Fix BITCOIN_ONLY version issue.

.github/workflows/build-classic1s.yml

@@ -7,7 +7,30 @@ on:
 
 jobs:
   build-classic1s:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
+    name: "Build Classic1S (${{ matrix.artifact_suffix }})"
+    outputs:
+      firmware_version: ${{ steps.vars.outputs.firmware_version }}
+      boot_version: ${{ steps.vars.outputs.boot_version }}
+      short_hash: ${{ steps.vars.outputs.short_hash }}
+      build_date: ${{ steps.vars.outputs.build_date }}
+      artifacts_url: ${{ steps.vars.outputs.artifacts_url }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - build_type: "prod"
+            bitcoin_only: 0
+            artifact_suffix: "prod"
+          - build_type: "prod"
+            bitcoin_only: 1
+            artifact_suffix: "prod-bitcoin-only"
+          - build_type: "qa"
+            bitcoin_only: 0
+            artifact_suffix: "qa"
+          - build_type: "qa"
+            bitcoin_only: 1
+            artifact_suffix: "qa-bitcoin-only"
 
     steps:
       - name: "Checkout"
@@ -17,49 +40,85 @@ jobs:
         id: vars
         run: |
           BOOT_VERSION=$(./tools/version.sh ./legacy/bootloader/version.h)
-          FIRMWARE_VERSION=$(cat ./legacy/firmware/version.h | grep "ONEKEY_VERSION " | awk -F "[\"\"]" '{print $2}')
+          FIRMWARE_VERSION=$(awk -F '"' '/ONEKEY_VERSION /{print $2}' ./legacy/firmware/version.h)
           BUILD_DATE=$(date +"%Y%m%d")
           SHORT_HASH=$(git rev-parse --short HEAD)
 
           echo "BOOT_VERSION=$BOOT_VERSION" >> $GITHUB_ENV
           echo "BUILD_DATE=$BUILD_DATE" >> $GITHUB_ENV
           echo "SHORT_HASH=$SHORT_HASH" >> $GITHUB_ENV
           echo "FIRMWARE_VERSION=$FIRMWARE_VERSION" >> $GITHUB_ENV
-          echo "ARTIFACTS_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"" >> $GITHUB_ENV
+          ARTIFACTS_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
+          echo "ARTIFACTS_URL=${ARTIFACTS_URL}" >> $GITHUB_ENV
+
+          echo "firmware_version=$FIRMWARE_VERSION" >> $GITHUB_OUTPUT
+          echo "boot_version=$BOOT_VERSION" >> $GITHUB_OUTPUT
+          echo "short_hash=$SHORT_HASH" >> $GITHUB_OUTPUT
+          echo "build_date=$BUILD_DATE" >> $GITHUB_OUTPUT
+          echo "artifacts_url=$ARTIFACTS_URL" >> $GITHUB_OUTPUT
 
       - name: "Build classic1S firmware"
         run: |
           sh <(curl -L https://releases.nixos.org/nix/nix-2.23.3/install) --no-daemon
           . $HOME/.nix-profile/etc/profile.d/nix.sh
+
           nix-shell --run "poetry install"
           nix-shell --run "poetry run ./legacy/script/setup"
-          nix-shell --run "export FIRMWARE_QA=1 && poetry run ./legacy/script/cibuild"
-          nix-shell --run "poetry run pip install ecdsa && poetry run ./legacy/debug_signing/sign_onekey_qa.py ./legacy/firmware/classic*Stable*.bin -S 1:${{ secrets.SECRET_QA_KEY_1 }} -S 2:${{ secrets.SECRET_QA_KEY_2 }} -S 3:${{ secrets.SECRET_QA_KEY_3 }} -S 4:${{ secrets.SECRET_QA_KEY_4 }}"
-          mkdir -p qa && cp ./legacy/firmware/classic*Stable*.qa.signed.bin qa
-          nix-shell --run "poetry run ./legacy/script/setup"
-          nix-shell --run "export PRODUCTION=0 BOOTLOADER_QA=1 && poetry run ./legacy/script/cibuild"
-          cp ./legacy/bootloader/classic1s_bootloader*Stable*.bin qa
-          nix-shell --run "poetry run ./legacy/script/setup"
+
+          if [ "${{ matrix.bitcoin_only }}" = "1" ]; then
+            export BITCOIN_ONLY=1
+          fi
+
+          if [ "${{ matrix.build_type }}" = "qa" ]; then
+            export FIRMWARE_QA=1
+            export PRODUCTION=0
+            export BOOTLOADER_QA=1
+            SIGN_SCRIPT="./legacy/debug_signing/sign_onekey_qa.py"
+          else
+            export PRODUCTION=1
+          fi
+
           nix-shell --run "poetry run ./legacy/script/cibuild"
-          ./legacy/script/hash.py -t bootloader -f legacy/bootloader/classic1s_bootloader*Stable*.bin > legacy/bootloader/hash.txt
-          ./legacy/script/hash.py -t firmware -f legacy/firmware/classic*Stable*.bin > legacy/firmware/hash.txt
-          ./legacy/script/hash.py -t bootloader -f qa/classic1s_bootloader*Stable*.bin > qa/hash.txt
-          ./legacy/script/hash.py -t firmware -f qa/classic1s.*Stable*.bin >> qa/hash.txt
+
+          mkdir -p ${{ matrix.artifact_suffix }}
+
+          if [ "${{ matrix.build_type }}" = "qa" ]; then
+            nix-shell --run "poetry run pip install ecdsa && poetry run $SIGN_SCRIPT \
+              ./legacy/firmware/classic*Stable*.bin \
+              -S 1:${{ secrets.SECRET_QA_KEY_1 }} \
+              -S 2:${{ secrets.SECRET_QA_KEY_2 }} \
+              -S 3:${{ secrets.SECRET_QA_KEY_3 }} \
+              -S 4:${{ secrets.SECRET_QA_KEY_4 }}"
+
+            cp ./legacy/firmware/classic*Stable*qa.signed.bin ${{ matrix.artifact_suffix }}
+          else
+            cp ./legacy/firmware/classic*Stable*.bin ${{ matrix.artifact_suffix }}
+          fi
+
+          if [ "${{ matrix.bitcoin_only }}" = "0" ]; then
+            cp ./legacy/bootloader/classic1s_bootloader*Stable*.bin ${{ matrix.artifact_suffix }}
+            ./legacy/script/hash.py -t bootloader -f ${{ matrix.artifact_suffix }}/classic1s_bootloader*Stable*.bin > ${{ matrix.artifact_suffix }}/hash.txt
+            ./legacy/script/hash.py -t firmware -f ${{ matrix.artifact_suffix }}/classic1s.*Stable*.bin >> ${{ matrix.artifact_suffix }}/hash.txt
+          else
+            ./legacy/script/hash.py -t firmware -f ${{ matrix.artifact_suffix }}/classic1s.*Stable*.bin > ${{ matrix.artifact_suffix }}/hash.txt
+          fi
 
       - name: "Upload Artifacts"
         uses: actions/upload-artifact@v4
         with:
-          name: firmware-classic1s-${{ github.sha }}
-          path: |
-            ./legacy/firmware/classic*Stable*.bin
-            ./legacy/firmware/hash.txt
-            ./legacy/bootloader/classic1s_bootloader*Stable*.bin
-            ./legacy/bootloader/hash.txt
-            ./legacy/bootloader0/bootloader0.bin
-            ./legacy/intermediate_fw/classic*.bin
-            ./qa
-
-      - name: "Notify to Slack"
+          name: classic1s-${{ matrix.artifact_suffix }}-${{ env.SHORT_HASH }}
+          path: ${{ matrix.artifact_suffix }}/
+
+  notify-slack:
+    runs-on: ubuntu-latest
+    needs: build-classic1s
+    env:
+      FIRMWARE_VERSION: ${{ needs.build-classic1s.outputs.firmware_version }}
+      BOOT_VERSION: ${{ needs.build-classic1s.outputs.boot_version }}
+      SHORT_HASH: ${{ needs.build-classic1s.outputs.short_hash }}
+      BUILD_DATE: ${{ needs.build-classic1s.outputs.build_date }}
+    steps:
+      - name: "Send notification"
         uses: onekeyhq/actions/notice-slack-app-update@main
         with:
           web-hook-url: ${{ secrets.SLACK_DEV_RELEASE_WEBHOOK }}
@@ -68,8 +127,6 @@ jobs:
           artifact-bundle-id: 'so.onekey.firmware.classic2'
           artifact-version-name: '${{ env.FIRMWARE_VERSION }}'
           artifact-version-code: '${{ env.SHORT_HASH }}-${{ env.BUILD_DATE }}'
-          artifact-download-url: '${{ env.ARTIFACTS_URL }}'
+          artifact-download-url: '${{ needs.build-classic1s.outputs.artifacts_url }}'
           change-log: 'firmware@${{ env.FIRMWARE_VERSION }} / boot@${{ env.BOOT_VERSION }}'
           custom-issue-url: ''
-          custom-message-title: ''
-          custom-message-payload: ''

legacy/firmware/Makefile

@@ -7,8 +7,12 @@ NAME = onekey_emu
 else
 ifndef BUILD_ID
 BUILD_COMMIT=$(shell git rev-parse HEAD | cut -c1-7)
+ifneq ($(BITCOIN_ONLY),1)
 NAME=classic1s.$(FIRMWARE_BUILD_VERSION)-Stable-$(FIRMWARE_BUILD_DATE)-$(BUILD_COMMIT)
 else
+NAME=classic1s.$(FIRMWARE_BUILD_VERSION)-Stable-bc-only-$(FIRMWARE_BUILD_DATE)-$(BUILD_COMMIT)
+endif
+else
 NAME=classic1s.$(FIRMWARE_BUILD_VERSION)-Alpha-$(FIRMWARE_BUILD_DATE)-$(BUILD_ID)
 endif
 endif
@@ -83,6 +87,8 @@ OBJS += reset.o
 OBJS += signing.o
 OBJS += crypto.o
 OBJS += se_chip.o
+OBJS += psbt/psbt.o
+OBJS += bip322_simple/bip322_simple.o
 
 ifneq ($(BITCOIN_ONLY),1)
 OBJS += fido2/ctap_trans.o
@@ -158,8 +164,6 @@ OBJS += ton_cell.o
 OBJS += ton_tokens.o
 OBJS += ton_address.o
 OBJS += ton_layout.o
-OBJS += psbt/psbt.o
-OBJS += bip322_simple/bip322_simple.o
 OBJS += benfen.o
 OBJS += neo.o
 OBJS += neo_tokens.o

legacy/firmware/menu_list.c

@@ -17,10 +17,12 @@
 #include "usb.h"
 #include "util.h"
 
+#if !BITCOIN_ONLY
 #include "fido2/resident_credential.h"
+static bool resident_credential_refresh = true;
+#endif
 
 static struct menu settings_menu, main_menu, security_set_menu, about_menu;
-static bool resident_credential_refresh = true;
 
 void menu_erase_device(int index) {
   (void)index;
@@ -369,6 +371,7 @@ void menu_check_all_words(int index) {
   }
 }
 
+#if !BITCOIN_ONLY
 void menu_fido2_resident_credential(int index);
 
 static CTAP_UserInfo user_info[FIDO2_RESIDENT_CREDENTIALS_COUNT]
@@ -499,15 +502,17 @@ void menu_fido2_resident_credential(int index) {
   fido_resident_credential_menu.previous = &security_set_menu;
   menu_init(&fido_resident_credential_menu);
 }
-
+#endif
 static const struct menu_item security_set_menu_items[] = {
     {"Change PIN", NULL, true, menu_changePin, NULL, false, NULL},
     {"Check Recovery Phrase", NULL, true, menu_check_all_words, NULL, false,
      NULL},
     {"Passphrase", NULL, false, .sub_menu = &passphrase_set_menu,
      menu_para_passphrase, true, menu_para_passphrase_index},
+#if !BITCOIN_ONLY
     {"FIDO Keys", NULL, true, menu_fido2_resident_credential, NULL, false,
      NULL},
+#endif
     {"Reset Device", NULL, true, menu_erase_device, NULL, false, NULL},
 };
 

legacy/firmware/protect.c

@@ -807,13 +807,14 @@ uint8_t protectWaitKey(uint32_t time_out, uint8_t mode) {
       msg_tiny_id = 0xFFFF;
       break;
     }
+#if !BITCOIN_ONLY
     if (layoutLast == layoutScreensaver) {
       if (u2f_init_command) {
         u2f_init_command = false;
         break;
       }
     }
-
+#endif
     if (protectAbortedByFIDO && layoutLast == layoutHome) {
       protectAbortedByFIDO = false;
       break;

legacy/firmware/protob/Makefile

@@ -14,7 +14,8 @@ SKIPPED_MESSAGES := Binance DebugMonero Eos Monero Ontology SdProtect Tezos \
 
 ifeq ($(BITCOIN_ONLY), 1)
 SKIPPED_MESSAGES += Ethereum NEM Stellar Solana Starcoin Aptos Near Conflux Algorand \
-	Filecoin Cosmos Polkadot Sui Kaspa Nexa Alephium Nervos Ton WebAuthn Benfen Neo
+	Filecoin Cosmos Polkadot Sui Kaspa Nexa Alephium Nervos Ton WebAuthn Benfen Neo \
+	Cardano Scdo Nostr Tron Ripple Lnurl
 endif
 
 PROTO_NAMES = messages messages-bitcoin messages-common messages-crypto messages-debug \

legacy/firmware/usb.c

@@ -449,13 +449,16 @@ static void i2c_slave_poll(void) {
   total_len = fifo_lockdata_len(&i2c_fifo_in);
   if (total_len > 0) {
     fifo_read_peek(&i2c_fifo_in, header, sizeof(header));
+#if !BITCOIN_ONLY
     if (memcmp(header, "fid", 3) == 0) {
       uint8_t *fido_data = get_ble_fido_data_ptr();
       fifo_read_lock(&i2c_fifo_in, header, sizeof(header));
       fifo_read_lock(&i2c_fifo_in, fido_data, total_len - 3);
       set_ble_fido_data_len(total_len - 3);
       ctap_ble_cmd();
-    } else {
+    } else
+#endif
+    {
       while ((total_len = fifo_lockdata_len(&i2c_fifo_in)) > 0) {
         memset(packet_buf, 0x00, sizeof(packet_buf));
         len = total_len > 64 ? 64 : total_len;
@@ -564,6 +567,7 @@ void usbPoll(void) {
 #endif
 }
 
+#if !BITCOIN_ONLY
 void usb_u2f_data_send(void) {
   static const uint8_t *data;
   while (1) {
@@ -577,7 +581,7 @@ void usb_u2f_data_send(void) {
     }
   }
 }
-
+#endif
 void usbReconnect(void) {
   if (usbd_dev != NULL) {
     usbd_disconnect(usbd_dev, 1);

legacy/script/cibuild

@@ -32,6 +32,6 @@ make -C firmware
 
 if [ "$EMULATOR" != 1 ]; then
     make -C firmware sign
-    make -C intermediate_fw
-    make -C intermediate_fw sign
+    # make -C intermediate_fw
+    # make -C intermediate_fw sign
 fi

tools/version.sh

@@ -4,4 +4,4 @@ if [ -z "$1" ]; then
    exit 1
 fi
 
-echo "VERSION_MAJOR.VERSION_MINOR.VERSION_PATCH" | cpp -include $1 -nostdinc -P | tr -d " "
+echo "VERSION_MAJOR.VERSION_MINOR.VERSION_PATCH" | /usr/bin/cpp -include $1 -nostdinc -P | tr -d " "