arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 06:18:07 +00:00
Code Issues Releases Wiki Activity

refactor(core/embed): remove supervise module

Browse Source 
[no changelog]
This commit is contained in:
cepetr 2024-08-08 18:26:25 +02:00 committed by cepetr
parent 1443f86983
commit 2fd5aca05c
31 changed files with 114 additions and 328 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/embed/extmod/modtrezorutils/modtrezorutils.c
View File

@ -19,9 +19,6 @@
#include "py/objstr.h"
#include "py/runtime.h"
#ifndef TREZOR_EMULATOR
#include "supervise.h"
#endif
#include "image.h"
#include "version.h"
@ -33,6 +30,7 @@
#include <string.h>
#include "blake2s.h"
#include "boot_args.h"
#include "common.h"
#include "flash.h"
#include "unit_variant.h"

9
core/embed/firmware/main.c
View File

@ -100,7 +100,6 @@
#endif
#include "platform.h"
#include "rng.h"
#include "supervise.h"
#ifdef USE_SECP256K1_ZKP
#include "zkp_context.h"
#endif
@ -108,9 +107,6 @@
#include "haptic.h"
#endif
// from util.s
extern void shutdown_privileged(void);
#ifdef USE_OPTIGA
#if !PYOPT
#include <inttypes.h>
@ -132,7 +128,6 @@ static void optiga_log_hex(const char *prefix, const uint8_t *data,
#endif
int main(void) {
svc_init();
systick_init();
systimer_init();
@ -251,10 +246,6 @@ int main(void) {
"Cannot initialize optiga.");
#endif
#if !defined TREZOR_MODEL_1
drop_privileges();
#endif
#ifdef USE_SECP256K1_ZKP
ensure(sectrue * (zkp_context_init() == 0), NULL);
#endif

7
core/embed/firmware/systemview.c
View File

@ -6,7 +6,6 @@
#include <string.h>
#include "irq.h"
#include "mpconfigport.h"
#include "supervise.h"
#include "SEGGER_SYSVIEW.h"
#include "SEGGER_SYSVIEW_Conf.h"
@ -52,6 +51,12 @@ typedef struct {
extern uint32_t SystemCoreClock;
static inline uint32_t is_mode_unprivileged(void) {
uint32_t r0;
__asm__ volatile("mrs %0, control" : "=r"(r0));
return r0 & 1;
}
uint32_t svc_get_dwt_cyccnt() {
if (is_mode_unprivileged()) {
__asm__ __volatile__("svc %0" ::"i"(SVC_GET_DWT_CYCCNT));

2
core/embed/lib/error_handling.c
View File

@ -22,7 +22,7 @@
#include <stdio.h>
#endif
#include "common.h"
#include "boot_args.h"
#include "display.h"
#include "error_handling.h"
#include "mini_printf.h"

6
core/embed/prodtest/main.c
View File

@ -25,6 +25,7 @@
#include STM32_HAL_H
#include "board_capabilities.h"
#include "boot_args.h"
#include "button.h"
#include "common.h"
#include "display.h"
@ -34,6 +35,7 @@
#include "flash.h"
#include "flash_otp.h"
#include "i2c.h"
#include "image.h"
#include "model.h"
#include "mpu.h"
#include "prodtest_common.h"
@ -41,7 +43,6 @@
#include "sbu.h"
#include "sdcard.h"
#include "secbool.h"
#include "supervise.h"
#include "systimer.h"
#include "touch.h"
#include "usb.h"
@ -777,7 +778,6 @@ void cpuid_read(void) {
#define BACKLIGHT_NORMAL 150
int main(void) {
svc_init();
systick_init();
systimer_init();
rdi_init();
@ -823,8 +823,6 @@ int main(void) {
mpu_config_prodtest();
fault_handlers_init();
drop_privileges();
display_clear();
draw_welcome_screen();

4
core/embed/trezorhal/boot_args.h
View File

@ -36,4 +36,8 @@ boot_command_t bootargs_get_command();
// Returns the pointer to boot arguments
const boot_args_t* bootargs_get_args();
void __attribute__((noreturn)) trezor_shutdown(void);
void __attribute__((noreturn)) svc_reboot_to_bootloader(void);
void __attribute__((noreturn)) svc_reboot(void);
#endif // TREZORHAL_BOOT_ARGS_H

2
core/embed/trezorhal/common.h
View File

@ -53,8 +53,6 @@
})
#endif
void __attribute__((noreturn)) trezor_shutdown(void);
// Invalidates firmware on the device
// Note: only works when write access to firmware area is enabled by MPU
void invalidate_firmware(void);

42
core/embed/trezorhal/stm32f4/boot_args.c
View File

@ -3,6 +3,10 @@
#include <common.h>
#include <string.h>
#include "display.h"
#include "irq.h"
#include "mpu.h"
// The 'g_boot_command_shadow' shadows a real boot command passed
// to the bootloader.
// 1. In the bootloader, its value is set in the startup code.
@ -42,3 +46,41 @@ void bootargs_set(boot_command_t command, const void* args, size_t args_size) {
boot_command_t bootargs_get_command() { return g_boot_command_shadow; }
const boot_args_t* bootargs_get_args() { return &g_boot_args; }
void __attribute__((noreturn)) trezor_shutdown(void) {
display_deinit(DISPLAY_RETAIN_CONTENT);
#if defined(STM32U5)
__HAL_RCC_SAES_CLK_DISABLE();
// Erase all secrets
TAMP->CR2 |= TAMP_CR2_BKERASE;
#endif
// from util.s
extern void shutdown_privileged(void);
shutdown_privileged();
for (;;)
;
}
void svc_reboot_to_bootloader(void) {
boot_command_t boot_command = bootargs_get_command();
display_deinit(DISPLAY_RESET_CONTENT);
#ifdef ENSURE_COMPATIBLE_SETTINGS
ensure_compatible_settings();
#endif
#ifdef STM32U5
// extern uint32_t g_boot_command;
g_boot_command = boot_command;
disable_irq();
delete_secrets();
NVIC_SystemReset();
#else
mpu_config_bootloader();
jump_to_with_flag(BOOTLOADER_START + IMAGE_HEADER_SIZE, boot_command);
for (;;)
;
#endif
}
void svc_reboot(void) { NVIC_SystemReset(); }

24
core/embed/trezorhal/stm32f4/common.c
View File

@ -23,12 +23,12 @@
#include "common.h"
#include "display.h"
#include "error_handling.h"
#include "model.h"
#include "flash_otp.h"
#include "platform.h"
#include "rand.h"
#include "supervise.h"
#include "stm32f4xx_ll_utils.h"
@ -36,20 +36,10 @@
#include "backlight_pwm.h"
#endif
// from util.s
extern void shutdown_privileged(void);
uint32_t __stack_chk_guard = 0;
void __attribute__((noreturn)) trezor_shutdown(void) {
display_deinit(DISPLAY_RETAIN_CONTENT);
#ifdef USE_SVC_SHUTDOWN
svc_shutdown();
#else
// It won't work properly unless called from the privileged mode
shutdown_privileged();
#endif
for (;;)
;
void __attribute__((noreturn)) __stack_chk_fail(void) {
error_shutdown("(SS)");
}
// reference RM0090 section 35.12.1 Figure 413
@ -69,12 +59,6 @@ void clear_otg_hs_memory(void) {
// the peripheral is not needed right now
}
uint32_t __stack_chk_guard = 0;
void __attribute__((noreturn)) __stack_chk_fail(void) {
error_shutdown("(SS)");
}
void invalidate_firmware(void) {
// erase start of the firmware (metadata) -> invalidate FW
ensure(flash_unlock_write(), NULL);

11
core/embed/trezorhal/stm32f4/displays/st7789v.c
View File

@ -26,7 +26,6 @@
#include "irq.h"
#include "memzero.h"
#include "st7789v.h"
#include "supervise.h"
#include STM32_HAL_H
#ifdef TREZOR_MODEL_T
@ -253,6 +252,12 @@ int display_orientation(int degrees) {
int display_get_orientation(void) { return DISPLAY_ORIENTATION; }
static inline uint32_t is_mode_handler(void) {
uint32_t r0;
__asm__ volatile("mrs %0, ipsr" : "=r"(r0));
return (r0 & 0x1FF) != 0;
}
int display_backlight(int val) {
#ifdef FRAMEBUFFER
#ifndef BOARDLOADER
@ -624,14 +629,14 @@ static void switch_fb_in_backround(void) {
pending_fb_switch = true;
__HAL_GPIO_EXTI_CLEAR_FLAG(DISPLAY_TE_PIN);
svc_enableIRQ(DISPLAY_TE_INTERRUPT_NUM);
NVIC_EnableIRQ(DISPLAY_TE_INTERRUPT_NUM);
} else {
act_frame_buffer = 0;
memcpy(PhysFrameBuffer1, PhysFrameBuffer0, sizeof(PhysFrameBuffer1));
pending_fb_switch = true;
__HAL_GPIO_EXTI_CLEAR_FLAG(DISPLAY_TE_PIN);
svc_enableIRQ(DISPLAY_TE_INTERRUPT_NUM);
NVIC_EnableIRQ(DISPLAY_TE_INTERRUPT_NUM);
}
}
#endif

11
core/embed/trezorhal/stm32f4/fault_handlers.c
View File

@ -1,3 +1,4 @@
#include TREZOR_BOARD
#include "common.h"
void fault_handlers_init(void) {
@ -21,3 +22,13 @@ void NMI_Handler(void) {
error_shutdown("(CS)");
}
}
// from util.s
extern void shutdown_privileged(void);
void PVD_IRQHandler(void) {
#ifdef BACKLIGHT_PWM_TIM
BACKLIGHT_PWM_TIM->BACKLIGHT_PWM_TIM_CCR = 0; // turn off display backlight
#endif
shutdown_privileged();
}

17
core/embed/trezorhal/stm32f4/platform.c
View File

@ -204,20 +204,3 @@ void set_core_clock(clock_settings_t settings) {
;
}
#endif
void drop_privileges(void) {
// jump to unprivileged mode
// http://infocenter.arm.com/help/topic/com.arm.doc.dui0552a/CHDBIBGJ.html
__asm__ volatile("msr control, %0" ::"r"(0x1));
__asm__ volatile("isb");
}
// from util.s
extern void shutdown_privileged(void);
void PVD_IRQHandler(void) {
#ifdef BACKLIGHT_PWM_TIM
BACKLIGHT_PWM_TIM->BACKLIGHT_PWM_TIM_CCR = 0; // turn off display backlight
#endif
shutdown_privileged();
}

1
core/embed/trezorhal/stm32f4/platform.h
View File

@ -36,7 +36,6 @@ void memset_reg(volatile void *start, volatile void *stop, uint32_t val);
void jump_to(uint32_t address);
void jump_to_with_flag(uint32_t address, uint32_t register_flag);
void clear_otg_hs_memory(void);
void drop_privileges(void);
extern uint32_t __stack_chk_guard;

17
core/embed/trezorhal/stm32f4/sdcard.c
View File

@ -51,7 +51,6 @@
#include "irq.h"
#include "sdcard-set_clr_card_detect.h"
#include "sdcard.h"
#include "supervise.h"
#define SDMMC_CLK_ENABLE() __HAL_RCC_SDMMC1_CLK_ENABLE()
#define SDMMC_CLK_DISABLE() __HAL_RCC_SDMMC1_CLK_DISABLE()
@ -134,8 +133,8 @@ void HAL_SD_MspInit(SD_HandleTypeDef *hsd) {
SDMMC_CLK_ENABLE();
// NVIC configuration for SDIO interrupts
svc_setpriority(SDMMC_IRQn, IRQ_PRI_NORMAL);
svc_enableIRQ(SDMMC_IRQn);
NVIC_SetPriority(SDMMC_IRQn, IRQ_PRI_NORMAL);
NVIC_EnableIRQ(SDMMC_IRQn);
}
// GPIO have already been initialised by sdcard_init
@ -143,7 +142,7 @@ void HAL_SD_MspInit(SD_HandleTypeDef *hsd) {
void HAL_SD_MspDeInit(SD_HandleTypeDef *hsd) {
if (hsd->Instance == sd_handle.Instance) {
svc_disableIRQ(SDMMC_IRQn);
NVIC_DisableIRQ(SDMMC_IRQn);
SDMMC_CLK_DISABLE();
}
}
@ -324,7 +323,7 @@ secbool sdcard_read_blocks(uint32_t *dest, uint32_t block_num,
DMA_HandleTypeDef dummy_dma = {0};
sd_handle.hdmatx = &dummy_dma;
svc_enableIRQ(DMA2_Stream3_IRQn);
NVIC_EnableIRQ(DMA2_Stream3_IRQn);
sdcard_reset_periph();
err =
@ -333,7 +332,7 @@ secbool sdcard_read_blocks(uint32_t *dest, uint32_t block_num,
err = sdcard_wait_finished(&sd_handle, 5000);
}
svc_disableIRQ(DMA2_Stream3_IRQn);
NVIC_DisableIRQ(DMA2_Stream3_IRQn);
HAL_DMA_DeInit(&sd_dma);
sd_handle.hdmarx = NULL;
@ -380,7 +379,7 @@ secbool sdcard_write_blocks(const uint32_t *src, uint32_t block_num,
DMA_HandleTypeDef dummy_dma = {0};
sd_handle.hdmarx = &dummy_dma;
svc_enableIRQ(DMA2_Stream3_IRQn);
NVIC_EnableIRQ(DMA2_Stream3_IRQn);
sdcard_reset_periph();
err =
@ -389,9 +388,11 @@ secbool sdcard_write_blocks(const uint32_t *src, uint32_t block_num,
err = sdcard_wait_finished(&sd_handle, 5000);
}
svc_disableIRQ(DMA2_Stream3_IRQn);
NVIC_DisableIRQ(DMA2_Stream3_IRQn);
HAL_DMA_DeInit(&sd_dma);
sd_handle.hdmatx = NULL;
return sectrue * (err == HAL_OK);
}
#endif // KERNEL_MODE

126
core/embed/trezorhal/stm32f4/supervise.c
View File

@ -1,126 +0,0 @@
#include STM32_HAL_H
#include <model.h>
#include "../mpu.h"
#include "common.h"
#include "display.h"
#include "irq.h"
#include "supervise.h"
#ifdef ARM_USER_MODE
void svc_init(void) {
NVIC_SetPriority(SVCall_IRQn, IRQ_PRI_HIGHEST);
// We need to ensure that SysTick has the expected priority.
// The SysTick priority is configured in the boardloader,
// and some early versions didn't set this properly.
NVIC_SetPriority(SysTick_IRQn, IRQ_PRI_HIGHEST);
}
#ifdef STM32U5
extern uint32_t g_boot_command;
__attribute__((noreturn)) static void _reboot_to_bootloader(
boot_command_t boot_command) {
g_boot_command = boot_command;
disable_irq();
delete_secrets();
NVIC_SystemReset();
}
#else
__attribute__((noreturn)) static void _reboot_to_bootloader(
boot_command_t boot_command) {
display_deinit(DISPLAY_RESET_CONTENT);
#ifdef ENSURE_COMPATIBLE_SETTINGS
ensure_compatible_settings();
#endif
mpu_config_bootloader();
jump_to_with_flag(IMAGE_CODE_ALIGN(BOOTLOADER_START + IMAGE_HEADER_SIZE),
boot_command);
for (;;)
;
}
#endif
void svc_reboot_to_bootloader(void) {
boot_command_t boot_command = bootargs_get_command();
if (is_mode_unprivileged() && !is_mode_handler()) {
register uint32_t r0 __asm__("r0") = boot_command;
__asm__ __volatile__("svc %0" ::"i"(SVC_REBOOT_TO_BOOTLOADER), "r"(r0)
: "memory");
} else {
_reboot_to_bootloader(boot_command);
}
}
void svc_reboot(void) {
if (is_mode_unprivileged() && !is_mode_handler()) {
__asm__ __volatile__("svc %0" ::"i"(SVC_REBOOT) : "memory");
} else {
NVIC_SystemReset();
}
}
void SVC_C_Handler(uint32_t *stack) {
uint8_t svc_number = ((uint8_t *)stack[6])[-2];
switch (svc_number) {
case SVC_ENABLE_IRQ:
NVIC_EnableIRQ(stack[0]);
break;
case SVC_DISABLE_IRQ:
NVIC_DisableIRQ(stack[0]);
break;
case SVC_SET_PRIORITY:
NVIC_SetPriority(stack[0], stack[1]);
break;
#ifdef SYSTEM_VIEW
case SVC_GET_DWT_CYCCNT:
cyccnt_cycles = *DWT_CYCCNT_ADDR;
break;
#endif
case SVC_SHUTDOWN:
shutdown_privileged();
for (;;)
;
break;
case SVC_REBOOT_TO_BOOTLOADER:
__asm__ volatile("msr control, %0" ::"r"(0x0));
__asm__ volatile("isb");
// The input stack[0] argument comes from R0 saved when SVC was called
// from svc_reboot_to_bootloader. The __asm__ directive expects address as
// argument, hence the & in front of it, otherwise it would try
// to dereference the value and fault
__asm__ volatile(
"mov r0, %[boot_command]" ::[boot_command] "r"(&stack[0]));
// See stack layout in
// https://developer.arm.com/documentation/ka004005/latest We are changing
// return address in PC to land into reboot to avoid any bug with ROP and
// raising privileges.
stack[6] = (uintptr_t)_reboot_to_bootloader;
return;
case SVC_REBOOT:
NVIC_SystemReset();
break;
default:
stack[0] = 0xffffffff;
break;
}
}
__attribute__((naked)) void SVC_Handler(void) {
__asm volatile(
" tst lr, #4 \n" // Test Bit 3 to see which stack pointer we should
// use
" ite eq \n" // Tell the assembler that the nest 2 instructions
// are if-then-else
" mrseq r0, msp \n" // Make R0 point to main stack pointer
" mrsne r0, psp \n" // Make R0 point to process stack pointer
" b SVC_C_Handler \n" // Off to C land
);
}
#endif // ARM_USER_MODE

74
core/embed/trezorhal/stm32f4/supervise.h
View File

@ -1,74 +0,0 @@
// supervisor call functions
#define SVC_ENABLE_IRQ 0
#define SVC_DISABLE_IRQ 1
#define SVC_SET_PRIORITY 2
#define SVC_SHUTDOWN 4
#define SVC_REBOOT_TO_BOOTLOADER 5
#define SVC_REBOOT 6
#include <string.h>
#include "boot_args.h"
#include "common.h"
#include "image.h"
// from util.s
extern void shutdown_privileged(void);
// Initializes the supervise module
//
// Must be called before invoking the first `svc_xxx` call
void svc_init(void);
static inline uint32_t is_mode_unprivileged(void) {
uint32_t r0;
__asm__ volatile("mrs %0, control" : "=r"(r0));
return r0 & 1;
}
static inline uint32_t is_mode_handler(void) {
uint32_t r0;
__asm__ volatile("mrs %0, ipsr" : "=r"(r0));
return (r0 & 0x1FF) != 0;
}
static inline void svc_enableIRQ(uint32_t IRQn) {
if (is_mode_unprivileged() && !is_mode_handler()) {
register uint32_t r0 __asm__("r0") = IRQn;
__asm__ __volatile__("svc %0" ::"i"(SVC_ENABLE_IRQ), "r"(r0) : "memory");
} else {
NVIC_EnableIRQ(IRQn);
}
}
static inline void svc_disableIRQ(uint32_t IRQn) {
if (is_mode_unprivileged() && !is_mode_handler()) {
register uint32_t r0 __asm__("r0") = IRQn;
__asm__ __volatile__("svc %0" ::"i"(SVC_DISABLE_IRQ), "r"(r0) : "memory");
} else {
NVIC_DisableIRQ(IRQn);
}
}
static inline void svc_setpriority(uint32_t IRQn, uint32_t priority) {
if (is_mode_unprivileged() && !is_mode_handler()) {
register uint32_t r0 __asm__("r0") = IRQn;
register uint32_t r1 __asm__("r1") = priority;
__asm__ __volatile__("svc %0" ::"i"(SVC_SET_PRIORITY), "r"(r0), "r"(r1)
: "memory");
} else {
NVIC_SetPriority(IRQn, priority);
}
}
static inline void svc_shutdown(void) {
if (is_mode_unprivileged() && !is_mode_handler()) {
__asm__ __volatile__("svc %0" ::"i"(SVC_SHUTDOWN) : "memory");
} else {
shutdown_privileged();
}
}
void svc_reboot_to_bootloader(void);
void svc_reboot(void);

9
core/embed/trezorhal/stm32f4/usb/usbd_conf.c
View File

@ -55,7 +55,6 @@
#include "usbd_core.h"
#include "usb.h"
#include "irq.h"
#include "supervise.h"
#include "systemview.h"
/* Private typedef -----------------------------------------------------------*/
@ -147,10 +146,10 @@ void HAL_PCD_MspInit(PCD_HandleTypeDef *hpcd)
#endif
/* Set USBFS Interrupt priority */
svc_setpriority(OTG_FS_IRQn, IRQ_PRI_NORMAL);
NVIC_SetPriority(OTG_FS_IRQn, IRQ_PRI_NORMAL);
/* Enable USBFS Interrupt */
svc_enableIRQ(OTG_FS_IRQn);
NVIC_EnableIRQ(OTG_FS_IRQn);
}
#endif
#if defined(USE_USB_HS)
@ -302,10 +301,10 @@ void HAL_PCD_MspInit(PCD_HandleTypeDef *hpcd)
#endif // !USE_USB_HS_IN_FS
/* Set USBHS Interrupt to the lowest priority */
svc_setpriority(OTG_HS_IRQn, IRQ_PRI_NORMAL);
NVIC_SetPriority(OTG_HS_IRQn, IRQ_PRI_NORMAL);
/* Enable USBHS Interrupt */
svc_enableIRQ(OTG_HS_IRQn);
NVIC_EnableIRQ(OTG_HS_IRQn);
}
#endif // USE_USB_HS
}

5
core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_driver.c
View File

@ -27,7 +27,6 @@
#include "display_panel.h"
#include "backlight_pwm.h"
#include "supervise.h"
#ifndef BOARDLOADER
#include "bg_copy.h"
@ -93,7 +92,7 @@ void display_deinit(display_content_mode_t mode) {
// the display controller
display_ensure_refreshed();
// Disable periodical interrupt
svc_disableIRQ(DISPLAY_TE_INTERRUPT_NUM);
NVIC_DisableIRQ(DISPLAY_TE_INTERRUPT_NUM);
#endif
#endif
@ -122,7 +121,7 @@ int display_set_backlight(int level) {
#ifdef XFRAMEBUFFER
#ifndef BOARDLOADER
// if turning on the backlight, wait until the panel is refreshed
if (backlight_pwm_get() < level && !is_mode_handler()) {
if (backlight_pwm_get() < level && !is_mode_exception()) {
display_ensure_refreshed();
}
#endif

5
core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c
View File

@ -32,7 +32,6 @@
#include "gfx_bitblt.h"
#include "irq.h"
#include "supervise.h"
#ifndef BOARDLOADER
#include "bg_copy.h"
@ -210,7 +209,7 @@ void display_refresh(void) {
}
#ifndef BOARDLOADER
if (is_mode_handler()) {
if (is_mode_exception()) {
// Disable scheduling of any new background copying
NVIC_DisableIRQ(DISPLAY_TE_INTERRUPT_NUM);
// Wait for next TE signal. During this time the
@ -250,7 +249,7 @@ void display_ensure_refreshed(void) {
return;
}
if (!is_mode_handler()) {
if (!is_mode_exception()) {
bool copy_pending;
// Wait until all frame buffers are written to the display

5
core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_internal.h
View File

@ -59,4 +59,9 @@ typedef struct {
// Display driver instance
extern display_driver_t g_display_driver;
static inline uint32_t is_mode_exception(void) {
uint32_t isr_number = __get_IPSR() & IPSR_ISR_Msk;
return (isr_number > 0) && (isr_number << 11);
}
#endif // TREZORHAL_DISPLAY_INTERNAL_H

1
core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_io.c
View File

@ -22,7 +22,6 @@
#include "display_io.h"
#include "irq.h"
#include "supervise.h"
__IO DISP_MEM_TYPE *const DISPLAY_CMD_ADDRESS =
(__IO DISP_MEM_TYPE *const)((uint32_t)DISPLAY_MEMORY_BASE);

23
core/embed/trezorhal/stm32u5/common.c
View File

@ -23,36 +23,15 @@
#include "common.h"
#include "display.h"
#include "error_handling.h"
#include "flash_otp.h"
#include "model.h"
#include "platform.h"
#include "rand.h"
#include "secret.h"
#include "supervise.h"
#include "stm32u5xx_ll_utils.h"
// from util.s
extern void shutdown_privileged(void);
void __attribute__((noreturn)) trezor_shutdown(void) {
display_deinit(DISPLAY_RETAIN_CONTENT);
__HAL_RCC_SAES_CLK_DISABLE();
// Erase all secrets
TAMP->CR2 |= TAMP_CR2_BKERASE;
#ifdef USE_SVC_SHUTDOWN
svc_shutdown();
#else
// It won't work properly unless called from the privileged mode
shutdown_privileged();
#endif
for (;;)
;
}
uint32_t __stack_chk_guard = 0;
void __attribute__((noreturn)) __stack_chk_fail(void) {

8
core/embed/trezorhal/stm32u5/fault_handlers.c
View File

@ -34,3 +34,11 @@ void NMI_Handler(void) {
error_shutdown("(CS)");
}
}
// from util.s
extern void shutdown_privileged(void);
void PVD_PVM_IRQHandler(void) {
TIM1->CCR1 = 0; // turn off display backlight
shutdown_privileged();
}

15
core/embed/trezorhal/stm32u5/platform.c
View File

@ -213,18 +213,3 @@ void SystemInit(void) {
// enable instruction cache in default 2-way mode
ICACHE->CR = ICACHE_CR_EN;
}
void drop_privileges(void) {
// jump to unprivileged mode
// http://infocenter.arm.com/help/topic/com.arm.doc.dui0552a/CHDBIBGJ.html
__asm__ volatile("msr control, %0" ::"r"(0x1));
__asm__ volatile("isb");
}
// from util.s
extern void shutdown_privileged(void);
void PVD_PVM_IRQHandler(void) {
TIM1->CCR1 = 0; // turn off display backlight
shutdown_privileged();
}

1
core/embed/trezorhal/stm32u5/platform.h
View File

@ -34,7 +34,6 @@ typedef enum {
} clock_settings_t;
void set_core_clock(clock_settings_t settings);
void drop_privileges(void);
// the following functions are defined in util.s
void memset_reg(volatile void *start, volatile void *stop, uint32_t val);

7
core/embed/trezorhal/stm32u5/sdcard.c
View File

@ -50,7 +50,6 @@
#include "irq.h"
#include "sdcard.h"
#include "supervise.h"
#define SDMMC_CLK_ENABLE() __HAL_RCC_SDMMC1_CLK_ENABLE()
#define SDMMC_CLK_DISABLE() __HAL_RCC_SDMMC1_CLK_DISABLE()
@ -138,8 +137,8 @@ void HAL_SD_MspInit(SD_HandleTypeDef *hsd) {
SDMMC_CLK_ENABLE();
// NVIC configuration for SDIO interrupts
svc_setpriority(SDMMC_IRQn, IRQ_PRI_NORMAL);
svc_enableIRQ(SDMMC_IRQn);
NVIC_SetPriority(SDMMC_IRQn, IRQ_PRI_NORMAL);
NVIC_EnableIRQ(SDMMC_IRQn);
}
// GPIO have already been initialised by sdcard_init
@ -147,7 +146,7 @@ void HAL_SD_MspInit(SD_HandleTypeDef *hsd) {
void HAL_SD_MspDeInit(SD_HandleTypeDef *hsd) {
if (hsd->Instance == sd_handle.Instance) {
svc_disableIRQ(SDMMC_IRQn);
NVIC_DisableIRQ(SDMMC_IRQn);
SDMMC_CLK_DISABLE();
}
}

1
core/embed/trezorhal/stm32u5/supervise.c
View File

@ -1 +0,0 @@
../stm32f4/supervise.c

1
core/embed/trezorhal/stm32u5/supervise.h
View File

@ -1 +0,0 @@
../stm32f4/supervise.h

2
core/embed/trezorhal/stm32u5/tamper.c
View File

@ -17,8 +17,8 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <error_handling.h>
#include <irq.h>
#include <supervise.h>
#include <tamper.h>
#include STM32_HAL_H

1
core/site_scons/models/stm32f4_common.py
View File

@ -54,7 +54,6 @@ def stm32f4_common_files(env, defines, sources, paths):
"embed/trezorhal/stm32f4/secret.c",
"embed/trezorhal/stm32f4/systick.c",
"embed/trezorhal/stm32f4/systimer.c",
"embed/trezorhal/stm32f4/supervise.c",
"embed/trezorhal/stm32f4/time_estimate.c",
"embed/trezorhal/stm32f4/random_delays.c",
"embed/trezorhal/stm32f4/rng.c",

1
core/site_scons/models/stm32u5_common.py
View File

@ -65,7 +65,6 @@ def stm32u5_common_files(env, defines, sources, paths):
"embed/trezorhal/stm32u5/secure_aes.c",
"embed/trezorhal/stm32u5/systick.c",
"embed/trezorhal/stm32f4/systimer.c",
"embed/trezorhal/stm32f4/supervise.c",
"embed/trezorhal/stm32u5/random_delays.c",
"embed/trezorhal/stm32u5/rng.c",
"embed/trezorhal/stm32u5/tamper.c",