From 2530312091c652509da808e3925ca932d91b3dba Mon Sep 17 00:00:00 2001 From: tychovrahe Date: Wed, 25 Sep 2024 16:40:47 +0200 Subject: [PATCH] fix(core): reboot immediately in boardloader if BHK is locked [no changelog] --- core/embed/boardloader/main.c | 6 +++--- core/embed/trezorhal/secret.h | 8 +++++--- core/embed/trezorhal/stm32f4/secret.c | 2 ++ core/embed/trezorhal/stm32u5/secret.c | 10 +++++++++- 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/core/embed/boardloader/main.c b/core/embed/boardloader/main.c index a5cb8c1595..1178c5fe13 100644 --- a/core/embed/boardloader/main.c +++ b/core/embed/boardloader/main.c @@ -34,6 +34,7 @@ #include "mpu.h" #include "rng.h" #include "rsod.h" +#include "secret.h" #include "system.h" #include "terminal.h" @@ -63,7 +64,6 @@ #include "memzero.h" #ifdef STM32U5 -#include "secret.h" #include "tamper.h" #include "trustzone.h" #endif @@ -253,10 +253,10 @@ int main(void) { tamper_init(); trustzone_init_boardloader(); - - secret_ensure_initialized(); #endif + secret_init(); + #ifdef STM32F4 clear_otg_hs_memory(); #endif diff --git a/core/embed/trezorhal/secret.h b/core/embed/trezorhal/secret.h index 288e98f7f9..5bb457bb6a 100644 --- a/core/embed/trezorhal/secret.h +++ b/core/embed/trezorhal/secret.h @@ -30,9 +30,6 @@ secbool secret_wiped(void); // Verifies that the secret storage has correct header secbool secret_verify_header(void); -// Checks that the secret storage is initialized and initializes it if not -secbool secret_ensure_initialized(void); - // Erases the entire secret storage void secret_erase(void); @@ -70,6 +67,11 @@ void secret_bhk_regenerate(void); // This function is called by the bootloader before starting the firmware void secret_prepare_fw(secbool allow_run_with_secret, secbool trust_all); +// Prepares the secret storage for running the boardloader and next stages +// Ensures that secret storage access is enabled +// This function is called by the boardloader +void secret_init(void); + #endif // KERNEL_MODE // Checks if bootloader is locked, that is the secret storage contains optiga diff --git a/core/embed/trezorhal/stm32f4/secret.c b/core/embed/trezorhal/stm32f4/secret.c index 175cb25396..de6dd3297a 100644 --- a/core/embed/trezorhal/stm32f4/secret.c +++ b/core/embed/trezorhal/stm32f4/secret.c @@ -133,4 +133,6 @@ void secret_prepare_fw(secbool allow_run_with_secret, secbool _trust_all) { #endif } +void secret_init(void) {} + #endif // KERNEL_MODE diff --git a/core/embed/trezorhal/stm32u5/secret.c b/core/embed/trezorhal/stm32u5/secret.c index f6b3a2d4f5..69a060c7cc 100644 --- a/core/embed/trezorhal/stm32u5/secret.c +++ b/core/embed/trezorhal/stm32u5/secret.c @@ -35,7 +35,7 @@ secbool secret_verify_header(void) { return bootloader_locked; } -secbool secret_ensure_initialized(void) { +static secbool secret_ensure_initialized(void) { if (sectrue != secret_verify_header()) { ensure(erase_storage(NULL), "erase storage failed"); secret_erase(); @@ -353,4 +353,12 @@ void secret_prepare_fw(secbool allow_run_with_secret, secbool trust_all) { } } +void secret_init(void) { + if (secret_bhk_locked() == sectrue) { + reboot(); + } + + secret_ensure_initialized(); +} + #endif // KERNEL_MODE