diff --git a/Makefile b/Makefile index 1daba0dad5..693d62e4b6 100644 --- a/Makefile +++ b/Makefile @@ -154,6 +154,12 @@ bootloader_hashes: ## generate bootloader hashes bootloader_hashes_check: ## check generated bootloader hashes ./core/tools/bootloader_hashes.py --check -gen: templates mocks icons protobuf ci_docs vendorheader solana_templates bootloader_hashes ## regenerate auto-generated files from sources +lsgen: ## generate linker scripts hashes + lsgen -gen_check: templates_check mocks_check icons_check protobuf_check ci_docs_check vendorheader_check solana_templates_check bootloader_hashes_check ## check validity of auto-generated files +lsgen_check: ## check generated linker scripts + lsgen --check + +gen: templates mocks icons protobuf ci_docs vendorheader solana_templates bootloader_hashes lsgen ## regenerate auto-generated files from sources + +gen_check: templates_check mocks_check icons_check protobuf_check ci_docs_check vendorheader_check solana_templates_check bootloader_hashes_check lsgen_check ## check validity of auto-generated files diff --git a/core/Makefile b/core/Makefile index 4f5703e2b6..31e28b6def 100644 --- a/core/Makefile +++ b/core/Makefile @@ -277,11 +277,11 @@ build_reflash: ## build reflash firmware + reflash image build_kernel: ## build kernel image $(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" \ - TREZOR_MODEL="$(TREZOR_MODEL)" \ + TREZOR_MODEL="$(TREZOR_MODEL)" CMAKELISTS="$(CMAKELISTS)" \ BOOTLOADER_QA="$(BOOTLOADER_QA)" BOOTLOADER_DEVEL="$(BOOTLOADER_DEVEL)" \ $(KERNEL_BUILD_DIR)/kernel.bin -build_coreapp: templates build_cross ## build coreapp with frozen modules +build_coreapp: templates build_cross build_kernel ## build coreapp with frozen modules $(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" \ TREZOR_MODEL="$(TREZOR_MODEL)" CMAKELISTS="$(CMAKELISTS)" \ PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" \ @@ -372,15 +372,12 @@ flash_bootloader_ci: $(BOOTLOADER_CI_BUILD_DIR)/bootloader.bin ## flash CI bootl flash_prodtest: $(PRODTEST_BUILD_DIR)/prodtest.bin ## flash prodtest using OpenOCD $(OPENOCD) -c "init; reset halt; flash write_image erase $< $(FIRMWARE_START); exit" -flash_kernel: $(KERNEL_BUILD_DIR)/kernel.bin ## flash kernel using OpenOCD - $(OPENOCD) -c "init; reset halt; flash write_image erase $< $(KERNEL_START); exit" - flash_coreapp: $(COREAPP_BUILD_DIR)/coreapp.bin ## flash coreapp using OpenOCD ifeq ($(MCU),$(filter $(MCU),STM32F4)) - $(OPENOCD) -c "init; reset halt; flash write_image erase $<.p1 $(COREAPP_START); flash write_image erase $<.p2 $(COREAPP_P2_START); exit" + $(OPENOCD) -c "init; reset halt; flash write_image erase $<.p1 $(FIRMWARE_START); flash write_image erase $<.p2 $(FIRMWARE_P2_START); exit" else - $(OPENOCD) -c "init; reset halt; flash write_image erase $< $(COREAPP_START); exit" + $(OPENOCD) -c "init; reset halt; flash write_image erase $< $(FIRMWARE_START); exit" endif flash_firmware: $(FIRMWARE_BUILD_DIR)/firmware.bin ## flash firmware using OpenOCD diff --git a/core/SConscript.boardloader b/core/SConscript.boardloader index af532a192c..8afc63e7d4 100644 --- a/core/SConscript.boardloader +++ b/core/SConscript.boardloader @@ -7,6 +7,7 @@ TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T') CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0)) HW_REVISION = ARGUMENTS.get('HW_REVISION', None) NEW_RENDERING = ARGUMENTS.get('NEW_RENDERING', '1') == '1' +MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL) if TREZOR_MODEL in ('1', ): # skip boardloader build @@ -103,15 +104,15 @@ env = Environment(ENV=os.environ, FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL) FILE_SUFFIX= env.get('ENV')['SUFFIX'] -LINKER_SCRIPT_SUFFIX= env.get('ENV')['LINKER_SCRIPT'] SOURCE_BOARDLOADER = [ - f"embed/boardloader/startup_{FILE_SUFFIX}.s", + f"embed/trezorhal/{FILE_SUFFIX}/startup_stage_0.s", 'embed/boardloader/main.c', ] env.Replace( + CAT='cat', CP='cp', AS='arm-none-eabi-as', AR='arm-none-eabi-ar', @@ -137,7 +138,7 @@ env.Replace( '-fstack-protector-strong ' + env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD, CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB', - LINKFLAGS=f"-T embed/boardloader/memory_{LINKER_SCRIPT_SUFFIX}.ld -Wl,--gc-sections -Wl,-Map=build/boardloader/boardloader.map -Wl,--warn-common -Wl,--print-memory-usage", + LINKFLAGS="-T build/boardloader/memory.ld -Wl,--gc-sections -Wl,-Map=build/boardloader/boardloader.map -Wl,--warn-common -Wl,--print-memory-usage", CPPPATH=[ 'embed/boardloader', 'embed/lib', @@ -175,6 +176,12 @@ obj_program += env.Object(source=SOURCE_MOD_CRYPTO, CCFLAGS='$CCFLAGS -ftrivial- obj_program += env.Object(source=SOURCE_BOARDLOADER) obj_program += env.Object(source=SOURCE_HAL) +linkerscript_gen = env.Command( + target='memory.ld', + source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='boardloader')], + action='$CAT $SOURCES > $TARGET', +) + program_elf = env.Command( target='boardloader.elf', source=obj_program, @@ -182,6 +189,8 @@ program_elf = env.Command( '$LINK -o $TARGET $CCFLAGS $CFLAGS $LINKFLAGS $SOURCES -lc_nano -lgcc', ) +env.Depends(program_elf, linkerscript_gen) + BINARY_NAME = f"build/boardloader/boardloader-{models.get_model_identifier(TREZOR_MODEL)}" BINARY_NAME += "-" + tools.get_version('embed/boardloader/version.h') BINARY_NAME += "-" + tools.get_git_revision_short_hash() diff --git a/core/SConscript.bootloader b/core/SConscript.bootloader index b8f039bbe7..b0a52822ec 100644 --- a/core/SConscript.bootloader +++ b/core/SConscript.bootloader @@ -9,6 +9,7 @@ BOOTLOADER_QA = ARGUMENTS.get('BOOTLOADER_QA', '0') == '1' PRODUCTION = 0 if BOOTLOADER_QA else ARGUMENTS.get('PRODUCTION', '0') == '1' HW_REVISION = ARGUMENTS.get('HW_REVISION', None) NEW_RENDERING = ARGUMENTS.get('NEW_RENDERING', '1') == '1' or TREZOR_MODEL in ('T3T1',) +MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL) if TREZOR_MODEL in ('1', ): # skip bootloader build @@ -162,10 +163,9 @@ env = Environment( FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL) FILE_SUFFIX= env.get('ENV')['SUFFIX'] -LINKER_SCRIPT_SUFFIX= env.get('ENV')['LINKER_SCRIPT'] SOURCE_BOOTLOADER = [ - f'embed/bootloader/startup_{FILE_SUFFIX}.s', + f'embed/trezorhal/{FILE_SUFFIX}/startup_stage_1.s', 'embed/bootloader/header.S', 'embed/bootloader/bootui.c', 'embed/bootloader/main.c', @@ -176,6 +176,7 @@ SOURCE_BOOTLOADER = [ env.Replace( + CAT='cat', CP='cp', AS='arm-none-eabi-as', AR='arm-none-eabi-ar', @@ -213,7 +214,7 @@ env.Replace( '-fstack-protector-strong ' + env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD, CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB', - LINKFLAGS=f'-T embed/bootloader/memory_{LINKER_SCRIPT_SUFFIX}.ld -Wl,--gc-sections -Wl,-Map=build/bootloader/bootloader.map -Wl,--warn-common -Wl,--print-memory-usage', + LINKFLAGS='-T build/bootloader/memory.ld -Wl,--gc-sections -Wl,-Map=build/bootloader/bootloader.map -Wl,--warn-common -Wl,--print-memory-usage', CPPPATH=ALLPATHS, CPPDEFINES=[ 'BOOTLOADER', @@ -310,6 +311,12 @@ obj_program += env.Object(source=SOURCE_NANOPB) obj_program += env.Object(source=SOURCE_HAL) +linkerscript_gen = env.Command( + target='memory.ld', + source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='bootloader')], + action='$CAT $SOURCES > $TARGET', +) + program_elf = env.Command( target='bootloader.elf', source=obj_program, @@ -317,6 +324,7 @@ program_elf = env.Command( '$LINK -o $TARGET $CCFLAGS $CFLAGS $SOURCES $LINKFLAGS -lc_nano -lm -lgcc', ) +env.Depends(program_elf, linkerscript_gen) env.Depends(program_elf, rust) SUFFIX = '_qa' if BOOTLOADER_QA else '' diff --git a/core/SConscript.bootloader_ci b/core/SConscript.bootloader_ci index 841f48b1df..1963c53600 100644 --- a/core/SConscript.bootloader_ci +++ b/core/SConscript.bootloader_ci @@ -7,6 +7,7 @@ TREZOR_MODEL = ARGUMENTS.get('TREZOR_MODEL', 'T') CMAKELISTS = int(ARGUMENTS.get('CMAKELISTS', 0)) HW_REVISION = ARGUMENTS.get('HW_REVISION', None) NEW_RENDERING = ARGUMENTS.get('NEW_RENDERING', '1') == '1' or TREZOR_MODEL in ('T3T1',) +MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL) if TREZOR_MODEL in ('1', 'DISC1', 'DISC2'): # skip bootloader_ci build @@ -154,10 +155,9 @@ env = Environment( FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL) FILE_SUFFIX= env.get('ENV')['SUFFIX'] -LINKER_SCRIPT_SUFFIX= env.get('ENV')['LINKER_SCRIPT'] SOURCE_BOOTLOADER = [ - f'embed/bootloader_ci/startup_{FILE_SUFFIX}.s', + f'embed/trezorhal/{FILE_SUFFIX}/startup_stage_1.s', 'embed/bootloader_ci/header.S', 'embed/bootloader_ci/bootui.c', 'embed/bootloader_ci/main.c', @@ -167,6 +167,7 @@ SOURCE_BOOTLOADER = [ ] env.Replace( + CAT='cat', CP='cp', AS='arm-none-eabi-as', AR='arm-none-eabi-ar', @@ -192,7 +193,7 @@ env.Replace( '-fstack-protector-strong ' + env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD, CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB', - LINKFLAGS=f'-T embed/bootloader_ci/memory_{LINKER_SCRIPT_SUFFIX}.ld -Wl,--gc-sections -Wl,-Map=build/bootloader_ci/bootloader.map -Wl,--warn-common', + LINKFLAGS=f'-T build/bootloader_ci/memory.ld -Wl,--gc-sections -Wl,-Map=build/bootloader_ci/bootloader.map -Wl,--warn-common', CPPPATH=[ 'embed/bootloader_ci', 'embed/bootloader_ci/nanopb', @@ -241,6 +242,12 @@ obj_program += env.Object(source=SOURCE_BOOTLOADER) obj_program += env.Object(source=SOURCE_NANOPB) obj_program += env.Object(source=SOURCE_HAL) +linkerscript_gen = env.Command( + target='memory.ld', + source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='bootloader')], + action='$CAT $SOURCES > $TARGET', +) + program_elf = env.Command( target='bootloader.elf', source=obj_program, @@ -248,6 +255,8 @@ program_elf = env.Command( '$LINK -o $TARGET $CCFLAGS $CFLAGS $LINKFLAGS $SOURCES -lc_nano -lgcc', ) +env.Depends(program_elf, linkerscript_gen) + BINARY_NAME = f"build/bootloader_ci/bootloader_ci-{models.get_model_identifier(TREZOR_MODEL)}" BINARY_NAME += "-" + tools.get_version('embed/bootloader_ci/version.h') BINARY_NAME += "-" + tools.get_git_revision_short_hash() diff --git a/core/SConscript.coreapp b/core/SConscript.coreapp index a65908aac0..e2587fdaeb 100644 --- a/core/SConscript.coreapp +++ b/core/SConscript.coreapp @@ -16,7 +16,7 @@ DISABLE_OPTIGA = ARGUMENTS.get('DISABLE_OPTIGA', '0') == '1' HW_REVISION = ARGUMENTS.get('HW_REVISION', None) THP = ARGUMENTS.get('THP', '0') == '1' # Trezor-Host Protocol NEW_RENDERING = ARGUMENTS.get('NEW_RENDERING', '1') == '1' or TREZOR_MODEL in ('T3T1',) - +MODEL_IDENTIFIER = models.get_model_identifier(TREZOR_MODEL) FEATURE_FLAGS = { "RDI": True, @@ -439,7 +439,7 @@ SOURCE_FIRMWARE = [ 'embed/coreapp/main.c', 'embed/coreapp/mphalport.c', 'embed/coreapp/nlrthumb.c', - f'embed/coreapp/startup_{FILE_SUFFIX}.S', + f'embed/trezorhal/{FILE_SUFFIX}/startup_stage_4.S', ] @@ -478,11 +478,6 @@ env.Replace( env.Replace( TREZOR_MODEL=TREZOR_MODEL,) -if TREZOR_MODEL in ('1',): - LD_VARIANT = '' if EVERYTHING else '_min' -else: - LD_VARIANT = '' - ALLPATHS = [ '.', 'embed/rust', @@ -505,7 +500,7 @@ env.Replace( '-fstack-protector-all ' + env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD, CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB', - LINKFLAGS='-T embed/coreapp/memory_${TREZOR_MODEL}%s.ld -Wl,--gc-sections -Wl,--print-memory-usage -Wl,-Map=build/coreapp/coreapp.map -Wl,--warn-common' % LD_VARIANT, + LINKFLAGS='-T build/coreapp/memory.ld -Wl,--gc-sections -Wl,--print-memory-usage -Wl,-Map=build/coreapp/coreapp.map -Wl,--warn-common', CPPPATH=ALLPATHS, CPPDEFINES=[ 'FIRMWARE', @@ -879,17 +874,33 @@ else: VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_{vendor}.bin' -if TREZOR_MODEL not in ('1',): - obj_program.extend( - env.Command( - target='embed/coreapp/vendorheader.o', - source=VENDORHEADER, - action='$OBJCOPY -I binary -O elf32-littlearm -B arm' - ' --rename-section .data=.vendorheader,alloc,load,readonly,contents' - ' $SOURCE $TARGET', )) +obj_program.extend( + env.Command( + target='embed/coreapp/vendorheader.o', + source=VENDORHEADER, + action='$OBJCOPY -I binary -O elf32-littlearm -B arm' + ' --rename-section .data=.vendorheader,alloc,load,readonly,contents' + ' $SOURCE $TARGET', )) + + +tools.embed_raw_binary( + obj_program, + env, + 'kernel', + 'build/kernel/kernel.o', + f'build/kernel/kernel.bin', + ) + + env.Depends(obj_program, qstr_generated) +linkerscript_gen = env.Command( + target='memory.ld', + source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='coreapp')], + action='$CAT $SOURCES > $TARGET', +) + program_elf = env.Command( target='coreapp.elf', source=obj_program, @@ -897,11 +908,13 @@ program_elf = env.Command( '$LINK -o $TARGET $CCFLAGS $CFLAGS $SOURCES $LINKFLAGS -lc_nano -lm -lgcc', ) +env.Depends(program_elf, linkerscript_gen) + if CMAKELISTS != 0: env.Depends(program_elf, cmake_gen) env.Depends(program_elf, rust) -BINARY_NAME = f"build/coreapp/coreapp-{models.get_model_identifier(TREZOR_MODEL)}" +BINARY_NAME = f"build/coreapp/coreapp-{MODEL_IDENTIFIER}" if not EVERYTHING: BINARY_NAME += "-btconly" BINARY_NAME += "-" + tools.get_version('embed/coreapp/version.h') @@ -910,30 +923,23 @@ BINARY_NAME += "-dirty" if tools.get_git_modified() else "" BINARY_NAME += ".bin" -if TREZOR_MODEL in ('1'): +if 'STM32F427xx' in CPPDEFINES_HAL or 'STM32F429xx' in CPPDEFINES_HAL: action_bin=[ - '$OBJCOPY -O binary -j .header -j .flash -j .data -j .confidential $SOURCE $TARGET', - '../legacy/bootloader/firmware_sign.py -f $TARGET', + '$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data -j .confidential --pad-to 0x08100000 $SOURCE ${TARGET}.p1', + '$OBJCOPY -O binary -j .flash2 $SOURCE ${TARGET}.p2', + '$CAT ${TARGET}.p1 ${TARGET}.p2 > $TARGET', + '$HEADERTOOL -h $TARGET ' + ('-D' if not PRODUCTION else ''), + '$DD if=$TARGET of=${TARGET}.p1 skip=0 bs=128k count=6', '$CP $TARGET ' + BINARY_NAME, ] -else: - if 'STM32F427xx' in CPPDEFINES_HAL or 'STM32F429xx' in CPPDEFINES_HAL: - action_bin=[ - '$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data -j .confidential --pad-to 0x08100000 $SOURCE ${TARGET}.p1', - '$OBJCOPY -O binary -j .flash2 $SOURCE ${TARGET}.p2', - '$CAT ${TARGET}.p1 ${TARGET}.p2 > $TARGET', - '$HEADERTOOL -h $TARGET ' + ('-D' if not PRODUCTION else ''), - '$DD if=$TARGET of=${TARGET}.p1 skip=0 bs=128k count=6', - '$CP $TARGET ' + BINARY_NAME, +elif 'STM32U5A9xx' in CPPDEFINES_HAL or 'STM32U585xx' in CPPDEFINES_HAL: + action_bin=[ + '$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data -j .confidential $SOURCE ${TARGET}', + '$HEADERTOOL -h $TARGET ' + ('-D' if not PRODUCTION else ''), + '$CP $TARGET ' + BINARY_NAME, ] - elif 'STM32U5A9xx' in CPPDEFINES_HAL or 'STM32U585xx' in CPPDEFINES_HAL: - action_bin=[ - '$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data -j .confidential $SOURCE ${TARGET}', - '$HEADERTOOL -h $TARGET ' + ('-D' if not PRODUCTION else ''), - '$CP $TARGET ' + BINARY_NAME, - ] - else: - raise Exception("Unknown MCU") +else: + raise Exception("Unknown MCU") program_bin = env.Command( target='coreapp.bin', diff --git a/core/SConscript.firmware b/core/SConscript.firmware index c201d098b7..16dc21e2a8 100644 --- a/core/SConscript.firmware +++ b/core/SConscript.firmware @@ -221,6 +221,7 @@ CPPPATH_MOD += [ ] SOURCE_MOD += [ 'embed/extmod/modtrezorui/modtrezorui.c', + 'embed/lib/bl_check.c', 'embed/lib/buffers.c', 'embed/lib/colors.c', 'embed/lib/display_utils.c', @@ -450,13 +451,12 @@ FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_ FILE_SUFFIX= env.get('ENV')['SUFFIX'] SOURCE_FIRMWARE = [ - 'embed/firmware/bl_check.c', 'embed/firmware/delay.c', 'embed/firmware/header.S', 'embed/firmware/main.c', 'embed/firmware/mphalport.c', 'embed/firmware/nlrthumb.c', - f'embed/firmware/startup_{FILE_SUFFIX}.S', + f'embed/trezorhal/{FILE_SUFFIX}/startup_stage_4.s', ] @@ -495,11 +495,6 @@ env.Replace( env.Replace( TREZOR_MODEL=TREZOR_MODEL,) -if TREZOR_MODEL in ('1',): - LD_VARIANT = '' if EVERYTHING else '_min' -else: - LD_VARIANT = '' - ALLPATHS = [ '.', 'embed/rust', @@ -522,7 +517,7 @@ env.Replace( '-fstack-protector-all ' + env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD, CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB', - LINKFLAGS='-T embed/firmware/memory_${TREZOR_MODEL}%s.ld -Wl,--gc-sections -Wl,--print-memory-usage -Wl,-Map=build/firmware/firmware.map -Wl,--warn-common' % LD_VARIANT, + LINKFLAGS='-T build/firmware/memory.ld -Wl,--gc-sections -Wl,--print-memory-usage -Wl,-Map=build/firmware/firmware.map -Wl,--warn-common', CPPPATH=ALLPATHS, CPPDEFINES=[ 'FIRMWARE', @@ -906,17 +901,24 @@ if TREZOR_MODEL not in ('1',): ' $SOURCE $TARGET', )) if TREZOR_MODEL not in ('DISC1', 'DISC2'): - tools.embed_binary( + tools.embed_compressed_binary( obj_program, env, 'bootloader', - 'embed/firmware/bootloaders/bootloader.o', + 'embed/bootloaders/bootloader.o', f'embed/models/{MODEL_IDENTIFIER}/bootloaders/bootloader_{BOOTLOADER_SUFFIX}.bin', + 'firmware' ) env.Depends(obj_program, qstr_generated) +linkerscript_gen = env.Command( + target='memory.ld', + source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='firmware')], + action='$CAT $SOURCES > $TARGET', +) + program_elf = env.Command( target='firmware.elf', source=obj_program, @@ -924,6 +926,8 @@ program_elf = env.Command( '$LINK -o $TARGET $CCFLAGS $CFLAGS $SOURCES $LINKFLAGS -lc_nano -lm -lgcc', ) +env.Depends(program_elf, linkerscript_gen) + if CMAKELISTS != 0: env.Depends(program_elf, cmake_gen) env.Depends(program_elf, rust) diff --git a/core/SConscript.kernel b/core/SConscript.kernel index 3b15bac4db..aff585b0b1 100644 --- a/core/SConscript.kernel +++ b/core/SConscript.kernel @@ -42,38 +42,11 @@ PATH_HAL = [] FROZEN = True -if TREZOR_MODEL in ('1', 'R'): - FONT_NORMAL='Font_PixelOperator_Regular_8' - FONT_DEMIBOLD='Font_Unifont_Bold_16' - FONT_BOLD='Font_PixelOperator_Bold_8' - FONT_MONO='Font_PixelOperatorMono_Regular_8' - FONT_BIG='Font_Unifont_Regular_16' - FONT_NORMAL_UPPER='Font_PixelOperator_Regular_8_upper' - FONT_BOLD_UPPER='Font_PixelOperator_Bold_8_upper' - FONT_SUB=None -elif TREZOR_MODEL in ('T', 'DISC1', 'DISC2'): - FONT_NORMAL='Font_TTHoves_Regular_21' - FONT_DEMIBOLD='Font_TTHoves_DemiBold_21' - FONT_BOLD=None - FONT_MONO='Font_RobotoMono_Medium_20' - FONT_BIG=None - FONT_NORMAL_UPPER=None - FONT_BOLD_UPPER='Font_TTHoves_Bold_17_upper' - FONT_SUB=None -elif TREZOR_MODEL in ('T3T1',): - FONT_NORMAL='Font_TTSatoshi_DemiBold_21' - FONT_DEMIBOLD='Font_TTSatoshi_DemiBold_21' - FONT_BOLD='Font_TTSatoshi_DemiBold_21' - FONT_MONO='Font_RobotoMono_Medium_21' - FONT_BIG='Font_TTSatoshi_DemiBold_42' - FONT_NORMAL_UPPER=None - FONT_BOLD_UPPER=None - FONT_SUB='Font_TTSatoshi_DemiBold_18' - # modtrezorconfig CPPPATH_MOD += [ 'embed/extmod/modtrezorconfig', 'vendor/trezor-storage', + 'vendor/micropython/lib/uzlib', ] SOURCE_MOD += [ # 'embed/extmod/modtrezorconfig/modtrezorconfig.c', @@ -210,6 +183,7 @@ if FEATURE_FLAGS["AES_GCM"]: ] SOURCE_MOD += [ + 'embed/lib/bl_check.c', # 'embed/lib/buffers.c', # 'embed/lib/colors.c', # 'embed/lib/display_utils.c', @@ -227,6 +201,9 @@ SOURCE_MOD += [ 'embed/lib/translations.c', 'embed/lib/unit_variant.c', 'embed/extmod/modtrezorcrypto/rand.c', + 'vendor/micropython/lib/uzlib/adler32.c', + 'vendor/micropython/lib/uzlib/crc32.c', + 'vendor/micropython/lib/uzlib/tinflate.c', ] if NEW_RENDERING: @@ -241,7 +218,6 @@ else: CPPDEFINES_MOD += [ - 'TREZOR_UI2', 'TRANSLATIONS', ] @@ -282,15 +258,6 @@ if THP: 'vendor/trezor-crypto/elligator2.c', ] -# fonts -tools.add_font('NORMAL', FONT_NORMAL, CPPDEFINES_MOD, SOURCE_MOD) -tools.add_font('BOLD', FONT_BOLD, CPPDEFINES_MOD, SOURCE_MOD) -tools.add_font('DEMIBOLD', FONT_DEMIBOLD, CPPDEFINES_MOD, SOURCE_MOD) -tools.add_font('MONO', FONT_MONO, CPPDEFINES_MOD, SOURCE_MOD) -tools.add_font('BIG', FONT_BIG, CPPDEFINES_MOD, SOURCE_MOD) -tools.add_font('NORMAL_UPPER', FONT_NORMAL_UPPER, CPPDEFINES_MOD, SOURCE_MOD) -tools.add_font('BOLD_UPPER', FONT_BOLD_UPPER, CPPDEFINES_MOD, SOURCE_MOD) -tools.add_font('SUB', FONT_SUB, CPPDEFINES_MOD, SOURCE_MOD) env = Environment( ENV=os.environ, @@ -303,24 +270,10 @@ FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_ FILE_SUFFIX= env.get('ENV')['SUFFIX'] SOURCE_FIRMWARE = [ - 'embed/kernel/header.S', 'embed/kernel/main.c', - f'embed/kernel/startup_{FILE_SUFFIX}.S', + f'embed/trezorhal/{FILE_SUFFIX}/startup_stage_2.s', ] - -if TREZOR_MODEL in ('T', 'DISC1', 'DISC2'): - UI_LAYOUT = 'UI_LAYOUT_TT' - ui_layout_feature = 'model_tt' -elif TREZOR_MODEL in ('1', 'R'): - UI_LAYOUT = 'UI_LAYOUT_TR' - ui_layout_feature = 'model_tr' -elif TREZOR_MODEL in ('T3T1',): - UI_LAYOUT = 'UI_LAYOUT_MERCURY' - ui_layout_feature = 'model_mercury' -else: - raise ValueError('Unknown Trezor model') - if 'sd_card' in FEATURES_AVAILABLE: SDCARD = True else: @@ -342,11 +295,6 @@ env.Replace( env.Replace( TREZOR_MODEL=TREZOR_MODEL,) -if TREZOR_MODEL in ('1',): - LD_VARIANT = '' if EVERYTHING else '_min' -else: - LD_VARIANT = '' - ALLPATHS = [ '.', 'embed/firmware', @@ -365,14 +313,13 @@ env.Replace( '-ffreestanding ' '-fstack-protector-all ' + env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD, - LINKFLAGS='-T embed/kernel/memory_${TREZOR_MODEL}%s.ld -Wl,--gc-sections -Wl,--print-memory-usage -Wl,-Map=build/kernel/kernel.map -Wl,--warn-common' % LD_VARIANT, + LINKFLAGS='-T build/kernel/memory.ld -Wl,--gc-sections -Wl,--print-memory-usage -Wl,-Map=build/kernel/kernel.map -Wl,--warn-common', CPPPATH=ALLPATHS, CPPDEFINES=[ 'KERNEL', 'TREZOR_MODEL_'+TREZOR_MODEL, 'USE_HAL_DRIVER', 'ARM_USER_MODE', - UI_LAYOUT, ] + CPPDEFINES_MOD + CPPDEFINES_HAL, ASFLAGS=env.get('ENV')['CPU_ASFLAGS'], ASPPFLAGS='$CFLAGS $CCFLAGS', @@ -381,8 +328,6 @@ env.Replace( env.Replace( HEADERTOOL='headertool', PYTHON='python', - MAKEVERSIONHDR='$PYTHON vendor/micropython/py/makeversionhdr.py', - MAKEMODULEDEFS='$PYTHON vendor/micropython/py/makemoduledefs.py', MAKECMAKELISTS='$PYTHON tools/make_cmakelists.py', ) @@ -433,24 +378,29 @@ else: VENDORHEADER = f'embed/models/{MODEL_IDENTIFIER}/vendorheader/vendorheader_{vendor}.bin' -if TREZOR_MODEL not in ('1',): - obj_program.extend( - env.Command( - target='embed/kernel/vendorheader.o', - source=VENDORHEADER, - action='$OBJCOPY -I binary -O elf32-littlearm -B arm' - ' --rename-section .data=.vendorheader,alloc,load,readonly,contents' - ' $SOURCE $TARGET', )) +obj_program.extend( + env.Command( + target='embed/kernel/vendorheader.o', + source=VENDORHEADER, + action='$OBJCOPY -I binary -O elf32-littlearm -B arm' + ' --rename-section .data=.vendorheader,alloc,load,readonly,contents' + ' $SOURCE $TARGET', )) -if False: # TREZOR_MODEL not in ('DISC1', 'DISC2'): - tools.embed_binary( +if TREZOR_MODEL not in ('DISC1', 'DISC2'): + tools.embed_compressed_binary( obj_program, env, 'bootloader', - 'embed/firmware/bootloaders/bootloader.o', - f'embed/firmware/bootloaders/bootloader_{BOOTLOADER_SUFFIX}.bin', + 'embed/bootloaders/bootloader.o', + f'embed/models/{MODEL_IDENTIFIER}/bootloaders/bootloader_{BOOTLOADER_SUFFIX}.bin', + 'kernel' ) +linkerscript_gen = env.Command( + target='memory.ld', + source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='kernel')], + action='$CAT $SOURCES > $TARGET', +) program_elf = env.Command( target='kernel.elf', @@ -459,6 +409,8 @@ program_elf = env.Command( '$LINK -o $TARGET $CCFLAGS $CFLAGS $SOURCES $LINKFLAGS -lc_nano -lm -lgcc', ) +env.Depends(program_elf, linkerscript_gen) + if CMAKELISTS != 0: env.Depends(program_elf, cmake_gen) @@ -470,31 +422,10 @@ BINARY_NAME += "-" + tools.get_git_revision_short_hash() BINARY_NAME += "-dirty" if tools.get_git_modified() else "" BINARY_NAME += ".bin" - -if TREZOR_MODEL in ('1'): - action_bin=[ - '$OBJCOPY -O binary -j .header -j .flash -j .data -j .confidential $SOURCE $TARGET', - '../legacy/bootloader/firmware_sign.py -f $TARGET', - '$CP $TARGET ' + BINARY_NAME, - ] -else: - if 'STM32F427xx' in CPPDEFINES_HAL or 'STM32F429xx' in CPPDEFINES_HAL: - action_bin=[ - '$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data -j .confidential --pad-to 0x08100000 $SOURCE ${TARGET}.p1', - '$OBJCOPY -O binary -j .flash2 $SOURCE ${TARGET}.p2', - '$CAT ${TARGET}.p1 ${TARGET}.p2 > $TARGET', - '$HEADERTOOL -h $TARGET ' + ('-D' if not PRODUCTION else ''), - '$DD if=$TARGET of=${TARGET}.p1 skip=0 bs=128k count=6', - '$CP $TARGET ' + BINARY_NAME, - ] - elif 'STM32U5A9xx' in CPPDEFINES_HAL or 'STM32U585xx' in CPPDEFINES_HAL: - action_bin=[ - '$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data -j .confidential $SOURCE ${TARGET}', - '$HEADERTOOL -h $TARGET ' + ('-D' if not PRODUCTION else ''), - '$CP $TARGET ' + BINARY_NAME, - ] - else: - raise Exception("Unknown MCU") +action_bin=[ + '$OBJCOPY -O binary -j .flash -j .uflash -j .data -j .confidential $SOURCE ${TARGET}', + '$CP $TARGET ' + BINARY_NAME, +] program_bin = env.Command( target='kernel.bin', diff --git a/core/SConscript.prodtest b/core/SConscript.prodtest index 2302c2658d..de09bae4b3 100644 --- a/core/SConscript.prodtest +++ b/core/SConscript.prodtest @@ -153,11 +153,10 @@ env = Environment( FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL) FILE_SUFFIX= env.get('ENV')['SUFFIX'] -LINKER_SCRIPT_SUFFIX= env.get('ENV')['LINKER_SCRIPT'] SOURCE_PRODTEST = [ - f'embed/prodtest/startup_{FILE_SUFFIX}.s', + f'embed/trezorhal/{FILE_SUFFIX}/startup_stage_2.s', 'embed/prodtest/header.S', 'embed/prodtest/main.c', 'embed/prodtest/prodtest_common.c', @@ -169,6 +168,7 @@ if 'optiga' in FEATURES_AVAILABLE: ] env.Replace( + CAT='cat', CP='cp', AS='arm-none-eabi-as', AR='arm-none-eabi-ar', @@ -194,7 +194,7 @@ env.Replace( '-fstack-protector-all ' + env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD, CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB', - LINKFLAGS=f'-T embed/prodtest/memory_{LINKER_SCRIPT_SUFFIX}.ld -Wl,--gc-sections -Wl,-Map=build/prodtest/prodtest.map -Wl,--warn-common', + LINKFLAGS=f'-T build/prodtest/memory.ld -Wl,--gc-sections -Wl,-Map=build/prodtest/prodtest.map -Wl,--warn-common', CPPPATH=[ 'embed/prodtest', 'embed/lib', @@ -266,6 +266,12 @@ obj_program.extend( ' --rename-section .data=.vendorheader,alloc,load,readonly,contents' ' $SOURCE $TARGET', )) +linkerscript_gen = env.Command( + target='memory.ld', + source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='prodtest')], + action='$CAT $SOURCES > $TARGET', +) + program_elf = env.Command( target='prodtest.elf', source=obj_program, @@ -273,6 +279,8 @@ program_elf = env.Command( '$LINK -o $TARGET $CCFLAGS $CFLAGS $LINKFLAGS $SOURCES -lc_nano -lgcc', ) +env.Depends(program_elf, linkerscript_gen) + BINARY_NAME = f"build/prodtest/prodtest-{models.get_model_identifier(TREZOR_MODEL)}" BINARY_NAME += "-" + tools.get_version('embed/prodtest/version.h') BINARY_NAME += "-" + tools.get_git_revision_short_hash() diff --git a/core/SConscript.reflash b/core/SConscript.reflash index dc6dfc18c5..0a1b3e1ce7 100644 --- a/core/SConscript.reflash +++ b/core/SConscript.reflash @@ -122,22 +122,21 @@ tools.add_font('SUB', FONT_SUB, CPPDEFINES_MOD, SOURCE_MOD) env = Environment( ENV=os.environ, CFLAGS='%s -DPRODUCTION=%s' % (ARGUMENTS.get('CFLAGS', ''), ARGUMENTS.get('PRODUCTION', '0')), - CONSTRAINTS=["limited_util_s"], CPPDEFINES_IMPLICIT=[] ) FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL) FILE_SUFFIX= env.get('ENV')['SUFFIX'] -LINKER_SCRIPT_SUFFIX= env.get('ENV')['LINKER_SCRIPT'] SOURCE_REFLASH = [ - f'embed/reflash/startup_{FILE_SUFFIX}.s', + f'embed/trezorhal/{FILE_SUFFIX}/startup_stage_2.s', 'embed/reflash/header.S', 'embed/reflash/main.c', ] env.Replace( + CAT='cat', CP='cp', AS='arm-none-eabi-as', AR='arm-none-eabi-ar', @@ -163,7 +162,7 @@ env.Replace( '-fstack-protector-all ' + env.get('ENV')["CPU_CCFLAGS"] + CCFLAGS_MOD, CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB', - LINKFLAGS=f'-T embed/reflash/memory_{LINKER_SCRIPT_SUFFIX}.ld -Wl,--gc-sections -Wl,-Map=build/reflash/reflash.map -Wl,--warn-common', + LINKFLAGS=f'-T build/reflash/memory.ld -Wl,--gc-sections -Wl,-Map=build/reflash/reflash.map -Wl,--warn-common', CPPPATH=[ 'embed/reflash', 'embed/lib', @@ -215,6 +214,12 @@ obj_program.extend( ' --rename-section .data=.vendorheader,alloc,load,readonly,contents' ' $SOURCE $TARGET', )) +linkerscript_gen = env.Command( + target='memory.ld', + source=[f'embed/models/{MODEL_IDENTIFIER}/memory.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='prodtest')], + action='$CAT $SOURCES > $TARGET', +) + program_elf = env.Command( target='reflash.elf', source=obj_program, @@ -222,6 +227,8 @@ program_elf = env.Command( '$LINK -o $TARGET $CCFLAGS $CFLAGS $LINKFLAGS $SOURCES -lc_nano -lgcc', ) +env.Depends(program_elf, linkerscript_gen) + BINARY_NAME = f"build/reflash/reflash-{models.get_model_identifier(TREZOR_MODEL)}" BINARY_NAME += "-" + tools.get_version('embed/reflash/version.h') BINARY_NAME += "-" + tools.get_git_revision_short_hash() diff --git a/core/embed/boardloader/main.c b/core/embed/boardloader/main.c index 17eb8d4b71..a5cb8c1595 100644 --- a/core/embed/boardloader/main.c +++ b/core/embed/boardloader/main.c @@ -324,7 +324,7 @@ int main(void) { // This includes the version of bootloader potentially updated from SD card. write_bootloader_min_version(hdr->monotonic); - display_deinit(DISPLAY_RETAIN_CONTENT); + display_deinit(DISPLAY_JUMP_BEHAVIOR); #ifdef ENSURE_COMPATIBLE_SETTINGS ensure_compatible_settings(); diff --git a/core/embed/boardloader/memory_stm32u5a.ld b/core/embed/boardloader/memory_stm32u5a.ld deleted file mode 100644 index f91099d006..0000000000 --- a/core/embed/boardloader/memory_stm32u5a.ld +++ /dev/null @@ -1,115 +0,0 @@ -/* Trezor v2 boardloader linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x0C004000, LENGTH = 48K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 768K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x300BFF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x300C0000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x300D0000, LENGTH = 832K - SRAM5 (wal) : ORIGIN = 0x301A0000, LENGTH = 832K - SRAM6 (wal) : ORIGIN = 0x30270000, LENGTH = 0K /* 512K on U5G */ - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K -} - -main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(SRAM2); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to populate variables used by the C code */ -confidential_lma = LOADADDR(.confidential); -confidential_vma = ADDR(.confidential); -confidential_size = SIZEOF(.confidential); - -/* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - -SECTIONS { - .vector_table : ALIGN(1024) { - KEEP(*(.vector_table)); - } >FLASH AT>FLASH - - .text : ALIGN(4) { - *(.text*); - . = ALIGN(4); /* make the section size a multiple of the word size */ - } >FLASH AT>FLASH - - .rodata : ALIGN(4) { - *(.rodata*); - . = ALIGN(4); /* make the section size a multiple of the word size */ - } >FLASH AT>FLASH - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(8); - } >SRAM1 AT>FLASH - - /DISCARD/ : { - *(.ARM.exidx*); - } - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >SRAM1 - - .buf : ALIGN(4) { - *(.buf*); - . = ALIGN(4); - } >SRAM1 - - .stack : ALIGN(8) { - . = 16K; /* Overflow causes UsageFault */ - } >SRAM2 - - .confidential : ALIGN(8) { - *(.confidential*); - . = ALIGN(4); - } >SRAM2 AT>FLASH - - .fb1 : ALIGN(4) { - __fb_start = .; - *(.fb1*); - *(.gfxmmu_table*); - *(.framebuffer_select*); - . = ALIGN(4); - } >SRAM3 - - .fb2 : ALIGN(4) { - *(.fb2*); - __fb_end = .; - . = ALIGN(4); - } >SRAM5 - - .boot_args : ALIGN(8) { - *(.boot_command*); - . = ALIGN(8); - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS - - - /* Hard-coded address for capabilities structure */ - .capabilities 0x0C00FF00 : {KEEP(*(.capabilities_section))} -} diff --git a/core/embed/boardloader/startup_stm32u5.s b/core/embed/boardloader/startup_stm32u5.s deleted file mode 100644 index 3665db2de5..0000000000 --- a/core/embed/boardloader/startup_stm32u5.s +++ /dev/null @@ -1,107 +0,0 @@ - .syntax unified - - .text - - .global reset_handler - .type reset_handler, STT_FUNC -reset_handler: - // set the stack protection - ldr r0, =_sstack - add r0, r0, #128 // safety margin for the exception frame - msr MSPLIM, r0 - - bl SystemInit - - // read the first rng data and save it - ldr r0, =0 // r0 - previous value - ldr r1, =0 // r1 - whether to compare the previous value - bl rng_read - - // read the next rng data and make sure it is different than previous - // r0 - value returned from previous call - ldr r1, =1 // r1 - whether to compare the previous value - bl rng_read - mov r4, r0 // save TRNG output in r4 - - // wipe memory to remove any possible vestiges of confidential data - - -fill_ram: - ldr r0, =sram1_start // r0 - point to beginning of SRAM - ldr r1, =sram1_end // r1 - point to byte after the end of SRAM - mov r2, r4 // r2 - the word-sized value to be written - bl memset_reg - - ldr r0, =sram2_start // r0 - point to beginning of SRAM - ldr r1, =sram2_end // r1 - point to byte after the end of SRAM - mov r2, r4 // r2 - the word-sized value to be written - bl memset_reg - - ldr r0, =sram3_start // r0 - point to beginning of SRAM - ldr r1, =sram3_end // r1 - point to byte after the end of SRAM - mov r2, r4 // r2 - the word-sized value to be written - bl memset_reg - - ldr r0, =sram4_start // r0 - point to beginning of SRAM - ldr r1, =sram4_end // r1 - point to byte after the end of SRAM - mov r2, r4 // r2 - the word-sized value to be written - bl memset_reg - - ldr r0, =sram5_start // r0 - point to beginning of SRAM - ldr r1, =sram5_end // r1 - point to byte after the end of SRAM - mov r2, r4 // r2 - the word-sized value to be written - bl memset_reg - - ldr r0, =sram6_start // r0 - point to beginning of SRAM - ldr r1, =sram6_end // r1 - point to byte after the end of SRAM - mov r2, r4 // r2 - the word-sized value to be written - bl memset_reg - - - // setup environment for subsequent stage of code - - -clear_ram: - ldr r2, =0 // r2 - the word-sized value to be written - ldr r0, =sram1_start // r0 - point to beginning of SRAM - ldr r1, =sram1_end // r1 - point to byte after the end of SRAM - bl memset_reg - ldr r0, =sram2_start // r0 - point to beginning of SRAM - ldr r1, =sram2_end // r1 - point to byte after the end of SRAM - bl memset_reg - ldr r0, =sram3_start // r0 - point to beginning of SRAM - ldr r1, =sram3_end // r1 - point to byte after the end of SRAM - bl memset_reg - ldr r0, =sram4_start // r0 - point to beginning of SRAM - ldr r1, =sram4_end // r1 - point to byte after the end of SRAM - bl memset_reg - ldr r0, =sram5_start // r0 - point to beginning of SRAM - ldr r1, =sram5_end // r1 - point to byte after the end of SRAM - bl memset_reg - ldr r0, =sram6_start // r0 - point to beginning of SRAM - ldr r1, =sram6_end // r1 - point to byte after the end of SRAM - bl memset_reg - - // copy data in from flash - ldr r0, =data_vma // dst addr - ldr r1, =data_lma // src addr - ldr r2, =data_size // size in bytes - bl memcpy - - // copy confidential data in from flash - ldr r0, =confidential_vma // dst addr - ldr r1, =confidential_lma // src addr - ldr r2, =confidential_size // size in bytes - bl memcpy - - // setup the stack protector (see build script "-fstack-protector-all") with an unpredictable value - bl rng_get - ldr r1, = __stack_chk_guard - str r0, [r1] - - // enter the application code - bl main - - b shutdown_privileged - - .end diff --git a/core/embed/bootloader/main.c b/core/embed/bootloader/main.c index c417d8312d..73c05962bb 100644 --- a/core/embed/bootloader/main.c +++ b/core/embed/bootloader/main.c @@ -331,7 +331,7 @@ void real_jump_to_firmware(void) { ui_screen_boot_stage_1(false); } - display_deinit(DISPLAY_RETAIN_CONTENT); + display_deinit(DISPLAY_JUMP_BEHAVIOR); #ifdef ENSURE_COMPATIBLE_SETTINGS ensure_compatible_settings(); @@ -369,7 +369,7 @@ int bootloader_main(void) { hash_processor_init(); #endif - display_init(DISPLAY_RETAIN_CONTENT); + display_init(DISPLAY_JUMP_BEHAVIOR); #ifdef USE_DMA2D dma2d_init(); diff --git a/core/embed/bootloader/memory_stm32f4.ld b/core/embed/bootloader/memory_stm32f4.ld deleted file mode 100644 index 392c9a1d8e..0000000000 --- a/core/embed/bootloader/memory_stm32f4.ld +++ /dev/null @@ -1,79 +0,0 @@ -/* Trezor v2 bootloader linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x08020000, LENGTH = 128K - CCMRAM (wal) : ORIGIN = 0x10000000, LENGTH = 64K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x1000FF00, LENGTH = 0x100 - SRAM (wal) : ORIGIN = 0x20000000, LENGTH = 192K -} - -main_stack_base = ORIGIN(CCMRAM) + SIZEOF(.stack) ; /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(CCMRAM); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to wipe memory */ -ccmram_start = ORIGIN(CCMRAM); -ccmram_end = ORIGIN(CCMRAM) + LENGTH(CCMRAM); - -/* used by the startup code to wipe memory */ -sram_start = ORIGIN(SRAM); -sram_end = ORIGIN(SRAM) + LENGTH(SRAM); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - -_codelen = SIZEOF(.flash) + SIZEOF(.data); - -SECTIONS { - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(512) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(512); - } >FLASH AT>FLASH - - .stack : ALIGN(8) { - . = 16K; /* Exactly 16K allocated for stack. Overflow causes MemManage fault (when using MPU). */ - } >CCMRAM - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >CCMRAM AT>FLASH - - /DISCARD/ : { - *(.ARM.exidx*); - } - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >CCMRAM - - .buf : ALIGN(4) { - *(.buf*); - . = ALIGN(4); - *(.no_dma_buffers*); - . = ALIGN(4); - } >SRAM - - .boot_args : ALIGN(8) { - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS - -} diff --git a/core/embed/bootloader/memory_stm32u5a.ld b/core/embed/bootloader/memory_stm32u5a.ld deleted file mode 100644 index e34a7d53e1..0000000000 --- a/core/embed/bootloader/memory_stm32u5a.ld +++ /dev/null @@ -1,114 +0,0 @@ -/* Trezor v2 bootloader linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x0C010000, LENGTH = 128K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 768K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x300BFF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x300C0000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x300D0000, LENGTH = 832K - SRAM5 (wal) : ORIGIN = 0x301A0000, LENGTH = 832K - SRAM6 (wal) : ORIGIN = 0x30270000, LENGTH = 0 - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K -} - -main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(SRAM2); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to populate variables used by the C code */ -confidential_lma = LOADADDR(.confidential); -confidential_vma = ADDR(.confidential); -confidential_size = SIZEOF(.confidential); - -/* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - -_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); - -SECTIONS { - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(1024) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(512); - } >FLASH AT>FLASH - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >SRAM1 AT>FLASH - - /DISCARD/ : { - *(.ARM.exidx*); - } - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >SRAM1 - - .buf : ALIGN(4) { - *(.buf*); - . = ALIGN(4); - *(.no_dma_buffers*); - . = ALIGN(4); - } >SRAM1 - - .stack : ALIGN(8) { - . = 16K; /* Overflow causes UsageFault */ - } >SRAM2 - - .confidential : ALIGN(512) { - *(.confidential*); - . = ALIGN(512); - } >SRAM2 AT>FLASH - - .fb1 : ALIGN(4) { - __fb_start = .; - *(.fb1*); - *(.gfxmmu_table*); - *(.framebuffer_select*); - . = ALIGN(4); - } >SRAM3 - - .fb2 : ALIGN(4) { - *(.fb2*); - __fb_end = .; - . = ALIGN(4); - } >SRAM5 - - .boot_args : ALIGN(8) { - *(.boot_command*); - . = ALIGN(8); - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS -} diff --git a/core/embed/bootloader_ci/memory_stm32u58.ld b/core/embed/bootloader_ci/memory_stm32u58.ld deleted file mode 100644 index 69f2570187..0000000000 --- a/core/embed/bootloader_ci/memory_stm32u58.ld +++ /dev/null @@ -1,108 +0,0 @@ -/* Trezor v2 bootloader linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x0C010000, LENGTH = 128K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 192K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x3002FF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x30030000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x30040000, LENGTH = 512K - SRAM5 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM5 is not available */ - SRAM6 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM6 is not available */ - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K -} - -main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(SRAM2); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to populate variables used by the C code */ -confidential_lma = LOADADDR(.confidential); -confidential_vma = ADDR(.confidential); -confidential_size = SIZEOF(.confidential); - -/* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); -bss_start = ADDR(.bss); -bss_end = ADDR(.bss) + SIZEOF(.bss); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - -_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); - -SECTIONS { - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(512) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(512); - } >FLASH AT>FLASH - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >SRAM1 AT>FLASH - - /DISCARD/ : { - *(.ARM.exidx*); - } - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >SRAM1 - - .buf : ALIGN(4) { - *(.buf*); - . = ALIGN(4); - } >SRAM1 - - .stack : ALIGN(8) { - . = 16K; /* Exactly 16K allocated for stack. Overflow causes Usage fault. */ - } >SRAM2 - - .confidential : ALIGN(512) { - *(.confidential*); - . = ALIGN(512); - } >SRAM2 AT>FLASH - - .fb : ALIGN(4) { - __fb_start = .; - *(.fb1*); - *(.fb2*); - __fb_end = .; - . = ALIGN(4); - } >SRAM3 - - .boot_args : ALIGN(8) { - *(.boot_command*); - . = ALIGN(8); - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS -} diff --git a/core/embed/bootloader_ci/memory_stm32u5a.ld b/core/embed/bootloader_ci/memory_stm32u5a.ld deleted file mode 100644 index accf765861..0000000000 --- a/core/embed/bootloader_ci/memory_stm32u5a.ld +++ /dev/null @@ -1,112 +0,0 @@ -/* Trezor v2 bootloader linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x0C010000, LENGTH = 128K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 768K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x300BFF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x300C0000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x300D0000, LENGTH = 832K - SRAM5 (wal) : ORIGIN = 0x301A0000, LENGTH = 832K - SRAM6 (wal) : ORIGIN = 0x30270000, LENGTH = 0 - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K -} - -main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(SRAM2); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to populate variables used by the C code */ -confidential_lma = LOADADDR(.confidential); -confidential_vma = ADDR(.confidential); -confidential_size = SIZEOF(.confidential); - -/* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - -_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); - -SECTIONS { - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(1024) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(512); - } >FLASH AT>FLASH - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >SRAM1 AT>FLASH - - /DISCARD/ : { - *(.ARM.exidx*); - } - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >SRAM1 - - .buf : ALIGN(4) { - *(.buf*); - . = ALIGN(4); - } >SRAM1 - - .stack : ALIGN(8) { - . = 16K; /* Overflow causes UsageFault */ - } >SRAM2 - - .confidential : ALIGN(512) { - *(.confidential*); - . = ALIGN(512); - } >SRAM2 AT>FLASH - - .fb1 : ALIGN(4) { - __fb_start = .; - *(.fb1*); - *(.gfxmmu_table*); - *(.framebuffer_select*); - . = ALIGN(4); - } >SRAM3 - - .fb2 : ALIGN(4) { - *(.fb2*); - __fb_end = .; - . = ALIGN(4); - } >SRAM5 - - .boot_args : ALIGN(8) { - *(.boot_command*); - . = ALIGN(8); - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS -} diff --git a/core/embed/coreapp/memory_DISC1.ld b/core/embed/coreapp/memory_DISC1.ld deleted file mode 120000 index 3f68ec99f6..0000000000 --- a/core/embed/coreapp/memory_DISC1.ld +++ /dev/null @@ -1 +0,0 @@ -memory_T.ld \ No newline at end of file diff --git a/core/embed/coreapp/memory_DISC2.ld b/core/embed/coreapp/memory_DISC2.ld deleted file mode 100644 index ae6d127292..0000000000 --- a/core/embed/coreapp/memory_DISC2.ld +++ /dev/null @@ -1,130 +0,0 @@ -/* TREZORv2 firmware linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x0C050000, LENGTH = 3648K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 768K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x300BFF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x300C0000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x300D0000, LENGTH = 832K - SRAM5 (wal) : ORIGIN = 0x301A0000, LENGTH = 832K - SRAM6 (wal) : ORIGIN = 0x30270000, LENGTH = 0 - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K -} - -main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(SRAM2); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to populate variables used by the C code */ -confidential_lma = LOADADDR(.confidential); -confidential_vma = ADDR(.confidential); -confidential_size = SIZEOF(.confidential); - -/* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - -_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); -_flash_start = ORIGIN(FLASH); -_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); -_heap_start = ADDR(.heap); -_heap_end = ADDR(.heap) + SIZEOF(.heap); - -SECTIONS { - .vendorheader : ALIGN(4) { - KEEP(*(.vendorheader)) - } >FLASH AT>FLASH - - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(1024) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(4); - KEEP(*(.bootloader)); - *(.bootloader*); - . = ALIGN(512); - } >FLASH AT>FLASH - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >SRAM1 AT>FLASH - - /DISCARD/ : { - *(.ARM.exidx*); - } - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >SRAM1 - - .data_ccm : ALIGN(4) { - *(.no_dma_buffers*); - . = ALIGN(4); - *(.buf*); - . = ALIGN(4); - } >SRAM1 - - .heap : ALIGN(4) { - . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ - . = ABSOLUTE(sram1_end); /* this explicitly sets the end of the heap */ - } >SRAM1 - - .stack : ALIGN(8) { - . = 16K; /* Overflow causes UsageFault */ - } >SRAM2 - - .confidential : ALIGN(512) { - *(.confidential*); - . = ALIGN(512); - } >SRAM2 AT>FLASH - - .fb1 : ALIGN(4) { - __fb_start = .; - *(.fb1*); - *(.gfxmmu_table*); - *(.framebuffer_select*); - . = ALIGN(4); - } >SRAM3 - - .fb2 : ALIGN(4) { - *(.fb2*); - __fb_end = .; - . = ALIGN(4); - } >SRAM5 - - .boot_args : ALIGN(8) { - *(.boot_command*); - . = ALIGN(8); - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS -} diff --git a/core/embed/coreapp/memory_R.ld b/core/embed/coreapp/memory_R.ld deleted file mode 120000 index 3f68ec99f6..0000000000 --- a/core/embed/coreapp/memory_R.ld +++ /dev/null @@ -1 +0,0 @@ -memory_T.ld \ No newline at end of file diff --git a/core/embed/coreapp/memory_T3B1.ld b/core/embed/coreapp/memory_T3B1.ld deleted file mode 120000 index b5bfd3715e..0000000000 --- a/core/embed/coreapp/memory_T3B1.ld +++ /dev/null @@ -1 +0,0 @@ -memory_T3T1.ld \ No newline at end of file diff --git a/core/embed/firmware/main.c b/core/embed/firmware/main.c index 4ac0b79ccf..aa3224803c 100644 --- a/core/embed/firmware/main.c +++ b/core/embed/firmware/main.c @@ -151,7 +151,7 @@ int main(void) { dma2d_init(); #endif - display_init(DISPLAY_RETAIN_CONTENT); + display_init(DISPLAY_JUMP_BEHAVIOR); #ifdef STM32U5 check_oem_keys(); diff --git a/core/embed/firmware/memory_1.ld b/core/embed/firmware/memory_1.ld deleted file mode 100644 index 625c2c6419..0000000000 --- a/core/embed/firmware/memory_1.ld +++ /dev/null @@ -1,74 +0,0 @@ -/* TREZORv1 firmware linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x08010000, LENGTH = 1024K - 64K - SRAM (wal) : ORIGIN = 0x20000000, LENGTH = 128K -} - -main_stack_base = ORIGIN(SRAM) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(SRAM); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to wipe memory */ -/* we have no CCMRAM, so erase the first word of SRAM as hack */ -ccmram_start = ORIGIN(SRAM); -ccmram_end = ORIGIN(SRAM) + 4; - -/* used by the startup code to wipe memory */ -sram_start = ORIGIN(SRAM); -sram_end = ORIGIN(SRAM) + LENGTH(SRAM); -_ram_start = sram_start; -_ram_end = sram_end; - -_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.exidx); -_flash_start = ORIGIN(FLASH); -_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); -_heap_start = ADDR(.heap); -_heap_end = ADDR(.heap) + SIZEOF(.heap); - -SECTIONS { - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(512) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(512); - } >FLASH AT>FLASH - - /* exception handling info generated by llvm which should consist of 8 bytes of "cantunwind" */ - .exidx : ALIGN(4) { - *(.ARM.exidx*); - . = ALIGN(4); - } >FLASH AT>FLASH - - .stack : ALIGN(8) { - . = 16K; /* Exactly 16K allocated for stack. Overflow causes MemManage fault (when using MPU). */ - } >SRAM - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >SRAM AT>FLASH - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >SRAM - - .heap : ALIGN(4) { - . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ - . = ABSOLUTE(sram_end - 8); /* this explicitly sets the end of the heap, T1 bootloader had 8 bytes reserved at end */ - } >SRAM -} diff --git a/core/embed/firmware/memory_1_min.ld b/core/embed/firmware/memory_1_min.ld deleted file mode 100644 index 625c2c6419..0000000000 --- a/core/embed/firmware/memory_1_min.ld +++ /dev/null @@ -1,74 +0,0 @@ -/* TREZORv1 firmware linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x08010000, LENGTH = 1024K - 64K - SRAM (wal) : ORIGIN = 0x20000000, LENGTH = 128K -} - -main_stack_base = ORIGIN(SRAM) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(SRAM); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to wipe memory */ -/* we have no CCMRAM, so erase the first word of SRAM as hack */ -ccmram_start = ORIGIN(SRAM); -ccmram_end = ORIGIN(SRAM) + 4; - -/* used by the startup code to wipe memory */ -sram_start = ORIGIN(SRAM); -sram_end = ORIGIN(SRAM) + LENGTH(SRAM); -_ram_start = sram_start; -_ram_end = sram_end; - -_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.exidx); -_flash_start = ORIGIN(FLASH); -_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); -_heap_start = ADDR(.heap); -_heap_end = ADDR(.heap) + SIZEOF(.heap); - -SECTIONS { - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(512) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(512); - } >FLASH AT>FLASH - - /* exception handling info generated by llvm which should consist of 8 bytes of "cantunwind" */ - .exidx : ALIGN(4) { - *(.ARM.exidx*); - . = ALIGN(4); - } >FLASH AT>FLASH - - .stack : ALIGN(8) { - . = 16K; /* Exactly 16K allocated for stack. Overflow causes MemManage fault (when using MPU). */ - } >SRAM - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >SRAM AT>FLASH - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >SRAM - - .heap : ALIGN(4) { - . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ - . = ABSOLUTE(sram_end - 8); /* this explicitly sets the end of the heap, T1 bootloader had 8 bytes reserved at end */ - } >SRAM -} diff --git a/core/embed/firmware/memory_DISC1.ld b/core/embed/firmware/memory_DISC1.ld deleted file mode 120000 index 3f68ec99f6..0000000000 --- a/core/embed/firmware/memory_DISC1.ld +++ /dev/null @@ -1 +0,0 @@ -memory_T.ld \ No newline at end of file diff --git a/core/embed/firmware/memory_DISC2.ld b/core/embed/firmware/memory_DISC2.ld deleted file mode 100644 index ae6d127292..0000000000 --- a/core/embed/firmware/memory_DISC2.ld +++ /dev/null @@ -1,130 +0,0 @@ -/* TREZORv2 firmware linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x0C050000, LENGTH = 3648K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 768K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x300BFF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x300C0000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x300D0000, LENGTH = 832K - SRAM5 (wal) : ORIGIN = 0x301A0000, LENGTH = 832K - SRAM6 (wal) : ORIGIN = 0x30270000, LENGTH = 0 - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K -} - -main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(SRAM2); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to populate variables used by the C code */ -confidential_lma = LOADADDR(.confidential); -confidential_vma = ADDR(.confidential); -confidential_size = SIZEOF(.confidential); - -/* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - -_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); -_flash_start = ORIGIN(FLASH); -_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); -_heap_start = ADDR(.heap); -_heap_end = ADDR(.heap) + SIZEOF(.heap); - -SECTIONS { - .vendorheader : ALIGN(4) { - KEEP(*(.vendorheader)) - } >FLASH AT>FLASH - - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(1024) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(4); - KEEP(*(.bootloader)); - *(.bootloader*); - . = ALIGN(512); - } >FLASH AT>FLASH - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >SRAM1 AT>FLASH - - /DISCARD/ : { - *(.ARM.exidx*); - } - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >SRAM1 - - .data_ccm : ALIGN(4) { - *(.no_dma_buffers*); - . = ALIGN(4); - *(.buf*); - . = ALIGN(4); - } >SRAM1 - - .heap : ALIGN(4) { - . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ - . = ABSOLUTE(sram1_end); /* this explicitly sets the end of the heap */ - } >SRAM1 - - .stack : ALIGN(8) { - . = 16K; /* Overflow causes UsageFault */ - } >SRAM2 - - .confidential : ALIGN(512) { - *(.confidential*); - . = ALIGN(512); - } >SRAM2 AT>FLASH - - .fb1 : ALIGN(4) { - __fb_start = .; - *(.fb1*); - *(.gfxmmu_table*); - *(.framebuffer_select*); - . = ALIGN(4); - } >SRAM3 - - .fb2 : ALIGN(4) { - *(.fb2*); - __fb_end = .; - . = ALIGN(4); - } >SRAM5 - - .boot_args : ALIGN(8) { - *(.boot_command*); - . = ALIGN(8); - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS -} diff --git a/core/embed/firmware/memory_R.ld b/core/embed/firmware/memory_R.ld deleted file mode 120000 index 3f68ec99f6..0000000000 --- a/core/embed/firmware/memory_R.ld +++ /dev/null @@ -1 +0,0 @@ -memory_T.ld \ No newline at end of file diff --git a/core/embed/firmware/memory_T3B1.ld b/core/embed/firmware/memory_T3B1.ld deleted file mode 120000 index b5bfd3715e..0000000000 --- a/core/embed/firmware/memory_T3B1.ld +++ /dev/null @@ -1 +0,0 @@ -memory_T3T1.ld \ No newline at end of file diff --git a/core/embed/kernel/header.S b/core/embed/kernel/header.S deleted file mode 100644 index 3531e23955..0000000000 --- a/core/embed/kernel/header.S +++ /dev/null @@ -1,54 +0,0 @@ - .syntax unified - -#include "version.h" - - .section .header, "a" - - .type g_header, %object - .size g_header, .-g_header - -// Firmware header for both Trezor One and Trezor T. -// Trezor One must have bootloader version >= 1.8.0 (before that version the hdrlen used to be reset vector) - -g_header: - .byte 'T','R','Z','F' // magic - .word g_header_end - g_header // hdrlen -#ifdef TREZOR_MODEL_T - .word 0 // expiry -#else - .word 1 // expiry -#endif - .word _codelen // codelen - .byte VERSION_MAJOR // vmajor - .byte VERSION_MINOR // vminor - .byte VERSION_PATCH // vpatch - .byte VERSION_BUILD // vbuild - .byte FIX_VERSION_MAJOR // fix_vmajor - .byte FIX_VERSION_MINOR // fix_vminor - .byte FIX_VERSION_PATCH // fix_vpatch - .byte FIX_VERSION_BUILD // fix_vbuild - .word HW_MODEL // type of the designated hardware - .byte HW_REVISION // revision of the designated hardware - .byte VERSION_MONOTONIC // monotonic version of the binary - . = . + 2 // reserved - . = . + 512 // hash1 ... hash16 - -#if !defined TREZOR_MODEL_1 -// trezor-core header style - . = . + 415 // reserved - .byte 0 // sigmask - . = . + 64 // sig -#else -// model 1 compatibility header - . = . + 64 // sig1 - . = . + 64 // sig2 - . = . + 64 // sig3 - .byte 0 // sigindex1 - .byte 0 // sigindex2 - .byte 0 // sigindex3 - . = . + 220 // reserved - . = . + 65 // reserved -#endif - -g_header_end: - diff --git a/core/embed/kernel/main.c b/core/embed/kernel/main.c index 7ad6f8ce11..376f3d2dca 100644 --- a/core/embed/kernel/main.c +++ b/core/embed/kernel/main.c @@ -22,8 +22,11 @@ #include #include "applet.h" +#include "bl_check.h" #include "board_capabilities.h" #include "bootutils.h" +#include "button.h" +#include "consumption_mask.h" #include "display.h" #include "dma2d.h" #include "entropy.h" @@ -92,7 +95,7 @@ void drivers_init() { dma2d_init(); #endif - display_init(DISPLAY_RETAIN_CONTENT); + display_init(DISPLAY_JUMP_BEHAVIOR); #ifdef STM32U5 check_oem_keys(); @@ -114,7 +117,7 @@ void drivers_init() { entropy_init(); #if PRODUCTION || BOOTLOADER_QA - // check_and_replace_bootloader(); + check_and_replace_bootloader(); #endif #ifdef USE_BUTTON @@ -166,17 +169,24 @@ void drivers_init() { #endif } +// defined in linker script +extern uint32_t _codelen; +extern uint32_t _coreapp_clear_ram_0_start; +extern uint32_t _coreapp_clear_ram_0_size; +extern uint32_t _coreapp_clear_ram_1_start; +extern uint32_t _coreapp_clear_ram_1_size; +#define KERNEL_SIZE (uint32_t) & _codelen + // Initializes coreapp applet static void coreapp_init(applet_t *applet) { applet_header_t *coreapp_header = - (applet_header_t *)(COREAPP_START + IMAGE_HEADER_SIZE + 0x0400); + (applet_header_t *)COREAPP_CODE_ALIGN(KERNEL_START + KERNEL_SIZE); applet_layout_t coreapp_layout = { - 0 - /* .data1_start = COREAPP_RAM1_START, - .data1_size = COREAPP_RAM1_SIZE, - .data2_start = COREAPP_RAM2_START, - .data2_size = COREAPP_RAM2_SIZE,*/ + .data1_start = (uint32_t)&_coreapp_clear_ram_0_start, + .data1_size = (uint32_t)&_coreapp_clear_ram_0_size, + .data2_start = (uint32_t)&_coreapp_clear_ram_1_start, + .data2_size = (uint32_t)&_coreapp_clear_ram_1_size, }; applet_init(applet, coreapp_header, &coreapp_layout); diff --git a/core/embed/kernel/memory_T3T1.ld b/core/embed/kernel/memory_T3T1.ld deleted file mode 100644 index 07a90ccc53..0000000000 --- a/core/embed/kernel/memory_T3T1.ld +++ /dev/null @@ -1,125 +0,0 @@ -/* TREZORv2 firmware linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x0C050000, LENGTH = 160K - SRAM1 (wal) : ORIGIN = 0x3002C000, LENGTH = 16K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x3002FF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x30030000, LENGTH = 8K - SRAM3 (wal) : ORIGIN = 0x30040000, LENGTH = 0x38400 - SRAM5 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM5 is not available */ - SRAM6 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM6 is not available */ - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K -} - -main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(SRAM2); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); -bss_start = ADDR(.bss); -bss_end = ADDR(.bss) + SIZEOF(.bss); - - -/* used by the startup code to populate variables used by the C code */ -confidential_lma = LOADADDR(.confidential); -confidential_vma = ADDR(.confidential); -confidential_size = SIZEOF(.confidential); - -/* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - -_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); -_flash_start = ORIGIN(FLASH); -_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); -_heap_start = ADDR(.heap); -_heap_end = ADDR(.heap) + SIZEOF(.heap); - -SECTIONS { - .vendorheader : ALIGN(4) { - KEEP(*(.vendorheader)) - } >FLASH AT>FLASH - - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(512) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(4); - KEEP(*(.bootloader)); - *(.bootloader*); - . = ALIGN(512); - } >FLASH AT>FLASH - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >SRAM1 AT>FLASH - - /DISCARD/ : { - *(.ARM.exidx*); - } - - .bss : ALIGN(4) { - *(.no_dma_buffers*); - *(.bss*); - . = ALIGN(4); - } >SRAM1 - - .stack : ALIGN(8) { - . = 4K; /* Overflow causes UsageFault */ - } >SRAM2 - - .confidential : ALIGN(512) { - *(.confidential*); - . = ALIGN(512); - } >SRAM2 AT>FLASH - - .fb : ALIGN(4) { - __fb_start = .; - *(.fb1*); - *(.fb2*); - *(.framebuffer_select*); - __fb_end = .; - . = ALIGN(4); - } >SRAM3 - - .buf : ALIGN(4) { - *(.buf*); - . = ALIGN(4); - } >SRAM3 - - .heap : ALIGN(4) { - } >SRAM3 - - .boot_args : ALIGN(8) { - *(.boot_command*); - . = ALIGN(8); - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS -} diff --git a/core/embed/kernel/startup_stm32u5.S b/core/embed/kernel/startup_stm32u5.S deleted file mode 100644 index db9a204c31..0000000000 --- a/core/embed/kernel/startup_stm32u5.S +++ /dev/null @@ -1,72 +0,0 @@ - .syntax unified - - .text - - .global reset_handler - .type reset_handler, STT_FUNC -reset_handler: - // set the stack protection - ldr r0, =_sstack - add r0, r0, #128 // safety margin for the exception frame - msr MSPLIM, r0 - - // setup environment for subsequent stage of code - ldr r2, =0 // r2 - the word-sized value to be written - - ldr r0, =sram1_start // r0 - point to beginning of SRAM - ldr r1, =sram1_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram2_start // r0 - point to beginning of SRAM - ldr r1, =sram2_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram4_start // r0 - point to beginning of SRAM - ldr r1, =sram4_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram6_start // r0 - point to beginning of SRAM - ldr r1, =sram6_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =boot_args_start // r0 - point to beginning of boot args - ldr r1, =boot_args_end // r1 - point to byte after the end of boot args - bl memset_reg - - ldr r0, =sram3_start // r0 - point to beginning of SRAM - ldr r1, =__fb_start // r1 - point to beginning of framebuffer - bl memset_reg - - ldr r0, =__fb_end // r0 - point to end of framebuffer - ldr r1, =sram5_end // r1 - point to byte after the end of SRAM - bl memset_reg - - // copy data in from flash - ldr r0, =data_vma // dst addr - ldr r1, =data_lma // src addr - ldr r2, =data_size // size in bytes - bl memcpy - - // copy confidential data in from flash - ldr r0, =confidential_vma // dst addr - ldr r1, =confidential_lma // src addr - ldr r2, =confidential_size // size in bytes - bl memcpy - - // setup the stack protector (see build script "-fstack-protector-all") with an unpredictable value - bl rng_get - ldr r1, = __stack_chk_guard - str r0, [r1] - - // re-enable exceptions - // according to "ARM Cortex-M Programming Guide to Memory Barrier Instructions" Application Note 321, section 4.7: - // "If it is not necessary to ensure that a pended interrupt is recognized immediately before - // subsequent operations, it is not necessary to insert a memory barrier instruction." - cpsie f - - // enter the application code - bl main - - b shutdown_privileged - - .end diff --git a/core/embed/firmware/bl_check.c b/core/embed/lib/bl_check.c similarity index 93% rename from core/embed/firmware/bl_check.c rename to core/embed/lib/bl_check.c index c172df62d6..0274f2aa2f 100644 --- a/core/embed/firmware/bl_check.c +++ b/core/embed/lib/bl_check.c @@ -26,13 +26,12 @@ #include "image.h" #include "memzero.h" #include "model.h" +#include "mpu.h" #include "uzlib.h" // symbols from bootloader.bin => bootloader.o -extern const void - _binary_embed_firmware_bootloaders_bootloader_bin_deflated_start; -extern const void - _binary_embed_firmware_bootloaders_bootloader_bin_deflated_size; +extern const void _binary_embed_bootloaders_bootloader_bin_deflated_start; +extern const void _binary_embed_bootloaders_bootloader_bin_deflated_size; #define CONCAT_NAME_HELPER(prefix, name, suffix) prefix##name##suffix #define CONCAT_NAME(name, var) CONCAT_NAME_HELPER(BOOTLOADER_, name, var) @@ -82,6 +81,7 @@ static void uzlib_prepare(struct uzlib_uncomp *decomp, uint8_t *window, void check_and_replace_bootloader(void) { #if PRODUCTION || BOOTLOADER_QA + mpu_mode_t mode = mpu_reconfig(MPU_MODE_BOOTUPDATE); // compute current bootloader hash uint8_t hash[BLAKE2S_DIGEST_LENGTH]; @@ -95,15 +95,16 @@ void check_and_replace_bootloader(void) { // do we have the latest bootloader? if (sectrue == latest_bootloader(hash, BLAKE2S_DIGEST_LENGTH)) { + mpu_reconfig(mode); return; } // replace bootloader with the latest one const uint32_t *data = (const uint32_t - *)&_binary_embed_firmware_bootloaders_bootloader_bin_deflated_start; + *)&_binary_embed_bootloaders_bootloader_bin_deflated_start; const uint32_t len = - (const uint32_t)&_binary_embed_firmware_bootloaders_bootloader_bin_deflated_size; + (const uint32_t)&_binary_embed_bootloaders_bootloader_bin_deflated_size; struct uzlib_uncomp decomp = {0}; uint8_t decomp_window[UZLIB_WINDOW_SIZE] = {0}; @@ -134,6 +135,7 @@ void check_and_replace_bootloader(void) { if (new_bld_hdr->monotonic < current_bld_hdr->monotonic) { // reject downgrade + mpu_reconfig(mode); return; } @@ -180,5 +182,7 @@ void check_and_replace_bootloader(void) { } ensure(flash_lock_write(), NULL); + + mpu_reconfig(mode); #endif } diff --git a/core/embed/firmware/bl_check.h b/core/embed/lib/bl_check.h similarity index 100% rename from core/embed/firmware/bl_check.h rename to core/embed/lib/bl_check.h diff --git a/core/embed/lib/image.h b/core/embed/lib/image.h index bfcfba634b..f837f7d969 100644 --- a/core/embed/lib/image.h +++ b/core/embed/lib/image.h @@ -39,6 +39,12 @@ #define IMAGE_CODE_ALIGN(addr) \ ((((uint32_t)(uintptr_t)addr) + (CODE_ALIGNMENT - 1)) & ~(CODE_ALIGNMENT - 1)) +#define COREAPP_ALIGNMENT 512 + +#define COREAPP_CODE_ALIGN(addr) \ + ((((uint32_t)(uintptr_t)addr) + (COREAPP_ALIGNMENT - 1)) & \ + ~(COREAPP_ALIGNMENT - 1)) + typedef struct { uint32_t magic; uint32_t hdrlen; diff --git a/core/embed/models/D001/memory.ld b/core/embed/models/D001/memory.ld new file mode 100644 index 0000000000..abce5a3951 --- /dev/null +++ b/core/embed/models/D001/memory.ld @@ -0,0 +1,36 @@ +/* Auto-generated file, do not edit.*/ + +FLASH_START = 0x8000000; +BOARDLOADER_START = 0x8000000; +BOOTLOADER_START = 0x8020000; +FIRMWARE_START = 0x8040000; +FIRMWARE_P2_START = 0x8120000; +KERNEL_START = 0x8040000; +STORAGE_1_OFFSET = 0x10000; +STORAGE_2_OFFSET = 0x110000; +NORCOW_SECTOR_SIZE = 0x10000; +BOARDLOADER_IMAGE_MAXSIZE = 0xc000; +BOOTLOADER_IMAGE_MAXSIZE = 0x20000; +FIRMWARE_IMAGE_MAXSIZE = 0x1a0000; +FIRMWARE_P1_IMAGE_MAXSIZE = 0xc0000; +FIRMWARE_P2_IMAGE_MAXSIZE = 0xe0000; +KERNEL_IMAGE_MAXSIZE = 0x80000; +BOARDLOADER_SECTOR_START = 0x0; +BOARDLOADER_SECTOR_END = 0x3; +BOOTLOADER_SECTOR_START = 0x5; +BOOTLOADER_SECTOR_END = 0x5; +FIRMWARE_SECTOR_START = 0x6; +FIRMWARE_SECTOR_END = 0xb; +FIRMWARE_P2_SECTOR_START = 0x11; +FIRMWARE_P2_SECTOR_END = 0x17; +STORAGE_1_SECTOR_START = 0x4; +STORAGE_1_SECTOR_END = 0x4; +STORAGE_2_SECTOR_START = 0x10; +STORAGE_2_SECTOR_END = 0x10; +KERNEL_STACK_SIZE = 0x2000; +KERNEL_CCMRAM_SIZE = 0x4000; +KERNEL_FRAMEBUFFER_SIZE = 0x0; +KERNEL_SRAM_SIZE = 0x400; +BOOTARGS_SIZE = 0x100; +BOARD_CAPABILITIES_ADDR = 0x800bf00; +CODE_ALIGNMENT = 0x200; diff --git a/core/embed/models/D001/model_D001.h b/core/embed/models/D001/model_D001.h index c0ed207687..5f17dcace1 100644 --- a/core/embed/models/D001/model_D001.h +++ b/core/embed/models/D001/model_D001.h @@ -22,8 +22,7 @@ #define IMAGE_CHUNK_SIZE (128 * 1024) #define IMAGE_HASH_BLAKE2S -#define BOARD_CAPABILITIES_ADDR 0x0800BF00 -#define CODE_ALIGNMENT 0x200 +#define DISPLAY_JUMP_BEHAVIOR DISPLAY_RESET_CONTENT // SHARED WITH MAKEFILE #define FLASH_START 0x08000000 @@ -31,6 +30,7 @@ #define BOOTLOADER_START 0x08020000 #define FIRMWARE_START 0x08040000 #define FIRMWARE_P2_START 0x08120000 +#define KERNEL_START 0x08040000 #define STORAGE_1_OFFSET 0x10000 #define STORAGE_2_OFFSET 0x110000 #define NORCOW_SECTOR_SIZE (1 * 64 * 1024) // 64 kB @@ -39,6 +39,7 @@ #define FIRMWARE_IMAGE_MAXSIZE (13 * 128 * 1024) // 1664 kB #define FIRMWARE_P1_IMAGE_MAXSIZE (6 * 128 * 1024) #define FIRMWARE_P2_IMAGE_MAXSIZE (7 * 128 * 1024) +#define KERNEL_IMAGE_MAXSIZE (4 * 128 * 1024) #define BOARDLOADER_SECTOR_START 0 #define BOARDLOADER_SECTOR_END 3 #define BOOTLOADER_SECTOR_START 5 @@ -51,5 +52,13 @@ #define STORAGE_1_SECTOR_END 4 #define STORAGE_2_SECTOR_START 16 #define STORAGE_2_SECTOR_END 16 +#define KERNEL_STACK_SIZE 8 * 1024 +#define KERNEL_CCMRAM_SIZE 16 * 1024 +#define KERNEL_FRAMEBUFFER_SIZE 0 * 1024 +#define KERNEL_SRAM_SIZE 1 * 1024 + +#define BOOTARGS_SIZE 0x100 +#define BOARD_CAPABILITIES_ADDR 0x0800BF00 +#define CODE_ALIGNMENT 0x200 #endif diff --git a/core/embed/models/D002/memory.ld b/core/embed/models/D002/memory.ld new file mode 100644 index 0000000000..3f5648b562 --- /dev/null +++ b/core/embed/models/D002/memory.ld @@ -0,0 +1,32 @@ +/* Auto-generated file, do not edit.*/ + +FLASH_START = 0xc000000; +BOARDLOADER_START = 0xc004000; +BOOTLOADER_START = 0xc010000; +KERNEL_START = 0xc050000; +FIRMWARE_START = 0xc050000; +STORAGE_1_OFFSET = 0x30000; +STORAGE_2_OFFSET = 0x50000; +NORCOW_SECTOR_SIZE = 0x10000; +BOARDLOADER_IMAGE_MAXSIZE = 0xc000; +BOOTLOADER_IMAGE_MAXSIZE = 0x20000; +FIRMWARE_IMAGE_MAXSIZE = 0x3a0000; +KERNEL_IMAGE_MAXSIZE = 0x80000; +BOARDLOADER_SECTOR_START = 0x2; +BOARDLOADER_SECTOR_END = 0x7; +BOOTLOADER_SECTOR_START = 0x8; +BOOTLOADER_SECTOR_END = 0x17; +FIRMWARE_SECTOR_START = 0x28; +FIRMWARE_SECTOR_END = 0x1f7; +STORAGE_1_SECTOR_START = 0x18; +STORAGE_1_SECTOR_END = 0x1f; +STORAGE_2_SECTOR_START = 0x20; +STORAGE_2_SECTOR_END = 0x27; +KERNEL_U_FLASH_SIZE = 0x200; +KERNEL_U_RAM_SIZE = 0x200; +KERNEL_SRAM1_SIZE = 0x4000; +KERNEL_SRAM2_SIZE = 0x2400; +KERNEL_SRAM3_SIZE = 0xbb800; +BOOTARGS_SIZE = 0x100; +BOARD_CAPABILITIES_ADDR = 0xc00ff00; +CODE_ALIGNMENT = 0x400; diff --git a/core/embed/models/D002/model_D002.h b/core/embed/models/D002/model_D002.h index 6b0712631b..48c43dad02 100644 --- a/core/embed/models/D002/model_D002.h +++ b/core/embed/models/D002/model_D002.h @@ -25,16 +25,13 @@ #define IMAGE_CHUNK_SIZE SIZE_256K #define IMAGE_HASH_SHA256 -#define BOARD_CAPABILITIES_ADDR 0x0C00FF00 -#define CODE_ALIGNMENT 0x400 +#define DISPLAY_JUMP_BEHAVIOR DISPLAY_RESET_CONTENT -// SHARED WITH MAKEFILE +// SHARED WITH MAKEFILE, LINKER SCRIPT etc. #define FLASH_START 0x0C000000 #define BOARDLOADER_START 0x0C004000 #define BOOTLOADER_START 0x0C010000 #define KERNEL_START 0x0C050000 -#define KERNEL_SIZE 0x00028000 -#define COREAPP_START 0x0C078000 #define FIRMWARE_START 0x0C050000 #define STORAGE_1_OFFSET 0x30000 #define STORAGE_2_OFFSET 0x50000 @@ -42,6 +39,7 @@ #define BOARDLOADER_IMAGE_MAXSIZE (6 * 8 * 1024) // 48 kB #define BOOTLOADER_IMAGE_MAXSIZE (16 * 8 * 1024) // 128 kB #define FIRMWARE_IMAGE_MAXSIZE (464 * 8 * 1024) // 3712 kB +#define KERNEL_IMAGE_MAXSIZE (512 * 1024) // 512 kB #define BOARDLOADER_SECTOR_START 0x2 #define BOARDLOADER_SECTOR_END 0x7 #define BOOTLOADER_SECTOR_START 0x8 @@ -53,4 +51,14 @@ #define STORAGE_2_SECTOR_START 0x20 #define STORAGE_2_SECTOR_END 0x27 +#define KERNEL_U_FLASH_SIZE 512 +#define KERNEL_U_RAM_SIZE 512 +#define KERNEL_SRAM1_SIZE 16 * 1024 +#define KERNEL_SRAM2_SIZE 9 * 1024 +#define KERNEL_SRAM3_SIZE 750 * 1024 + +#define BOOTARGS_SIZE 0x100 +#define BOARD_CAPABILITIES_ADDR 0x0C00FF00 +#define CODE_ALIGNMENT 0x400 + #endif diff --git a/core/embed/models/T1B1/memory.ld b/core/embed/models/T1B1/memory.ld new file mode 100644 index 0000000000..1e78a10394 --- /dev/null +++ b/core/embed/models/T1B1/memory.ld @@ -0,0 +1,16 @@ +/* Auto-generated file, do not edit.*/ + +FLASH_START = 0x8000000; +BOOTLOADER_START = 0x8000000; +FIRMWARE_START = 0x8010000; +NORCOW_SECTOR_SIZE = 0x10000; +BOOTLOADER_IMAGE_MAXSIZE = 0x8000; +FIRMWARE_IMAGE_MAXSIZE = 0xf0000; +BOOTLOADER_SECTOR_START = 0x0; +BOOTLOADER_SECTOR_END = 0x2; +FIRMWARE_SECTOR_START = 0x4; +FIRMWARE_SECTOR_END = 0xb; +STORAGE_1_SECTOR_START = 0x2; +STORAGE_1_SECTOR_END = 0x2; +STORAGE_2_SECTOR_START = 0x3; +STORAGE_2_SECTOR_END = 0x3; diff --git a/core/embed/models/T1B1/model_T1B1.h b/core/embed/models/T1B1/model_T1B1.h index e5006b01e4..ff007bc757 100644 --- a/core/embed/models/T1B1/model_T1B1.h +++ b/core/embed/models/T1B1/model_T1B1.h @@ -12,6 +12,7 @@ #define IMAGE_CHUNK_SIZE (64 * 1024) #define IMAGE_HASH_SHA256 #define CODE_ALIGNMENT 0x200 +#define DISPLAY_JUMP_BEHAVIOR DISPLAY_RETAIN_CONTENT // SHARED WITH MAKEFILE #define FLASH_START 0x08000000 diff --git a/core/embed/models/T2B1/memory.ld b/core/embed/models/T2B1/memory.ld new file mode 100644 index 0000000000..3c841039f1 --- /dev/null +++ b/core/embed/models/T2B1/memory.ld @@ -0,0 +1,36 @@ +/* Auto-generated file, do not edit.*/ + +FLASH_START = 0x8000000; +BOARDLOADER_START = 0x8000000; +BOOTLOADER_START = 0x8020000; +FIRMWARE_START = 0x8040000; +FIRMWARE_P2_START = 0x8120000; +KERNEL_START = 0x8040000; +STORAGE_1_OFFSET = 0x10000; +STORAGE_2_OFFSET = 0x110000; +NORCOW_SECTOR_SIZE = 0x10000; +BOARDLOADER_IMAGE_MAXSIZE = 0xc000; +BOOTLOADER_IMAGE_MAXSIZE = 0x20000; +FIRMWARE_IMAGE_MAXSIZE = 0x1a0000; +FIRMWARE_P1_IMAGE_MAXSIZE = 0xc0000; +FIRMWARE_P2_IMAGE_MAXSIZE = 0xe0000; +KERNEL_IMAGE_MAXSIZE = 0x80000; +BOARDLOADER_SECTOR_START = 0x0; +BOARDLOADER_SECTOR_END = 0x3; +BOOTLOADER_SECTOR_START = 0x5; +BOOTLOADER_SECTOR_END = 0x5; +FIRMWARE_SECTOR_START = 0x6; +FIRMWARE_SECTOR_END = 0xb; +FIRMWARE_P2_SECTOR_START = 0x11; +FIRMWARE_P2_SECTOR_END = 0x17; +STORAGE_1_SECTOR_START = 0x4; +STORAGE_1_SECTOR_END = 0x4; +STORAGE_2_SECTOR_START = 0x10; +STORAGE_2_SECTOR_END = 0x10; +KERNEL_STACK_SIZE = 0x2000; +KERNEL_CCMRAM_SIZE = 0x4000; +KERNEL_FRAMEBUFFER_SIZE = 0x2000; +KERNEL_SRAM_SIZE = 0x400; +BOOTARGS_SIZE = 0x100; +BOARD_CAPABILITIES_ADDR = 0x800bf00; +CODE_ALIGNMENT = 0x200; diff --git a/core/embed/models/T2B1/model_T2B1.h b/core/embed/models/T2B1/model_T2B1.h index d82aefc89b..74632ad249 100644 --- a/core/embed/models/T2B1/model_T2B1.h +++ b/core/embed/models/T2B1/model_T2B1.h @@ -24,8 +24,7 @@ #define IMAGE_CHUNK_SIZE (128 * 1024) #define IMAGE_HASH_BLAKE2S -#define BOARD_CAPABILITIES_ADDR 0x0800BF00 -#define CODE_ALIGNMENT 0x200 +#define DISPLAY_JUMP_BEHAVIOR DISPLAY_RETAIN_CONTENT // SHARED WITH MAKEFILE #define FLASH_START 0x08000000 @@ -33,6 +32,7 @@ #define BOOTLOADER_START 0x08020000 #define FIRMWARE_START 0x08040000 #define FIRMWARE_P2_START 0x08120000 +#define KERNEL_START 0x08040000 #define STORAGE_1_OFFSET 0x10000 #define STORAGE_2_OFFSET 0x110000 #define NORCOW_SECTOR_SIZE (1 * 64 * 1024) // 64 kB @@ -41,6 +41,7 @@ #define FIRMWARE_IMAGE_MAXSIZE (13 * 128 * 1024) // 1664 kB #define FIRMWARE_P1_IMAGE_MAXSIZE (6 * 128 * 1024) #define FIRMWARE_P2_IMAGE_MAXSIZE (7 * 128 * 1024) +#define KERNEL_IMAGE_MAXSIZE (4 * 128 * 1024) #define BOARDLOADER_SECTOR_START 0 #define BOARDLOADER_SECTOR_END 3 #define BOOTLOADER_SECTOR_START 5 @@ -53,5 +54,13 @@ #define STORAGE_1_SECTOR_END 4 #define STORAGE_2_SECTOR_START 16 #define STORAGE_2_SECTOR_END 16 +#define KERNEL_STACK_SIZE 8 * 1024 +#define KERNEL_CCMRAM_SIZE 16 * 1024 +#define KERNEL_FRAMEBUFFER_SIZE 8 * 1024 +#define KERNEL_SRAM_SIZE 1 * 1024 + +#define BOOTARGS_SIZE 0x100 +#define BOARD_CAPABILITIES_ADDR 0x0800BF00 +#define CODE_ALIGNMENT 0x200 #endif diff --git a/core/embed/models/T2T1/memory.ld b/core/embed/models/T2T1/memory.ld new file mode 100644 index 0000000000..abce5a3951 --- /dev/null +++ b/core/embed/models/T2T1/memory.ld @@ -0,0 +1,36 @@ +/* Auto-generated file, do not edit.*/ + +FLASH_START = 0x8000000; +BOARDLOADER_START = 0x8000000; +BOOTLOADER_START = 0x8020000; +FIRMWARE_START = 0x8040000; +FIRMWARE_P2_START = 0x8120000; +KERNEL_START = 0x8040000; +STORAGE_1_OFFSET = 0x10000; +STORAGE_2_OFFSET = 0x110000; +NORCOW_SECTOR_SIZE = 0x10000; +BOARDLOADER_IMAGE_MAXSIZE = 0xc000; +BOOTLOADER_IMAGE_MAXSIZE = 0x20000; +FIRMWARE_IMAGE_MAXSIZE = 0x1a0000; +FIRMWARE_P1_IMAGE_MAXSIZE = 0xc0000; +FIRMWARE_P2_IMAGE_MAXSIZE = 0xe0000; +KERNEL_IMAGE_MAXSIZE = 0x80000; +BOARDLOADER_SECTOR_START = 0x0; +BOARDLOADER_SECTOR_END = 0x3; +BOOTLOADER_SECTOR_START = 0x5; +BOOTLOADER_SECTOR_END = 0x5; +FIRMWARE_SECTOR_START = 0x6; +FIRMWARE_SECTOR_END = 0xb; +FIRMWARE_P2_SECTOR_START = 0x11; +FIRMWARE_P2_SECTOR_END = 0x17; +STORAGE_1_SECTOR_START = 0x4; +STORAGE_1_SECTOR_END = 0x4; +STORAGE_2_SECTOR_START = 0x10; +STORAGE_2_SECTOR_END = 0x10; +KERNEL_STACK_SIZE = 0x2000; +KERNEL_CCMRAM_SIZE = 0x4000; +KERNEL_FRAMEBUFFER_SIZE = 0x0; +KERNEL_SRAM_SIZE = 0x400; +BOOTARGS_SIZE = 0x100; +BOARD_CAPABILITIES_ADDR = 0x800bf00; +CODE_ALIGNMENT = 0x200; diff --git a/core/embed/models/T2T1/model_T2T1.h b/core/embed/models/T2T1/model_T2T1.h index fc29eaf94c..a759fad7fc 100644 --- a/core/embed/models/T2T1/model_T2T1.h +++ b/core/embed/models/T2T1/model_T2T1.h @@ -24,8 +24,7 @@ #define IMAGE_CHUNK_SIZE (128 * 1024) #define IMAGE_HASH_BLAKE2S -#define BOARD_CAPABILITIES_ADDR 0x0800BF00 -#define CODE_ALIGNMENT 0x200 +#define DISPLAY_JUMP_BEHAVIOR DISPLAY_RETAIN_CONTENT // SHARED WITH MAKEFILE #define FLASH_START 0x08000000 @@ -33,6 +32,7 @@ #define BOOTLOADER_START 0x08020000 #define FIRMWARE_START 0x08040000 #define FIRMWARE_P2_START 0x08120000 +#define KERNEL_START 0x08040000 #define STORAGE_1_OFFSET 0x10000 #define STORAGE_2_OFFSET 0x110000 #define NORCOW_SECTOR_SIZE (1 * 64 * 1024) // 64 kB @@ -41,6 +41,7 @@ #define FIRMWARE_IMAGE_MAXSIZE (13 * 128 * 1024) // 1664 kB #define FIRMWARE_P1_IMAGE_MAXSIZE (6 * 128 * 1024) #define FIRMWARE_P2_IMAGE_MAXSIZE (7 * 128 * 1024) +#define KERNEL_IMAGE_MAXSIZE (4 * 128 * 1024) #define BOARDLOADER_SECTOR_START 0 #define BOARDLOADER_SECTOR_END 3 #define BOOTLOADER_SECTOR_START 5 @@ -53,5 +54,13 @@ #define STORAGE_1_SECTOR_END 4 #define STORAGE_2_SECTOR_START 16 #define STORAGE_2_SECTOR_END 16 +#define KERNEL_STACK_SIZE 8 * 1024 +#define KERNEL_CCMRAM_SIZE 16 * 1024 +#define KERNEL_FRAMEBUFFER_SIZE 0 * 1024 +#define KERNEL_SRAM_SIZE 1 * 1024 + +#define BOOTARGS_SIZE 0x100 +#define BOARD_CAPABILITIES_ADDR 0x0800BF00 +#define CODE_ALIGNMENT 0x200 #endif diff --git a/core/embed/models/T3B1/memory.ld b/core/embed/models/T3B1/memory.ld new file mode 100644 index 0000000000..29bfa19521 --- /dev/null +++ b/core/embed/models/T3B1/memory.ld @@ -0,0 +1,32 @@ +/* Auto-generated file, do not edit.*/ + +FLASH_START = 0xc000000; +BOARDLOADER_START = 0xc004000; +BOOTLOADER_START = 0xc010000; +KERNEL_START = 0xc050000; +FIRMWARE_START = 0xc050000; +STORAGE_1_OFFSET = 0x30000; +STORAGE_2_OFFSET = 0x50000; +NORCOW_SECTOR_SIZE = 0x10000; +BOARDLOADER_IMAGE_MAXSIZE = 0xc000; +BOOTLOADER_IMAGE_MAXSIZE = 0x20000; +FIRMWARE_IMAGE_MAXSIZE = 0x1a0000; +KERNEL_IMAGE_MAXSIZE = 0x80000; +BOARDLOADER_SECTOR_START = 0x2; +BOARDLOADER_SECTOR_END = 0x7; +BOOTLOADER_SECTOR_START = 0x8; +BOOTLOADER_SECTOR_END = 0x17; +FIRMWARE_SECTOR_START = 0x28; +FIRMWARE_SECTOR_END = 0xf7; +STORAGE_1_SECTOR_START = 0x18; +STORAGE_1_SECTOR_END = 0x1f; +STORAGE_2_SECTOR_START = 0x20; +STORAGE_2_SECTOR_END = 0x27; +KERNEL_U_FLASH_SIZE = 0x200; +KERNEL_U_RAM_SIZE = 0x200; +KERNEL_SRAM1_SIZE = 0x4000; +KERNEL_SRAM2_SIZE = 0x2000; +KERNEL_SRAM3_SIZE = 0x38400; +BOOTARGS_SIZE = 0x100; +BOARD_CAPABILITIES_ADDR = 0xc00ff00; +CODE_ALIGNMENT = 0x200; diff --git a/core/embed/models/T3B1/model_T3B1.h b/core/embed/models/T3B1/model_T3B1.h index 3e973c8ff5..6dc327e01c 100644 --- a/core/embed/models/T3B1/model_T3B1.h +++ b/core/embed/models/T3B1/model_T3B1.h @@ -25,13 +25,13 @@ #define IMAGE_CHUNK_SIZE (128 * 1024) #define IMAGE_HASH_SHA256 -#define BOARD_CAPABILITIES_ADDR 0x0C00FF00 -#define CODE_ALIGNMENT 0x200 +#define DISPLAY_JUMP_BEHAVIOR DISPLAY_RETAIN_CONTENT -// SHARED WITH MAKEFILE +// SHARED WITH MAKEFILE, LINKER SCRIPT etc. #define FLASH_START 0x0C000000 #define BOARDLOADER_START 0x0C004000 #define BOOTLOADER_START 0x0C010000 +#define KERNEL_START 0x0C050000 #define FIRMWARE_START 0x0C050000 #define STORAGE_1_OFFSET 0x30000 #define STORAGE_2_OFFSET 0x50000 @@ -39,6 +39,7 @@ #define BOARDLOADER_IMAGE_MAXSIZE (6 * 8 * 1024) // 48 kB #define BOOTLOADER_IMAGE_MAXSIZE (16 * 8 * 1024) // 128 kB #define FIRMWARE_IMAGE_MAXSIZE (208 * 8 * 1024) // 1664 kB +#define KERNEL_IMAGE_MAXSIZE (512 * 1024) // 512 kB #define BOARDLOADER_SECTOR_START 0x2 #define BOARDLOADER_SECTOR_END 0x7 #define BOOTLOADER_SECTOR_START 0x8 @@ -50,4 +51,14 @@ #define STORAGE_2_SECTOR_START 0x20 #define STORAGE_2_SECTOR_END 0x27 +#define KERNEL_U_FLASH_SIZE 512 +#define KERNEL_U_RAM_SIZE 512 +#define KERNEL_SRAM1_SIZE 16 * 1024 +#define KERNEL_SRAM2_SIZE 8 * 1024 +#define KERNEL_SRAM3_SIZE 0x38400 + +#define BOOTARGS_SIZE 0x100 +#define BOARD_CAPABILITIES_ADDR 0x0C00FF00 +#define CODE_ALIGNMENT 0x200 + #endif diff --git a/core/embed/models/T3T1/memory.ld b/core/embed/models/T3T1/memory.ld new file mode 100644 index 0000000000..29bfa19521 --- /dev/null +++ b/core/embed/models/T3T1/memory.ld @@ -0,0 +1,32 @@ +/* Auto-generated file, do not edit.*/ + +FLASH_START = 0xc000000; +BOARDLOADER_START = 0xc004000; +BOOTLOADER_START = 0xc010000; +KERNEL_START = 0xc050000; +FIRMWARE_START = 0xc050000; +STORAGE_1_OFFSET = 0x30000; +STORAGE_2_OFFSET = 0x50000; +NORCOW_SECTOR_SIZE = 0x10000; +BOARDLOADER_IMAGE_MAXSIZE = 0xc000; +BOOTLOADER_IMAGE_MAXSIZE = 0x20000; +FIRMWARE_IMAGE_MAXSIZE = 0x1a0000; +KERNEL_IMAGE_MAXSIZE = 0x80000; +BOARDLOADER_SECTOR_START = 0x2; +BOARDLOADER_SECTOR_END = 0x7; +BOOTLOADER_SECTOR_START = 0x8; +BOOTLOADER_SECTOR_END = 0x17; +FIRMWARE_SECTOR_START = 0x28; +FIRMWARE_SECTOR_END = 0xf7; +STORAGE_1_SECTOR_START = 0x18; +STORAGE_1_SECTOR_END = 0x1f; +STORAGE_2_SECTOR_START = 0x20; +STORAGE_2_SECTOR_END = 0x27; +KERNEL_U_FLASH_SIZE = 0x200; +KERNEL_U_RAM_SIZE = 0x200; +KERNEL_SRAM1_SIZE = 0x4000; +KERNEL_SRAM2_SIZE = 0x2000; +KERNEL_SRAM3_SIZE = 0x38400; +BOOTARGS_SIZE = 0x100; +BOARD_CAPABILITIES_ADDR = 0xc00ff00; +CODE_ALIGNMENT = 0x200; diff --git a/core/embed/models/T3T1/model_T3T1.h b/core/embed/models/T3T1/model_T3T1.h index 35af3e6d20..35643b895f 100644 --- a/core/embed/models/T3T1/model_T3T1.h +++ b/core/embed/models/T3T1/model_T3T1.h @@ -25,16 +25,13 @@ #define IMAGE_CHUNK_SIZE (128 * 1024) #define IMAGE_HASH_SHA256 -#define BOARD_CAPABILITIES_ADDR 0x0C00FF00 -#define CODE_ALIGNMENT 0x200 +#define DISPLAY_JUMP_BEHAVIOR DISPLAY_RETAIN_CONTENT -// SHARED WITH MAKEFILE +// SHARED WITH MAKEFILE, LINKER SCRIPT etc. #define FLASH_START 0x0C000000 #define BOARDLOADER_START 0x0C004000 #define BOOTLOADER_START 0x0C010000 #define KERNEL_START 0x0C050000 -#define KERNEL_SIZE 0x00028000 -#define COREAPP_START 0x0C078000 #define FIRMWARE_START 0x0C050000 #define STORAGE_1_OFFSET 0x30000 #define STORAGE_2_OFFSET 0x50000 @@ -42,6 +39,7 @@ #define BOARDLOADER_IMAGE_MAXSIZE (6 * 8 * 1024) // 48 kB #define BOOTLOADER_IMAGE_MAXSIZE (16 * 8 * 1024) // 128 kB #define FIRMWARE_IMAGE_MAXSIZE (208 * 8 * 1024) // 1664 kB +#define KERNEL_IMAGE_MAXSIZE (512 * 1024) // 512 kB #define BOARDLOADER_SECTOR_START 0x2 #define BOARDLOADER_SECTOR_END 0x7 #define BOOTLOADER_SECTOR_START 0x8 @@ -53,4 +51,14 @@ #define STORAGE_2_SECTOR_START 0x20 #define STORAGE_2_SECTOR_END 0x27 +#define KERNEL_U_FLASH_SIZE 512 +#define KERNEL_U_RAM_SIZE 512 +#define KERNEL_SRAM1_SIZE 16 * 1024 +#define KERNEL_SRAM2_SIZE 8 * 1024 +#define KERNEL_SRAM3_SIZE 0x38400 + +#define BOOTARGS_SIZE 0x100 +#define BOARD_CAPABILITIES_ADDR 0x0C00FF00 +#define CODE_ALIGNMENT 0x200 + #endif diff --git a/core/embed/prodtest/main.c b/core/embed/prodtest/main.c index 3ff73d873c..1fa330f2af 100644 --- a/core/embed/prodtest/main.c +++ b/core/embed/prodtest/main.c @@ -786,7 +786,7 @@ void cpuid_read(void) { int main(void) { system_init(&rsod_panic_handler); - display_init(DISPLAY_RETAIN_CONTENT); + display_init(DISPLAY_JUMP_BEHAVIOR); #ifdef STM32U5 secure_aes_init(); diff --git a/core/embed/prodtest/memory_stm32u5a.ld b/core/embed/prodtest/memory_stm32u5a.ld deleted file mode 100644 index fa303b5d4f..0000000000 --- a/core/embed/prodtest/memory_stm32u5a.ld +++ /dev/null @@ -1,127 +0,0 @@ -/* TREZORv2 firmware linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x0C050000, LENGTH = 3648K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 768K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x300BFF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x300C0000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x300D0000, LENGTH = 832K - SRAM5 (wal) : ORIGIN = 0x301A0000, LENGTH = 832K - SRAM6 (wal) : ORIGIN = 0x30270000, LENGTH = 0 - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K -} - -main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(SRAM2); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to populate variables used by the C code */ -confidential_lma = LOADADDR(.confidential); -confidential_vma = ADDR(.confidential); -confidential_size = SIZEOF(.confidential); - -/* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); -_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); -_flash_start = ORIGIN(FLASH); -_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); -_heap_start = ADDR(.heap); -_heap_end = ADDR(.heap) + SIZEOF(.heap); - -SECTIONS { - .vendorheader : ALIGN(4) { - KEEP(*(.vendorheader)) - } >FLASH AT>FLASH - - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(1024) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(4); - KEEP(*(.bootloader)); - *(.bootloader*); - . = ALIGN(512); - } >FLASH AT>FLASH - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >SRAM1 AT>FLASH - - /DISCARD/ : { - *(.ARM.exidx*); - } - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >SRAM1 - - .data_ccm : ALIGN(4) { - *(.no_dma_buffers*); - . = ALIGN(4); - } >SRAM1 - - .heap : ALIGN(4) { - . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ - . = ABSOLUTE(sram1_end); /* this explicitly sets the end of the heap */ - } >SRAM1 - - .stack : ALIGN(8) { - . = 16K; /* Overflow causes UsageFault */ - } >SRAM2 - - .confidential : ALIGN(512) { - *(.confidential*); - . = ALIGN(512); - } >SRAM2 AT>FLASH - - .fb1 : ALIGN(4) { - __fb_start = .; - *(.fb1*); - *(.gfxmmu_table*); - *(.framebuffer_select*); - . = ALIGN(4); - } >SRAM3 - - .fb2 : ALIGN(4) { - *(.fb2*); - __fb_end = .; - . = ALIGN(4); - } >SRAM5 - - .boot_args : ALIGN(8) { - *(.boot_command*); - . = ALIGN(8); - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS -} diff --git a/core/embed/prodtest/startup_stm32f4.s b/core/embed/prodtest/startup_stm32f4.s deleted file mode 100644 index ad8bc096ee..0000000000 --- a/core/embed/prodtest/startup_stm32f4.s +++ /dev/null @@ -1,46 +0,0 @@ - .syntax unified - - .text - - .global reset_handler - .type reset_handler, STT_FUNC -reset_handler: - // setup environment for subsequent stage of code - ldr r0, =ccmram_start // r0 - point to beginning of CCMRAM - ldr r1, =ccmram_end // r1 - point to byte after the end of CCMRAM - ldr r2, =0 // r2 - the word-sized value to be written - bl memset_reg - - ldr r0, =boot_args_start // r0 - point to beginning of BOOT_ARGS - ldr r1, =boot_args_end // r1 - point to byte after the end of BOOT_ARGS - ldr r2, =0 // r2 - the word-sized value to be written - bl memset_reg - - ldr r0, =sram_start // r0 - point to beginning of SRAM - ldr r1, =sram_end // r1 - point to byte after the end of SRAM - ldr r2, =0 // r2 - the word-sized value to be written - bl memset_reg - - // copy data in from flash - ldr r0, =data_vma // dst addr - ldr r1, =data_lma // src addr - ldr r2, =data_size // size in bytes - bl memcpy - - // setup the stack protector (see build script "-fstack-protector-all") with an unpredictable value - bl rng_get - ldr r1, = __stack_chk_guard - str r0, [r1] - - // re-enable exceptions - // according to "ARM Cortex-M Programming Guide to Memory Barrier Instructions" Application Note 321, section 4.7: - // "If it is not necessary to ensure that a pended interrupt is recognized immediately before - // subsequent operations, it is not necessary to insert a memory barrier instruction." - cpsie f - - // enter the application code - bl main - - b shutdown_privileged - - .end diff --git a/core/embed/prodtest/startup_stm32u5.s b/core/embed/prodtest/startup_stm32u5.s deleted file mode 100644 index db9a204c31..0000000000 --- a/core/embed/prodtest/startup_stm32u5.s +++ /dev/null @@ -1,72 +0,0 @@ - .syntax unified - - .text - - .global reset_handler - .type reset_handler, STT_FUNC -reset_handler: - // set the stack protection - ldr r0, =_sstack - add r0, r0, #128 // safety margin for the exception frame - msr MSPLIM, r0 - - // setup environment for subsequent stage of code - ldr r2, =0 // r2 - the word-sized value to be written - - ldr r0, =sram1_start // r0 - point to beginning of SRAM - ldr r1, =sram1_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram2_start // r0 - point to beginning of SRAM - ldr r1, =sram2_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram4_start // r0 - point to beginning of SRAM - ldr r1, =sram4_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram6_start // r0 - point to beginning of SRAM - ldr r1, =sram6_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =boot_args_start // r0 - point to beginning of boot args - ldr r1, =boot_args_end // r1 - point to byte after the end of boot args - bl memset_reg - - ldr r0, =sram3_start // r0 - point to beginning of SRAM - ldr r1, =__fb_start // r1 - point to beginning of framebuffer - bl memset_reg - - ldr r0, =__fb_end // r0 - point to end of framebuffer - ldr r1, =sram5_end // r1 - point to byte after the end of SRAM - bl memset_reg - - // copy data in from flash - ldr r0, =data_vma // dst addr - ldr r1, =data_lma // src addr - ldr r2, =data_size // size in bytes - bl memcpy - - // copy confidential data in from flash - ldr r0, =confidential_vma // dst addr - ldr r1, =confidential_lma // src addr - ldr r2, =confidential_size // size in bytes - bl memcpy - - // setup the stack protector (see build script "-fstack-protector-all") with an unpredictable value - bl rng_get - ldr r1, = __stack_chk_guard - str r0, [r1] - - // re-enable exceptions - // according to "ARM Cortex-M Programming Guide to Memory Barrier Instructions" Application Note 321, section 4.7: - // "If it is not necessary to ensure that a pended interrupt is recognized immediately before - // subsequent operations, it is not necessary to insert a memory barrier instruction." - cpsie f - - // enter the application code - bl main - - b shutdown_privileged - - .end diff --git a/core/embed/reflash/memory_stm32f4.ld b/core/embed/reflash/memory_stm32f4.ld deleted file mode 100644 index 718b009385..0000000000 --- a/core/embed/reflash/memory_stm32f4.ld +++ /dev/null @@ -1,81 +0,0 @@ -/* TREZORv2 firmware linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x08040000, LENGTH = 768K - CCMRAM (wal) : ORIGIN = 0x10000000, LENGTH = 64K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x1000FF00, LENGTH = 0x100 - SRAM (wal) : ORIGIN = 0x20000000, LENGTH = 192K -} - -main_stack_base = ORIGIN(SRAM) + LENGTH(SRAM); /* 8-byte aligned full descending stack */ -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to wipe memory */ -ccmram_start = ORIGIN(CCMRAM); -ccmram_end = ORIGIN(CCMRAM) + LENGTH(CCMRAM); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - -/* used by the startup code to wipe memory */ -sram_start = ORIGIN(SRAM); -sram_end = ORIGIN(SRAM) + LENGTH(SRAM); -_ram_start = sram_start; -_ram_end = sram_end; - -_codelen = SIZEOF(.flash) + SIZEOF(.data); -_flash_start = ORIGIN(FLASH); -_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); -_heap_start = ADDR(.heap); -_heap_end = ADDR(.heap) + SIZEOF(.heap); - -SECTIONS { - .vendorheader : ALIGN(4) { - KEEP(*(.vendorheader)) - } >FLASH AT>FLASH - - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(512) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(512); - } >FLASH AT>FLASH - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >SRAM AT>FLASH - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >SRAM - - .heap : ALIGN(4) { - . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ - . = ABSOLUTE(sram_end - 16K); /* this explicitly sets the end of the heap effectively giving the stack at most 16K */ - } >SRAM - - .stack : ALIGN(8) { - . = 4K; /* this acts as a build time assertion that at least this much memory is available for stack use */ - } >SRAM - - .boot_args : ALIGN(8) { - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS -} diff --git a/core/embed/reflash/memory_stm32u58.ld b/core/embed/reflash/memory_stm32u58.ld deleted file mode 100644 index 586970355d..0000000000 --- a/core/embed/reflash/memory_stm32u58.ld +++ /dev/null @@ -1,125 +0,0 @@ -/* TREZORv2 firmware linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x0C050000, LENGTH = 3648K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 192K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x3002FF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x30030000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x30040000, LENGTH = 512K - SRAM5 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM5 is not available */ - SRAM6 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM6 is not available */ - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K -} - -main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(SRAM2); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to populate variables used by the C code */ -confidential_lma = LOADADDR(.confidential); -confidential_vma = ADDR(.confidential); -confidential_size = SIZEOF(.confidential); - -/* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); -bss_start = ADDR(.bss); -bss_end = ADDR(.bss) + SIZEOF(.bss); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - -_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); -_flash_start = ORIGIN(FLASH); -_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); -_heap_start = ADDR(.heap); -_heap_end = ADDR(.heap) + SIZEOF(.heap); - -SECTIONS { - .vendorheader : ALIGN(4) { - KEEP(*(.vendorheader)) - } >FLASH AT>FLASH - - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(512) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(4); - KEEP(*(.bootloader)); - *(.bootloader*); - . = ALIGN(512); - } >FLASH AT>FLASH - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >SRAM1 AT>FLASH - - /DISCARD/ : { - *(.ARM.exidx*); - } - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >SRAM1 - - .data_ccm : ALIGN(4) { - *(.no_dma_buffers*); - . = ALIGN(4); - } >SRAM1 - - .heap : ALIGN(4) { - . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ - . = ABSOLUTE(sram1_end); /* this explicitly sets the end of the heap */ - } >SRAM1 - - .stack : ALIGN(8) { - . = 16K + 0x100; /* Overflow causes UsageFault */ - } >SRAM2 - - .confidential : ALIGN(512) { - *(.confidential*); - . = ALIGN(512); - } >SRAM2 AT>FLASH - - .fb : ALIGN(4) { - __fb_start = .; - *(.fb1*); - *(.fb2*); - *(.framebuffer_select*); - __fb_end = .; - . = ALIGN(4); - } >SRAM3 - - .boot_args : ALIGN(8) { - *(.boot_command*); - . = ALIGN(8); - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS -} diff --git a/core/embed/reflash/memory_stm32u5a.ld b/core/embed/reflash/memory_stm32u5a.ld deleted file mode 100644 index e03a321847..0000000000 --- a/core/embed/reflash/memory_stm32u5a.ld +++ /dev/null @@ -1,128 +0,0 @@ -/* TREZORv2 firmware linker script */ - -ENTRY(reset_handler) - -MEMORY { - FLASH (rx) : ORIGIN = 0x0C050000, LENGTH = 3648K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 768K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x300BFF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x300C0000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x300D0000, LENGTH = 832K - SRAM5 (wal) : ORIGIN = 0x301A0000, LENGTH = 832K - SRAM6 (wal) : ORIGIN = 0x30270000, LENGTH = 512K - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K -} - -main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ -_sstack = ORIGIN(SRAM2); -_estack = main_stack_base; - -/* used by the startup code to populate variables used by the C code */ -data_lma = LOADADDR(.data); -data_vma = ADDR(.data); -data_size = SIZEOF(.data); - -/* used by the startup code to populate variables used by the C code */ -confidential_lma = LOADADDR(.confidential); -confidential_vma = ADDR(.confidential); -confidential_size = SIZEOF(.confidential); - -/* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - -_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); -_flash_start = ORIGIN(FLASH); -_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); -_heap_start = ADDR(.heap); -_heap_end = ADDR(.heap) + SIZEOF(.heap); - -SECTIONS { - .vendorheader : ALIGN(4) { - KEEP(*(.vendorheader)) - } >FLASH AT>FLASH - - .header : ALIGN(4) { - KEEP(*(.header)); - } >FLASH AT>FLASH - - .flash : ALIGN(1024) { - KEEP(*(.vector_table)); - . = ALIGN(4); - *(.text*); - . = ALIGN(4); - *(.rodata*); - . = ALIGN(4); - KEEP(*(.bootloader)); - *(.bootloader*); - . = ALIGN(512); - } >FLASH AT>FLASH - - .data : ALIGN(4) { - *(.data*); - . = ALIGN(512); - } >SRAM1 AT>FLASH - - /DISCARD/ : { - *(.ARM.exidx*); - } - - .bss : ALIGN(4) { - *(.bss*); - . = ALIGN(4); - } >SRAM1 - - .data_ccm : ALIGN(4) { - *(.no_dma_buffers*); - . = ALIGN(4); - } >SRAM1 - - .heap : ALIGN(4) { - . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ - . = ABSOLUTE(sram1_end); /* this explicitly sets the end of the heap */ - } >SRAM1 - - .stack : ALIGN(8) { - . = 16K + 0x100; /* Overflow causes UsageFault */ - } >SRAM2 - - .confidential : ALIGN(512) { - *(.confidential*); - . = ALIGN(512); - } >SRAM2 AT>FLASH - - .fb1 : ALIGN(4) { - __fb_start = .; - *(.fb1*); - *(.gfxmmu_table*); - *(.framebuffer_select*); - . = ALIGN(4); - } >SRAM3 - - .fb2 : ALIGN(4) { - *(.fb2*); - __fb_end = .; - . = ALIGN(4); - } >SRAM5 - - .boot_args : ALIGN(8) { - *(.boot_command*); - . = ALIGN(8); - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS -} diff --git a/core/embed/reflash/startup_stm32f4.s b/core/embed/reflash/startup_stm32f4.s deleted file mode 100644 index ad8bc096ee..0000000000 --- a/core/embed/reflash/startup_stm32f4.s +++ /dev/null @@ -1,46 +0,0 @@ - .syntax unified - - .text - - .global reset_handler - .type reset_handler, STT_FUNC -reset_handler: - // setup environment for subsequent stage of code - ldr r0, =ccmram_start // r0 - point to beginning of CCMRAM - ldr r1, =ccmram_end // r1 - point to byte after the end of CCMRAM - ldr r2, =0 // r2 - the word-sized value to be written - bl memset_reg - - ldr r0, =boot_args_start // r0 - point to beginning of BOOT_ARGS - ldr r1, =boot_args_end // r1 - point to byte after the end of BOOT_ARGS - ldr r2, =0 // r2 - the word-sized value to be written - bl memset_reg - - ldr r0, =sram_start // r0 - point to beginning of SRAM - ldr r1, =sram_end // r1 - point to byte after the end of SRAM - ldr r2, =0 // r2 - the word-sized value to be written - bl memset_reg - - // copy data in from flash - ldr r0, =data_vma // dst addr - ldr r1, =data_lma // src addr - ldr r2, =data_size // size in bytes - bl memcpy - - // setup the stack protector (see build script "-fstack-protector-all") with an unpredictable value - bl rng_get - ldr r1, = __stack_chk_guard - str r0, [r1] - - // re-enable exceptions - // according to "ARM Cortex-M Programming Guide to Memory Barrier Instructions" Application Note 321, section 4.7: - // "If it is not necessary to ensure that a pended interrupt is recognized immediately before - // subsequent operations, it is not necessary to insert a memory barrier instruction." - cpsie f - - // enter the application code - bl main - - b shutdown_privileged - - .end diff --git a/core/embed/reflash/startup_stm32u5.s b/core/embed/reflash/startup_stm32u5.s deleted file mode 100644 index db9a204c31..0000000000 --- a/core/embed/reflash/startup_stm32u5.s +++ /dev/null @@ -1,72 +0,0 @@ - .syntax unified - - .text - - .global reset_handler - .type reset_handler, STT_FUNC -reset_handler: - // set the stack protection - ldr r0, =_sstack - add r0, r0, #128 // safety margin for the exception frame - msr MSPLIM, r0 - - // setup environment for subsequent stage of code - ldr r2, =0 // r2 - the word-sized value to be written - - ldr r0, =sram1_start // r0 - point to beginning of SRAM - ldr r1, =sram1_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram2_start // r0 - point to beginning of SRAM - ldr r1, =sram2_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram4_start // r0 - point to beginning of SRAM - ldr r1, =sram4_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram6_start // r0 - point to beginning of SRAM - ldr r1, =sram6_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =boot_args_start // r0 - point to beginning of boot args - ldr r1, =boot_args_end // r1 - point to byte after the end of boot args - bl memset_reg - - ldr r0, =sram3_start // r0 - point to beginning of SRAM - ldr r1, =__fb_start // r1 - point to beginning of framebuffer - bl memset_reg - - ldr r0, =__fb_end // r0 - point to end of framebuffer - ldr r1, =sram5_end // r1 - point to byte after the end of SRAM - bl memset_reg - - // copy data in from flash - ldr r0, =data_vma // dst addr - ldr r1, =data_lma // src addr - ldr r2, =data_size // size in bytes - bl memcpy - - // copy confidential data in from flash - ldr r0, =confidential_vma // dst addr - ldr r1, =confidential_lma // src addr - ldr r2, =confidential_size // size in bytes - bl memcpy - - // setup the stack protector (see build script "-fstack-protector-all") with an unpredictable value - bl rng_get - ldr r1, = __stack_chk_guard - str r0, [r1] - - // re-enable exceptions - // according to "ARM Cortex-M Programming Guide to Memory Barrier Instructions" Application Note 321, section 4.7: - // "If it is not necessary to ensure that a pended interrupt is recognized immediately before - // subsequent operations, it is not necessary to insert a memory barrier instruction." - cpsie f - - // enter the application code - bl main - - b shutdown_privileged - - .end diff --git a/core/embed/trezorhal/mpu.h b/core/embed/trezorhal/mpu.h index c8486767a3..895d1331c8 100644 --- a/core/embed/trezorhal/mpu.h +++ b/core/embed/trezorhal/mpu.h @@ -37,9 +37,10 @@ typedef enum { MPU_MODE_OTP, // + OTP (privileged RW) MPU_MODE_FSMC_REGS, // + FSMC control registers (privileged RW) MPU_MODE_FLASHOB, // + Option bytes mapping (privileged RW) - MPU_MODE_SECRET, // + secret area (priviledeg RW) - MPU_MODE_STORAGE, // + both storage areas (privilehed RW) + MPU_MODE_SECRET, // + secret area (privileged RW) + MPU_MODE_STORAGE, // + both storage areas (privileged RW) MPU_MODE_ASSETS, // + assets (privileged RW) + MPU_MODE_KERNEL_SRAM, // + extra kernel SRAM (STM32F4 Only) (privileged RW) MPU_MODE_UNUSED_FLASH, // + unused flash areas (privileged RW) MPU_MODE_APP, // + unprivileged DMA2D (RW) & Assets (RO) } mpu_mode_t; diff --git a/core/embed/trezorhal/stm32f4/consumption_mask.c b/core/embed/trezorhal/stm32f4/consumption_mask.c index 3252fdaece..7263377d72 100644 --- a/core/embed/trezorhal/stm32f4/consumption_mask.c +++ b/core/embed/trezorhal/stm32f4/consumption_mask.c @@ -18,6 +18,7 @@ */ #include STM32_HAL_H +#include "mpu.h" #include "rng.h" #ifdef KERNEL_MODE @@ -29,15 +30,16 @@ #error Not implemented for boardloader! #endif -#if defined BOOTLOADER -__attribute__((section(".buf"))) -#endif -uint32_t pwm_data[SAMPLES] = {0}; +__attribute__((section(".buf"))) uint32_t pwm_data[SAMPLES] = {0}; void consumption_mask_randomize() { + mpu_mode_t mpu_mode = mpu_reconfig(MPU_MODE_KERNEL_SRAM); + for (int i = 0; i < SAMPLES; i++) { pwm_data[i] = rng_get() % TIMER_PERIOD; } + + mpu_restore(mpu_mode); } void consumption_mask_init(void) { diff --git a/core/embed/trezorhal/stm32f4/limited_util.S b/core/embed/trezorhal/stm32f4/limited_util.S index 0c2f72f8c1..ba510710b0 100644 --- a/core/embed/trezorhal/stm32f4/limited_util.S +++ b/core/embed/trezorhal/stm32f4/limited_util.S @@ -10,10 +10,13 @@ memset_reg: // r1 - address of first word following the address in r0 to NOT write (exclusive) // r2 - word value to be written // both addresses in r0 and r1 needs to be divisible by 4! + cmp r0, r1 + beq .L_loop_end .L_loop_begin: str r2, [r0], 4 // store the word in r2 to the address in r0, post-indexed cmp r0, r1 bne .L_loop_begin + .L_loop_end: bx lr .global jump_to @@ -30,13 +33,12 @@ jump_to: cpsid f // wipe memory at the end of the current stage of code bl clear_otg_hs_memory - ldr r0, =ccmram_start // r0 - point to beginning of CCMRAM - ldr r1, =ccmram_end // r1 - point to byte after the end of CCMRAM - ldr r2, =0 // r2 - the word-sized value to be written + ldr r2, =0 // r2 - the word-sized value to be written + ldr r0, =_handoff_clear_ram_0_start + ldr r1, =_handoff_clear_ram_0_end bl memset_reg - ldr r0, =sram_start // r0 - point to beginning of SRAM - ldr r1, =sram_end // r1 - point to byte after the end of SRAM - ldr r2, =0 // r2 - the word-sized value to be written + ldr r0, =_handoff_clear_ram_1_start + ldr r1, =_handoff_clear_ram_1_end bl memset_reg mov lr, r4 // clear out the general purpose registers before the next stage's code can run (even the NMI exception handler) @@ -87,13 +89,12 @@ shutdown_privileged: mov r11, r0 mov r12, r0 ldr lr, =0xffffffff - ldr r0, =ccmram_start - ldr r1, =ccmram_end - // set to value in r2 + + ldr r0, =_shutdown_clear_ram_0_start + ldr r1, =_shutdown_clear_ram_0_end bl memset_reg - ldr r0, =sram_start - ldr r1, =sram_end - // set to value in r2 + ldr r0, =_shutdown_clear_ram_1_start + ldr r1, =_shutdown_clear_ram_1_end bl memset_reg bl clear_otg_hs_memory ldr r0, =1 diff --git a/core/embed/boardloader/memory_stm32f4.ld b/core/embed/trezorhal/stm32f4/linker/boardloader.ld similarity index 50% rename from core/embed/boardloader/memory_stm32f4.ld rename to core/embed/trezorhal/stm32f4/linker/boardloader.ld index 167d720fba..6df6bab3c9 100644 --- a/core/embed/boardloader/memory_stm32f4.ld +++ b/core/embed/trezorhal/stm32f4/linker/boardloader.ld @@ -1,30 +1,44 @@ -/* Trezor v2 boardloader linker script */ +INCLUDE "./embed/trezorhal/stm32f4/linker/memory.ld"; ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x08000000, LENGTH = 48K - CCMRAM (wal) : ORIGIN = 0x10000000, LENGTH = 64K - SRAM (wal) : ORIGIN = 0x20000000, LENGTH = 192K + FLASH (rx) : ORIGIN = BOARDLOADER_START, LENGTH = BOARDLOADER_IMAGE_MAXSIZE + CCMRAM (wal) : ORIGIN = MCU_CCMRAM, LENGTH = MCU_CCMRAM_SIZE + SRAM (wal) : ORIGIN = MCU_SRAM, LENGTH = MCU_SRAM_SIZE } main_stack_base = ORIGIN(CCMRAM) + LENGTH(CCMRAM); /* 8-byte aligned full descending stack */ +_sstack = ORIGIN(CCMRAM); +_estack = main_stack_base; /* used by the startup code to populate variables used by the C code */ data_lma = LOADADDR(.data); data_vma = ADDR(.data); data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); /* used by the startup code to wipe memory */ -ccmram_start = ORIGIN(CCMRAM); -ccmram_end = ORIGIN(CCMRAM) + LENGTH(CCMRAM); +_startup_clear_ram_0_start = MCU_CCMRAM; +_startup_clear_ram_0_end = MCU_CCMRAM + MCU_CCMRAM_SIZE; +_startup_clear_ram_1_start = MCU_SRAM; +_startup_clear_ram_1_end = MCU_SRAM + MCU_SRAM_SIZE; -/* used by the startup code to wipe memory */ -sram_start = ORIGIN(SRAM); -sram_end = ORIGIN(SRAM) + LENGTH(SRAM); +/* used by the startup/jump code to wipe memory */ +_handoff_clear_ram_0_start = MCU_CCMRAM; +_handoff_clear_ram_0_end = MCU_CCMRAM + MCU_CCMRAM_SIZE; +_handoff_clear_ram_1_start = MCU_SRAM; +_handoff_clear_ram_1_end = MCU_SRAM + MCU_SRAM_SIZE; + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = MCU_CCMRAM; +_shutdown_clear_ram_0_end = MCU_CCMRAM + MCU_CCMRAM_SIZE; +_shutdown_clear_ram_1_start = MCU_SRAM; +_shutdown_clear_ram_1_end = MCU_SRAM + MCU_SRAM_SIZE; SECTIONS { - .vector_table : ALIGN(512) { + .vector_table : ALIGN(CODE_ALIGNMENT) { KEEP(*(.vector_table)); } >FLASH AT>FLASH @@ -54,7 +68,7 @@ SECTIONS { } >SRAM /* Hard-coded address for capabilities structure */ - .capabilities 0x0800BF00 : {KEEP(*(.capabilities_section))} + .capabilities BOARD_CAPABILITIES_ADDR : {KEEP(*(.capabilities_section))} .stack : ALIGN(8) { . = 4K; /* this acts as a build time assertion that at least this much memory is available for stack use */ diff --git a/core/embed/bootloader_ci/memory_stm32f4.ld b/core/embed/trezorhal/stm32f4/linker/bootloader.ld similarity index 52% rename from core/embed/bootloader_ci/memory_stm32f4.ld rename to core/embed/trezorhal/stm32f4/linker/bootloader.ld index 42eb1cd20c..4595adfa41 100644 --- a/core/embed/bootloader_ci/memory_stm32f4.ld +++ b/core/embed/trezorhal/stm32f4/linker/bootloader.ld @@ -1,12 +1,12 @@ -/* Trezor v2 bootloader linker script */ +INCLUDE "./embed/trezorhal/stm32f4/linker/memory.ld"; ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x08020000, LENGTH = 128K - CCMRAM (wal) : ORIGIN = 0x10000000, LENGTH = 64K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x1000FF00, LENGTH = 0x100 - SRAM (wal) : ORIGIN = 0x20000000, LENGTH = 192K + FLASH (rx) : ORIGIN = BOOTLOADER_START, LENGTH = BOOTLOADER_IMAGE_MAXSIZE + CCMRAM (wal) : ORIGIN = MCU_CCMRAM, LENGTH = MCU_CCMRAM_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_CCMRAM + MCU_CCMRAM_SIZE - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM (wal) : ORIGIN = MCU_SRAM, LENGTH = MCU_SRAM_SIZE } main_stack_base = ORIGIN(CCMRAM) + SIZEOF(.stack) ; /* 8-byte aligned full descending stack */ @@ -17,14 +17,26 @@ _estack = main_stack_base; data_lma = LOADADDR(.data); data_vma = ADDR(.data); data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); /* used by the startup code to wipe memory */ -ccmram_start = ORIGIN(CCMRAM); -ccmram_end = ORIGIN(CCMRAM) + LENGTH(CCMRAM); +_startup_clear_ram_0_start = MCU_CCMRAM; +_startup_clear_ram_0_end = MCU_CCMRAM + MCU_CCMRAM_SIZE - BOOTARGS_SIZE; +_startup_clear_ram_1_start = MCU_SRAM; +_startup_clear_ram_1_end = MCU_SRAM + MCU_SRAM_SIZE; -/* used by the startup code to wipe memory */ -sram_start = ORIGIN(SRAM); -sram_end = ORIGIN(SRAM) + LENGTH(SRAM); +/* used by the jump code to wipe memory */ +_handoff_clear_ram_0_start = MCU_CCMRAM; +_handoff_clear_ram_0_end = MCU_CCMRAM + MCU_CCMRAM_SIZE; +_handoff_clear_ram_1_start = MCU_SRAM; +_handoff_clear_ram_1_end = MCU_SRAM + MCU_SRAM_SIZE; + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = MCU_CCMRAM; +_shutdown_clear_ram_0_end = MCU_CCMRAM + MCU_CCMRAM_SIZE; +_shutdown_clear_ram_1_start = MCU_SRAM; +_shutdown_clear_ram_1_end = MCU_SRAM + MCU_SRAM_SIZE; /* reserve 256 bytes for bootloader arguments */ boot_args_start = ORIGIN(BOOT_ARGS); @@ -37,7 +49,7 @@ SECTIONS { KEEP(*(.header)); } >FLASH AT>FLASH - .flash : ALIGN(512) { + .flash : ALIGN(CODE_ALIGNMENT) { KEEP(*(.vector_table)); . = ALIGN(4); *(.text*); @@ -67,6 +79,8 @@ SECTIONS { .buf : ALIGN(4) { *(.buf*); . = ALIGN(4); + *(.no_dma_buffers*); + . = ALIGN(4); } >SRAM .boot_args : ALIGN(8) { @@ -74,9 +88,4 @@ SECTIONS { . = ALIGN(8); } >BOOT_ARGS - .data_ccm : ALIGN(4) { - *(.no_dma_buffers*); - . = ALIGN(4); - } >CCMRAM - } diff --git a/core/embed/firmware/memory_T.ld b/core/embed/trezorhal/stm32f4/linker/coreapp.ld similarity index 55% rename from core/embed/firmware/memory_T.ld rename to core/embed/trezorhal/stm32f4/linker/coreapp.ld index 9affc00a90..ba5dc161ef 100644 --- a/core/embed/firmware/memory_T.ld +++ b/core/embed/trezorhal/stm32f4/linker/coreapp.ld @@ -1,37 +1,26 @@ -/* TREZORv2 firmware linker script */ +INCLUDE "./embed/trezorhal/stm32f4/linker/memory.ld"; ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x08040000, LENGTH = 768K - FLASH2 (r) : ORIGIN = 0x08120000, LENGTH = 896K - CCMRAM (wal) : ORIGIN = 0x10000000, LENGTH = 64K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x1000FF00, LENGTH = 0x100 - SRAM (wal) : ORIGIN = 0x20000000, LENGTH = 192K + FLASH (rx) : ORIGIN = FIRMWARE_START, LENGTH = FIRMWARE_P1_IMAGE_MAXSIZE + FLASH2 (r) : ORIGIN = FIRMWARE_P2_START, LENGTH = FIRMWARE_P2_IMAGE_MAXSIZE + CCMRAM (wal) : ORIGIN = MCU_CCMRAM + KERNEL_STACK_SIZE, LENGTH = MCU_CCMRAM_SIZE - KERNEL_CCMRAM_SIZE - KERNEL_FRAMEBUFFER_SIZE - KERNEL_STACK_SIZE + SRAM (wal) : ORIGIN = MCU_SRAM, LENGTH = MCU_SRAM_SIZE - KERNEL_SRAM_SIZE } main_stack_base = ORIGIN(SRAM) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ _sstack = ORIGIN(SRAM); _estack = main_stack_base; +_stack_size = SIZEOF(.stack); /* used by the startup code to populate variables used by the C code */ data_lma = LOADADDR(.data); data_vma = ADDR(.data); data_size = SIZEOF(.data); -/* used by the startup code to wipe memory */ -ccmram_start = ORIGIN(CCMRAM); -ccmram_end = ORIGIN(CCMRAM) + LENGTH(CCMRAM); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - -/* used by the startup code to wipe memory */ -sram_start = ORIGIN(SRAM); -sram_end = ORIGIN(SRAM) + LENGTH(SRAM); -_ram_start = sram_start; -_ram_end = sram_end; +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); _codelen = LENGTH(FLASH) - SIZEOF(.vendorheader) - SIZEOF(.header) + SIZEOF(.flash2); _flash_start = ORIGIN(FLASH); @@ -48,12 +37,12 @@ SECTIONS { KEEP(*(.header)); } >FLASH AT>FLASH - .flash2 : ALIGN(512) { - build/firmware/frozen_mpy.o(.rodata*); - build/firmware/vendor/secp256k1-zkp/src/secp256k1.o(.rodata*); - build/firmware/vendor/secp256k1-zkp/src/precomputed_ecmult.o(.rodata*); - build/firmware/vendor/secp256k1-zkp/src/precomputed_ecmult_gen.o(.rodata*); - build/firmware/vendor/trezor-crypto/aes/aestab.o(.rodata*); + .flash2 : ALIGN(CODE_ALIGNMENT) { + build/coreapp/frozen_mpy.o(.rodata*); + build/coreapp/vendor/secp256k1-zkp/src/secp256k1.o(.rodata*); + build/coreapp/vendor/secp256k1-zkp/src/precomputed_ecmult.o(.rodata*); + build/coreapp/vendor/secp256k1-zkp/src/precomputed_ecmult_gen.o(.rodata*); + build/coreapp/vendor/trezor-crypto/aes/aestab.o(.rodata*); . = ALIGN(4); */libtrezor_lib.a:(.text*); . = ALIGN(4); @@ -62,14 +51,14 @@ SECTIONS { } >FLASH2 AT>FLASH2 .flash : ALIGN(512) { + KEEP(*(.kernel)); + . = ALIGN(512); KEEP(*(.vector_table)); . = ALIGN(4); *(.text*); . = ALIGN(4); *(.rodata*); . = ALIGN(4); - KEEP(*(.bootloader)); - *(.bootloader*); . = ALIGN(512); } >FLASH AT>FLASH @@ -94,7 +83,7 @@ SECTIONS { .heap : ALIGN(4) { . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ - . = ABSOLUTE(sram_end); /* this explicitly sets the end of the heap */ + . = ABSOLUTE(ORIGIN(SRAM) + LENGTH(SRAM)); /* this explicitly sets the end of the heap */ } >SRAM .data_ccm : ALIGN(4) { @@ -102,8 +91,9 @@ SECTIONS { . = ALIGN(4); } >CCMRAM - .boot_args : ALIGN(8) { - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS + + /DISCARD/ : { + *(.ARM.exidx*); + } + } diff --git a/core/embed/coreapp/memory_T.ld b/core/embed/trezorhal/stm32f4/linker/firmware.ld similarity index 82% rename from core/embed/coreapp/memory_T.ld rename to core/embed/trezorhal/stm32f4/linker/firmware.ld index 9affc00a90..efd26bd488 100644 --- a/core/embed/coreapp/memory_T.ld +++ b/core/embed/trezorhal/stm32f4/linker/firmware.ld @@ -1,13 +1,13 @@ -/* TREZORv2 firmware linker script */ +INCLUDE "./embed/trezorhal/stm32f4/linker/memory.ld"; ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x08040000, LENGTH = 768K - FLASH2 (r) : ORIGIN = 0x08120000, LENGTH = 896K - CCMRAM (wal) : ORIGIN = 0x10000000, LENGTH = 64K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x1000FF00, LENGTH = 0x100 - SRAM (wal) : ORIGIN = 0x20000000, LENGTH = 192K + FLASH (rx) : ORIGIN = FIRMWARE_START, LENGTH = FIRMWARE_P1_IMAGE_MAXSIZE + FLASH2 (r) : ORIGIN = FIRMWARE_P2_START, LENGTH = FIRMWARE_P2_IMAGE_MAXSIZE + CCMRAM (wal) : ORIGIN = MCU_CCMRAM, LENGTH = MCU_CCMRAM_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_CCMRAM + MCU_CCMRAM_SIZE - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM (wal) : ORIGIN = MCU_SRAM, LENGTH = MCU_SRAM_SIZE } main_stack_base = ORIGIN(SRAM) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ @@ -18,6 +18,8 @@ _estack = main_stack_base; data_lma = LOADADDR(.data); data_vma = ADDR(.data); data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); /* used by the startup code to wipe memory */ ccmram_start = ORIGIN(CCMRAM); @@ -61,7 +63,7 @@ SECTIONS { . = ALIGN(512); } >FLASH2 AT>FLASH2 - .flash : ALIGN(512) { + .flash : ALIGN(CODE_ALIGNMENT) { KEEP(*(.vector_table)); . = ALIGN(4); *(.text*); diff --git a/core/embed/trezorhal/stm32f4/linker/kernel.ld b/core/embed/trezorhal/stm32f4/linker/kernel.ld new file mode 100644 index 0000000000..6486ce4cc9 --- /dev/null +++ b/core/embed/trezorhal/stm32f4/linker/kernel.ld @@ -0,0 +1,113 @@ +INCLUDE "./embed/trezorhal/stm32f4/linker/memory.ld"; + +ENTRY(reset_handler) + +MEMORY { + FLASH (rx) : ORIGIN = KERNEL_START, LENGTH = KERNEL_IMAGE_MAXSIZE + CCMRAM_STACK (wal) : ORIGIN = MCU_CCMRAM, LENGTH = KERNEL_STACK_SIZE + CCMRAM_FB (wal) : ORIGIN = MCU_CCMRAM + MCU_CCMRAM_SIZE - KERNEL_CCMRAM_SIZE - KERNEL_FRAMEBUFFER_SIZE, LENGTH = KERNEL_FRAMEBUFFER_SIZE + CCMRAM (wal) : ORIGIN = MCU_CCMRAM + MCU_CCMRAM_SIZE - KERNEL_CCMRAM_SIZE, LENGTH = KERNEL_CCMRAM_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_CCMRAM + MCU_CCMRAM_SIZE - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM (wal) : ORIGIN = MCU_SRAM + MCU_SRAM_SIZE - KERNEL_SRAM_SIZE, LENGTH = KERNEL_SRAM_SIZE +} + +main_stack_base = ORIGIN(CCMRAM_STACK) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ +_sstack = ORIGIN(CCMRAM_STACK); +_estack = main_stack_base; + +/* used by the startup code to populate variables used by the C code */ +data_lma = LOADADDR(.data); +data_vma = ADDR(.data); +data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); + +/* reserve 256 bytes for bootloader arguments */ +boot_args_start = ORIGIN(BOOT_ARGS); +boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); + +/* used by the startup code to wipe memory */ +_startup_clear_ram_0_start = MCU_CCMRAM; +_startup_clear_ram_0_end = MCU_CCMRAM + MCU_CCMRAM_SIZE; +_startup_clear_ram_1_start = MCU_SRAM; +_startup_clear_ram_1_end = MCU_SRAM + MCU_SRAM_SIZE; + +/* used by the jump code to wipe memory */ +_handoff_clear_ram_0_start = MCU_CCMRAM; +_handoff_clear_ram_0_end = MCU_CCMRAM + MCU_CCMRAM_SIZE - BOOTARGS_SIZE; +_handoff_clear_ram_1_start = MCU_SRAM; +_handoff_clear_ram_1_end = MCU_SRAM + MCU_SRAM_SIZE; + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = MCU_CCMRAM; +_shutdown_clear_ram_0_end = MCU_CCMRAM + MCU_CCMRAM_SIZE; +_shutdown_clear_ram_1_start = MCU_SRAM; +_shutdown_clear_ram_1_end = MCU_SRAM + MCU_SRAM_SIZE; + +/* used by applet cleaning code */ +_coreapp_clear_ram_0_start = MCU_CCMRAM + KERNEL_STACK_SIZE; +_coreapp_clear_ram_0_size = MCU_CCMRAM_SIZE - KERNEL_CCMRAM_SIZE - KERNEL_FRAMEBUFFER_SIZE - KERNEL_STACK_SIZE; +_coreapp_clear_ram_1_start = MCU_SRAM; +_coreapp_clear_ram_1_size = MCU_SRAM_SIZE - KERNEL_SRAM_SIZE; + + +_codelen = SIZEOF(.vendorheader) + SIZEOF(.header) + SIZEOF(.flash) + SIZEOF(.data) ; +_flash_start = ORIGIN(FLASH); +_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); + +SECTIONS { + .vendorheader : ALIGN(4) { + KEEP(*(.vendorheader)) + } >FLASH AT>FLASH + + .header : ALIGN(4) { + . = 1K; + . = ALIGN(CODE_ALIGNMENT); + } >FLASH AT>FLASH + + .flash : ALIGN(CODE_ALIGNMENT) { + KEEP(*(.vector_table)); + . = ALIGN(4); + *(.text*); + . = ALIGN(4); + *(.rodata*); + . = ALIGN(4); + KEEP(*(.bootloader)); + *(.bootloader*); + . = ALIGN(512); + } >FLASH AT>FLASH + + .stack : ALIGN(8) { + . = 8K; /* Exactly 6k allocated for stack. Overflow causes MemManage fault (when using MPU). */ + } >CCMRAM_STACK + + .data : ALIGN(4) { + *(.data*); + . = ALIGN(512); + } >CCMRAM AT>FLASH + + .bss : ALIGN(4) { + *(.bss*); + . = ALIGN(4); + } >CCMRAM + + .buf : ALIGN(4) { + *(.buf*); + . = ALIGN(4); + } >SRAM + + .fb : ALIGN(4) { + *(.fb1*); + . = ALIGN(4); + } >CCMRAM_FB + + .boot_args : ALIGN(8) { + *(.boot_args*); + . = ALIGN(8); + } >BOOT_ARGS + + /DISCARD/ : { + *(.ARM.exidx*); + } + +} diff --git a/core/embed/trezorhal/stm32f4/linker/memory.ld b/core/embed/trezorhal/stm32f4/linker/memory.ld new file mode 100644 index 0000000000..edb57837b6 --- /dev/null +++ b/core/embed/trezorhal/stm32f4/linker/memory.ld @@ -0,0 +1,6 @@ + MCU_FLASH_ORIGIN = 0x08000000; + MCU_FLASH_SIZE = 2M; + MCU_CCMRAM = 0x10000000; + MCU_CCMRAM_SIZE = 64K; + MCU_SRAM = 0x20000000; + MCU_SRAM_SIZE = 192K; diff --git a/core/embed/prodtest/memory_stm32f4.ld b/core/embed/trezorhal/stm32f4/linker/prodtest.ld similarity index 53% rename from core/embed/prodtest/memory_stm32f4.ld rename to core/embed/trezorhal/stm32f4/linker/prodtest.ld index 4553af4e5a..2d8f15e94d 100644 --- a/core/embed/prodtest/memory_stm32f4.ld +++ b/core/embed/trezorhal/stm32f4/linker/prodtest.ld @@ -1,12 +1,12 @@ -/* TREZORv2 firmware linker script */ +INCLUDE "./embed/trezorhal/stm32f4/linker/memory.ld"; ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x08040000, LENGTH = 768K - CCMRAM (wal) : ORIGIN = 0x10000000, LENGTH = 64K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x1000FF00, LENGTH = 0x100 - SRAM (wal) : ORIGIN = 0x20000000, LENGTH = 192K + FLASH (rx) : ORIGIN = FIRMWARE_START, LENGTH = FIRMWARE_P1_IMAGE_MAXSIZE + CCMRAM (wal) : ORIGIN = MCU_CCMRAM, LENGTH = MCU_CCMRAM_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_CCMRAM + MCU_CCMRAM_SIZE - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM (wal) : ORIGIN = MCU_SRAM, LENGTH = MCU_SRAM_SIZE } main_stack_base = ORIGIN(SRAM) + LENGTH(SRAM); /* 8-byte aligned full descending stack */ @@ -17,26 +17,34 @@ _estack = main_stack_base; data_lma = LOADADDR(.data); data_vma = ADDR(.data); data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); /* used by the startup code to wipe memory */ -ccmram_start = ORIGIN(CCMRAM); -ccmram_end = ORIGIN(CCMRAM) + LENGTH(CCMRAM); +_startup_clear_ram_0_start = MCU_CCMRAM; +_startup_clear_ram_0_end = MCU_CCMRAM + MCU_CCMRAM_SIZE; +_startup_clear_ram_1_start = MCU_SRAM; +_startup_clear_ram_1_end = MCU_SRAM + MCU_SRAM_SIZE; + +/* used by the startup/jump code to wipe memory */ +_handoff_clear_ram_0_start = MCU_CCMRAM; +_handoff_clear_ram_0_end = MCU_CCMRAM + MCU_CCMRAM_SIZE - BOOTARGS_SIZE; +_handoff_clear_ram_1_start = MCU_SRAM; +_handoff_clear_ram_1_end = MCU_SRAM + MCU_SRAM_SIZE; + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = MCU_CCMRAM; +_shutdown_clear_ram_0_end = MCU_CCMRAM + MCU_CCMRAM_SIZE; +_shutdown_clear_ram_1_start = MCU_SRAM; +_shutdown_clear_ram_1_end = MCU_SRAM + MCU_SRAM_SIZE; /* reserve 256 bytes for bootloader arguments */ boot_args_start = ORIGIN(BOOT_ARGS); boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); -/* used by the startup code to wipe memory */ -sram_start = ORIGIN(SRAM); -sram_end = ORIGIN(SRAM) + LENGTH(SRAM); -_ram_start = sram_start; -_ram_end = sram_end; - _codelen = SIZEOF(.flash) + SIZEOF(.data); _flash_start = ORIGIN(FLASH); _flash_end = ORIGIN(FLASH) + LENGTH(FLASH); -_heap_start = ADDR(.heap); -_heap_end = ADDR(.heap) + SIZEOF(.heap); SECTIONS { .vendorheader : ALIGN(4) { @@ -47,7 +55,7 @@ SECTIONS { KEEP(*(.header)); } >FLASH AT>FLASH - .flash : ALIGN(512) { + .flash : ALIGN(CODE_ALIGNMENT) { KEEP(*(.vector_table)); . = ALIGN(4); *(.text*); @@ -70,11 +78,6 @@ SECTIONS { . = ALIGN(4); } >SRAM - .heap : ALIGN(4) { - . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ - . = ABSOLUTE(sram_end - 16K); /* this explicitly sets the end of the heap effectively giving the stack at most 16K */ - } >SRAM - .stack : ALIGN(8) { . = 4K; /* this acts as a build time assertion that at least this much memory is available for stack use */ } >SRAM diff --git a/core/embed/trezorhal/stm32f4/mpu.c b/core/embed/trezorhal/stm32f4/mpu.c index 72f593d721..281bb26b0f 100644 --- a/core/embed/trezorhal/stm32f4/mpu.c +++ b/core/embed/trezorhal/stm32f4/mpu.c @@ -69,6 +69,14 @@ mpu_driver_t g_mpu_driver = { .mode = MPU_MODE_DISABLED, }; +#define SRAM_SIZE (192 * 1024) + +#define KERNEL_STACK_START (CCMDATARAM_BASE) +#define KERNEL_CCMRAM_START (CCMDATARAM_END + 1 - KERNEL_CCMRAM_SIZE) +#define KERNEL_SRAM_START (SRAM1_BASE + SRAM_SIZE - KERNEL_SRAM_SIZE) + +#define KERNEL_CCMRAM_FB_START (KERNEL_CCMRAM_START - KERNEL_FRAMEBUFFER_SIZE) + static void mpu_init_fixed_regions(void) { // Regions #0 to #4 are fixed for all targets @@ -121,10 +129,9 @@ static void mpu_init_fixed_regions(void) { // All SRAM (Unprivileged, Read-Write, Non-Executable) // Subregion: 192KB = 256KB except 2/8 at end SET_REGION( 3, SRAM_BASE, SIZE_256KB, 0xC0, SRAM, FULL_ACCESS ); - // Kernel RAM (Privileged, Read-Write, Non-Executable) - // TODO: !@# - // SET_REGION( 4, ..., SIZE_xxx, 0xXX, ATTR_SRAM, PRIV_RW ); - DIS_REGION( 4 ); + // Kernel CCMRAM (Privileged, Read-Write, Non-Executable) + // SubRegion: 8KB at the beginning + 16KB at the end of 64KB CCMRAM + SET_REGION( 4, CCMDATARAM_BASE, SIZE_64KB, 0x3E, SRAM, PRIV_RW ); // clang-format on #endif #ifdef FIRMWARE @@ -266,6 +273,20 @@ mpu_mode_t mpu_reconfig(mpu_mode_t mode) { SET_REGION( 6, 0x1FFEC000, SIZE_1KB, 0x00, FLASH_DATA, PRIV_RO ); break; + case MPU_MODE_STORAGE: + // Storage in the Flash Bank #1 (Privileged, Read-Write, Non-Executable) + SET_REGION( 5, FLASH_BASE + 0x10000, SIZE_64KB, 0x00, FLASH_DATA, PRIV_RW ); + // Storage in the Flash Bank #2 (Privileged, Read-Write, Non-Executable) + SET_REGION( 6, FLASH_BASE + 0x110000, SIZE_64KB, 0x00, FLASH_DATA, PRIV_RW ); + break; + + case MPU_MODE_KERNEL_SRAM: + DIS_REGION( 5 ); + // Kernel data in DMA accessible SRAM (Privileged, Read-Write, Non-Executable) + // (overlaps with unprivileged SRAM region) + SET_REGION( 6, SRAM_BASE, SIZE_1KB, 0x00, SRAM, PRIV_RW ); + break; + case MPU_MODE_UNUSED_FLASH: // Unused Flash Area #1 (Privileged, Read-Write, Non-Executable) SET_REGION( 5, FLASH_BASE + 0x00C000, SIZE_16KB, 0x00, FLASH_DATA, PRIV_RW ); @@ -284,14 +305,17 @@ mpu_mode_t mpu_reconfig(mpu_mode_t mode) { case MPU_MODE_ASSETS: DIS_REGION( 5 ); // Assets (Privileged, Read-Write, Non-Executable) - SET_REGION( 6, FLASH_BASE + 0x108000, SIZE_32KB, 0x00, FLASH_DATA, PRIV_RW ); + // Subregion: 32KB = 64KB except 2/8 at start and 2/8 at end + SET_REGION( 6, FLASH_BASE + 0x104000, SIZE_64KB, 0xC3, FLASH_DATA, PRIV_RW ); break; case MPU_MODE_APP: - // Unused (maybe privileged kernel code in the future) - DIS_REGION( 5 ); + // Kernel data in DMA accessible SRAM (Privileged, Read-Write, Non-Executable) + // (overlaps with unprivileged SRAM region) + SET_REGION( 5, SRAM_BASE, SIZE_1KB, 0x00, SRAM, PRIV_RW ); // Assets (Unprivileged, Read-Only, Non-Executable) - SET_REGION( 6, FLASH_BASE + 0x108000, SIZE_32KB, 0x00, FLASH_DATA, PRIV_RO_URO ); + // Subregion: 32KB = 64KB except 2/8 at start and 2/8 at end + SET_REGION( 6, FLASH_BASE + 0x104000, SIZE_64KB, 0xC3, FLASH_DATA, PRIV_RO_URO ); break; #else @@ -304,8 +328,9 @@ mpu_mode_t mpu_reconfig(mpu_mode_t mode) { break; case MPU_MODE_APP: - // Unused (maybe privileged kernel code in the future) - DIS_REGION( 5 ); + // Kernel data in DMA accessible SRAM (Privileged, Read-Write, Non-Executable) + // (overlaps with unprivileged SRAM region) + SET_REGION( 5, SRAM_BASE, SIZE_1KB, 0x00, SRAM, PRIV_RW ); // Assets (Unprivileged, Read-Only, Non-Executable) // Subregion: 48KB = 64KB except 2/8 at end SET_REGION( 6, FLASH_BASE + 0x100000, SIZE_64KB, 0xC0, FLASH_DATA, PRIV_RO_URO ); @@ -313,13 +338,6 @@ mpu_mode_t mpu_reconfig(mpu_mode_t mode) { #endif - case MPU_MODE_STORAGE: - // Storage in the Flash Bank #1 (Privileged, Read-Write, Non-Executable) - SET_REGION( 5, FLASH_BASE + 0x10000, SIZE_64KB, 0x00, FLASH_DATA, PRIV_RW ); - // Storage in the Flash Bank #2 (Privileged, Read-Write, Non-Executable) - SET_REGION( 6, FLASH_BASE + 0x110000, SIZE_64KB, 0x00, FLASH_DATA, PRIV_RW ); - break; - default: DIS_REGION( 5 ); DIS_REGION( 6 ); @@ -331,6 +349,13 @@ mpu_mode_t mpu_reconfig(mpu_mode_t mode) { // clang-format off switch (mode) { +#ifdef TREZOR_MODEL_DISC1 + default: + // All Peripherals (Unprivileged, Read-Write, Non-Executable) + // SDRAM + SET_REGION( 7, 0x00000000, SIZE_4GB, 0xBB, SRAM, FULL_ACCESS ); + break; +#else case MPU_MODE_APP: // Dma2D (Unprivileged, Read-Write, Non-Executable) // 3KB = 4KB except 1/4 at end @@ -340,6 +365,7 @@ mpu_mode_t mpu_reconfig(mpu_mode_t mode) { // All Peripherals (Privileged, Read-Write, Non-Executable) SET_REGION( 7, PERIPH_BASE, SIZE_1GB, 0x00, PERIPH, PRIV_RW ); break; +#endif } // clang-format on diff --git a/core/embed/trezorhal/stm32f4/sdram.c b/core/embed/trezorhal/stm32f4/sdram.c index 7c32bb1cf0..3cc9360f4e 100644 --- a/core/embed/trezorhal/stm32f4/sdram.c +++ b/core/embed/trezorhal/stm32f4/sdram.c @@ -16,10 +16,12 @@ * ****************************************************************************** */ +#ifdef KERNEL_MODE /* Includes ------------------------------------------------------------------*/ #include "sdram.h" #include "irq.h" +#include "mpu.h" /** @addtogroup BSP * @{ @@ -90,6 +92,8 @@ void BSP_SDRAM_MspInit(SDRAM_HandleTypeDef *hsdram, void *Params); void sdram_init(void) { static uint8_t sdramstatus = SDRAM_ERROR; + mpu_mode_t mode = mpu_reconfig(MPU_MODE_FSMC_REGS); + /* SDRAM device configuration */ SdramHandle.Instance = FMC_SDRAM_DEVICE; @@ -137,6 +141,8 @@ void sdram_init(void) { /* SDRAM initialization sequence */ BSP_SDRAM_Initialization_sequence(REFRESH_COUNT); + mpu_restore(mode); + (void)sdramstatus; } @@ -444,3 +450,5 @@ void BSP_SDRAM_MspDeInit(SDRAM_HandleTypeDef *hsdram, void *Params) { /** * @} */ + +#endif diff --git a/core/embed/trezorhal/stm32f4/secret.c b/core/embed/trezorhal/stm32f4/secret.c index 0f6f92ef63..175cb25396 100644 --- a/core/embed/trezorhal/stm32f4/secret.c +++ b/core/embed/trezorhal/stm32f4/secret.c @@ -133,4 +133,4 @@ void secret_prepare_fw(secbool allow_run_with_secret, secbool _trust_all) { #endif } -#endif // KERNEL_MODE \ No newline at end of file +#endif // KERNEL_MODE diff --git a/core/embed/boardloader/startup_stm32f4.s b/core/embed/trezorhal/stm32f4/startup_stage_0.s similarity index 63% rename from core/embed/boardloader/startup_stm32f4.s rename to core/embed/trezorhal/stm32f4/startup_stage_0.s index 9533d932f9..b255baf372 100644 --- a/core/embed/boardloader/startup_stm32f4.s +++ b/core/embed/trezorhal/stm32f4/startup_stage_0.s @@ -20,25 +20,21 @@ reset_handler: // wipe memory to remove any possible vestiges of sensitive data // use unpredictable value as a defense against side-channels - ldr r0, =ccmram_start // r0 - point to beginning of CCMRAM - ldr r1, =ccmram_end // r1 - point to byte after the end of CCMRAM mov r2, r4 // r2 - the word-sized value to be written + ldr r0, =_startup_clear_ram_0_start + ldr r1, =_startup_clear_ram_0_end bl memset_reg - - ldr r0, =sram_start // r0 - point to beginning of SRAM - ldr r1, =sram_end // r1 - point to byte after the end of SRAM - mov r2, r4 // r2 - the word-sized value to be written + ldr r0, =_startup_clear_ram_1_start + ldr r1, =_startup_clear_ram_1_end bl memset_reg // setup environment for subsequent stage of code - ldr r0, =ccmram_start // r0 - point to beginning of CCMRAM - ldr r1, =ccmram_end // r1 - point to byte after the end of CCMRAM - ldr r2, =0 // r2 - the word-sized value to be written + ldr r2, =0 // r2 - the word-sized value to be written + ldr r0, =_startup_clear_ram_0_start + ldr r1, =_startup_clear_ram_0_end bl memset_reg - - ldr r0, =sram_start // r0 - point to beginning of SRAM - ldr r1, =sram_end // r1 - point to byte after the end of SRAM - ldr r2, =0 // r2 - the word-sized value to be written + ldr r0, =_startup_clear_ram_1_start + ldr r1, =_startup_clear_ram_1_end bl memset_reg // copy data in from flash diff --git a/core/embed/bootloader/startup_stm32f4.s b/core/embed/trezorhal/stm32f4/startup_stage_1.s similarity index 73% rename from core/embed/bootloader/startup_stm32f4.s rename to core/embed/trezorhal/stm32f4/startup_stage_1.s index 96ad4d3ae6..72a4cc8fab 100644 --- a/core/embed/bootloader/startup_stm32f4.s +++ b/core/embed/trezorhal/stm32f4/startup_stage_1.s @@ -6,14 +6,12 @@ .type reset_handler, STT_FUNC reset_handler: // setup environment for subsequent stage of code - ldr r0, =ccmram_start // r0 - point to beginning of CCMRAM - ldr r1, =ccmram_end // r1 - point to byte where BOOT_ARGS region starts - ldr r2, =0 // r2 - the word-sized value to be written + ldr r2, =0 // r2 - the word-sized value to be written + ldr r0, =_startup_clear_ram_0_start + ldr r1, =_startup_clear_ram_0_end bl memset_reg - - ldr r0, =sram_start // r0 - point to beginning of SRAM - ldr r1, =sram_end // r1 - point to byte after the end of SRAM - ldr r2, =0 // r2 - the word-sized value to be written + ldr r0, =_startup_clear_ram_1_start + ldr r1, =_startup_clear_ram_1_end bl memset_reg // copy data in from flash diff --git a/core/embed/bootloader_ci/startup_stm32f4.s b/core/embed/trezorhal/stm32f4/startup_stage_2.s similarity index 69% rename from core/embed/bootloader_ci/startup_stm32f4.s rename to core/embed/trezorhal/stm32f4/startup_stage_2.s index 59a80d3c18..e08f0de48c 100644 --- a/core/embed/bootloader_ci/startup_stm32f4.s +++ b/core/embed/trezorhal/stm32f4/startup_stage_2.s @@ -6,14 +6,12 @@ .type reset_handler, STT_FUNC reset_handler: // setup environment for subsequent stage of code - ldr r0, =ccmram_start // r0 - point to beginning of CCMRAM - ldr r1, =ccmram_end // r1 - point to byte where BOOT_ARGS region starts - ldr r2, =0 // r2 - the word-sized value to be written + ldr r2, =0 // r2 - the word-sized value to be written + ldr r0, =_startup_clear_ram_0_start + ldr r1, =_startup_clear_ram_0_end bl memset_reg - - ldr r0, =sram_start // r0 - point to beginning of SRAM - ldr r1, =sram_end // r1 - point to byte after the end of SRAM - ldr r2, =0 // r2 - the word-sized value to be written + ldr r0, =_startup_clear_ram_1_start + ldr r1, =_startup_clear_ram_1_end bl memset_reg // copy data in from flash diff --git a/core/embed/coreapp/startup_stm32f4.S b/core/embed/trezorhal/stm32f4/startup_stage_4.s similarity index 100% rename from core/embed/coreapp/startup_stm32f4.S rename to core/embed/trezorhal/stm32f4/startup_stage_4.s diff --git a/core/embed/trezorhal/stm32f4/syscall_dispatch.c b/core/embed/trezorhal/stm32f4/syscall_dispatch.c index c4dafbb370..6993c2ce41 100644 --- a/core/embed/trezorhal/stm32f4/syscall_dispatch.c +++ b/core/embed/trezorhal/stm32f4/syscall_dispatch.c @@ -19,6 +19,8 @@ #include STM32_HAL_H +#include TREZOR_BOARD + #include "syscall.h" #include "bootutils.h" @@ -162,6 +164,16 @@ __attribute((no_stack_protector)) void syscall_handler(uint32_t *args, case SYSCALL_DISPLAY_WAIT_FOR_SYNC: { display_wait_for_sync(); } break; +#endif + case SYSCALL_DISPLAY_FILL: { + const gfx_bitblt_t *bb = (const gfx_bitblt_t *)args[0]; + display_fill(bb); + } break; +#ifdef USE_RGB_COLORS + case SYSCALL_DISPLAY_COPY_RGB565: { + const gfx_bitblt_t *bb = (const gfx_bitblt_t *)args[0]; + display_copy_rgb565(bb); + } break; #endif case SYSCALL_DISPLAY_REFRESH: { display_refresh(); diff --git a/core/embed/trezorhal/stm32f4/syscall_numbers.h b/core/embed/trezorhal/stm32f4/syscall_numbers.h index 4e602032ee..2341d02ed7 100644 --- a/core/embed/trezorhal/stm32f4/syscall_numbers.h +++ b/core/embed/trezorhal/stm32f4/syscall_numbers.h @@ -49,6 +49,8 @@ typedef enum { SYSCALL_DISPLAY_GET_FB_INFO, SYSCALL_DISPLAY_WAIT_FOR_SYNC, SYSCALL_DISPLAY_REFRESH, + SYSCALL_DISPLAY_FILL, + SYSCALL_DISPLAY_COPY_RGB565, SYSCALL_USB_INIT, SYSCALL_USB_DEINIT, @@ -147,4 +149,4 @@ typedef enum { } syscall_number_t; -#endif // SYSCALL_NUMBERS_H \ No newline at end of file +#endif // SYSCALL_NUMBERS_H diff --git a/core/embed/trezorhal/stm32f4/syscall_stubs.c b/core/embed/trezorhal/stm32f4/syscall_stubs.c index 10fc13cd3d..91f706d434 100644 --- a/core/embed/trezorhal/stm32f4/syscall_stubs.c +++ b/core/embed/trezorhal/stm32f4/syscall_stubs.c @@ -159,8 +159,17 @@ display_fb_info_t display_get_frame_buffer(void) { void display_wait_for_sync(void) { syscall_invoke0(SYSCALL_DISPLAY_WAIT_FOR_SYNC); } + #endif +void display_fill(const gfx_bitblt_t *bb) { + syscall_invoke1((uint32_t)bb, SYSCALL_DISPLAY_FILL); +} + +void display_copy_rgb565(const gfx_bitblt_t *bb) { + syscall_invoke1((uint32_t)bb, SYSCALL_DISPLAY_COPY_RGB565); +} + void display_refresh(void) { syscall_invoke0(SYSCALL_DISPLAY_REFRESH); } // ============================================================================= diff --git a/core/embed/trezorhal/stm32f4/touch/stmpe811.c b/core/embed/trezorhal/stm32f4/touch/stmpe811.c index 8fc25092b1..3d3003999a 100644 --- a/core/embed/trezorhal/stm32f4/touch/stmpe811.c +++ b/core/embed/trezorhal/stm32f4/touch/stmpe811.c @@ -20,6 +20,8 @@ #include STM32_HAL_H #include TREZOR_BOARD +#ifdef KERNEL_MODE + #include #include "common.h" @@ -691,3 +693,5 @@ uint32_t touch_get_event(void) { return event; } + +#endif diff --git a/core/embed/trezorhal/stm32f4/util.S b/core/embed/trezorhal/stm32f4/util.S index 94eae168af..b01f5ee1a0 100644 --- a/core/embed/trezorhal/stm32f4/util.S +++ b/core/embed/trezorhal/stm32f4/util.S @@ -2,6 +2,8 @@ .text +#ifdef KERNEL_MODE + .global memset_reg .type memset_reg, STT_FUNC memset_reg: @@ -10,10 +12,13 @@ memset_reg: // r1 - address of first word following the address in r0 to NOT write (exclusive) // r2 - word value to be written // both addresses in r0 and r1 needs to be divisible by 4! + cmp r0, r1 + beq .L_loop_end .L_loop_begin: str r2, [r0], 4 // store the word in r2 to the address in r0, post-indexed cmp r0, r1 bne .L_loop_begin + .L_loop_end: bx lr // Jump to address given in first argument R0 that points to next's stage's VTOR @@ -42,13 +47,12 @@ jump_to_with_flag: cpsid f // wipe memory at the end of the current stage of code bl clear_otg_hs_memory - ldr r0, =ccmram_start // r0 - point to beginning of CCMRAM - ldr r1, =boot_args_start // r1 - point to byte after the end of CCMRAM - ldr r2, =0 // r2 - the word-sized value to be written + ldr r2, =0 // r2 - the word-sized value to be written + ldr r0, =_handoff_clear_ram_0_start + ldr r1, =_handoff_clear_ram_0_end bl memset_reg - ldr r0, =sram_start // r0 - point to beginning of SRAM - ldr r1, =sram_end // r1 - point to byte after the end of SRAM - ldr r2, =0 // r2 - the word-sized value to be written + ldr r0, =_handoff_clear_ram_1_start + ldr r1, =_handoff_clear_ram_1_end bl memset_reg mov lr, r4 // clear out the general purpose registers before the next stage's except the register with flag R11 @@ -98,13 +102,12 @@ shutdown_privileged: mov r11, r0 mov r12, r0 ldr lr, =0xffffffff - ldr r0, =ccmram_start - ldr r1, =ccmram_end - // set to value in r2 + + ldr r0, =_shutdown_clear_ram_0_start + ldr r1, =_shutdown_clear_ram_0_end bl memset_reg - ldr r0, =sram_start - ldr r1, =sram_end - // set to value in r2 + ldr r0, =_shutdown_clear_ram_1_start + ldr r1, =_shutdown_clear_ram_1_end bl memset_reg bl clear_otg_hs_memory ldr r0, =1 @@ -112,4 +115,6 @@ shutdown_privileged: ldr r0, =0 b . // loop forever +#endif + .end diff --git a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c index af3ff91e44..412e359f17 100644 --- a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c +++ b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c @@ -286,8 +286,6 @@ void display_ensure_refreshed(void) { #endif } -#endif // KERNEL_MODE - void display_fill(const gfx_bitblt_t *bb) { display_fb_info_t fb = display_get_frame_buffer(); @@ -343,3 +341,5 @@ void display_copy_mono4(const gfx_bitblt_t *bb) { gfx_rgb565_copy_mono4(&bb_new); } + +#endif // KERNEL_MODE diff --git a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_io.c b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_io.c index 8976f552bc..5f237af58d 100644 --- a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_io.c +++ b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_io.c @@ -24,14 +24,14 @@ #include "irq.h" #include "mpu.h" -#ifdef KERNEL_MODE - __IO DISP_MEM_TYPE *const DISPLAY_CMD_ADDRESS = (__IO DISP_MEM_TYPE *const)((uint32_t)DISPLAY_MEMORY_BASE); __IO DISP_MEM_TYPE *const DISPLAY_DATA_ADDRESS = (__IO DISP_MEM_TYPE *const)((uint32_t)DISPLAY_MEMORY_BASE | (DISPLAY_ADDR_SHIFT << DISPLAY_MEMORY_PIN)); +#ifdef KERNEL_MODE + void display_io_init_gpio(void) { // init peripherals __HAL_RCC_GPIOE_CLK_ENABLE(); diff --git a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_nofb.c b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_nofb.c index c2f4c7e166..83eba001c8 100644 --- a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_nofb.c +++ b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_nofb.c @@ -51,8 +51,6 @@ static inline void set_window(const gfx_bitblt_t* bb) { bb->dst_y + bb->height + 1); } -#endif // KERNEL_MODE - // For future notice, if we ever want to do a new model using progressive // rendering. // @@ -122,3 +120,5 @@ void display_copy_mono4(const gfx_bitblt_t* bb) { src_row += bb->src_stride / sizeof(*src_row); } } + +#endif // KERNEL_MODE diff --git a/core/embed/trezorhal/stm32f4/xdisplay/stm32f429i-disc1/display_driver.c b/core/embed/trezorhal/stm32f4/xdisplay/stm32f429i-disc1/display_driver.c index 24e13a9985..1198f897b8 100644 --- a/core/embed/trezorhal/stm32f4/xdisplay/stm32f429i-disc1/display_driver.c +++ b/core/embed/trezorhal/stm32f4/xdisplay/stm32f429i-disc1/display_driver.c @@ -23,6 +23,8 @@ #include TREZOR_BOARD #include STM32_HAL_H +#ifdef KERNEL_MODE + #include "display_internal.h" #include "ili9341_spi.h" #include "xdisplay.h" @@ -198,3 +200,5 @@ void display_copy_mono4(const gfx_bitblt_t *bb) { gfx_rgb565_copy_mono4(&bb_new); } + +#endif diff --git a/core/embed/trezorhal/stm32f4/xdisplay/vg-2864/display_driver.c b/core/embed/trezorhal/stm32f4/xdisplay/vg-2864/display_driver.c index 40b99e6f74..bdcf47157b 100644 --- a/core/embed/trezorhal/stm32f4/xdisplay/vg-2864/display_driver.c +++ b/core/embed/trezorhal/stm32f4/xdisplay/vg-2864/display_driver.c @@ -31,6 +31,7 @@ #include "consumption_mask.h" #endif +#ifdef KERNEL_MODE #if (DISPLAY_RESX != 128) || (DISPLAY_RESY != 64) #error "Incompatible display resolution" #endif @@ -38,7 +39,9 @@ // This file implements display driver for monochromatic display V-2864KSWEG01 // with 128x64 resolution connected to CPU via SPI interface. // -// This type of display is used with T3T1 model (Trezor TS3) +// This type of display is used with T3B1 model (Trezor TS3) + +__attribute__((section(".fb1"))) uint8_t framebuf[DISPLAY_RESX * DISPLAY_RESY]; // Display driver context. typedef struct { @@ -47,7 +50,7 @@ typedef struct { // SPI driver instance SPI_HandleTypeDef spi; // Frame buffer (8-bit Mono) - uint8_t framebuf[DISPLAY_RESX * DISPLAY_RESY]; + uint8_t *framebuf; // Current display orientation (0 or 180) int orientation_angle; // Current backlight level ranging from 0 to 255 @@ -233,6 +236,7 @@ void display_init(display_content_mode_t mode) { memset(drv, 0, sizeof(display_driver_t)); drv->backlight_level = 255; + drv->framebuf = framebuf; if (mode == DISPLAY_RESET_CONTENT) { OLED_DC_CLK_ENA(); @@ -391,29 +395,31 @@ void display_refresh(void) { } void display_fill(const gfx_bitblt_t *bb) { - display_driver_t *drv = &g_display_driver; + display_fb_info_t fb = display_get_frame_buffer(); - if (!drv->initialized) { + if (fb.ptr == NULL) { return; } gfx_bitblt_t bb_new = *bb; - bb_new.dst_row = &drv->framebuf[DISPLAY_RESX * bb_new.dst_y]; + bb_new.dst_row = &(((uint8_t *)fb.ptr)[DISPLAY_RESX * bb_new.dst_y]); bb_new.dst_stride = DISPLAY_RESX; gfx_mono8_fill(&bb_new); } void display_copy_mono1p(const gfx_bitblt_t *bb) { - display_driver_t *drv = &g_display_driver; + display_fb_info_t fb = display_get_frame_buffer(); - if (!drv->initialized) { + if (fb.ptr == NULL) { return; } gfx_bitblt_t bb_new = *bb; - bb_new.dst_row = &drv->framebuf[DISPLAY_RESX * bb_new.dst_y]; + bb_new.dst_row = &(((uint8_t *)fb.ptr)[DISPLAY_RESX * bb_new.dst_y]); bb_new.dst_stride = DISPLAY_RESX; gfx_mono8_copy_mono1p(&bb_new); } + +#endif diff --git a/core/embed/trezorhal/stm32u5/limited_util.S b/core/embed/trezorhal/stm32u5/limited_util.S index c9004fd4f2..0c7cc3c2ef 100644 --- a/core/embed/trezorhal/stm32u5/limited_util.S +++ b/core/embed/trezorhal/stm32u5/limited_util.S @@ -35,23 +35,14 @@ jump_to: cpsid f // wipe memory at the end of the current stage of code ldr r2, =0 // r2 - the word-sized value to be written - ldr r0, =sram1_start // r0 - point to beginning of SRAM - ldr r1, =sram1_end // r1 - point to byte after the end of SRAM + ldr r0, =_handoff_clear_ram_0_start + ldr r1, =_handoff_clear_ram_0_end bl memset_reg - ldr r0, =sram2_start // r0 - point to beginning of SRAM - ldr r1, =sram2_end // r1 - point to byte after the end of SRAM + ldr r0, =_handoff_clear_ram_1_start + ldr r1, =_handoff_clear_ram_1_end bl memset_reg - ldr r0, =sram4_start // r0 - point to beginning of SRAM - ldr r1, =sram4_end // r1 - point to byte after the end of SRAM - bl memset_reg - ldr r0, =sram6_start // r0 - point to beginning of SRAM - ldr r1, =sram6_end // r1 - point to byte after the end of SRAM - bl memset_reg - ldr r0, =sram3_start // r0 - point to beginning of SRAM - ldr r1, =__fb_start // r1 - point to beginning of framebuffer - bl memset_reg - ldr r0, =__fb_end // r0 - point to end of framebuffer - ldr r1, =sram5_end // r1 - point to byte after the end of SRAM + ldr r0, =_handoff_clear_ram_2_start + ldr r1, =_handoff_clear_ram_2_end bl memset_reg mov lr, r4 @@ -104,26 +95,17 @@ shutdown_privileged: mov r12, r0 ldr lr, =0xffffffff - ldr r0, =sram1_start // r0 - point to beginning of SRAM - ldr r1, =sram1_end // r1 - point to byte after the end of SRAM + ldr r0, =_shutdown_clear_ram_0_start + ldr r1, =_shutdown_clear_ram_0_end bl memset_reg - ldr r0, =sram2_start // r0 - point to beginning of SRAM - ldr r1, =sram2_end // r1 - point to byte after the end of SRAM + ldr r0, =_shutdown_clear_ram_1_start + ldr r1, =_shutdown_clear_ram_1_end bl memset_reg - ldr r0, =sram4_start // r0 - point to beginning of SRAM - ldr r1, =sram4_end // r1 - point to byte after the end of SRAM + ldr r0, =_shutdown_clear_ram_2_start + ldr r1, =_shutdown_clear_ram_2_end bl memset_reg - ldr r0, =sram6_start // r0 - point to beginning of SRAM - ldr r1, =sram6_end // r1 - point to byte after the end of SRAM - bl memset_reg - ldr r0, =boot_args_start // r0 - point to beginning of boot args - ldr r1, =boot_args_end // r1 - point to byte after the end of boot args - bl memset_reg - ldr r0, =sram3_start // r0 - point to beginning of SRAM - ldr r1, =__fb_start // r1 - point to beginning of framebuffer - bl memset_reg - ldr r0, =__fb_end // r0 - point to end of framebuffer - ldr r1, =sram5_end // r1 - point to byte after the end of SRAM + ldr r0, =_shutdown_clear_ram_3_start + ldr r1, =_shutdown_clear_ram_3_end bl memset_reg ldr r0, =1 diff --git a/core/embed/boardloader/memory_stm32u58.ld b/core/embed/trezorhal/stm32u5/linker/u58/boardloader.ld similarity index 51% rename from core/embed/boardloader/memory_stm32u58.ld rename to core/embed/trezorhal/stm32u5/linker/u58/boardloader.ld index 51aa0845c3..ca7bac1ee6 100644 --- a/core/embed/boardloader/memory_stm32u58.ld +++ b/core/embed/trezorhal/stm32u5/linker/u58/boardloader.ld @@ -1,16 +1,16 @@ -/* Trezor v2 boardloader linker script */ +INCLUDE "./embed/trezorhal/stm32u5/linker/u58/memory.ld"; ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x0C004000, LENGTH = 48K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 192K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x3002FF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x30030000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x30040000, LENGTH = 512K - SRAM5 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM5 is not available */ - SRAM6 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM6 is not available */ - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K + FLASH (rx) : ORIGIN = BOARDLOADER_START, LENGTH = BOARDLOADER_IMAGE_MAXSIZE + SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_SRAM2 - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = MCU_SRAM2_SIZE + SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = MCU_SRAM3_SIZE + SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = MCU_SRAM5_SIZE + SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = MCU_SRAM6_SIZE + SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = MCU_SRAM4_SIZE } main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ @@ -21,6 +21,8 @@ _estack = main_stack_base; data_lma = LOADADDR(.data); data_vma = ADDR(.data); data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); /* used by the startup code to populate variables used by the C code */ confidential_lma = LOADADDR(.confidential); @@ -28,27 +30,37 @@ confidential_vma = ADDR(.confidential); confidential_size = SIZEOF(.confidential); /* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); -bss_start = ADDR(.bss); -bss_end = ADDR(.bss) + SIZEOF(.bss); +_startup_clear_ram_0_start = MCU_SRAM1; +_startup_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - BOOTARGS_SIZE; +_startup_clear_ram_1_start = MCU_SRAM2; +_startup_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_startup_clear_ram_2_start = MCU_SRAM4; +_startup_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the jump code to wipe memory */ +_handoff_clear_ram_0_start = MCU_SRAM1; +_handoff_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - BOOTARGS_SIZE; +_handoff_clear_ram_1_start = MCU_SRAM2; +_handoff_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_handoff_clear_ram_2_start = MCU_SRAM4; +_handoff_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = MCU_SRAM1; +_shutdown_clear_ram_0_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_shutdown_clear_ram_1_start = MCU_SRAM4; +_shutdown_clear_ram_1_end = MCU_SRAM4 + MCU_SRAM4_SIZE; +_shutdown_clear_ram_2_start = 0; +_shutdown_clear_ram_2_end = 0; +_shutdown_clear_ram_3_start = 0; +_shutdown_clear_ram_3_end = 0; /* reserve 256 bytes for bootloader arguments */ boot_args_start = ORIGIN(BOOT_ARGS); boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); SECTIONS { - .vector_table : ALIGN(512) { + .vector_table : ALIGN(CODE_ALIGNMENT) { KEEP(*(.vector_table)); } >FLASH AT>FLASH @@ -108,5 +120,5 @@ SECTIONS { /* Hard-coded address for capabilities structure */ - .capabilities 0x0C00FF00 : {KEEP(*(.capabilities_section))} + .capabilities BOARD_CAPABILITIES_ADDR : {KEEP(*(.capabilities_section))} } diff --git a/core/embed/bootloader/memory_stm32u58.ld b/core/embed/trezorhal/stm32u5/linker/u58/bootloader.ld similarity index 52% rename from core/embed/bootloader/memory_stm32u58.ld rename to core/embed/trezorhal/stm32u5/linker/u58/bootloader.ld index 6711c5c4b4..e46251e96c 100644 --- a/core/embed/bootloader/memory_stm32u58.ld +++ b/core/embed/trezorhal/stm32u5/linker/u58/bootloader.ld @@ -1,16 +1,16 @@ -/* Trezor v2 bootloader linker script */ +INCLUDE "./embed/trezorhal/stm32u5/linker/u58/memory.ld"; ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x0C010000, LENGTH = 128K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 192K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x3002FF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x30030000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x30040000, LENGTH = 512K - SRAM5 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM5 is not available */ - SRAM6 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM6 is not available */ - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K + FLASH (rx) : ORIGIN = BOOTLOADER_START, LENGTH = BOOTLOADER_IMAGE_MAXSIZE + SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_SRAM2 - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = MCU_SRAM2_SIZE + SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = MCU_SRAM3_SIZE + SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = MCU_SRAM5_SIZE + SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = MCU_SRAM6_SIZE + SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = MCU_SRAM4_SIZE } main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ @@ -21,6 +21,8 @@ _estack = main_stack_base; data_lma = LOADADDR(.data); data_vma = ADDR(.data); data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); /* used by the startup code to populate variables used by the C code */ confidential_lma = LOADADDR(.confidential); @@ -28,20 +30,30 @@ confidential_vma = ADDR(.confidential); confidential_size = SIZEOF(.confidential); /* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); -bss_start = ADDR(.bss); -bss_end = ADDR(.bss) + SIZEOF(.bss); +_startup_clear_ram_0_start = MCU_SRAM1; +_startup_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - BOOTARGS_SIZE; +_startup_clear_ram_1_start = MCU_SRAM2; +_startup_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_startup_clear_ram_2_start = MCU_SRAM4; +_startup_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the jump code to wipe memory */ +_handoff_clear_ram_0_start = MCU_SRAM1; +_handoff_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE; +_handoff_clear_ram_1_start = MCU_SRAM2; +_handoff_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_handoff_clear_ram_2_start = MCU_SRAM4; +_handoff_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = MCU_SRAM1; +_shutdown_clear_ram_0_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_shutdown_clear_ram_1_start = MCU_SRAM4; +_shutdown_clear_ram_1_end = MCU_SRAM4 + MCU_SRAM4_SIZE; +_shutdown_clear_ram_2_start = 0; +_shutdown_clear_ram_2_end = 0; +_shutdown_clear_ram_3_start = 0; +_shutdown_clear_ram_3_end = 0; /* reserve 256 bytes for bootloader arguments */ boot_args_start = ORIGIN(BOOT_ARGS); @@ -54,7 +66,7 @@ SECTIONS { KEEP(*(.header)); } >FLASH AT>FLASH - .flash : ALIGN(512) { + .flash : ALIGN(CODE_ALIGNMENT) { KEEP(*(.vector_table)); . = ALIGN(4); *(.text*); diff --git a/core/embed/coreapp/memory_T3T1.ld b/core/embed/trezorhal/stm32u5/linker/u58/coreapp.ld similarity index 54% rename from core/embed/coreapp/memory_T3T1.ld rename to core/embed/trezorhal/stm32u5/linker/u58/coreapp.ld index 810877697d..1542e781ae 100644 --- a/core/embed/coreapp/memory_T3T1.ld +++ b/core/embed/trezorhal/stm32u5/linker/u58/coreapp.ld @@ -1,16 +1,15 @@ -/* TREZORv2 firmware linker script */ +INCLUDE "./embed/trezorhal/stm32u5/linker/u58/memory.ld"; ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x0C050000 + 0x28000, LENGTH = 1664K - 0x28000 - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 192K - 16K - BOOT_ARGS (wal) : ORIGIN = 0x3002FF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x30030000 + 8K, LENGTH = 64K - 8K - SRAM3 (wal) : ORIGIN = 0x30040000 + 0x38400, LENGTH = 512K - 0x38400 - SRAM5 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM5 is not available */ - SRAM6 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM6 is not available */ - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K + FLASH (rx) : ORIGIN = KERNEL_START, LENGTH = FIRMWARE_IMAGE_MAXSIZE + SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - KERNEL_SRAM1_SIZE + SRAM2 (wal) : ORIGIN = MCU_SRAM2 + KERNEL_SRAM2_SIZE, LENGTH = MCU_SRAM2_SIZE - KERNEL_SRAM2_SIZE + SRAM3 (wal) : ORIGIN = MCU_SRAM3 + KERNEL_SRAM3_SIZE, LENGTH = MCU_SRAM3_SIZE - KERNEL_SRAM3_SIZE + SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = 0K /* SRAM5 is not available */ + SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = 0K /* SRAM6 is not available */ + SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = 0K /* not allocated to coreapp */ } main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ @@ -22,32 +21,14 @@ _stack_size = SIZEOF(.stack); data_lma = LOADADDR(.data); data_vma = ADDR(.data); data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); /* used by the startup code to populate variables used by the C code */ confidential_lma = LOADADDR(.confidential); confidential_vma = ADDR(.confidential); confidential_size = SIZEOF(.confidential); -/* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); -bss_start = ADDR(.bss); -bss_end = ADDR(.bss) + SIZEOF(.bss); - -/* reserve 256 bytes for bootloader arguments */ -boot_args_start = ORIGIN(BOOT_ARGS); -boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); - _codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); _flash_start = ORIGIN(FLASH); _flash_end = ORIGIN(FLASH) + LENGTH(FLASH); @@ -61,9 +42,12 @@ SECTIONS { .header : ALIGN(4) { KEEP(*(.header)); + . = ALIGN(CODE_ALIGNMENT); } >FLASH AT>FLASH - .flash : ALIGN(512) { + .flash : ALIGN(CODE_ALIGNMENT) { + KEEP(*(.kernel)); + . = ALIGN(512); KEEP(*(.vector_table)); . = ALIGN(4); *(.text*); @@ -103,13 +87,6 @@ SECTIONS { .heap : ALIGN(4) { . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ - . = ABSOLUTE(sram3_end); /* this explicitly sets the end of the heap */ + . = ABSOLUTE(ORIGIN(SRAM3) + LENGTH(SRAM3)); /* this explicitly sets the end of the heap */ } >SRAM3 - - .boot_args : ALIGN(8) { - *(.boot_command*); - . = ALIGN(8); - *(.boot_args*); - . = ALIGN(8); - } >BOOT_ARGS } diff --git a/core/embed/firmware/memory_T3T1.ld b/core/embed/trezorhal/stm32u5/linker/u58/firmware.ld similarity index 60% rename from core/embed/firmware/memory_T3T1.ld rename to core/embed/trezorhal/stm32u5/linker/u58/firmware.ld index 9bbf390476..86d2895035 100644 --- a/core/embed/firmware/memory_T3T1.ld +++ b/core/embed/trezorhal/stm32u5/linker/u58/firmware.ld @@ -1,16 +1,16 @@ -/* TREZORv2 firmware linker script */ +INCLUDE "./embed/trezorhal/stm32u5/linker/u58/memory.ld"; ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x0C050000, LENGTH = 1664K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 192K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x3002FF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x30030000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x30040000, LENGTH = 512K - SRAM5 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM5 is not available */ - SRAM6 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM6 is not available */ - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K + FLASH (rx) : ORIGIN = FIRMWARE_START, LENGTH = FIRMWARE_IMAGE_MAXSIZE + SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_SRAM2 - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = MCU_SRAM2_SIZE + SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = MCU_SRAM3_SIZE + SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = MCU_SRAM5_SIZE /* SRAM5 is not available */ + SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = MCU_SRAM6_SIZE /* SRAM6 is not available */ + SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = MCU_SRAM4_SIZE } main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ @@ -21,27 +21,32 @@ _estack = main_stack_base; data_lma = LOADADDR(.data); data_vma = ADDR(.data); data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); /* used by the startup code to populate variables used by the C code */ confidential_lma = LOADADDR(.confidential); confidential_vma = ADDR(.confidential); confidential_size = SIZEOF(.confidential); -/* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); -bss_start = ADDR(.bss); -bss_end = ADDR(.bss) + SIZEOF(.bss); +/* used by the startup/jump code to wipe memory */ +_handoff_clear_ram_0_start = ORIGIN(SRAM1); +_handoff_clear_ram_0_end = ORIGIN(BOOT_ARGS); +_handoff_clear_ram_1_start = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); +_handoff_clear_ram_1_end = ORIGIN(SRAM6)+ LENGTH(SRAM6); +_handoff_clear_ram_2_start = ORIGIN(SRAM4); +_handoff_clear_ram_2_end = ORIGIN(SRAM4) + LENGTH(SRAM4); + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = ORIGIN(SRAM1); +_shutdown_clear_ram_0_end = ORIGIN(SRAM6)+ LENGTH(SRAM6); +_shutdown_clear_ram_1_start = ORIGIN(SRAM4); +_shutdown_clear_ram_1_end = ORIGIN(SRAM4) + LENGTH(SRAM4); +_shutdown_clear_ram_2_start = 0; +_shutdown_clear_ram_2_end = 0; +_shutdown_clear_ram_3_start = 0; +_shutdown_clear_ram_3_end = 0; + /* reserve 256 bytes for bootloader arguments */ boot_args_start = ORIGIN(BOOT_ARGS); @@ -62,7 +67,7 @@ SECTIONS { KEEP(*(.header)); } >FLASH AT>FLASH - .flash : ALIGN(512) { + .flash : ALIGN(CODE_ALIGNMENT) { KEEP(*(.vector_table)); . = ALIGN(4); *(.text*); diff --git a/core/embed/trezorhal/stm32u5/linker/u58/kernel.ld b/core/embed/trezorhal/stm32u5/linker/u58/kernel.ld new file mode 100644 index 0000000000..2ca5972f28 --- /dev/null +++ b/core/embed/trezorhal/stm32u5/linker/u58/kernel.ld @@ -0,0 +1,162 @@ +INCLUDE "./embed/trezorhal/stm32u5/linker/u58/memory.ld"; + +ENTRY(reset_handler) + +MEMORY { + FLASH (rx) : ORIGIN = KERNEL_START, LENGTH = KERNEL_IMAGE_MAXSIZE + SRAM1 (wal) : ORIGIN = MCU_SRAM2 - KERNEL_SRAM1_SIZE, LENGTH = KERNEL_SRAM1_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_SRAM2 - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = KERNEL_SRAM2_SIZE - KERNEL_U_RAM_SIZE + SRAM2_U (wal) : ORIGIN = MCU_SRAM2 + KERNEL_SRAM2_SIZE - KERNEL_U_RAM_SIZE, LENGTH = KERNEL_U_RAM_SIZE + SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = KERNEL_SRAM3_SIZE + SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = 0K /* SRAM5 is not available */ + SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = 0K /* SRAM6 is not available */ + SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = MCU_SRAM4_SIZE +} + +main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ +_sstack = ORIGIN(SRAM2); +_estack = main_stack_base; + +ustack_base = ORIGIN(SRAM2_U) + 512; +_sustack = ORIGIN(SRAM2_U) + 256; +_eustack = ustack_base; + +/* used by the startup code to populate variables used by the C code */ +data_lma = LOADADDR(.data); +data_vma = ADDR(.data); +data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); + +/* used by the startup code to populate variables used by the C code */ +confidential_lma = LOADADDR(.confidential); +confidential_vma = ADDR(.confidential); +confidential_size = SIZEOF(.confidential); + +/* used by the startup code to wipe memory */ +_startup_clear_ram_0_start = MCU_SRAM1; +_startup_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE; +_startup_clear_ram_1_start = MCU_SRAM2; +_startup_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_startup_clear_ram_2_start = MCU_SRAM4; +_startup_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the jump code to wipe memory */ +_handoff_clear_ram_0_start = MCU_SRAM1; +_handoff_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - BOOTARGS_SIZE; +_handoff_clear_ram_1_start = MCU_SRAM2; +_handoff_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_handoff_clear_ram_2_start = MCU_SRAM4; +_handoff_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = MCU_SRAM1; +_shutdown_clear_ram_0_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_shutdown_clear_ram_1_start = MCU_SRAM4; +_shutdown_clear_ram_1_end = MCU_SRAM4 + MCU_SRAM4_SIZE; +_shutdown_clear_ram_2_start = 0; +_shutdown_clear_ram_2_end = 0; +_shutdown_clear_ram_3_start = 0; +_shutdown_clear_ram_3_end = 0; + +/* used by applet cleaning code */ +_coreapp_clear_ram_0_start = MCU_SRAM2 + KERNEL_SRAM2_SIZE; +_coreapp_clear_ram_0_size = MCU_SRAM2_SIZE - KERNEL_SRAM2_SIZE; +_coreapp_clear_ram_1_start = MCU_SRAM3 + KERNEL_SRAM3_SIZE; +_coreapp_clear_ram_1_size = MCU_SRAM3_SIZE - KERNEL_SRAM3_SIZE; + +sram_u_start = ORIGIN(SRAM2_U); +sram_u_end = ORIGIN(SRAM2_U) + LENGTH(SRAM2_U); + +/* reserve 256 bytes for bootloader arguments */ +boot_args_start = ORIGIN(BOOT_ARGS); +boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); + +_codelen = SIZEOF(.vendorheader) + SIZEOF(.header) + SIZEOF(.flash) + SIZEOF(.uflash) + SIZEOF(.data) + SIZEOF(.confidential); +_flash_start = ORIGIN(FLASH); +_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); + +_uflash_start = ADDR(.uflash); +_uflash_end = ADDR(.uflash) + SIZEOF(.uflash); + +SECTIONS { + .vendorheader : ALIGN(4) { + KEEP(*(.vendorheader)) + } >FLASH AT>FLASH + + .header : ALIGN(4) { + . = 1K; + . = ALIGN(CODE_ALIGNMENT); + } >FLASH AT>FLASH + + .flash : ALIGN(CODE_ALIGNMENT) { + KEEP(*(.vector_table)); + . = ALIGN(4); + *(.text*); + . = ALIGN(4); + *(.rodata*); + . = ALIGN(4); + KEEP(*(.bootloader)); + *(.bootloader*); + . = ALIGN(512); + } >FLASH AT>FLASH + + .data : ALIGN(4) { + *(.data*); + . = ALIGN(512); + } >SRAM1 AT>FLASH + + /DISCARD/ : { + *(.ARM.exidx*); + } + + .bss : ALIGN(4) { + *(.no_dma_buffers*); + *(.bss*); + . = ALIGN(4); + } >SRAM1 + + .stack : ALIGN(8) { + . = 6K; /* Overflow causes UsageFault */ + } >SRAM2 + + /* unprivileged data and stack for SAES */ + .udata : ALIGN(512) { + *(.udata*); + . = ALIGN(256); + . = 256; /* Overflow causes UsageFault */ + } >SRAM2_U + + .confidential : ALIGN(512) { + *(.confidential*); + . = ALIGN(CODE_ALIGNMENT); + } >SRAM2 AT>FLASH + + .uflash : ALIGN(512) { + *(.uflash*); + . = ALIGN(512); + } >FLASH AT>FLASH + + .fb : ALIGN(4) { + __fb_start = .; + *(.fb1*); + *(.fb2*); + *(.framebuffer_select*); + __fb_end = .; + . = ALIGN(4); + } >SRAM3 + + .buf : ALIGN(4) { + *(.buf*); + . = ALIGN(4); + } >SRAM3 + + + .boot_args : ALIGN(8) { + *(.boot_command*); + . = ALIGN(8); + *(.boot_args*); + . = ALIGN(8); + } >BOOT_ARGS +} diff --git a/core/embed/trezorhal/stm32u5/linker/u58/memory.ld b/core/embed/trezorhal/stm32u5/linker/u58/memory.ld new file mode 100644 index 0000000000..59826546fa --- /dev/null +++ b/core/embed/trezorhal/stm32u5/linker/u58/memory.ld @@ -0,0 +1,18 @@ + + +MCU_FLASH_S_ORIGIN = 0x0C000000; +MCU_FLASH_ORIGIN = 0x08000000; +MCU_FLASH_SIZE = 2M; + +MCU_SRAM1 = 0x30000000; +MCU_SRAM1_SIZE = 192K; +MCU_SRAM2 = 0x30030000; +MCU_SRAM2_SIZE = 64K; +MCU_SRAM3 = 0x30040000; +MCU_SRAM3_SIZE = 512K; +MCU_SRAM4 = 0x38000000; +MCU_SRAM4_SIZE = 16K; +MCU_SRAM5 = 0x30080000; +MCU_SRAM5_SIZE = 0K; /* SRAM5 is not available */ +MCU_SRAM6 = 0x30080000; +MCU_SRAM6_SIZE = 0K ; /* SRAM6 is not available */ diff --git a/core/embed/prodtest/memory_stm32u58.ld b/core/embed/trezorhal/stm32u5/linker/u58/prodtest.ld similarity index 52% rename from core/embed/prodtest/memory_stm32u58.ld rename to core/embed/trezorhal/stm32u5/linker/u58/prodtest.ld index 53c5216865..6cabe9cb55 100644 --- a/core/embed/prodtest/memory_stm32u58.ld +++ b/core/embed/trezorhal/stm32u5/linker/u58/prodtest.ld @@ -1,16 +1,16 @@ -/* TREZORv2 firmware linker script */ +INCLUDE "./embed/trezorhal/stm32u5/linker/u58/memory.ld"; ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x0C050000, LENGTH = 1664K - SRAM1 (wal) : ORIGIN = 0x30000000, LENGTH = 192K - 0x100 - BOOT_ARGS (wal) : ORIGIN = 0x3002FF00, LENGTH = 0x100 - SRAM2 (wal) : ORIGIN = 0x30030000, LENGTH = 64K - SRAM3 (wal) : ORIGIN = 0x30040000, LENGTH = 512K - SRAM5 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM5 is not available */ - SRAM6 (wal) : ORIGIN = 0x30080000, LENGTH = 0K /* SRAM6 is not available */ - SRAM4 (wal) : ORIGIN = 0x38000000, LENGTH = 16K + FLASH (rx) : ORIGIN = FIRMWARE_START, LENGTH = FIRMWARE_IMAGE_MAXSIZE + SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_SRAM2 - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = MCU_SRAM2_SIZE + SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = MCU_SRAM3_SIZE + SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = MCU_SRAM5_SIZE /* SRAM5 is not available */ + SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = MCU_SRAM6_SIZE /* SRAM6 is not available */ + SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = MCU_SRAM4_SIZE } main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ @@ -21,6 +21,9 @@ _estack = main_stack_base; data_lma = LOADADDR(.data); data_vma = ADDR(.data); data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); + /* used by the startup code to populate variables used by the C code */ confidential_lma = LOADADDR(.confidential); @@ -28,20 +31,30 @@ confidential_vma = ADDR(.confidential); confidential_size = SIZEOF(.confidential); /* used by the startup code to wipe memory */ -sram1_start = ORIGIN(SRAM1); -sram1_end = ORIGIN(SRAM1) + LENGTH(SRAM1); -sram2_start = ORIGIN(SRAM2); -sram2_end = ORIGIN(SRAM2) + LENGTH(SRAM2); -sram3_start = ORIGIN(SRAM3); -sram3_end = ORIGIN(SRAM3) + LENGTH(SRAM3); -sram4_start = ORIGIN(SRAM4); -sram4_end = ORIGIN(SRAM4) + LENGTH(SRAM4); -sram5_start = ORIGIN(SRAM5); -sram5_end = ORIGIN(SRAM5) + LENGTH(SRAM5); -sram6_start = ORIGIN(SRAM6); -sram6_end = ORIGIN(SRAM6) + LENGTH(SRAM6); -bss_start = ADDR(.bss); -bss_end = ADDR(.bss) + SIZEOF(.bss); +_startup_clear_ram_0_start = MCU_SRAM1; +_startup_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE; +_startup_clear_ram_1_start = MCU_SRAM2; +_startup_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_startup_clear_ram_2_start = MCU_SRAM4; +_startup_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the jump code to wipe memory */ +_handoff_clear_ram_0_start = MCU_SRAM1; +_handoff_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - BOOTARGS_SIZE; +_handoff_clear_ram_1_start = MCU_SRAM2; +_handoff_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_handoff_clear_ram_2_start = MCU_SRAM4; +_handoff_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = MCU_SRAM1; +_shutdown_clear_ram_0_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_shutdown_clear_ram_1_start = MCU_SRAM4; +_shutdown_clear_ram_1_end = MCU_SRAM4 + MCU_SRAM4_SIZE; +_shutdown_clear_ram_2_start = 0; +_shutdown_clear_ram_2_end = 0; +_shutdown_clear_ram_3_start = 0; +_shutdown_clear_ram_3_end = 0; /* reserve 256 bytes for bootloader arguments */ boot_args_start = ORIGIN(BOOT_ARGS); @@ -50,8 +63,6 @@ boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); _codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); _flash_start = ORIGIN(FLASH); _flash_end = ORIGIN(FLASH) + LENGTH(FLASH); -_heap_start = ADDR(.heap); -_heap_end = ADDR(.heap) + SIZEOF(.heap); SECTIONS { .vendorheader : ALIGN(4) { @@ -62,7 +73,7 @@ SECTIONS { KEEP(*(.header)); } >FLASH AT>FLASH - .flash : ALIGN(512) { + .flash : ALIGN(CODE_ALIGNMENT) { KEEP(*(.vector_table)); . = ALIGN(4); *(.text*); @@ -84,20 +95,11 @@ SECTIONS { } .bss : ALIGN(4) { + *(.no_dma_buffers*); *(.bss*); . = ALIGN(4); } >SRAM1 - .data_ccm : ALIGN(4) { - *(.no_dma_buffers*); - . = ALIGN(4); - } >SRAM1 - - .heap : ALIGN(4) { - . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ - . = ABSOLUTE(sram1_end); /* this explicitly sets the end of the heap */ - } >SRAM1 - .stack : ALIGN(8) { . = 16K; /* Overflow causes UsageFault */ } >SRAM2 @@ -111,7 +113,6 @@ SECTIONS { __fb_start = .; *(.fb1*); *(.fb2*); - *(.framebuffer_select*); __fb_end = .; . = ALIGN(4); } >SRAM3 diff --git a/core/embed/trezorhal/stm32u5/linker/u5a/boardloader.ld b/core/embed/trezorhal/stm32u5/linker/u5a/boardloader.ld new file mode 100644 index 0000000000..6c455e2641 --- /dev/null +++ b/core/embed/trezorhal/stm32u5/linker/u5a/boardloader.ld @@ -0,0 +1,127 @@ +INCLUDE "./embed/trezorhal/stm32u5/linker/u5a/memory.ld"; + +ENTRY(reset_handler) + +MEMORY { + FLASH (rx) : ORIGIN = BOARDLOADER_START, LENGTH = BOARDLOADER_IMAGE_MAXSIZE + SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_SRAM2 - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = MCU_SRAM2_SIZE + SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = MCU_SRAM3_SIZE + SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = MCU_SRAM5_SIZE + SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = MCU_SRAM6_SIZE + SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = MCU_SRAM4_SIZE +} + +main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ +_sstack = ORIGIN(SRAM2); +_estack = main_stack_base; + +/* used by the startup code to populate variables used by the C code */ +data_lma = LOADADDR(.data); +data_vma = ADDR(.data); +data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); + +/* used by the startup code to populate variables used by the C code */ +confidential_lma = LOADADDR(.confidential); +confidential_vma = ADDR(.confidential); +confidential_size = SIZEOF(.confidential); + +/* used by the startup code to wipe memory */ +_startup_clear_ram_0_start = MCU_SRAM1; +_startup_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - BOOTARGS_SIZE; +_startup_clear_ram_1_start = MCU_SRAM2; +_startup_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_startup_clear_ram_2_start = MCU_SRAM4; +_startup_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the jump code to wipe memory */ +_handoff_clear_ram_0_start = MCU_SRAM1; +_handoff_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - BOOTARGS_SIZE; +_handoff_clear_ram_1_start = MCU_SRAM2; +_handoff_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_handoff_clear_ram_2_start = MCU_SRAM4; +_handoff_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = ORIGIN(SRAM1); +_shutdown_clear_ram_0_end = ADDR(.fb1); +_shutdown_clear_ram_1_start = ADDR(.fb1) + SIZEOF(.fb1); +_shutdown_clear_ram_1_end = ADDR(.fb2); +_shutdown_clear_ram_2_start = ADDR(.fb2) + SIZEOF(.fb2); +_shutdown_clear_ram_2_end = ORIGIN(SRAM6)+ LENGTH(SRAM6); +_shutdown_clear_ram_3_start = ORIGIN(SRAM4); +_shutdown_clear_ram_3_end = ORIGIN(SRAM4) + LENGTH(SRAM4); + +/* reserve 256 bytes for bootloader arguments */ +boot_args_start = ORIGIN(BOOT_ARGS); +boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); + +SECTIONS { + .vector_table : ALIGN(CODE_ALIGNMENT) { + KEEP(*(.vector_table)); + } >FLASH AT>FLASH + + .text : ALIGN(4) { + *(.text*); + . = ALIGN(4); /* make the section size a multiple of the word size */ + } >FLASH AT>FLASH + + .rodata : ALIGN(4) { + *(.rodata*); + . = ALIGN(4); /* make the section size a multiple of the word size */ + } >FLASH AT>FLASH + + .data : ALIGN(4) { + *(.data*); + . = ALIGN(8); + } >SRAM5 AT>FLASH + + /DISCARD/ : { + *(.ARM.exidx*); + } + + .bss : ALIGN(4) { + *(.bss*); + . = ALIGN(4); + } >SRAM5 + + .buf : ALIGN(4) { + *(.buf*); + . = ALIGN(4); + } >SRAM5 + + .stack : ALIGN(8) { + . = 16K; /* Overflow causes UsageFault */ + } >SRAM2 + + .confidential : ALIGN(8) { + *(.confidential*); + . = ALIGN(4); + } >SRAM2 AT>FLASH + + .fb1 : ALIGN(4) { + *(.fb1*); + . = ALIGN(4); + } >SRAM1 + + .fb2 : ALIGN(4) { + *(.fb2*); + *(.gfxmmu_table*); + *(.framebuffer_select*); + . = ALIGN(4); + } >SRAM3 + + .boot_args : ALIGN(8) { + *(.boot_command*); + . = ALIGN(8); + *(.boot_args*); + . = ALIGN(8); + } >BOOT_ARGS + + + /* Hard-coded address for capabilities structure */ + .capabilities BOARD_CAPABILITIES_ADDR : {KEEP(*(.capabilities_section))} +} diff --git a/core/embed/trezorhal/stm32u5/linker/u5a/bootloader.ld b/core/embed/trezorhal/stm32u5/linker/u5a/bootloader.ld new file mode 100644 index 0000000000..e031a7062a --- /dev/null +++ b/core/embed/trezorhal/stm32u5/linker/u5a/bootloader.ld @@ -0,0 +1,128 @@ +INCLUDE "./embed/trezorhal/stm32u5/linker/u5a/memory.ld"; + +ENTRY(reset_handler) + +MEMORY { + FLASH (rx) : ORIGIN = BOOTLOADER_START, LENGTH = BOOTLOADER_IMAGE_MAXSIZE + SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_SRAM2 - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = MCU_SRAM2_SIZE + SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = MCU_SRAM3_SIZE + SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = MCU_SRAM5_SIZE + SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = MCU_SRAM6_SIZE + SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = MCU_SRAM4_SIZE +} + +main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ +_sstack = ORIGIN(SRAM2); +_estack = main_stack_base; + +/* used by the startup code to populate variables used by the C code */ +data_lma = LOADADDR(.data); +data_vma = ADDR(.data); +data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); + +/* used by the startup code to populate variables used by the C code */ +confidential_lma = LOADADDR(.confidential); +confidential_vma = ADDR(.confidential); +confidential_size = SIZEOF(.confidential); + +/* used by the startup code to wipe memory */ +_startup_clear_ram_0_start = MCU_SRAM1; +_startup_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - BOOTARGS_SIZE; +_startup_clear_ram_1_start = MCU_SRAM2; +_startup_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_startup_clear_ram_2_start = MCU_SRAM4; +_startup_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the jump code to wipe memory */ +_handoff_clear_ram_0_start = MCU_SRAM1; +_handoff_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE; +_handoff_clear_ram_1_start = MCU_SRAM2; +_handoff_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_handoff_clear_ram_2_start = MCU_SRAM4; +_handoff_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = ORIGIN(SRAM1); +_shutdown_clear_ram_0_end = ADDR(.fb1); +_shutdown_clear_ram_1_start = ADDR(.fb1) + SIZEOF(.fb1); +_shutdown_clear_ram_1_end = ADDR(.fb2); +_shutdown_clear_ram_2_start = ADDR(.fb2) + SIZEOF(.fb2); +_shutdown_clear_ram_2_end = ORIGIN(SRAM6)+ LENGTH(SRAM6); +_shutdown_clear_ram_3_start = ORIGIN(SRAM4); +_shutdown_clear_ram_3_end = ORIGIN(SRAM4) + LENGTH(SRAM4); + +/* reserve 256 bytes for bootloader arguments */ +boot_args_start = ORIGIN(BOOT_ARGS); +boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); + +_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); + +SECTIONS { + .header : ALIGN(4) { + KEEP(*(.header)); + } >FLASH AT>FLASH + + .flash : ALIGN(CODE_ALIGNMENT) { + KEEP(*(.vector_table)); + . = ALIGN(4); + *(.text*); + . = ALIGN(4); + *(.rodata*); + . = ALIGN(512); + } >FLASH AT>FLASH + + .data : ALIGN(4) { + *(.data*); + . = ALIGN(512); + } >SRAM5 AT>FLASH + + /DISCARD/ : { + *(.ARM.exidx*); + } + + .bss : ALIGN(4) { + *(.bss*); + . = ALIGN(4); + } >SRAM5 + + .buf : ALIGN(4) { + *(.buf*); + . = ALIGN(4); + *(.no_dma_buffers*); + . = ALIGN(4); + } >SRAM5 + + .stack : ALIGN(8) { + . = 16K; /* Overflow causes UsageFault */ + } >SRAM2 + + .confidential : ALIGN(512) { + *(.confidential*); + . = ALIGN(512); + } >SRAM2 AT>FLASH + + .fb1 : ALIGN(4) { + __fb_start = .; + *(.fb1*); + . = ALIGN(4); + } >SRAM1 + + .fb2 : ALIGN(4) { + *(.fb2*); + *(.gfxmmu_table*); + *(.framebuffer_select*); + __fb_end = .; + . = ALIGN(4); + } >SRAM3 + + .boot_args : ALIGN(8) { + *(.boot_command*); + . = ALIGN(8); + *(.boot_args*); + . = ALIGN(8); + } >BOOT_ARGS +} diff --git a/core/embed/trezorhal/stm32u5/linker/u5a/coreapp.ld b/core/embed/trezorhal/stm32u5/linker/u5a/coreapp.ld new file mode 100644 index 0000000000..73af99e705 --- /dev/null +++ b/core/embed/trezorhal/stm32u5/linker/u5a/coreapp.ld @@ -0,0 +1,92 @@ +INCLUDE "./embed/trezorhal/stm32u5/linker/u5a/memory.ld"; + +ENTRY(reset_handler) + +MEMORY { + FLASH (rx) : ORIGIN = KERNEL_START, LENGTH = FIRMWARE_IMAGE_MAXSIZE + SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = 0K /* not allocated to coreapp */ + SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = 0K /* not allocated to coreapp */ + SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = 0K /* not allocated to coreapp */ + SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = MCU_SRAM5_SIZE + SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = 0K /* not allocated to coreapp */ + SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = 0K /* not allocated to coreapp */ +} + +main_stack_base = ORIGIN(SRAM5) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ +_sstack = ORIGIN(SRAM5); +_estack = main_stack_base; +_stack_size = SIZEOF(.stack); + +/* used by the startup code to populate variables used by the C code */ +data_lma = LOADADDR(.data); +data_vma = ADDR(.data); +data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); + +/* used by the startup code to populate variables used by the C code */ +confidential_lma = LOADADDR(.confidential); +confidential_vma = ADDR(.confidential); +confidential_size = SIZEOF(.confidential); + +_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); +_flash_start = ORIGIN(FLASH); +_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); +_heap_start = ADDR(.heap); +_heap_end = ADDR(.heap) + SIZEOF(.heap); + +SECTIONS { + .vendorheader : ALIGN(4) { + KEEP(*(.vendorheader)) + } >FLASH AT>FLASH + + .header : ALIGN(4) { + KEEP(*(.header)); + } >FLASH AT>FLASH + + .flash : ALIGN(CODE_ALIGNMENT) { + KEEP(*(.kernel)); + . = ALIGN(512); + KEEP(*(.vector_table)); + . = ALIGN(4); + *(.text*); + . = ALIGN(4); + *(.rodata*); + . = ALIGN(512); + } >FLASH AT>FLASH + + .stack : ALIGN(8) { + . = 32K; /* Overflow causes UsageFault */ + } >SRAM5 + + .data : ALIGN(4) { + *(.data*); + . = ALIGN(512); + } >SRAM5 AT>FLASH + + /DISCARD/ : { + *(.ARM.exidx*); + } + + .bss : ALIGN(4) { + *(.no_dma_buffers*); + *(.bss*); + . = ALIGN(4); + } >SRAM5 + + .confidential : ALIGN(512) { + *(.confidential*); + . = ALIGN(512); + } >SRAM5 AT>FLASH + + .buf : ALIGN(4) { + *(.buf*); + . = ALIGN(4); + } >SRAM5 + + .heap : ALIGN(4) { + . = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */ + . = ABSOLUTE(ORIGIN(SRAM5) + LENGTH(SRAM5)); /* this explicitly sets the end of the heap */ + } >SRAM5 + +} diff --git a/core/embed/trezorhal/stm32u5/linker/u5a/kernel.ld b/core/embed/trezorhal/stm32u5/linker/u5a/kernel.ld new file mode 100644 index 0000000000..31c7652ccf --- /dev/null +++ b/core/embed/trezorhal/stm32u5/linker/u5a/kernel.ld @@ -0,0 +1,166 @@ +INCLUDE "./embed/trezorhal/stm32u5/linker/u5a/memory.ld"; + +ENTRY(reset_handler) + +MEMORY { + FLASH (rx) : ORIGIN = KERNEL_START, LENGTH = KERNEL_IMAGE_MAXSIZE + SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_SRAM2 - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = MCU_SRAM2_SIZE + SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = MCU_SRAM3_SIZE - KERNEL_U_RAM_SIZE + SRAM3_U (wal) : ORIGIN = MCU_SRAM3 + MCU_SRAM3_SIZE - KERNEL_U_RAM_SIZE, LENGTH = KERNEL_U_RAM_SIZE + SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = MCU_SRAM5_SIZE + SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = MCU_SRAM6_SIZE + SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = MCU_SRAM4_SIZE +} + +main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ +_sstack = ORIGIN(SRAM2); +_estack = main_stack_base; + +ustack_base = ORIGIN(SRAM3_U) + 512; +_sustack = ORIGIN(SRAM3_U) + 256; +_eustack = ustack_base; + +/* used by the startup code to populate variables used by the C code */ +data_lma = LOADADDR(.data); +data_vma = ADDR(.data); +data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); + +/* used by the startup code to populate variables used by the C code */ +confidential_lma = LOADADDR(.confidential); +confidential_vma = ADDR(.confidential); +confidential_size = SIZEOF(.confidential); + +/* used by the startup code to wipe memory */ +_startup_clear_ram_0_start = MCU_SRAM1; +_startup_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE; +_startup_clear_ram_1_start = MCU_SRAM2; +_startup_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_startup_clear_ram_2_start = MCU_SRAM4; +_startup_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the jump code to wipe memory */ +_handoff_clear_ram_0_start = MCU_SRAM1; +_handoff_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - BOOTARGS_SIZE; +_handoff_clear_ram_1_start = MCU_SRAM2; +_handoff_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_handoff_clear_ram_2_start = MCU_SRAM4; +_handoff_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = ORIGIN(SRAM1); +_shutdown_clear_ram_0_end = ADDR(.fb1); +_shutdown_clear_ram_1_start = ADDR(.fb1) + SIZEOF(.fb1); +_shutdown_clear_ram_1_end = ADDR(.fb2); +_shutdown_clear_ram_2_start = ADDR(.fb2) + SIZEOF(.fb2); +_shutdown_clear_ram_2_end = ORIGIN(SRAM6)+ LENGTH(SRAM6); +_shutdown_clear_ram_3_start = ORIGIN(SRAM4); +_shutdown_clear_ram_3_end = ORIGIN(SRAM4) + LENGTH(SRAM4); + +/* used by appleet cleaning code */ +_coreapp_clear_ram_0_start = MCU_SRAM5; +_coreapp_clear_ram_0_size = MCU_SRAM5_SIZE; +_coreapp_clear_ram_1_start = 0; +_coreapp_clear_ram_1_size = 0; + + +sram_u_start = ORIGIN(SRAM3_U); +sram_u_end = ORIGIN(SRAM3_U) + LENGTH(SRAM3_U); + +/* reserve 256 bytes for bootloader arguments */ +boot_args_start = ORIGIN(BOOT_ARGS); +boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); + +_codelen = SIZEOF(.vendorheader) + SIZEOF(.header) + SIZEOF(.flash) + SIZEOF(.uflash) + SIZEOF(.data) + SIZEOF(.confidential); +_flash_start = ORIGIN(FLASH); +_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); + +_uflash_start = ADDR(.uflash); +_uflash_end = ADDR(.uflash) + SIZEOF(.uflash); + +SECTIONS { + .vendorheader : ALIGN(4) { + KEEP(*(.vendorheader)) + } >FLASH AT>FLASH + + .header : ALIGN(4) { + . = 1K; + . = ALIGN(CODE_ALIGNMENT); + } >FLASH AT>FLASH + + .flash : ALIGN(CODE_ALIGNMENT) { + KEEP(*(.vector_table)); + . = ALIGN(4); + *(.text*); + . = ALIGN(4); + *(.rodata*); + . = ALIGN(4); + KEEP(*(.bootloader)); + *(.bootloader*); + . = ALIGN(512); + } >FLASH AT>FLASH + + .stack : ALIGN(8) { + . = 12K; /* Overflow causes UsageFault */ + } >SRAM2 + + .data : ALIGN(4) { + *(.data*); + . = ALIGN(512); + } >SRAM2 AT>FLASH + + /DISCARD/ : { + *(.ARM.exidx*); + } + + .bss : ALIGN(4) { + *(.no_dma_buffers*); + *(.bss*); + . = ALIGN(4); + } >SRAM2 + + /* unprivileged data and stack for SAES */ + .udata : ALIGN(512) { + *(.udata*); + . = ALIGN(256); + . = 256; /* Overflow causes UsageFault */ + } >SRAM3_U + + .confidential : ALIGN(512) { + *(.confidential*); + . = ALIGN(512); + } >SRAM2 AT>FLASH + + .uflash : ALIGN(512) { + *(.uflash*); + . = ALIGN(512); + } >FLASH AT>FLASH + + .fb1 : ALIGN(4) { + *(.fb1*); + . = ALIGN(4); + } >SRAM1 + + .fb2 : ALIGN(4) { + *(.fb2*); + *(.gfxmmu_table*); + *(.framebuffer_select*); + . = ALIGN(4); + } >SRAM3 + + .buf : ALIGN(4) { + *(.buf*); + . = ALIGN(4); + } >SRAM2 + + + .boot_args : ALIGN(8) { + *(.boot_command*); + . = ALIGN(8); + *(.boot_args*); + . = ALIGN(8); + } >BOOT_ARGS +} diff --git a/core/embed/trezorhal/stm32u5/linker/u5a/memory.ld b/core/embed/trezorhal/stm32u5/linker/u5a/memory.ld new file mode 100644 index 0000000000..157833f965 --- /dev/null +++ b/core/embed/trezorhal/stm32u5/linker/u5a/memory.ld @@ -0,0 +1,18 @@ + + +MCU_FLASH_S_ORIGIN = 0x0C000000; +MCU_FLASH_ORIGIN = 0x08000000; +MCU_FLASH_SIZE = 4M; + +MCU_SRAM1 = 0x30000000; +MCU_SRAM1_SIZE = 768K; +MCU_SRAM2 = 0x300C0000; +MCU_SRAM2_SIZE = 64K; +MCU_SRAM3 = 0x300D0000; +MCU_SRAM3_SIZE = 832K; +MCU_SRAM4 = 0x38000000; +MCU_SRAM4_SIZE = 16K; +MCU_SRAM5 = 0x301A0000; +MCU_SRAM5_SIZE = 832K; +MCU_SRAM6 = 0x30270000; +MCU_SRAM6_SIZE = 0K ; diff --git a/core/embed/trezorhal/stm32u5/linker/u5a/prodtest.ld b/core/embed/trezorhal/stm32u5/linker/u5a/prodtest.ld new file mode 100644 index 0000000000..9fc58c604e --- /dev/null +++ b/core/embed/trezorhal/stm32u5/linker/u5a/prodtest.ld @@ -0,0 +1,136 @@ +INCLUDE "./embed/trezorhal/stm32u5/linker/u5a/memory.ld"; + +ENTRY(reset_handler) + +MEMORY { + FLASH (rx) : ORIGIN = KERNEL_START, LENGTH = KERNEL_IMAGE_MAXSIZE + SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - BOOTARGS_SIZE + BOOT_ARGS (wal) : ORIGIN = MCU_SRAM2 - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE + SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = MCU_SRAM2_SIZE + SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = MCU_SRAM3_SIZE + SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = MCU_SRAM5_SIZE + SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = MCU_SRAM6_SIZE + SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = MCU_SRAM4_SIZE +} + +main_stack_base = ORIGIN(SRAM2) + SIZEOF(.stack); /* 8-byte aligned full descending stack */ +_sstack = ORIGIN(SRAM2); +_estack = main_stack_base; + +/* used by the startup code to populate variables used by the C code */ +data_lma = LOADADDR(.data); +data_vma = ADDR(.data); +data_size = SIZEOF(.data); +bss_start = ADDR(.bss); +bss_end = ADDR(.bss) + SIZEOF(.bss); + +/* used by the startup code to populate variables used by the C code */ +confidential_lma = LOADADDR(.confidential); +confidential_vma = ADDR(.confidential); +confidential_size = SIZEOF(.confidential); + +/* used by the startup code to wipe memory */ +_startup_clear_ram_0_start = MCU_SRAM1; +_startup_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE; +_startup_clear_ram_1_start = MCU_SRAM2; +_startup_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_startup_clear_ram_2_start = MCU_SRAM4; +_startup_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the jump code to wipe memory */ +_handoff_clear_ram_0_start = MCU_SRAM1; +_handoff_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - BOOTARGS_SIZE; +_handoff_clear_ram_1_start = MCU_SRAM2; +_handoff_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE; +_handoff_clear_ram_2_start = MCU_SRAM4; +_handoff_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE; + +/* used by the shutdown code to wipe memory */ +_shutdown_clear_ram_0_start = ORIGIN(SRAM1); +_shutdown_clear_ram_0_end = ADDR(.fb1); +_shutdown_clear_ram_1_start = ADDR(.fb1) + SIZEOF(.fb1); +_shutdown_clear_ram_1_end = ADDR(.fb2); +_shutdown_clear_ram_2_start = ADDR(.fb2) + SIZEOF(.fb2); +_shutdown_clear_ram_2_end = ORIGIN(SRAM6)+ LENGTH(SRAM6); +_shutdown_clear_ram_3_start = ORIGIN(SRAM4); +_shutdown_clear_ram_3_end = ORIGIN(SRAM4) + LENGTH(SRAM4); + + +/* reserve 256 bytes for bootloader arguments */ +boot_args_start = ORIGIN(BOOT_ARGS); +boot_args_end = ORIGIN(BOOT_ARGS) + LENGTH(BOOT_ARGS); +_codelen = SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); +_flash_start = ORIGIN(FLASH); +_flash_end = ORIGIN(FLASH) + LENGTH(FLASH); + +SECTIONS { + .vendorheader : ALIGN(4) { + KEEP(*(.vendorheader)) + } >FLASH AT>FLASH + + .header : ALIGN(4) { + KEEP(*(.header)); + . = ALIGN(CODE_ALIGNMENT); + } >FLASH AT>FLASH + + .flash : ALIGN(CODE_ALIGNMENT) { + KEEP(*(.vector_table)); + . = ALIGN(4); + *(.text*); + . = ALIGN(4); + *(.rodata*); + . = ALIGN(4); + KEEP(*(.bootloader)); + *(.bootloader*); + . = ALIGN(512); + } >FLASH AT>FLASH + + .stack : ALIGN(8) { + . = 12K; /* Overflow causes UsageFault */ + } >SRAM2 + + .data : ALIGN(4) { + *(.data*); + . = ALIGN(512); + } >SRAM2 AT>FLASH + + /DISCARD/ : { + *(.ARM.exidx*); + } + + .bss : ALIGN(4) { + *(.no_dma_buffers*); + *(.bss*); + . = ALIGN(4); + } >SRAM2 + + .confidential : ALIGN(512) { + *(.confidential*); + . = ALIGN(512); + } >SRAM2 AT>FLASH + + .fb1 : ALIGN(4) { + *(.fb1*); + . = ALIGN(4); + } >SRAM1 + + .fb2 : ALIGN(4) { + *(.fb2*); + *(.gfxmmu_table*); + *(.framebuffer_select*); + . = ALIGN(4); + } >SRAM3 + + .buf : ALIGN(4) { + *(.buf*); + . = ALIGN(4); + } >SRAM2 + + + .boot_args : ALIGN(8) { + *(.boot_command*); + . = ALIGN(8); + *(.boot_args*); + . = ALIGN(8); + } >BOOT_ARGS +} diff --git a/core/embed/trezorhal/stm32u5/mpu.c b/core/embed/trezorhal/stm32u5/mpu.c index e0ab0adf1b..69b3e81856 100644 --- a/core/embed/trezorhal/stm32u5/mpu.c +++ b/core/embed/trezorhal/stm32u5/mpu.c @@ -115,20 +115,19 @@ static void mpu_set_attributes(void) { #define SECRET_START FLASH_BASE #define SECRET_SIZE SIZE_16K -#define BOARDLOADER_SIZE SIZE_48K +#define BOARDLOADER_SIZE BOARDLOADER_IMAGE_MAXSIZE #define BOOTLOADER_SIZE BOOTLOADER_IMAGE_MAXSIZE #define FIRMWARE_SIZE FIRMWARE_IMAGE_MAXSIZE -#define COREAPP_SIZE (FIRMWARE_IMAGE_MAXSIZE - KERNEL_SIZE) #define STORAGE_START \ (FLASH_BASE + SECRET_SIZE + BOARDLOADER_SIZE + BOOTLOADER_SIZE) #define STORAGE_SIZE NORCOW_SECTOR_SIZE* STORAGE_AREAS_COUNT #if defined STM32U5A9xx -#define SRAM_SIZE SIZE_2496K +#define SRAM_SIZE SRAM1_SIZE + SRAM2_SIZE + SRAM3_SIZE + SRAM5_SIZE #elif defined STM32U5G9xx -#define SRAM_SIZE (SIZE_2496K + SIZE_512K) +#define SRAM_SIZE SRAM1_SIZE + SRAM2_SIZE + SRAM3_SIZE + SRAM5_SIZE + SRAM6_SIZE #elif defined STM32U585xx -#define SRAM_SIZE SIZE_768K +#define SRAM_SIZE SRAM1_SIZE + SRAM2_SIZE + SRAM3_SIZE #else #error "Unknown MCU" #endif @@ -150,14 +149,49 @@ static void mpu_set_attributes(void) { // clang-format on -#define KERNEL_RAM_START (SRAM2_BASE - SIZE_16K) -#define KERNEL_RAM_SIZE (SIZE_24K) +#ifdef STM32U585xx +#define KERNEL_RAM_START (SRAM2_BASE - KERNEL_SRAM1_SIZE) +#define KERNEL_RAM_SIZE \ + ((KERNEL_SRAM1_SIZE + KERNEL_SRAM2_SIZE) - KERNEL_U_RAM_SIZE) +#else +#define KERNEL_RAM_START (SRAM1_BASE) +#define KERNEL_RAM_SIZE \ + (SRAM1_SIZE + SRAM2_SIZE + SRAM3_SIZE - KERNEL_U_RAM_SIZE) +#endif +#ifdef SYSCALL_DISPATCH +extern uint32_t _uflash_start; +extern uint32_t _uflash_end; +#define KERNEL_RAM_U_START (KERNEL_RAM_START + KERNEL_RAM_SIZE) +#define KERNEL_RAM_U_SIZE KERNEL_U_RAM_SIZE +#define KERNEL_FLASH_U_START (uint32_t) & _uflash_start +#define KERNEL_FLASH_U_SIZE ((uint32_t) & _uflash_end - KERNEL_FLASH_U_START) +#else +#define KERNEL_RAM_U_START 0 +#define KERNEL_RAM_U_SIZE 0 +#define KERNEL_FLASH_U_START 0 +#define KERNEL_FLASH_U_SIZE 0 +#endif + +extern uint32_t _codelen; +#define KERNEL_SIZE (uint32_t) & _codelen + +#define KERNEL_FLASH_START KERNEL_START +#define KERNEL_FLASH_SIZE (KERNEL_SIZE - KERNEL_U_FLASH_SIZE) + +#define COREAPP_FLASH_START (KERNEL_FLASH_START + KERNEL_SIZE) +#define COREAPP_FLASH_SIZE (FIRMWARE_IMAGE_MAXSIZE - KERNEL_SIZE) + +#ifdef STM32U585xx #define COREAPP_RAM1_START SRAM1_BASE -#define COREAPP_RAM1_SIZE (SIZE_192K - SIZE_16K) +#define COREAPP_RAM1_SIZE (SRAM1_SIZE - KERNEL_SRAM1_SIZE) -#define COREAPP_RAM2_START (SRAM2_BASE + SIZE_8K) -#define COREAPP_RAM2_SIZE (SRAM_SIZE - (SIZE_192K + SIZE_8K)) +#define COREAPP_RAM2_START (SRAM2_BASE + KERNEL_SRAM2_SIZE) +#define COREAPP_RAM2_SIZE (SRAM_SIZE - (SRAM1_SIZE + KERNEL_SRAM2_SIZE)) +#else +#define COREAPP_RAM1_START SRAM5_BASE +#define COREAPP_RAM1_SIZE SRAM5_SIZE +#endif typedef struct { // Set if the driver is initialized @@ -196,12 +230,16 @@ static void mpu_init_fixed_regions(void) { #endif #if defined(KERNEL) // REGION ADDRESS SIZE TYPE WRITE UNPRIV - SET_REGION( 0, KERNEL_START, KERNEL_SIZE, FLASH_CODE, NO, NO ); - SET_REGION( 1, KERNEL_RAM_START, KERNEL_RAM_SIZE, SRAM, YES, NO ); - SET_REGION( 2, COREAPP_START, COREAPP_SIZE, FLASH_CODE, NO, YES ); - SET_REGION( 3, COREAPP_RAM1_START, COREAPP_RAM1_SIZE, SRAM, YES, YES ); - SET_REGION( 4, COREAPP_RAM2_START, COREAPP_RAM2_SIZE, SRAM, YES, YES ); - SET_REGION( 5, GRAPHICS_START, GRAPHICS_SIZE, SRAM, YES, YES ); + SET_REGION( 0, KERNEL_FLASH_START, KERNEL_FLASH_SIZE, FLASH_CODE, NO, NO ); // Kernel Code + SET_REGION( 1, KERNEL_RAM_START, KERNEL_RAM_SIZE, SRAM, YES, NO ); // Kernel RAM + SET_REGION( 2, COREAPP_FLASH_START, COREAPP_FLASH_SIZE, FLASH_CODE, NO, YES ); // CoreApp Code + SET_REGION( 3, COREAPP_RAM1_START, COREAPP_RAM1_SIZE, SRAM, YES, YES ); // CoraApp RAM +#ifdef STM32U585xx + SET_REGION( 4, COREAPP_RAM2_START, COREAPP_RAM2_SIZE, SRAM, YES, YES ); // CoraAPP RAM2 +#else + DIS_REGION( 4 ); +#endif + SET_REGION( 5, GRAPHICS_START, GRAPHICS_SIZE, SRAM, YES, YES ); // Frame buffer or display interface #endif #if defined(FIRMWARE) // REGION ADDRESS SIZE TYPE WRITE UNPRIV @@ -272,6 +310,16 @@ mpu_mode_t mpu_reconfig(mpu_mode_t mode) { HAL_MPU_Disable(); + // Region #5 is banked + + // clang-format off + switch (mode) { + default: + SET_REGION( 5, GRAPHICS_START, GRAPHICS_SIZE, SRAM, YES, YES ); // Peripherals + break; + } + // clang-format on + // Region #6 is banked // clang-format off diff --git a/core/embed/trezorhal/stm32u5/startup_stage_0.s b/core/embed/trezorhal/stm32u5/startup_stage_0.s new file mode 100644 index 0000000000..e237fe57e9 --- /dev/null +++ b/core/embed/trezorhal/stm32u5/startup_stage_0.s @@ -0,0 +1,79 @@ + .syntax unified + + .text + + .global reset_handler + .type reset_handler, STT_FUNC +reset_handler: + // set the stack protection + ldr r0, =_sstack + add r0, r0, #128 // safety margin for the exception frame + msr MSPLIM, r0 + + bl SystemInit + + // read the first rng data and save it + ldr r0, =0 // r0 - previous value + ldr r1, =0 // r1 - whether to compare the previous value + bl rng_read + + // read the next rng data and make sure it is different than previous + // r0 - value returned from previous call + ldr r1, =1 // r1 - whether to compare the previous value + bl rng_read + mov r4, r0 // save TRNG output in r4 + + // wipe memory to remove any possible vestiges of confidential data + + +fill_ram: + + mov r2, r4 // r2 - the word-sized value to be written + ldr r0, =_startup_clear_ram_0_start + ldr r1, =_startup_clear_ram_0_end + bl memset_reg + ldr r0, =_startup_clear_ram_1_start + ldr r1, =_startup_clear_ram_1_end + bl memset_reg + ldr r0, =_startup_clear_ram_2_start + ldr r1, =_startup_clear_ram_2_end + bl memset_reg + + // setup environment for subsequent stage of code + + +clear_ram: + ldr r2, =0 // r2 - the word-sized value to be written + ldr r0, =_startup_clear_ram_0_start + ldr r1, =_startup_clear_ram_0_end + bl memset_reg + ldr r0, =_startup_clear_ram_1_start + ldr r1, =_startup_clear_ram_1_end + bl memset_reg + ldr r0, =_startup_clear_ram_2_start + ldr r1, =_startup_clear_ram_2_end + bl memset_reg + + // copy data in from flash + ldr r0, =data_vma // dst addr + ldr r1, =data_lma // src addr + ldr r2, =data_size // size in bytes + bl memcpy + + // copy confidential data in from flash + ldr r0, =confidential_vma // dst addr + ldr r1, =confidential_lma // src addr + ldr r2, =confidential_size // size in bytes + bl memcpy + + // setup the stack protector (see build script "-fstack-protector-all") with an unpredictable value + bl rng_get + ldr r1, = __stack_chk_guard + str r0, [r1] + + // enter the application code + bl main + + b shutdown_privileged + + .end diff --git a/core/embed/bootloader/startup_stm32u5.s b/core/embed/trezorhal/stm32u5/startup_stage_1.s similarity index 64% rename from core/embed/bootloader/startup_stm32u5.s rename to core/embed/trezorhal/stm32u5/startup_stage_1.s index ad97873e61..53ba794d39 100644 --- a/core/embed/bootloader/startup_stm32u5.s +++ b/core/embed/trezorhal/stm32u5/startup_stage_1.s @@ -12,29 +12,14 @@ reset_handler: // setup environment for subsequent stage of code ldr r2, =0 // r2 - the word-sized value to be written - - ldr r0, =sram1_start // r0 - point to beginning of SRAM - ldr r1, =sram1_end // r1 - point to byte after the end of SRAM + ldr r0, =_startup_clear_ram_0_start + ldr r1, =_startup_clear_ram_0_end bl memset_reg - - ldr r0, =sram2_start // r0 - point to beginning of SRAM - ldr r1, =sram2_end // r1 - point to byte after the end of SRAM + ldr r0, =_startup_clear_ram_1_start + ldr r1, =_startup_clear_ram_1_end bl memset_reg - - ldr r0, =sram4_start // r0 - point to beginning of SRAM - ldr r1, =sram4_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram6_start // r0 - point to beginning of SRAM - ldr r1, =sram6_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram3_start // r0 - point to beginning of SRAM - ldr r1, =__fb_start // r1 - point to beginning of framebuffer - bl memset_reg - - ldr r0, =__fb_end // r0 - point to end of framebuffer - ldr r1, =sram5_end // r1 - point to byte after the end of SRAM + ldr r0, =_startup_clear_ram_2_start + ldr r1, =_startup_clear_ram_2_end bl memset_reg // copy data in from flash diff --git a/core/embed/bootloader_ci/startup_stm32u5.s b/core/embed/trezorhal/stm32u5/startup_stage_2.s similarity index 61% rename from core/embed/bootloader_ci/startup_stm32u5.s rename to core/embed/trezorhal/stm32u5/startup_stage_2.s index 707b7a320c..7813166f8c 100644 --- a/core/embed/bootloader_ci/startup_stm32u5.s +++ b/core/embed/trezorhal/stm32u5/startup_stage_2.s @@ -12,29 +12,14 @@ reset_handler: // setup environment for subsequent stage of code ldr r2, =0 // r2 - the word-sized value to be written - - ldr r0, =sram1_start // r0 - point to beginning of SRAM - ldr r1, =sram1_end // r1 - point to byte after the end of SRAM + ldr r0, =_startup_clear_ram_0_start + ldr r1, =_startup_clear_ram_0_end bl memset_reg - - ldr r0, =sram2_start // r0 - point to beginning of SRAM - ldr r1, =sram2_end // r1 - point to byte after the end of SRAM + ldr r0, =_startup_clear_ram_1_start + ldr r1, =_startup_clear_ram_1_end bl memset_reg - - ldr r0, =sram4_start // r0 - point to beginning of SRAM - ldr r1, =sram4_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram6_start // r0 - point to beginning of SRAM - ldr r1, =sram6_end // r1 - point to byte after the end of SRAM - bl memset_reg - - ldr r0, =sram3_start // r0 - point to beginning of SRAM - ldr r1, =__fb_start // r1 - point to beginning of framebuffer - bl memset_reg - - ldr r0, =__fb_end // r0 - point to end of framebuffer - ldr r1, =sram5_end // r1 - point to byte after the end of SRAM + ldr r0, =_startup_clear_ram_2_start + ldr r1, =_startup_clear_ram_2_end bl memset_reg // copy data in from flash diff --git a/core/embed/coreapp/startup_stm32u5.S b/core/embed/trezorhal/stm32u5/startup_stage_4.s similarity index 100% rename from core/embed/coreapp/startup_stm32u5.S rename to core/embed/trezorhal/stm32u5/startup_stage_4.s diff --git a/core/embed/trezorhal/stm32u5/touch/sitronix.c b/core/embed/trezorhal/stm32u5/touch/sitronix.c index 4da2aeb1bd..eb4d127cfc 100644 --- a/core/embed/trezorhal/stm32u5/touch/sitronix.c +++ b/core/embed/trezorhal/stm32u5/touch/sitronix.c @@ -1,6 +1,8 @@ #include STM32_HAL_H #include TREZOR_BOARD +#ifdef KERNEL_MODE + #include "common.h" #include "i2c_bus.h" #include "irq.h" @@ -1314,3 +1316,5 @@ uint32_t touch_get_event(void) { return event; } + +#endif diff --git a/core/embed/trezorhal/stm32u5/util.S b/core/embed/trezorhal/stm32u5/util.S index 06258ded40..65fe4f94d0 100644 --- a/core/embed/trezorhal/stm32u5/util.S +++ b/core/embed/trezorhal/stm32u5/util.S @@ -37,26 +37,14 @@ jump_to: cpsid f // wipe memory at the end of the current stage of code ldr r2, =0 // r2 - the word-sized value to be written - ldr r0, =sram1_start // r0 - point to beginning of SRAM - ldr r1, =sram1_end // r1 - point to byte after the end of SRAM + ldr r0, =_handoff_clear_ram_0_start + ldr r1, =_handoff_clear_ram_0_end bl memset_reg - ldr r0, =sram2_start // r0 - point to beginning of SRAM - ldr r1, =sram2_end // r1 - point to byte after the end of SRAM + ldr r0, =_handoff_clear_ram_1_start + ldr r1, =_handoff_clear_ram_1_end bl memset_reg - ldr r0, =sram4_start // r0 - point to beginning of SRAM - ldr r1, =sram4_end // r1 - point to byte after the end of SRAM - bl memset_reg - ldr r0, =sram6_start // r0 - point to beginning of SRAM - ldr r1, =sram6_end // r1 - point to byte after the end of SRAM - bl memset_reg - ldr r0, =boot_args_start // r0 - point to beginning of boot args - ldr r1, =boot_args_end // r1 - point to byte after the end of boot args - bl memset_reg - ldr r0, =sram3_start // r0 - point to beginning of SRAM - ldr r1, =__fb_start // r1 - point to beginning of framebuffer - bl memset_reg - ldr r0, =__fb_end // r0 - point to end of framebuffer - ldr r1, =sram5_end // r1 - point to byte after the end of SRAM + ldr r0, =_handoff_clear_ram_2_start + ldr r1, =_handoff_clear_ram_2_end bl memset_reg mov lr, r4 @@ -109,26 +97,17 @@ shutdown_privileged: mov r12, r0 ldr lr, =0xffffffff - ldr r0, =sram1_start // r0 - point to beginning of SRAM - ldr r1, =sram1_end // r1 - point to byte after the end of SRAM + ldr r0, =_shutdown_clear_ram_0_start + ldr r1, =_shutdown_clear_ram_0_end bl memset_reg - ldr r0, =sram2_start // r0 - point to beginning of SRAM - ldr r1, =sram2_end // r1 - point to byte after the end of SRAM + ldr r0, =_shutdown_clear_ram_1_start + ldr r1, =_shutdown_clear_ram_1_end bl memset_reg - ldr r0, =sram4_start // r0 - point to beginning of SRAM - ldr r1, =sram4_end // r1 - point to byte after the end of SRAM + ldr r0, =_shutdown_clear_ram_2_start + ldr r1, =_shutdown_clear_ram_2_end bl memset_reg - ldr r0, =sram6_start // r0 - point to beginning of SRAM - ldr r1, =sram6_end // r1 - point to byte after the end of SRAM - bl memset_reg - ldr r0, =boot_args_start // r0 - point to beginning of boot args - ldr r1, =boot_args_end // r1 - point to byte after the end of boot args - bl memset_reg - ldr r0, =sram3_start // r0 - point to beginning of SRAM - ldr r1, =__fb_start // r1 - point to beginning of framebuffer - bl memset_reg - ldr r0, =__fb_end // r0 - point to end of framebuffer - ldr r1, =sram5_end // r1 - point to byte after the end of SRAM + ldr r0, =_shutdown_clear_ram_3_start + ldr r1, =_shutdown_clear_ram_3_end bl memset_reg ldr r0, =1 diff --git a/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_driver.c b/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_driver.c index f39df353c0..714f6ae30f 100644 --- a/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_driver.c +++ b/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_driver.c @@ -30,6 +30,8 @@ #error "Incompatible display resolution" #endif +#ifdef KERNEL_MODE + // Display driver instance display_driver_t g_display_driver = { .initialized = false, @@ -43,6 +45,13 @@ void display_init(display_content_mode_t mode) { } if (mode == DISPLAY_RESET_CONTENT) { + __HAL_RCC_DSI_FORCE_RESET(); + __HAL_RCC_LTDC_FORCE_RESET(); + __HAL_RCC_GFXMMU_FORCE_RESET(); + __HAL_RCC_DSI_RELEASE_RESET(); + __HAL_RCC_LTDC_RELEASE_RESET(); + __HAL_RCC_GFXMMU_RELEASE_RESET(); + RCC_PeriphCLKInitTypeDef PeriphClkInit = {0}; // Initializes the common periph clock @@ -84,6 +93,14 @@ void display_deinit(display_content_mode_t mode) { display_driver_t *drv = &g_display_driver; if (!drv->initialized) { + if (mode == DISPLAY_RESET_CONTENT) { + __HAL_RCC_DSI_FORCE_RESET(); + __HAL_RCC_LTDC_FORCE_RESET(); + __HAL_RCC_GFXMMU_FORCE_RESET(); + __HAL_RCC_DSI_RELEASE_RESET(); + __HAL_RCC_LTDC_RELEASE_RESET(); + __HAL_RCC_GFXMMU_RELEASE_RESET(); + } return; } @@ -198,3 +215,5 @@ void display_copy_mono4(const gfx_bitblt_t *bb) { gfx_rgba8888_copy_mono4(&bb_new); } + +#endif diff --git a/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_fb.c b/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_fb.c index 598dfc464d..7d96ea80a6 100644 --- a/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_fb.c +++ b/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_fb.c @@ -26,6 +26,8 @@ #include #include "display_internal.h" +#ifdef KERNEL_MODE + // Physical frame buffers in internal SRAM memory __attribute__((section(".fb1"))) ALIGN_32BYTES(uint32_t physical_frame_buffer_0[PHYSICAL_FRAME_BUFFER_SIZE]); @@ -91,3 +93,5 @@ void display_refresh(void) { sizeof(physical_frame_buffer_1)); } } + +#endif diff --git a/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_gfxmmu_lut.h b/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_gfxmmu_lut.h index 86528b9d9a..ac502356d4 100644 --- a/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_gfxmmu_lut.h +++ b/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_gfxmmu_lut.h @@ -29,7 +29,7 @@ extern "C" { #define GFXMMU_LUT_LAST 479 #define GFXMMU_LUT_SIZE 480 -uint32_t gfxmmu_lut[2 * GFXMMU_LUT_SIZE] = { +static const uint32_t gfxmmu_lut_config[2 * GFXMMU_LUT_SIZE] = { 0x00413601, // GFXMMU_LUT0L 0x003FFCA0, // GFXMMU_LUT0H 0x00433401, // GFXMMU_LUT1L diff --git a/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_ltdc_dsi.c b/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_ltdc_dsi.c index 3cac3760f7..e296479813 100644 --- a/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_ltdc_dsi.c +++ b/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_ltdc_dsi.c @@ -68,6 +68,8 @@ #include "display_internal.h" #include "irq.h" +#ifdef KERNEL_MODE + /* Common Error codes */ #define BSP_ERROR_NONE 0 #define BSP_ERROR_NO_INIT -1 @@ -166,6 +168,9 @@ LTDC_HandleTypeDef hlcd_ltdc = {0}; DSI_HandleTypeDef hlcd_dsi = {0}; static DSI_VidCfgTypeDef DSIVidCfg = {0}; +__attribute__((section(".gfxmmu_table"))) +uint32_t gfxmmu_lut[2 * GFXMMU_LUT_SIZE]; + /** * @} */ @@ -206,6 +211,7 @@ int32_t BSP_LCD_Init(uint32_t Instance, uint32_t Orientation) { memset(&hlcd_ltdc, 0, sizeof(hlcd_ltdc)); memset(&hlcd_dsi, 0, sizeof(hlcd_dsi)); memset(&DSIVidCfg, 0, sizeof(DSIVidCfg)); + memcpy(gfxmmu_lut, gfxmmu_lut_config, sizeof(gfxmmu_lut)); int32_t status = BSP_ERROR_NONE; @@ -1557,3 +1563,5 @@ int32_t BSP_LCD_Reinit(uint32_t Instance) { return status; } + +#endif diff --git a/core/site_scons/models/D002/discovery2.py b/core/site_scons/models/D002/discovery2.py index f6a4272bf7..9a71eaa294 100644 --- a/core/site_scons/models/D002/discovery2.py +++ b/core/site_scons/models/D002/discovery2.py @@ -18,7 +18,7 @@ def configure( hw_revision = 0 mcu = "STM32U5A9xx" - linker_script = "stm32u5a" + linker_script = """embed/trezorhal/stm32u5/linker/u5a/{target}.ld""" stm32u5_common_files(env, defines, sources, paths) diff --git a/core/site_scons/models/T3B1/trezor_t3b1_revB.py b/core/site_scons/models/T3B1/trezor_t3b1_revB.py index e26b52c71a..c20b056b73 100644 --- a/core/site_scons/models/T3B1/trezor_t3b1_revB.py +++ b/core/site_scons/models/T3B1/trezor_t3b1_revB.py @@ -23,7 +23,7 @@ def configure( features_available.append("display_mono") mcu = "STM32U585xx" - linker_script = "stm32u58" + linker_script = """embed/trezorhal/stm32u5/linker/u58/{target}.ld""" stm32u5_common_files(env, defines, sources, paths) diff --git a/core/site_scons/models/T3T1/trezor_t3t1_revE.py b/core/site_scons/models/T3T1/trezor_t3t1_revE.py index 2e68dacc1f..1195a7143b 100644 --- a/core/site_scons/models/T3T1/trezor_t3t1_revE.py +++ b/core/site_scons/models/T3T1/trezor_t3t1_revE.py @@ -27,7 +27,7 @@ def configure( defines += ["XFRAMEBUFFER"] mcu = "STM32U585xx" - linker_script = "stm32u58" + linker_script = """embed/trezorhal/stm32u5/linker/u58/{target}.ld""" stm32u5_common_files(env, defines, sources, paths) diff --git a/core/site_scons/models/T3T1/trezor_t3t1_v4.py b/core/site_scons/models/T3T1/trezor_t3t1_v4.py index a2f1c7ceee..63e26c6993 100644 --- a/core/site_scons/models/T3T1/trezor_t3t1_v4.py +++ b/core/site_scons/models/T3T1/trezor_t3t1_v4.py @@ -27,7 +27,7 @@ def configure( defines += ["XFRAMEBUFFER"] mcu = "STM32U585xx" - linker_script = "stm32u58" + linker_script = """embed/trezorhal/stm32u5/linker/u58/{target}.ld""" stm32u5_common_files(env, defines, sources, paths) diff --git a/core/site_scons/models/stm32f4_common.py b/core/site_scons/models/stm32f4_common.py index e8e4cb1cd1..c90b334f15 100644 --- a/core/site_scons/models/stm32f4_common.py +++ b/core/site_scons/models/stm32f4_common.py @@ -79,4 +79,4 @@ def stm32f4_common_files(env, defines, sources, paths): ] env.get("ENV")["SUFFIX"] = "stm32f4" - env.get("ENV")["LINKER_SCRIPT"] = "stm32f4" + env.get("ENV")["LINKER_SCRIPT"] = """embed/trezorhal/stm32f4/linker/{target}.ld""" diff --git a/core/site_scons/tools.py b/core/site_scons/tools.py index 315ca5cef7..85ac138eb1 100644 --- a/core/site_scons/tools.py +++ b/core/site_scons/tools.py @@ -99,12 +99,12 @@ def get_bindgen_defines( return ",".join(rest_defs) -def embed_binary(obj_program, env, section, target_, file): +def embed_compressed_binary(obj_program, env, section, target_, file, build): _in = f"embedded_{section}.bin.deflated" def redefine_sym(name): src = ( - "_binary_build_firmware_" + f"_binary_build_{build}_" + _in.replace("/", "_").replace(".", "_") + "_" + name @@ -140,3 +140,14 @@ def embed_binary(obj_program, env, section, target_, file): ) env.Depends(obj_program, compress) + + +def embed_raw_binary(obj_program, env, section, target_, file): + obj_program.extend( + env.Command( + target=target_, + source=file, + action="$OBJCOPY -I binary -O elf32-littlearm -B arm" + f" --rename-section .data=.{section}" + " $SOURCE $TARGET", + ) + ) diff --git a/core/tools/README.md b/core/tools/README.md index 14fb0baf73..be1f263054 100644 --- a/core/tools/README.md +++ b/core/tools/README.md @@ -76,8 +76,9 @@ A Python package that exposes certain functionalities as CLI commands. `headertool` and `combine_firmware` live here, more may be moved or added. -One additional tool is `layout_parser`, which is used to extract memory layout -information from a model `.h` file. +Additional tools are `layout_parser`, which is used to extract memory layout +information from a model `.h` file, and related tool `lsgen` to generate linker script files +from the model `.h`. ### `alloc.py` diff --git a/core/tools/pyproject.toml b/core/tools/pyproject.toml index 125aaf6dd2..ece3ebf6c9 100644 --- a/core/tools/pyproject.toml +++ b/core/tools/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "trezor_core_tools" -version = "0.1.0" +version = "0.1.1" description = "Collection of CLI tools for trezor-core development" authors = ["matejcik "] license = "GPLv3+" @@ -17,4 +17,5 @@ build-backend = "poetry.core.masonry.api" [tool.poetry.scripts] headertool = "trezor_core_tools.headertool:cli" layout_parser = "trezor_core_tools.layout_parser:main" +lsgen = "trezor_core_tools.lsgen:main" combine_firmware = "trezor_core_tools.combine_firmware:main" diff --git a/core/tools/trezor_core_tools/common.py b/core/tools/trezor_core_tools/common.py index 7a4f2f5be7..74fdb6f634 100644 --- a/core/tools/trezor_core_tools/common.py +++ b/core/tools/trezor_core_tools/common.py @@ -19,3 +19,7 @@ MODELS_DICT = { def get_layout_for_model(model: str) -> Path: model = MODELS_DICT.get(model, model) return MODELS_DIR / model / f"model_{model}.h" + +def get_linkerscript_for_model(model: str) -> Path: + model = MODELS_DICT.get(model, model) + return MODELS_DIR / model / f"memory.ld" diff --git a/core/tools/trezor_core_tools/layout_parser.py b/core/tools/trezor_core_tools/layout_parser.py index 13b2e43303..aec22a1e1e 100644 --- a/core/tools/trezor_core_tools/layout_parser.py +++ b/core/tools/trezor_core_tools/layout_parser.py @@ -19,7 +19,12 @@ SEARCH_PATTERN = r"#define (\w+) (.+?)(?:\s*//.*)?$" def find_all_values(model: str) -> dict[str, int]: layout = get_layout_for_model(model) values = {} + begin = False for line in open(layout): + if not begin: + if line.startswith("// SHARED"): + begin = True + continue match = re.match(SEARCH_PATTERN, line) if match is not None: name, value = match.groups() diff --git a/core/tools/trezor_core_tools/lsgen.py b/core/tools/trezor_core_tools/lsgen.py new file mode 100644 index 0000000000..36d7d7e722 --- /dev/null +++ b/core/tools/trezor_core_tools/lsgen.py @@ -0,0 +1,37 @@ +#!/usr/bin/env python3 +from __future__ import annotations + +import click + +from .common import get_linkerscript_for_model, MODELS_DIR +from .layout_parser import find_all_values + + +warning = """/* Auto-generated file, do not edit.*/ + +""" + +@click.command() +@click.option("--check", is_flag=True) +def main(check: bool) -> None: + + models = list(MODELS_DIR.iterdir()) + models = [model for model in models if model.is_dir()] + + for model in models: + values = find_all_values(model.name) + content = warning + input = get_linkerscript_for_model(model.name) + print(f"Processing {input}") + for name, value in values.items(): + content += f"{name} = {hex(value)};\n" + if not check: + input.write_text(content) + else: + actual = input.read_text() + if content != actual: + raise click.ClickException(f"{input} differs from expected") + + +if __name__ == "__main__": + main() diff --git a/poetry.lock b/poetry.lock index 74500faa4f..4ffb20f24d 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1583,7 +1583,7 @@ url = "python" [[package]] name = "trezor-core-tools" -version = "0.1.0" +version = "0.1.1" description = "Collection of CLI tools for trezor-core development" optional = false python-versions = "^3.8"