Update build

.gdbinit

@@ -1,6 +1,6 @@
 file bin/firmware.keepkey.elf
 set substitute-path /root/keepkey-firmware .
 set substitute-path /root/libopencm3 ../libopencm3
-target remote localhost:3333
+target extended-remote localhost:3333
 monitor reset halt
 load

.github/CODEOWNERS

@@ -1 +1 @@
-* @markrypt0 @pastaghost
+* @markrypt0

.gitignore

@@ -1,5 +1,6 @@
-bin
-build
+bin/
+build/
 .DS_Store
 .vscode/
+.gdb_history
 

.gitmodules

@@ -2,22 +2,22 @@
 path = deps/device-protocol
 url = https://github.com/keepkey/device-protocol.git
 branch = master
-[submodule "deps/trezor-firmware"]
-path = deps/crypto/trezor-firmware
-url = https://github.com/keepkey/trezor-firmware.git
 [submodule "googletest"]
 path = deps/googletest
 url = https://github.com/google/googletest.git
 [submodule "code-signing-keys"]
 path = code-signing-keys
 url = https://github.com/keepkey/code-signing-keys.git
-[submodule "deps/python-keepkey"]
-path = deps/python-keepkey
-url = https://github.com/keepkey/python-keepkey.git
-branch = master
 [submodule "deps/qrenc/QR-Code-generator"]
 path = deps/qrenc/QR-Code-generator
 url = https://github.com/keepkey/QR-Code-generator.git
 [submodule "deps/sca-hardening/SecAESSTM32"]
 path = deps/sca-hardening/SecAESSTM32
-url = https://github.com/keepkey/SecAESSTM32.git
+url = https://github.com/markrypt0/SecAESSTM32.git
+branch = pi-dev
+[submodule "deps/crypto/hw-crypto"]
+	path = deps/crypto/hw-crypto
+	url = https://github.com/markrypt0/hw-crypto.git
+[submodule "deps/python-keepkey"]
+	path = deps/python-keepkey
+	url = https://github.com/keepkey/python-keepkey.git

CMakeLists.txt

@@ -40,10 +40,10 @@ if(NOT EXISTS ${CMAKE_SOURCE_DIR}/deps/googletest/CMakeLists.txt)
       "googletest missing. Need to 'git submodule update --init --recursive")
 endif()
 
-if(NOT EXISTS ${CMAKE_SOURCE_DIR}/deps/crypto/trezor-firmware/crypto/Makefile)
+if(NOT EXISTS ${CMAKE_SOURCE_DIR}/deps/crypto/hw-crypto/crypto/Makefile)
   message(
     FATAL_ERROR
-      " trezor-crypto missing. Need to 'git submodule update --init --recursive"
+      " hw-crypto missing. Need to 'git submodule update --init --recursive"
   )
 endif()
 
@@ -58,7 +58,7 @@ find_program(NANOPB_GENERATOR nanopb_generator.py)
 if(${KK_EMULATOR} AND NOT NANOPB_GENERATOR)
   message(
     FATAL_ERROR
-      "Must install nanopb 0.3.9.4, and put nanopb-nanopb-0.3.9.4/generator on your PATH"
+      "Must install nanopb v1.0.0, and put nanopb-nanopb-v1.0.0/generator on your PATH"
   )
 endif()
 
@@ -69,7 +69,15 @@ else()
   add_definitions(-DCONFIDENTIAL=__attribute__\(\(section\("confidential"\)\)\))
 endif()
 
-add_definitions(-DSTM32F2=1)
+if("${DEVDEBUG}" STREQUAL "true")
+  add_definitions(-DDEV_DEBUG)
+  add_definitions(-DSTM32F4=1)
+  if("${TWODISP}" STREQUAL "true")
+    add_definitions(-DTWO_DISP)
+  endif()
+else()
+  add_definitions(-DSTM32F2=1)
+endif()
 
 add_definitions(-DED25519_CUSTOMHASH=1)
 add_definitions(-DED25519_CUSTOMRANDOM=1)
@@ -110,6 +118,10 @@ else()
   add_definitions(-DDEBUG_LINK=0)
 endif()
 
+if("${COIN_SUPPORT}" STREQUAL "BTC")
+  add_definitions(-DBITCOIN_ONLY)
+endif()
+
 if("${CMAKE_BUILD_TYPE}" STREQUAL "Debug")
   add_definitions(-DDEBUG_ON)
   add_definitions(-DMEMORY_PROTECT=0)

DockerStart.sh

@@ -0,0 +1 @@
+docker build  --build-arg TARGETPLATFORM="amd64/alpine" --build-arg ARCH="amd64" -t kkfirmware:v16 .

Dockerfile

@@ -1,73 +1,107 @@
-FROM frolvlad/alpine-glibc:glibc-2.27
+ARG TARGETPLATFORM=amd64/alpine
+FROM $TARGETPLATFORM
 
-MAINTAINER [email protected]
+ARG ARCH="amd64"
+
+RUN apk add gcompat
 
-RUN apk add --no-cache python3 py3-pip
 RUN apk add --update --no-cache \
     bzip2-dev \
+    xz-dev \
     ca-certificates \
     git \
     openssl \
     scons \
     tar \
     w3m \
     unzip \
-    py-setuptools \
     make \
     cmake
 
-RUN pip3 install \
-    "MarkupSafe==1.1.1" \
-    "ecdsa>=0.9" \
-    "protobuf>=3.0.0" \
-    "mnemonic>=0.8" \
-    requests \
-    flask \
-    pytest \
-    semver
-
-# Install gcc-arm-none-eabi
-WORKDIR /root
-RUN wget https://developer.arm.com/-/media/Files/downloads/gnu-rm/10-2020q4/gcc-arm-none-eabi-10-2020-q4-major-x86_64-linux.tar.bz2
-RUN tar xvf gcc-arm-none-eabi-10-2020-q4-major-x86_64-linux.tar.bz2
-RUN cp -r gcc-arm-none-eabi-10-2020-q4-major/* /usr/local
-RUN rm gcc-arm-none-eabi-10-2020-q4-major-x86_64-linux.tar.bz2
-RUN rm -rf gcc-arm-none-eabi-10-2020-q4-major
+RUN apk add --no-cache py3-setuptools
+
+# RUN apk add py3-MarkupSafe py3-ecdsa py3-protobuf py3-mnemonic py3-requests py3-flask py3-pytest py3-semver
+RUN apk add py3-ecdsa py3-requests py3-flask py3-pytest py3-semver
+RUN apk add --update py3-protobuf
+RUN apk add --update py3-build
+
+# Apparently py3-mnemonic is not in the latest version of Alpine packages so get it another way
+RUN apk add py3-pip
+RUN pip install --break-system-packages --root-user-action ignore mnemonic
 
-# Install protobuf-compiler v3.5.1
 WORKDIR /root
-RUN mkdir protoc3
-RUN wget https://github.com/google/protobuf/releases/download/v3.5.1/protoc-3.5.1-linux-x86_64.zip
-RUN unzip protoc-3.5.1-linux-x86_64.zip -d protoc3
-RUN mv protoc3/bin/* /usr/local/bin
-RUN mv protoc3/include/* /usr/local/include
-RUN rm -rf protoc3
+
+# FOR ARM BUILD
+# the lines similar to "arm-none-eabi-objcopy -w -R .gnu.warning.* libnosys.a"
+# are a kludge that patches the system library so that useless system call warnings 
+# aren't generated, e.g., 
+#              warning: _close is not implemented and will always fail 
+# during link. The warnings are harmless but there is no way to turn them off with a flag. 
+# Note that the library is particular to the hardware and no floating point instructions. 
+# 
+# see https://stackoverflow.com/questions/73742774/gcc-arm-none-eabi-11-3-is-not-implemented-and-will-always-fail 
+RUN if [[ "$ARCH" == "arm64v8" ]]; \
+  then \
+    apk add gcc-arm-none-eabi g++-arm-none-eabi newlib-arm-none-eabi && \
+    cd /usr/arm-none-eabi/lib/thumb/v7e-m/nofp && \
+    arm-none-eabi-objcopy -w -R .gnu.warning.* libnosys.a && \
+    cd /usr/arm-none-eabi/lib/thumb/v7-m/nofp && \
+    arm-none-eabi-objcopy -w -R .gnu.warning.* libnosys.a && \
+    cd /root && \
+    mkdir protoc3 && \
+    wget https://github.com/protocolbuffers/protobuf/releases/download/v3.19.4/protoc-3.19.4-linux-aarch_64.zip && \
+    unzip protoc-3.19.4-linux-aarch_64 -d protoc3 && \
+    mv protoc3/bin/* /usr/local/bin && \
+    mv protoc3/include/* /usr/local/include && \
+    rm -rf protoc3 && \
+    rm protoc-3.19.4-linux-aarch_64.zip; \
+  fi
+
+# FOR AMD64 BUILD
+# Install gcc-arm-none-eabi and protobuf-compiler
+RUN if [[ "$ARCH" == "amd64" ]]; \
+  then \
+    wget https://developer.arm.com/-/media/Files/downloads/gnu-rm/10-2020q4/gcc-arm-none-eabi-10-2020-q4-major-x86_64-linux.tar.bz2 && \
+    tar xvf gcc-arm-none-eabi-10-2020-q4-major-x86_64-linux.tar.bz2 && \
+    cp -r gcc-arm-none-eabi-10-2020-q4-major/* /usr/local && \
+    rm gcc-arm-none-eabi-10-2020-q4-major-x86_64-linux.tar.bz2 && \
+    rm -rf gcc-arm-none-eabi-10-2020-q4-major && \
+    mkdir protoc3 && \
+    wget https://github.com/google/protobuf/releases/download/v3.19.4/protoc-3.19.4-linux-x86_64.zip && \
+    unzip protoc-3.19.4-linux-x86_64.zip -d protoc3 && \
+    mv protoc3/bin/* /usr/local/bin && \
+    mv protoc3/include/* /usr/local/include && \
+    rm -rf protoc3; \
+  fi
 
 # Install protobuf/python3 support
 WORKDIR /root
-RUN wget https://github.com/google/protobuf/releases/download/v3.5.1/protobuf-python-3.5.1.zip
+RUN wget https://github.com/protocolbuffers/protobuf/releases/download/v3.19.4/protobuf-python-3.19.4.zip
 RUN mkdir protobuf-python
-RUN unzip protobuf-python-3.5.1.zip -d protobuf-python
+RUN unzip protobuf-python-3.19.4.zip -d protobuf-python
 
-WORKDIR /root/protobuf-python/protobuf-3.5.1/python
+WORKDIR /root/protobuf-python/protobuf-3.19.4/python
 RUN python setup.py install
+WORKDIR /root
+RUN rm protobuf-python-3.19.4.zip
 
 # Install nanopb
 WORKDIR /root
-RUN git clone --branch nanopb-0.3.9.8 https://github.com/nanopb/nanopb/
+RUN git clone --branch v1.0.0 https://github.com/markrypt0/nanopb.git
 WORKDIR /root/nanopb/generator/proto
 RUN make
 
 RUN rm -rf /root/protobuf-python
 
 # Setup environment
-ENV PATH /root/nanopb/generator:$PATH
+ENV PATH=/root/nanopb/generator:$PATH
 
 # Build libopencm3
 WORKDIR /root
-RUN git clone -b docker-v9 https://github.com/keepkey/libopencm3.git libopencm3
+RUN git clone --branch devdebug-1 https://github.com/markrypt0/libopencm3.git
 WORKDIR /root/libopencm3
-RUN make
+ENV FP_FLAGS="-mfloat-abi=soft"
+RUN make TARGETS='stm32/f2 stm32/f4'
 
 RUN apk add --update --no-cache \
     clang \

README.md

@@ -1,60 +1,52 @@
-[![CircleCI](https://circleci.com/gh/keepkey/keepkey-firmware.svg?style=svg)](https://circleci.com/gh/keepkey/keepkey-firmware)
 
-## KeepKey Build Procedure
-
-### Toolchain Installation
+## markrypt0-keepkey-firmware development repo
 
-Install Docker Community Edition from: `https://www.docker.com/get-docker`
+This is a branch of the keepkey/keepkey-firmware repo that has been refactored to support a simplified crypto library, an ARM build environment, specifically raspberry pi, and also supports new hardware used for a debug environment since all original keepkeys are permanently jtag locked.
 
-```
-$ docker pull kktech/firmware:v5-beta
-```
+## KeepKey Build Procedure
 
 ### Clone the Source
 
 The sources can be obtained from github:
 
 ```
-$ git clone [email protected]:keepkey/keepkey-firmware.git
+$ git clone [email protected]:markrypt0/markrypt0-keepkey-firmware.git
 $ git submodule update --init --recursive
 ```
 
-### Build
+### Toolchain Installation
 
-To build the firmware using the docker container, use the provided script:
+The build is done via a docker environment, thus Docker is a reqirement.
 
-```
-$ ./scripts/build/docker/device/release.sh
-```
+You must build a local docker image since currently there is no keepkey build image in the docker repo.
 
-## Verifying Published Binaries
+Build the image in your dev environment from a shell command line.
 
-Compare the hash of a given tagged build:
+For amd64 architecture build environment:
 
 ```
-$ git checkout v6.2.0
-$ git submodule update --init --recursive
-$ ./scripts/build/docker/device/release.sh
-$ tail -c +257 ./bin/firmware.keepkey.bin | shasum -a 256
+$ ./DockerStart.sh
 ```
 
-With that of the [signed v6.2.0 binary on github](https://github.com/keepkey/keepkey-firmware/releases/download/v6.2.0/firmware.keepkey.bin), ignoring signatures and firmware metadata:
+For arm64v8 architecture build environment:
 
 ```
-$ tail -c +257 firmware.keepkey.bin | shasum -a 256
+$ ./armDockerStart.sh
 ```
 
-Then inspect the metadata itself by comparing against the structure described [here](https://github.com/keepkey/keepkey-firmware/blob/f20484804285decfacceb71519ae83bc18f2266f/include/keepkey/board/memory.h#L55):
+### Build
+
+To build the firmware using the docker container, use the provided script, for example, to build a debug version of the firmware:
 
 ```
-$ head -c +256 signed_firmware.bin | xxd -
-
+$ ./scripts/build/docker/device/debug.sh
 ```
 
-Caveats:
+See ./scripts/readme.txt for various build descriptions
+
+## Verifying Published Binaries
 
-1. v6.2.2 and v6.3.0 had an issue with build reproducibility. See [#212](https://github.com/keepkey/keepkey-firmware/issues/212).
-1. As of v6.1.0 and later, we started prepending empty slots for signatures as part of the build, and prior firmwares were emitted without that metadata section. See [87b9ebb84](https://github.com/keepkey/keepkey-firmware/commit/87b9ebb846b241e6357f296e37fd29808ddfa51a)
+There are no official keepkey firmware releases build from this repo.
 
 ### Docs
 

armDockerStart.sh

@@ -0,0 +1 @@
+docker build  --build-arg TARGETPLATFORM="arm64v8/alpine" --build-arg ARCH="arm64v8" -t kkfirmware:v16 .