Goal: To be able to compile Ledger Nano S apps, load them onto a Ledger Nano S, and interact with those apps entirely from within Raspbian running on a Raspberry Pi. This would be one alternative to running a Ledger Nano dev environment from a virtual machine, as is currently needed if you are devloping from a Windows or Mac OS based host machine.
According to here, Nano development uses both GCC and Clang toolchains, with each serving a slightly different purpose:
- A standard ARM gcc to build the non-secure (STM32) firmware and link the secure (ST31) applications
- A standard ARM clang above 4.0.0 with ROPI support to build the secure (ST31) applications
So, if I'm interpretting correctly (iffy), the actual apps we build will compile with Clang, (they're ST31 apps), but the GCC toolchain is still needed for linking, (and additionally for compiling ST32 firmware, if for some reason we are doing that).
Additionally it seems Clang uses the #include hierarchy provided by GCC, rather than provide its own (?), and we'll also be using a special #include tree provided by GCC's extensive cross-compiling support. So that's another reason we need GCC. (As for why we don't use GCC exclusively, I'm guessing GCC doesn't provide ROPI support?)
We're going to install the correct versions of Clang and GCC so that they will both be available on the command path. This means we will NOT need to set the BOLOS_ENV environment variable.
The Ledger docs say that Clang version 4.0 is the minimum. As of Raspbian Stretch, the default Clang is still < v4.0, so we need to expressly install the 4.0 branch with:
$ sudo apt-get install clang-4.0
Note however that this does not make clang available on the command line, as it installs to /usr/bin/ as clang-4.0. My temporary fix to that (better approach is intended later) is simply to symlink the clang binary to /usr/bin/clang and be done with it.
We need the GCC compiler, binutils, and include tree for "bare metal" ARM development. The "EABI" (Embedded Application Binary Interface) for bare metal ARM is labled "arm-none" ("none" implies no operating system). Thus the GCC variant we want is gcc-arm-none-eabi.
$ sudo apt-get install gcc-arm-none-eabi
This will get us arm-none-eabi-gcc and related tools. They will be available on the PATH.
Another side effect of this is that an include hierarchy will be produced at /usr/lib/arm-none-eabi/include. GCC is smart enough to find this hierarchy when invoked as arm-none-eabi-gcc, but Clang is not. Thus anything we compile in clang will need to have -I/usr/lib/arm-none-eabi/include/ added to the command line. Easiest way to achieve this is to add the following to the Makefile:
(((Something that adds to CFLAGS if platform is Raspbian....)))
(((Note: TODO: Check: I also installed libc6-dev-armel-cross and that MAY have been the one that put the include files in /usr/lib/arm-none-eabi/include. So if they aren't there after, gcc-arm-none-eabi, then install libc6-dev-armel-cross after.)))
(Standard process. Checkout correct tag from xxxx, then set BOLOS_SDK.)
Starting with just $pip install ledgerblue gave some troubles. Not 100% sure exactly what resolved those troubles (I'll pin it down next time I build a dev environment — likely when my RPi4 arrives) but I did the following, which likely included extra non-necessary stuff, but it worked:
(Following a suggestin here:)
$ sudo apt-get install python-dev cython libudev-dev libusb-1.0-0 libusb-dev libusb-1.0-0-dev libhidapi-dev libavahi-compat-libdnssd-dev
$ pip install cython
$ pip install hidapi
Then also there was a problem with "pillow" — it needed libjpeg:
$ sudo apt-get install libjpeg-dev
$ pip install pillow
Then, finally, ledgerblue worked:
$ pip install ledgerblue
Last piece was to enable user access to the Nano device on the USB bus. This is via udev-rules. Standard procedure is here, but basically I did the following:
$ cd /etc/udev/rules.d
$ echo 'SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001", MODE="0660", TAG+="uaccess", TAG+="udev-acl" OWNER="pi"' | sudo tee 20-nanoS-cjs.rules
$ sudo udevadm trigger
$ sudo udevadm control --reload-rules