Updating directory structure to accomodate for multiple platforms

.github/workflows/coverage.yml

@@ -40,15 +40,15 @@ jobs:
 
       - name: Run firmware coverage script
         run: |
-          ledger/coverage/gen-coverage
-          COVPCT=$(cat ledger/coverage/output/total)
+          firmware/coverage/gen-coverage
+          COVPCT=$(cat firmware/coverage/output/total)
           COVCOL=$(utils/coverage-color.sh $COVPCT)
-          echo "{ \"schemaVersion\": 1, \"label\": \"Firmware coverage\", \"message\": \"$COVPCT%\", \"color\": \"$COVCOL\" }" > ledger/coverage/output/badge.json
+          echo "{ \"schemaVersion\": 1, \"label\": \"Firmware coverage\", \"message\": \"$COVPCT%\", \"color\": \"$COVCOL\" }" > firmware/coverage/output/badge.json
 
       - name: "Upload firmware coverage report"
         run: |
           aws s3 sync \
-            ledger/coverage/output/ \
+            firmware/coverage/output/ \
             s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.0.x/firmware_coverage_report \
             --sse aws:kms --sse-kms-key-id ${{ secrets.CODECOVERAGE_KMS_KEY_ID }} \
             --no-progress --follow-symlinks --delete --only-show-errors

.github/workflows/run-tests.yml

@@ -20,28 +20,21 @@ jobs:
       - name: Middleware tests
         run: middleware/test-all
 
-      - name: Ledger tests for TCPSigner
-        run: ledger/test/test-all
+      - name: Firmware tests using TCPSigner
+        run: firmware/test/test-all
 
-      - name: Ledger Signer's tests
-        run: ledger/src/signer/test/run-all.sh
+      - name: Firmware TCPSigner's unit tests
+        working-directory: 
+        run: firmware/src/tcpsigner/test/run-all.sh
 
-      - name: Ledger UI's tests
-        run: ledger/src/ui/test/run-all.sh
+      - name: Firmware common lib unit tests
+        run: firmware/src/common/test/run-all.sh
 
-      - name: Ledger common lib tests
-        working-directory: ledger/src/common/test/
-        run: |
-          for d in memutil ints; do
-            (cd "$d" && make clean test)
-          done
+      - name: Ledger Signer's unit tests
+        run: firmware/src/ledger/signer/test/run-all.sh
 
-      - name: Ledger TCPSigner's tests
-        working-directory: ledger/src/tcpsigner/test/
-        run: |
-          for d in hmac_sha256; do
-            (cd "$d" && make clean test)
-          done
+      - name: Ledger UI's unit tests
+        run: firmware/src/ledger/ui/test/run-all.sh
 
   run-integration-tests:
     name: Integration tests
@@ -59,7 +52,7 @@ jobs:
           docker/mware/build
           docker/packer/build
           middleware/build/manager-tcp
-          ledger/build/build-tcpsigner
+          firmware/build/build-tcpsigner
 
       - name: Checkout hsm-integration-test repo
         uses: actions/checkout@v3
@@ -74,7 +67,7 @@ jobs:
           mkdir hsm-integration-test/docker/manager/manager-tcp
           tar -xzf rsk-powhsm/middleware/bin/manager-tcp.tgz \
               -C hsm-integration-test/docker/manager/manager-tcp
-          cp rsk-powhsm/ledger/src/tcpsigner/tcpsigner \
+          cp rsk-powhsm/firmware/src/tcpsigner/tcpsigner \
               hsm-integration-test/docker/tcpsigner/
 
       - name: Run HSM integration tests

.github/workflows/static-analysis.yml

@@ -20,13 +20,13 @@ jobs:
         id: static-analysis
         continue-on-error: true
         run: |
-          ledger/static-analysis/gen-static-analysis
+          firmware/static-analysis/gen-static-analysis
 
       - name: Upload static analysis reports
         uses: actions/upload-artifact@v3
         with:
           name: static-analysis-reports
-          path: ledger/static-analysis/output
+          path: firmware/static-analysis/output
 
       - name: Report static analysis findings
         if: steps.static-analysis.outcome != 'success'

.gitignore

@@ -20,5 +20,5 @@
 .vscode/
 
 # Ignore fuzz artifacts
-ledger/fuzz/.coverage-build
-ledger/fuzz/output
+firmware/fuzz/.coverage-build
+firmware/fuzz/output

QUICKSTART.md

@@ -23,15 +23,15 @@ Unless otherwise stated, only x86 platforms are supported for building this proj
 - Run tests:
 ```
 ~/repo> middleware/test-all # Middleware unit tests
-~/repo> ledger/test/test-all # Ledger signer application tests
-~/repo/ledger/src/signer/test/*> make test # Run ledger signer application unit tests
-~/repo/ledger/src/common/test/*> make test # Run ledger common libraries unit tests
+~/repo> firmware/test/test-all # Ledger signer application tests
+~/repo/firmware/src/ledger/signer/test/*> make test # Run ledger signer application unit tests
+~/repo/firmware/src/common/test/*> make test # Run ledger common libraries unit tests
 ```
 
 - Build firmware binaries:
 ```
-~/repo> ledger/build/build-signer <checkpoint> <difficulty> <network> # Build signer
-~/repo> ledger/build/build-ui <signer_hash> <signer_iteration> <signers_file> # Build UI
+~/repo> firmware/build/build-signer <checkpoint> <difficulty> <network> # Build signer
+~/repo> firmware/build/build-ui <signer_hash> <signer_iteration> <signers_file> # Build UI
 ```
 
 - Build middleware binaries:

README.md

@@ -48,7 +48,7 @@ Refer to the following documents for details on specifics:
 - [Blockchain bookkeeping documentation](./docs/blockchain-bookkeeping.md)
 - [Attestation documentation](./docs/attestation.md)
 - [Heartbeat documentation](./docs/heartbeat.md)
-- [Ledger apps](./ledger/README.md)
+- [Ledger apps](./firmware/README.md)
 - [Middleware](./middleware/README.md)
 - [Distribution](./dist/README.md)
 

build-dist

@@ -65,32 +65,32 @@ computeHash() {
 }
 
 echo -e "\e[33mBuilding signer...\e[0m"
-$ROOT_DIR/ledger/build/build-signer $CHECKPOINT $DIFFICULTY $NETWORK > /dev/null
-cp $ROOT_DIR/ledger/src/signer/bin/app.hex $FIRMWARE_DIR/signer.hex
-cp $ROOT_DIR/ledger/src/signer/icon.hex $FIRMWARE_DIR/signer.icon.hex
+$ROOT_DIR/firmware/build/build-ledger-signer $CHECKPOINT $DIFFICULTY $NETWORK > /dev/null
+cp $ROOT_DIR/firmware/src/ledger/signer/bin/app.hex $FIRMWARE_DIR/signer.hex
+cp $ROOT_DIR/firmware/src/ledger/signer/icon.hex $FIRMWARE_DIR/signer.icon.hex
 HEX_NAME="Signer"
-HEX_PATH="ledger/src/signer/bin/app.hex"
+HEX_PATH="firmware/src/ledger/signer/bin/app.hex"
 computeHash
 SIGNER_HASH=$APP_HASH
 
 echo -e "\e[33mBuilding UI...\e[0m"
-$ROOT_DIR/ledger/build/build-ui $SIGNER_HASH $UI_ITERATION $UI_AUTHORIZERS > /dev/null
-cp $ROOT_DIR/ledger/src/ui/bin/token.hex $FIRMWARE_DIR/ui.hex
-cp $ROOT_DIR/ledger/src/ui/icon.hex $FIRMWARE_DIR/ui.icon.hex
+$ROOT_DIR/firmware/build/build-ledger-ui $SIGNER_HASH $UI_ITERATION $UI_AUTHORIZERS > /dev/null
+cp $ROOT_DIR/firmware/src/ledger/ui/bin/token.hex $FIRMWARE_DIR/ui.hex
+cp $ROOT_DIR/firmware/src/ledger/ui/icon.hex $FIRMWARE_DIR/ui.icon.hex
 HEX_NAME="UI"
-HEX_PATH="ledger/src/ui/bin/token.hex"
+HEX_PATH="firmware/src/ledger/ui/bin/token.hex"
 CA_FILE="rsk-ca.txt"
 computeHash
 
 echo -e "\e[33mSigning apps...\e[0m"
-$ROOT_DIR/docker/mware/do-notty-nousb /hsm2 "python middleware/signonetime.py -a ledger/src/ui/bin/token.hex,ledger/src/signer/bin/app.hex -p $CA_FILE" > /dev/null
-mv -f $ROOT_DIR/ledger/src/ui/bin/token.hex.sig $FIRMWARE_DIR/ui.hex.sig
-mv -f $ROOT_DIR/ledger/src/signer/bin/app.hex.sig $FIRMWARE_DIR/signer.hex.sig
+$ROOT_DIR/docker/mware/do-notty-nousb /hsm2 "python middleware/signonetime.py -a firmware/src/ledger/ui/bin/token.hex,firmware/src/ledger/signer/bin/app.hex -p $CA_FILE" > /dev/null
+mv -f $ROOT_DIR/firmware/src/ledger/ui/bin/token.hex.sig $FIRMWARE_DIR/ui.hex.sig
+mv -f $ROOT_DIR/firmware/src/ledger/signer/bin/app.hex.sig $FIRMWARE_DIR/signer.hex.sig
 mv -f $ROOT_DIR/$CA_FILE $SCRIPTS_DIR/$CA_FILE
 
 SIGNER_AUTH_FILE="signer_auth.json"
 echo -e "\e[33mCreating empty signer authorization for upgrades...\e[0m"
-$ROOT_DIR/docker/mware/do-notty-nousb /hsm2 "python middleware/signapp.py message -a ledger/src/signer/bin/app.hex -i $UI_ITERATION -o $SIGNER_AUTH_FILE" > /dev/null
+$ROOT_DIR/docker/mware/do-notty-nousb /hsm2 "python middleware/signapp.py message -a firmware/src/ledger/signer/bin/app.hex -i $UI_ITERATION -o $SIGNER_AUTH_FILE" > /dev/null
 mv -f $ROOT_DIR/$SIGNER_AUTH_FILE $FIRMWARE_DIR/$SIGNER_AUTH_FILE
 
 echo

ledger/README.md → firmware/README.md

@@ -2,9 +2,9 @@
 
 There are two ledger apps, both of them targeted for running on a Ledger Nano S with a 1.3.1 firmware.
 
-- UI: this is the modified 1.3.1 UI with a nonblocking behavior to allow the device to run uninterruptedly without human interaction. It is essentially the RSK version of the Ledger Nano S User Interface which can be loaded as a specific application - it can be used to personalize most generic parts of the user experience. This version also modifies the onboarding process to reflect RSK needs. Modified UIs display a warning at boot time to let you know whether you're running a certified version. This application shall be installed in Recovery mode. Find the source code under `ledger/src/ui`.
+- UI: this is the modified 1.3.1 UI with a nonblocking behavior to allow the device to run uninterruptedly without human interaction. It is essentially the RSK version of the Ledger Nano S User Interface which can be loaded as a specific application - it can be used to personalize most generic parts of the user experience. This version also modifies the onboarding process to reflect RSK needs. Modified UIs display a warning at boot time to let you know whether you're running a certified version. This application shall be installed in Recovery mode. Find the source code under `firmware/src/ledger/ui`.
 
-- Signer: this is the main app that implements the signing and authorization logic for powHSM. It is intended to be used alongside the UI. Find the source code under `ledger/src/signer`.
+- Signer: this is the main app that implements the signing and authorization logic for powHSM. It is intended to be used alongside the UI. Find the source code under `firmware/src/powhsm`.
 
 
 There exists also an x86 implementation of the _Signer_ component, which we call TCPSigner, that we use to smoke test, fuzz (see [the fuzzing documentation](./fuzz/README.md) for details) and debug & test new features on before we jump onto testing on a physical device. With the exception of fuzzing, this component creates a TCP/IP server that serves the purpose of enabling the otherwise USB-based interactions with a given client.
@@ -31,7 +31,7 @@ that should build (or rebuild in case any of the `Dockerfile`s have changed) the
 
 ## Common tasks and documentation
 
-Refer to [ledger/build/README.md](./build/README.md) for instructions on building and to [ledger/deploy/README.md](./deploy/README.md) for instructions on deploying.
+Refer to [firmware/build/README.md](./build/README.md) for instructions on building and to [firmware/deploy/README.md](./deploy/README.md) for instructions on deploying.
 
 See [Ledger's documentation](http://ledger.readthedocs.io) to get a reference on developing for the platform.
 
@@ -40,13 +40,13 @@ See [Ledger's documentation](http://ledger.readthedocs.io) to get a reference on
 There are some tests written in Python that serve the purpose of smoke testing the powHSM signer when either installed and running on a Ledger Nano S or via a fresh TCPSigner build. To run them against a TCPSigner, issue:
 
 ```
-~/repo/ledger/test> ./test-all
+~/repo/firmware/test> ./test-all
 ```
 
 To run them against a Ledger Nano S, issue:
 
 ```
-~/repo/ledger/test> ./test-all dongle
+~/repo/firmware/test> ./test-all dongle
 ```
 
 Make sure that the Ledger is unlocked and with the signer app running for the tests to run correctly.

ledger/build/README.md → firmware/build/README.md

@@ -7,32 +7,32 @@ The Docker image for ledger builds (see [the ledger readme](../README.md)) provi
 To build the UI, just issue:
 
 ```bash
-~/repo> ledger/build/build-ui <signer_hash> <signer_iteration> <signers_file>
+~/repo> firmware/build/build-ledger-ui <signer_hash> <signer_iteration> <signers_file>
 ```
 
-where `<signer_hash>` is the hash of the authorized signer version (only this signer can be opened in the UI once running), `<signer_iteration>` is the iteration of the authorized signer version (used for downgrade prevention) and `<signers_file>` is the basename of the signer authorizers header file (the file to be included for the build process should be at `~/ledger/src/ui/src/signer_authorization_signers/<signers_file>.h`).
+where `<signer_hash>` is the hash of the authorized signer version (only this signer can be opened in the UI once running), `<signer_iteration>` is the iteration of the authorized signer version (used for downgrade prevention) and `<signers_file>` is the basename of the signer authorizers header file (the file to be included for the build process should be at `~/firmware/src/ledger/ui/src/signer_authorization_signers/<signers_file>.h`).
 
 There is also a *debug* version of the UI, which disables disallowing PINs with no alpha characters, therefore allowing for testing UI (and Signer) builds granting access to recovery mode without the need for wiping the device each time. This debug version is intended for development purposes only, and to build it, just issue:
 
 ```bash
-~/repo> ledger/build/build-ui-debug <signer_hash> <signer_iteration> <signers_file>
+~/repo> firmware/build/build-ledger-ui-debug <signer_hash> <signer_iteration> <signers_file>
 ```
 
 To build the signer, just issue:
 
 ```bash
-~/repo> ledger/build/build-signer <checkpoint> <minimum_difficulty> <network>
+~/repo> firmware/build/build-ledger-signer <checkpoint> <minimum_difficulty> <network>
 ```
 
 where `<checkpoint>` is the desired blockchain checkpoint hash, `<minimum_difficulty>` is the minimum required difficulty (can be specified as a decimal number or as a hexadecimal - prefixed with `0x`), and `<network>` is the desired network the build is to target (one of `mainnet`, `testnet` or `regtest`).
 
 For example, to build the signer with checkpoint `0x00f06dcff26ec8b4d373fbd53ee770e9348d9bd6a247ad4c86e82ceb3c2130ac`, minimum cumulative difficulty of `0x7c50933098` and the `testnet` network, issue:
 
 ```bash
-~/repo> ledger/build/build-signer 0x00f06dcff26ec8b4d373fbd53ee770e9348d9bd6a247ad4c86e82ceb3c2130ac 0x7c50933098 testnet
+~/repo> firmware/build/build-ledger-signer 0x00f06dcff26ec8b4d373fbd53ee770e9348d9bd6a247ad4c86e82ceb3c2130ac 0x7c50933098 testnet
 ```
 
-Once the build is complete, you will get the hash of the build as output, and the actual build output will be in `<HSM_PROJECT_ROOT>/ledger/src/signer/bin/app.hex` (for the signer) and `<HSM_PROJECT_ROOT>/ledger/src/ui/bin/token.hex` (for the UI).
+Once the build is complete, you will get the hash of the build as output, and the actual build output will be in `<HSM_PROJECT_ROOT>/firmware/src/ledger/signer/bin/app.hex` (for the signer) and `<HSM_PROJECT_ROOT>/firmware/src/ledger/ui/bin/token.hex` (for the UI).
 
 #### Reproducible builds
 
@@ -41,7 +41,7 @@ It is *very important* to mention that both the Signer and the UI builds are bit
 ### Building the TCPSigner
 
 ```bash
-~/repo> ledger/build/build-tcpsigner
+~/repo> firmware/build/build-tcpsigner
 ```
 
 Happy building!

ledger/build/build-signer → firmware/build/build-ledger-signer

@@ -25,10 +25,10 @@ HSM_ROOT=$(realpath $BUILD_ROOT/../../)
 DOCKER_IMAGE=hsm:ledger
 source $BUILD_ROOT/../../docker/check-image
 
-HEX_PATH="/hsm2/ledger/src/signer/bin/app.hex"
+HEX_PATH="/hsm2/firmware/src/ledger/signer/bin/app.hex"
 HASH_CMD="cd /opt && echo '*******************' && echo 'Build successful. Signer hash:' && python -m hashapp.hashApp --hex $HEX_PATH && echo '*******************'"
 BUILD_CMD="make clean && make CHECKPOINT=$1 TARGET_DIFFICULTY=$2 NETWORK=$NETWORK && $HASH_CMD"
 
 DOCKER_USER="$(id -u):$(id -g)"
 
-docker run -t --rm --user $DOCKER_USER -w /hsm2/ledger/src/signer -v ${HSM_ROOT}:/hsm2 ${DOCKER_IMAGE} /bin/bash -c "$BUILD_CMD"
+docker run -t --rm --user $DOCKER_USER -w /hsm2/firmware/src/ledger/signer -v ${HSM_ROOT}:/hsm2 ${DOCKER_IMAGE} /bin/bash -c "$BUILD_CMD"

ledger/build/build-ui → firmware/build/build-ledger-ui

@@ -14,10 +14,10 @@ HSM_ROOT=$(realpath $BUILD_ROOT/../../)
 DOCKER_IMAGE=hsm:ledger
 source $BUILD_ROOT/../../docker/check-image
 
-HEX_PATH="/hsm2/ledger/src/ui/bin/token.hex"
+HEX_PATH="/hsm2/firmware/src/ledger/ui/bin/token.hex"
 HASH_CMD="cd /opt && echo '*******************' && echo 'Build successful. UI hash:' && python -m hashapp.hashApp --hex $HEX_PATH && echo '*******************'"
 BUILD_CMD="make clean && make SIGNER_HASH=$1 SIGNER_ITERATION=$2 SIGNERS_FILE=$3 && $HASH_CMD"
 
 DOCKER_USER="$(id -u):$(id -g)"
 
-docker run -t --rm --user $DOCKER_USER -w /hsm2/ledger/src/ui -v ${HSM_ROOT}:/hsm2 ${DOCKER_IMAGE} /bin/bash -c "$BUILD_CMD"
+docker run -t --rm --user $DOCKER_USER -w /hsm2/firmware/src/ledger/ui -v ${HSM_ROOT}:/hsm2 ${DOCKER_IMAGE} /bin/bash -c "$BUILD_CMD"

ledger/build/build-ui-debug → firmware/build/build-ledger-ui-debug

@@ -14,10 +14,10 @@ HSM_ROOT=$(realpath $BUILD_ROOT/../../)
 DOCKER_IMAGE=hsm:ledger
 source $BUILD_ROOT/../../docker/check-image
 
-HEX_PATH="/hsm2/ledger/src/ui/bin/token.hex"
+HEX_PATH="/hsm2/firmware/src/ledger/ui/bin/token.hex"
 HASH_CMD="cd /opt && echo '*******************' && echo 'Build successful. UI hash:' && python -m hashapp.hashApp --hex $HEX_PATH && echo '*******************'"
 BUILD_CMD="make clean && make SIGNER_HASH=$1 SIGNER_ITERATION=$2 SIGNERS_FILE=$3 DEBUG_BUILD=1 && $HASH_CMD"
 
 DOCKER_USER="$(id -u):$(id -g)"
 
-docker run -t --rm --user $DOCKER_USER -w /hsm2/ledger/src/ui -v ${HSM_ROOT}:/hsm2 ${DOCKER_IMAGE} /bin/bash -c "$BUILD_CMD"
+docker run -t --rm --user $DOCKER_USER -w /hsm2/firmware/src/ledger/ui -v ${HSM_ROOT}:/hsm2 ${DOCKER_IMAGE} /bin/bash -c "$BUILD_CMD"

ledger/build/build-tcpsigner → firmware/build/build-tcpsigner

@@ -18,4 +18,4 @@ BUILD_CMD="make clean all"
 
 DOCKER_USER="$(id -u):$(id -g)"
 
-docker run -t --rm --user $DOCKER_USER -w /hsm2/ledger/src/tcpsigner -v ${HSM_ROOT}:/hsm2 ${DOCKER_IMAGE} /bin/bash -c "$BUILD_CMD"
+docker run -t --rm --user $DOCKER_USER -w /hsm2/firmware/src/tcpsigner -v ${HSM_ROOT}:/hsm2 ${DOCKER_IMAGE} /bin/bash -c "$BUILD_CMD"

ledger/build/build-tcpsigner-afl → firmware/build/build-tcpsigner-afl

@@ -13,7 +13,7 @@ HSM_ROOT=$(realpath $BUILD_ROOT/../../)
 
 COVERAGE_DIR="$1"
 if [[ -z "$COVERAGE_DIR" ]]; then
-    COVERAGE_DIR="$HSM_ROOT/ledger/fuzz/.coverage-build"
+    COVERAGE_DIR="$HSM_ROOT/firmware/fuzz/.coverage-build"
 fi
 
 if [[ -z "$2" || "$2" != "--force" ]]; then
@@ -29,10 +29,13 @@ fi
 
 if [[ $REPLY =~ ^[Yy]$ ]]; then
     rm -rf $COVERAGE_DIR
-    mkdir -p $COVERAGE_DIR
-    cp -rf $HSM_ROOT/ledger/src/tcpsigner $COVERAGE_DIR/tcpsigner
-    cp -rf $HSM_ROOT/ledger/src/signer $COVERAGE_DIR/signer
-    cp -rf $HSM_ROOT/ledger/src/common $COVERAGE_DIR/common
+    mkdir -p $COVERAGE_DIR/ledger
+    cp -rf $HSM_ROOT/firmware/src/hal $COVERAGE_DIR/hal
+    cp -rf $HSM_ROOT/firmware/src/common $COVERAGE_DIR/common
+    cp -rf $HSM_ROOT/firmware/src/powhsm $COVERAGE_DIR/powhsm
+    cp -rf $HSM_ROOT/firmware/src/tcpsigner $COVERAGE_DIR/tcpsigner
+    # Some UI dependencies needed (symlinks within tcpsigner/src)
+    cp -rf $HSM_ROOT/firmware/src/ledger/ui $COVERAGE_DIR/ledger/ui
 else
     exit 1
 fi
@@ -42,9 +45,9 @@ source $BUILD_ROOT/../../docker/check-image
 DOCKER_USER="$(id -u):$(id -g)"
 
 
-COVERAGE_CMD="CC=\"gcc-7 --coverage\" CXX=g++-7 make clean all"
+COVERAGE_CMD="HSM_AFL=1 CC=\"gcc-7 --coverage\" CXX=g++-7 make clean all"
 docker run -ti --rm --user $DOCKER_USER -w /hsm2-cov/tcpsigner -v ${COVERAGE_DIR}:/hsm2-cov ${DOCKER_IMAGE} /bin/bash -c "$COVERAGE_CMD"
 
 # Good luck modifying this line. I don't recommend it.
-BUILD_CMD="AFL_CC=gcc-7 AFL_CXX=g++-7 CC=afl-gcc-fast CXX=afl-g++-fast make clean all"
-docker run -ti --rm --user $DOCKER_USER -w /hsm2/ledger/src/tcpsigner -v ${HSM_ROOT}:/hsm2 ${DOCKER_IMAGE} /bin/bash -c "$BUILD_CMD"
+BUILD_CMD="HSM_AFL=1 AFL_CC=gcc-7 AFL_CXX=g++-7 CC=afl-gcc-fast CXX=afl-g++-fast make clean all"
+docker run -ti --rm --user $DOCKER_USER -w /hsm2/firmware/src/tcpsigner -v ${HSM_ROOT}:/hsm2 ${DOCKER_IMAGE} /bin/bash -c "$BUILD_CMD"