGET_NANOX TARGET_NANOS2))
+ifeq ($(NO_UI), 0)
 SDK_SOURCE_PATH += lib_bagl lib_ux
 endif
+endif
 
 # Expose all SDK header files with their full relative path to the SDK root folder
 INCLUDES_PATH  += ${BOLOS_SDK}

diff --git a/Makefile.rules_generic b/Makefile.rules_generic
@@ -90,7 +90,12 @@ $(OBJ_DIR)/%.o: %.S $(BUILD_DEPENDENCIES) prepare
 	$(L)$(call as_cmdline,$(INCLUDES_PATH), $(DEFINES),$<,$@)
 
 ifeq ($(SCRIPT_LD),)
-SCRIPT_LD:=$(BOLOS_SDK)/script.ld
+ifeq ($(IS_PLUGIN),)
+SCRIPT_LD := $(BOLOS_SDK)/script.ld
+else
+SCRIPT_LD := $(BOLOS_SDK)/plugin_script.ld
+$(info Using plugin link script: $(SCRIPT_LD))
+endif
 else
 $(info Using custom link script: $(SCRIPT_LD))
 endif

diff --git a/Makefile.standard_app b/Makefile.standard_app
@@ -78,7 +78,6 @@ DEFINES += $(DEFINES_LIB)
 DEFINES += APPNAME=\"$(APPNAME)\"
 DEFINES += APPVERSION=\"$(APPVERSION)\"
 DEFINES += MAJOR_VERSION=$(APPVERSION_M) MINOR_VERSION=$(APPVERSION_N) PATCH_VERSION=$(APPVERSION_P)
-DEFINES += OS_IO_SEPROXYHAL
 DEFINES += IO_HID_EP_LENGTH=64
 
 ifeq ($(DISABLE_STANDARD_APP_DEFINES), 1)
@@ -92,14 +91,24 @@ ifneq ($(DISABLE_STANDARD_SNPRINTF), 1)
     DEFINES += HAVE_SPRINTF HAVE_SNPRINTF_FORMAT_U
 endif
 
+ifneq ($(TARGET_NAME),TARGET_NANOS)
+    # Since the PRINTF implementation uses the USB code
+    ifneq ($(DEBUG), 0)
+        DISABLE_STANDARD_USB = 0
+    endif
+endif
+
 ifneq ($(DISABLE_STANDARD_USB), 1)
     DEFINES += HAVE_IO_USB HAVE_L4_USBLIB IO_USB_MAX_ENDPOINTS=4 HAVE_USB_APDU
     DEFINES += USB_SEGMENT_SIZE=64
     SDK_SOURCE_PATH += lib_stusb lib_stusb_impl
 endif
 
 ifneq ($(DISABLE_STANDARD_WEBUSB), 1)
-    DEFINES += HAVE_WEBUSB WEBUSB_URL_SIZE_B=0 WEBUSB_URL=""
+    APP_WEBUSB_URL ?= ""
+    WEBUSB_URL_SIZE_B = $(shell echo -n $(APP_WEBUSB_URL) | wc -c)
+    WEBUSB_URL=$(shell echo -n $(APP_WEBUSB_URL) | sed -e "s/./\\\'\0\\\',/g")
+    DEFINES += HAVE_WEBUSB WEBUSB_URL_SIZE_B=$(WEBUSB_URL_SIZE_B) WEBUSB_URL=$(WEBUSB_URL)
 endif
 
 ifneq ($(DISABLE_STANDARD_BAGL_UX_FLOW), 1)
@@ -108,6 +117,10 @@ ifneq ($(TARGET_NAME), TARGET_STAX)
 endif
 endif
 
+ifneq ($(DISABLE_SEPROXYHAL), 1)
+    DEFINES += OS_IO_SEPROXYHAL
+endif
+
 ifneq ($(DISABLE_STANDARD_APP_FILES), 1)
 SDK_SOURCE_PATH += lib_standard_app
 endif
@@ -118,6 +131,7 @@ endif
 ifeq ($(ENABLE_NBGL_QRCODE), 1)
 ifeq ($(TARGET_NAME), TARGET_STAX)
     DEFINES += NBGL_QRCODE
+    SDK_SOURCE_PATH += qrcode
 endif
 endif
 

diff --git a/include/os_seed.h b/include/os_seed.h
@@ -154,7 +154,7 @@ WARN_UNUSED_RESULT static inline cx_err_t os_derive_bip32_with_seed_no_throw(
 
             // Make sure the caller doesn't use uninitialized data in case
             // the return code is not checked.
-            explicit_bzero(&raw_privkey, 64);
+            explicit_bzero(raw_privkey, 64);
         }
         FINALLY {
         }
@@ -242,7 +242,7 @@ WARN_UNUSED_RESULT static inline cx_err_t os_derive_eip2333_no_throw(
 
             // Make sure the caller doesn't use uninitialized data in case
             // the return code is not checked.
-            explicit_bzero(&raw_privkey, 64);
+            explicit_bzero(raw_privkey, 64);
         }
         FINALLY {
         }

diff --git a/lib_standard_app/buffer.c b/lib_standard_app/buffer.c
@@ -126,9 +126,7 @@ bool buffer_read_varint(buffer_t *buffer, uint64_t *value) {
         return false;
     }
 
-    buffer_seek_cur(buffer, (size_t) length);
-
-    return true;
+    return buffer_seek_cur(buffer, (size_t) length);
 }
 
 bool buffer_read_bip32_path(buffer_t *buffer, uint32_t *out, size_t out_len) {

diff --git a/lib_standard_app/crypto_helpers.c b/lib_standard_app/crypto_helpers.c
@@ -55,12 +55,12 @@ WARN_UNUSED_RESULT cx_err_t bip32_derive_with_seed_init_privkey_256(
     CX_CHECK(cx_ecfp_init_private_key_no_throw(curve, raw_privkey, length, privkey));
 
 end:
-    explicit_bzero(&raw_privkey, sizeof(raw_privkey));
+    explicit_bzero(raw_privkey, sizeof(raw_privkey));
 
     if (error != CX_OK) {
         // Make sure the caller doesn't use uninitialized data in case
         // the return code is not checked.
-        explicit_bzero(&privkey, sizeof(privkey));
+        explicit_bzero(privkey, sizeof(cx_ecfp_256_private_key_t));
     }
     return error;
 }

diff --git a/lib_standard_app/format.c b/lib_standard_app/format.c
@@ -61,7 +61,7 @@ bool format_i64(char *dst, size_t dst_len, const int64_t value) {
 }
 
 bool format_u64(char *out, size_t outLen, uint64_t in) {
-    uint8_t i = 0;
+    size_t i = 0;
 
     if (outLen == 0) {
         return false;
@@ -129,6 +129,24 @@ bool format_fpu64(char *dst, size_t dst_len, const uint64_t value, uint8_t decim
     return true;
 }
 
+bool format_fpu64_trimmed(char *dst, size_t dst_len, const uint64_t value, uint8_t decimals) {
+    if (!format_fpu64(dst, dst_len, value, decimals)) {
+        return false;
+    }
+
+    size_t len = strlen(dst);
+
+    while (len > 0 && (dst[len - 1] == '0' || dst[len - 1] == '.')) {
+        if (dst[len - 1] == '.') {
+            dst[len - 1] = '\0';
+            return true;
+        }
+        len--;
+    }
+    dst[len] = '\0';
+    return true;
+}
+
 int format_hex(const uint8_t *in, size_t in_len, char *out, size_t out_len) {
     if (out_len < 2 * in_len + 1) {
         return -1;

diff --git a/lib_standard_app/format.h b/lib_standard_app/format.h
@@ -51,6 +51,23 @@ bool format_u64(char *dst, size_t dst_len, uint64_t value);
  */
 bool format_fpu64(char *dst, size_t dst_len, const uint64_t value, uint8_t decimals);
 
+/**
+ * Format 64-bit unsigned integer as string with decimals and trimmed zeros and dot.
+ *
+ * @param[out] dst
+ *   Pointer to output string.
+ * @param[in]  dst_len
+ *   Length of output string.
+ * @param[in]  value
+ *   64-bit unsigned integer to format.
+ * @param[in]  decimals
+ *   Number of digits after decimal separator.
+ *
+ * @return true if success, false otherwise.
+ *
+ */
+bool format_fpu64_trimmed(char *dst, size_t dst_len, const uint64_t value, uint8_t decimals);
+
 /**
  * Format byte buffer to uppercase hexadecimal string.
  *

diff --git a/plugin_script.ld b/plugin_script.ld
@@ -0,0 +1,22 @@
+/*******************************************************************************
+*   Ledger - Secure firmware
+*   (c) 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ledger
+*
+*  Licensed under the Apache License, Version 2.0 (the "License");
+*  you may not use this file except in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing, software
+*  distributed under the License is distributed on an "AS IS" BASIS,
+*  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+*  See the License for the specific language governing permissions and
+*  limitations under the License.
+********************************************************************************/
+
+/* Reuse the main linker script */
+INCLUDE script.ld
+
+/* No global variable allowed in plugins */
+ASSERT( (_ebss - _bss) <= 0, ".bss section must be empty for plugins" )
diff --git a/script.ld b/script.ld
@@ -1,6 +1,6 @@
 /*******************************************************************************
-*   Ledger Blue - Secure firmware
-*   (c) 2016, 2017, 2018, 2019, 2020 Ledger
+*   Ledger - Secure firmware
+*   (c) 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ledger
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
@@ -58,7 +58,9 @@ SECTIONS
     *(.boot*)
 
     /* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */
+    _code = .;
     *(.text*)
+    _ecode = .;
     *(.rodata)
     *(.rodata.[^N]*) /*.data.rel.ro* not here to detect invalid PIC usage */
     *(.rodata.N[^_]*)
@@ -98,6 +100,7 @@ SECTIONS
 
   } > DISCARD /*> SRAM AT>FLASH = 0x00 */
 
+  ASSERT( (_edata - _data) <= 0, ".data section must be empty" )
 
   /*
    * Here is the 1K for global var of libcxng

diff --git a/src/os_io_task.c b/src/os_io_task.c
@@ -33,22 +33,26 @@ void io_start(void) {
 void bolos_init_ios(void) {
 #endif // HAVE_IO_TASK
 
-  // os_allow_protected_ram();
-  // unsigned int feat = G_os.seproxyhal_features;
-  // os_deny_protected_ram();
-
+#ifdef OS_IO_SEPROXYHAL
   io_seproxyhal_init();
+#endif
 
+#ifdef HAVE_IO_USB
   USB_power(0);
+#endif
 
 #ifdef HAVE_BLE
   memset(&G_io_asynch_ux_callback, 0, sizeof(G_io_asynch_ux_callback));
   LEDGER_BLE_init();
 #endif // HAVE_BLE
 
+#ifdef OS_IO_SEPROXYHAL
   io_seproxyhal_init();
+#endif
 
+#ifdef HAVE_IO_USB
   USB_power(1);
+#endif
 }