From d991d81b8af7e76cafade4391e6194c7ca3a7eb3 Mon Sep 17 00:00:00 2001
From: Niklas Dusenlund <niklas@dusenlund.se>
Date: Mon, 12 Feb 2024 13:04:48 +0100
Subject: [PATCH] Add optiga-trust-m and mbedtls as git dependencies

---
 .containerversion       |  2 +-
 .gitmodules             |  6 +++++
 CMakeLists.txt          |  3 +++
 Dockerfile              |  4 ++++
 external/CMakeLists.txt | 52 +++++++++++++++++++++++++++++++++++++++++
 external/mbedtls        |  1 +
 external/optiga-trust-m |  1 +
 src/CMakeLists.txt      |  5 ++++
 8 files changed, 73 insertions(+), 1 deletion(-)
 create mode 160000 external/mbedtls
 create mode 160000 external/optiga-trust-m

diff --git a/.containerversion b/.containerversion
index d81cc0710..920a13966 100644
--- a/.containerversion
+++ b/.containerversion
@@ -1 +1 @@
-42
+43
diff --git a/.gitmodules b/.gitmodules
index a47bb703f..f29ae7047 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -10,3 +10,9 @@
 [submodule "tools/ttf2ugui"]
 	path = tools/ttf2ugui
 	url = https://github.com/BitBoxSwiss/ttf2ugui
+[submodule "external/optiga-trust-m"]
+	path = external/optiga-trust-m
+	url = https://github.com/nickez/optiga-trust-m.git
+[submodule "external/mbedtls"]
+	path = external/mbedtls
+	url = https://github.com/nickez/mbedtls
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6332b0665..4e4a149b3 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -355,6 +355,9 @@ endif()
 #-----------------------------------------------------------------------------
 # Build
 
+# Optiga config must be defined both when compiling the optiga lib, and also when compiling our sources.
+add_compile_definitions(${elf} PRIVATE OPTIGA_LIB_EXTERNAL="optiga/optiga_lib_config_bitbox02.h")
+
 add_subdirectory(external)
 add_subdirectory(messages)
 add_subdirectory(src)
diff --git a/Dockerfile b/Dockerfile
index 7a69124fd..26891eb6b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -105,6 +105,10 @@ RUN python3 -m pip install --upgrade \
     wheel==0.33.6 \
     twine==1.15.0
 
+# python modules for mbedtls
+RUN --mount=source=external/mbedtls/scripts/driver.requirements.txt,target=/mnt/driver.requirements.txt,rw \
+    python3 -m pip install --no-compile --no-cache-dir --upgrade --requirement /mnt/driver.requirements.txt
+
 #Install protoc from release, because the version available on the repo is too old
 RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \
       PROTOC_URL=https://github.com/protocolbuffers/protobuf/releases/download/v21.2/protoc-21.2-linux-aarch_64.zip; \
diff --git a/external/CMakeLists.txt b/external/CMakeLists.txt
index f2d3cfa88..0a057325e 100644
--- a/external/CMakeLists.txt
+++ b/external/CMakeLists.txt
@@ -77,6 +77,41 @@ set_property(TARGET secp256k1
 set_target_properties(secp256k1 PROPERTIES INTERFACE_INCLUDE_DIRECTORIES ${CMAKE_CURRENT_SOURCE_DIR}/libwally-core/src/secp256k1/include)
 set_target_properties(secp256k1 PROPERTIES INTERFACE_SYSTEM_INCLUDE_DIRECTORIES ${CMAKE_CURRENT_SOURCE_DIR}/libwally-core/src/secp256k1/include)
 
+set(MBEDTLS_CFLAGS "-mcpu=cortex-m4 -mthumb -mlong-calls -mfloat-abi=softfp -mfpu=fpv4-sp-d16 -fomit-frame-pointer -D__SAMD51J20A__")
+
+#set(ENABLE_TESTING OFF CACHE BOOL "Turn off testing in mbedtls" FORCE)
+#add_subdirectory(mbedtls)
+ExternalProject_Add(mbedtls-project
+  PREFIX            ${CMAKE_CURRENT_BINARY_DIR}/mbedtls
+  SOURCE_DIR        ${CMAKE_CURRENT_SOURCE_DIR}/mbedtls
+  CONFIGURE_COMMAND ${CMAKE_COMMAND} -DENABLE_TESTING=Off -DENABLE_PROGRAMS=Off -DCMAKE_TOOLCHAIN_FILE=../../arm.cmake -DCMAKE_C_FLAGS=${MBEDTLS_CFLAGS} ${CMAKE_CURRENT_SOURCE_DIR}/mbedtls
+  INSTALL_COMMAND   ${CMAKE_COMMAND} -E make_directory ${CMAKE_ARCHIVE_OUTPUT_DIRECTORY}
+  COMMAND           ${CMAKE_COMMAND} -E copy
+                      ${CMAKE_CURRENT_BINARY_DIR}/mbedtls/src/mbedtls-project-build/library/libmbedtls.a
+                      ${CMAKE_ARCHIVE_OUTPUT_DIRECTORY}/libmbedtls.a
+  COMMAND           ${CMAKE_COMMAND} -E copy
+                      ${CMAKE_CURRENT_BINARY_DIR}/mbedtls/src/mbedtls-project-build/library/libmbedx509.a
+                      ${CMAKE_ARCHIVE_OUTPUT_DIRECTORY}/libmbedx509.a
+  COMMAND           ${CMAKE_COMMAND} -E copy
+                      ${CMAKE_CURRENT_BINARY_DIR}/mbedtls/src/mbedtls-project-build/library/libmbedcrypto.a
+                      ${CMAKE_ARCHIVE_OUTPUT_DIRECTORY}/libmbedcrypto.a
+)
+
+add_library(mbedtls STATIC IMPORTED GLOBAL)
+set_property(TARGET mbedtls
+  PROPERTY IMPORTED_LOCATION ${CMAKE_ARCHIVE_OUTPUT_DIRECTORY}/libmbedtls.a)
+set_target_properties(mbedtls PROPERTIES INTERFACE_INCLUDE_DIRECTORIES ${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/include)
+
+add_library(mbedx509 STATIC IMPORTED GLOBAL)
+set_property(TARGET mbedx509
+  PROPERTY IMPORTED_LOCATION ${CMAKE_ARCHIVE_OUTPUT_DIRECTORY}/libmbedx509.a)
+set_target_properties(mbedx509 PROPERTIES INTERFACE_INCLUDE_DIRECTORIES ${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/include)
+
+add_library(mbedcrypto STATIC IMPORTED GLOBAL)
+set_property(TARGET mbedcrypto
+  PROPERTY IMPORTED_LOCATION ${CMAKE_ARCHIVE_OUTPUT_DIRECTORY}/libmbedcrypto.a)
+set_target_properties(mbedcrypto PROPERTIES INTERFACE_INCLUDE_DIRECTORIES ${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/include)
+
 
 if(CMAKE_CROSSCOMPILING)
   # Cortex Microcontroller Software Interface Standard
@@ -258,3 +293,20 @@ target_compile_options(rtt PRIVATE "-Wno-cast-qual")
 # we define it anyway here in case the default changes.
 target_compile_definitions(rtt PUBLIC "BUFFER_SIZE_DOWN=(1024)" "BUFFER_SIZE_UP=(1024)")
 target_include_directories(rtt SYSTEM PUBLIC SEGGER_RTT_V796b/RTT SEGGER_RTT_V796b/Config)
+
+# optiga-trust-m
+add_library(optiga
+  optiga-trust-m/optiga/cmd/optiga_cmd.c
+  optiga-trust-m/optiga/common/optiga_lib_common.c
+  optiga-trust-m/optiga/common/optiga_lib_logger.c
+  optiga-trust-m/optiga/comms/ifx_i2c/ifx_i2c.c
+  optiga-trust-m/optiga/comms/ifx_i2c/ifx_i2c_config.c
+  optiga-trust-m/optiga/comms/ifx_i2c/ifx_i2c_data_link_layer.c
+  optiga-trust-m/optiga/comms/ifx_i2c/ifx_i2c_physical_layer.c
+  optiga-trust-m/optiga/comms/ifx_i2c/ifx_i2c_presentation_layer.c
+  optiga-trust-m/optiga/comms/ifx_i2c/ifx_i2c_transport_layer.c
+  optiga-trust-m/optiga/comms/optiga_comms_ifx_i2c.c
+  optiga-trust-m/optiga/crypt/optiga_crypt.c
+  optiga-trust-m/optiga/util/optiga_util.c
+)
+target_include_directories(optiga SYSTEM PUBLIC optiga-trust-m/optiga/include)
diff --git a/external/mbedtls b/external/mbedtls
new file mode 160000
index 000000000..8e2962dae
--- /dev/null
+++ b/external/mbedtls
@@ -0,0 +1 @@
+Subproject commit 8e2962dae5bb970148c6ef1141384fb7690521f6
diff --git a/external/optiga-trust-m b/external/optiga-trust-m
new file mode 160000
index 000000000..8a56a6a5d
--- /dev/null
+++ b/external/optiga-trust-m
@@ -0,0 +1 @@
+Subproject commit 8a56a6a5d774213861dd62a356350518ee7d5be0
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 967b577fc..834e10486 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -605,9 +605,14 @@ if(CMAKE_CROSSCOMPILING)
   foreach(firmware ${FIRMWARES})
     set(elf ${firmware}.elf)
     add_executable(${elf} ${FIRMWARE-SOURCES})
+    add_dependencies(${elf} mbedtls-project)
     # Must manually link against C so that malloc can find _sbrk
     target_link_libraries(${elf}
       PRIVATE
+        mbedtls
+        mbedx509
+        mbedcrypto
+        optiga
         cryptoauthlib
         fatfs
         ctaes