From 2fd5aca05c93fe511931eb5b6ee1e909e871b3be Mon Sep 17 00:00:00 2001 From: cepetr Date: Thu, 8 Aug 2024 18:26:25 +0200 Subject: [PATCH] refactor(core/embed): remove supervise module [no changelog] --- .../extmod/modtrezorutils/modtrezorutils.c | 4 +- core/embed/firmware/main.c | 9 -- core/embed/firmware/systemview.c | 7 +- core/embed/lib/error_handling.c | 2 +- core/embed/prodtest/main.c | 6 +- core/embed/trezorhal/boot_args.h | 4 + core/embed/trezorhal/common.h | 2 - core/embed/trezorhal/stm32f4/boot_args.c | 42 ++++++ core/embed/trezorhal/stm32f4/common.c | 24 +--- .../trezorhal/stm32f4/displays/st7789v.c | 11 +- core/embed/trezorhal/stm32f4/fault_handlers.c | 11 ++ core/embed/trezorhal/stm32f4/platform.c | 17 --- core/embed/trezorhal/stm32f4/platform.h | 1 - core/embed/trezorhal/stm32f4/sdcard.c | 17 +-- core/embed/trezorhal/stm32f4/supervise.c | 126 ------------------ core/embed/trezorhal/stm32f4/supervise.h | 74 ---------- core/embed/trezorhal/stm32f4/usb/usbd_conf.c | 9 +- .../stm32f4/xdisplay/st-7789/display_driver.c | 5 +- .../stm32f4/xdisplay/st-7789/display_fb.c | 5 +- .../xdisplay/st-7789/display_internal.h | 5 + .../stm32f4/xdisplay/st-7789/display_io.c | 1 - core/embed/trezorhal/stm32u5/common.c | 23 +--- core/embed/trezorhal/stm32u5/fault_handlers.c | 8 ++ core/embed/trezorhal/stm32u5/platform.c | 15 --- core/embed/trezorhal/stm32u5/platform.h | 1 - core/embed/trezorhal/stm32u5/sdcard.c | 7 +- core/embed/trezorhal/stm32u5/supervise.c | 1 - core/embed/trezorhal/stm32u5/supervise.h | 1 - core/embed/trezorhal/stm32u5/tamper.c | 2 +- core/site_scons/models/stm32f4_common.py | 1 - core/site_scons/models/stm32u5_common.py | 1 - 31 files changed, 114 insertions(+), 328 deletions(-) delete mode 100644 core/embed/trezorhal/stm32f4/supervise.c delete mode 100644 core/embed/trezorhal/stm32f4/supervise.h delete mode 120000 core/embed/trezorhal/stm32u5/supervise.c delete mode 120000 core/embed/trezorhal/stm32u5/supervise.h diff --git a/core/embed/extmod/modtrezorutils/modtrezorutils.c b/core/embed/extmod/modtrezorutils/modtrezorutils.c index d00e35d11f..a18aaeea17 100644 --- a/core/embed/extmod/modtrezorutils/modtrezorutils.c +++ b/core/embed/extmod/modtrezorutils/modtrezorutils.c @@ -19,9 +19,6 @@ #include "py/objstr.h" #include "py/runtime.h" -#ifndef TREZOR_EMULATOR -#include "supervise.h" -#endif #include "image.h" #include "version.h" @@ -33,6 +30,7 @@ #include #include "blake2s.h" +#include "boot_args.h" #include "common.h" #include "flash.h" #include "unit_variant.h" diff --git a/core/embed/firmware/main.c b/core/embed/firmware/main.c index c6296ff6fa..933835f300 100644 --- a/core/embed/firmware/main.c +++ b/core/embed/firmware/main.c @@ -100,7 +100,6 @@ #endif #include "platform.h" #include "rng.h" -#include "supervise.h" #ifdef USE_SECP256K1_ZKP #include "zkp_context.h" #endif @@ -108,9 +107,6 @@ #include "haptic.h" #endif -// from util.s -extern void shutdown_privileged(void); - #ifdef USE_OPTIGA #if !PYOPT #include @@ -132,7 +128,6 @@ static void optiga_log_hex(const char *prefix, const uint8_t *data, #endif int main(void) { - svc_init(); systick_init(); systimer_init(); @@ -251,10 +246,6 @@ int main(void) { "Cannot initialize optiga."); #endif -#if !defined TREZOR_MODEL_1 - drop_privileges(); -#endif - #ifdef USE_SECP256K1_ZKP ensure(sectrue * (zkp_context_init() == 0), NULL); #endif diff --git a/core/embed/firmware/systemview.c b/core/embed/firmware/systemview.c index 06fc221e32..91021d2f01 100644 --- a/core/embed/firmware/systemview.c +++ b/core/embed/firmware/systemview.c @@ -6,7 +6,6 @@ #include #include "irq.h" #include "mpconfigport.h" -#include "supervise.h" #include "SEGGER_SYSVIEW.h" #include "SEGGER_SYSVIEW_Conf.h" @@ -52,6 +51,12 @@ typedef struct { extern uint32_t SystemCoreClock; +static inline uint32_t is_mode_unprivileged(void) { + uint32_t r0; + __asm__ volatile("mrs %0, control" : "=r"(r0)); + return r0 & 1; +} + uint32_t svc_get_dwt_cyccnt() { if (is_mode_unprivileged()) { __asm__ __volatile__("svc %0" ::"i"(SVC_GET_DWT_CYCCNT)); diff --git a/core/embed/lib/error_handling.c b/core/embed/lib/error_handling.c index f93636c058..e4f8227fb3 100644 --- a/core/embed/lib/error_handling.c +++ b/core/embed/lib/error_handling.c @@ -22,7 +22,7 @@ #include #endif -#include "common.h" +#include "boot_args.h" #include "display.h" #include "error_handling.h" #include "mini_printf.h" diff --git a/core/embed/prodtest/main.c b/core/embed/prodtest/main.c index 5f9e0e0782..a40d06ad80 100644 --- a/core/embed/prodtest/main.c +++ b/core/embed/prodtest/main.c @@ -25,6 +25,7 @@ #include STM32_HAL_H #include "board_capabilities.h" +#include "boot_args.h" #include "button.h" #include "common.h" #include "display.h" @@ -34,6 +35,7 @@ #include "flash.h" #include "flash_otp.h" #include "i2c.h" +#include "image.h" #include "model.h" #include "mpu.h" #include "prodtest_common.h" @@ -41,7 +43,6 @@ #include "sbu.h" #include "sdcard.h" #include "secbool.h" -#include "supervise.h" #include "systimer.h" #include "touch.h" #include "usb.h" @@ -777,7 +778,6 @@ void cpuid_read(void) { #define BACKLIGHT_NORMAL 150 int main(void) { - svc_init(); systick_init(); systimer_init(); rdi_init(); @@ -823,8 +823,6 @@ int main(void) { mpu_config_prodtest(); fault_handlers_init(); - drop_privileges(); - display_clear(); draw_welcome_screen(); diff --git a/core/embed/trezorhal/boot_args.h b/core/embed/trezorhal/boot_args.h index 4236a42ae9..4fd4c1d519 100644 --- a/core/embed/trezorhal/boot_args.h +++ b/core/embed/trezorhal/boot_args.h @@ -36,4 +36,8 @@ boot_command_t bootargs_get_command(); // Returns the pointer to boot arguments const boot_args_t* bootargs_get_args(); +void __attribute__((noreturn)) trezor_shutdown(void); +void __attribute__((noreturn)) svc_reboot_to_bootloader(void); +void __attribute__((noreturn)) svc_reboot(void); + #endif // TREZORHAL_BOOT_ARGS_H diff --git a/core/embed/trezorhal/common.h b/core/embed/trezorhal/common.h index 6675a6f0c0..457950dd46 100644 --- a/core/embed/trezorhal/common.h +++ b/core/embed/trezorhal/common.h @@ -53,8 +53,6 @@ }) #endif -void __attribute__((noreturn)) trezor_shutdown(void); - // Invalidates firmware on the device // Note: only works when write access to firmware area is enabled by MPU void invalidate_firmware(void); diff --git a/core/embed/trezorhal/stm32f4/boot_args.c b/core/embed/trezorhal/stm32f4/boot_args.c index 70caf21fc6..52bd449556 100644 --- a/core/embed/trezorhal/stm32f4/boot_args.c +++ b/core/embed/trezorhal/stm32f4/boot_args.c @@ -3,6 +3,10 @@ #include #include +#include "display.h" +#include "irq.h" +#include "mpu.h" + // The 'g_boot_command_shadow' shadows a real boot command passed // to the bootloader. // 1. In the bootloader, its value is set in the startup code. @@ -42,3 +46,41 @@ void bootargs_set(boot_command_t command, const void* args, size_t args_size) { boot_command_t bootargs_get_command() { return g_boot_command_shadow; } const boot_args_t* bootargs_get_args() { return &g_boot_args; } + +void __attribute__((noreturn)) trezor_shutdown(void) { + display_deinit(DISPLAY_RETAIN_CONTENT); + +#if defined(STM32U5) + __HAL_RCC_SAES_CLK_DISABLE(); + // Erase all secrets + TAMP->CR2 |= TAMP_CR2_BKERASE; +#endif + // from util.s + extern void shutdown_privileged(void); + shutdown_privileged(); + + for (;;) + ; +} + +void svc_reboot_to_bootloader(void) { + boot_command_t boot_command = bootargs_get_command(); + display_deinit(DISPLAY_RESET_CONTENT); +#ifdef ENSURE_COMPATIBLE_SETTINGS + ensure_compatible_settings(); +#endif +#ifdef STM32U5 + // extern uint32_t g_boot_command; + g_boot_command = boot_command; + disable_irq(); + delete_secrets(); + NVIC_SystemReset(); +#else + mpu_config_bootloader(); + jump_to_with_flag(BOOTLOADER_START + IMAGE_HEADER_SIZE, boot_command); + for (;;) + ; +#endif +} + +void svc_reboot(void) { NVIC_SystemReset(); } diff --git a/core/embed/trezorhal/stm32f4/common.c b/core/embed/trezorhal/stm32f4/common.c index 6da54de95c..327344525a 100644 --- a/core/embed/trezorhal/stm32f4/common.c +++ b/core/embed/trezorhal/stm32f4/common.c @@ -23,12 +23,12 @@ #include "common.h" #include "display.h" +#include "error_handling.h" #include "model.h" #include "flash_otp.h" #include "platform.h" #include "rand.h" -#include "supervise.h" #include "stm32f4xx_ll_utils.h" @@ -36,20 +36,10 @@ #include "backlight_pwm.h" #endif -// from util.s -extern void shutdown_privileged(void); +uint32_t __stack_chk_guard = 0; -void __attribute__((noreturn)) trezor_shutdown(void) { - display_deinit(DISPLAY_RETAIN_CONTENT); -#ifdef USE_SVC_SHUTDOWN - svc_shutdown(); -#else - // It won't work properly unless called from the privileged mode - shutdown_privileged(); -#endif - - for (;;) - ; +void __attribute__((noreturn)) __stack_chk_fail(void) { + error_shutdown("(SS)"); } // reference RM0090 section 35.12.1 Figure 413 @@ -69,12 +59,6 @@ void clear_otg_hs_memory(void) { // the peripheral is not needed right now } -uint32_t __stack_chk_guard = 0; - -void __attribute__((noreturn)) __stack_chk_fail(void) { - error_shutdown("(SS)"); -} - void invalidate_firmware(void) { // erase start of the firmware (metadata) -> invalidate FW ensure(flash_unlock_write(), NULL); diff --git a/core/embed/trezorhal/stm32f4/displays/st7789v.c b/core/embed/trezorhal/stm32f4/displays/st7789v.c index 68fc9ebaf9..9d9bce4ed9 100644 --- a/core/embed/trezorhal/stm32f4/displays/st7789v.c +++ b/core/embed/trezorhal/stm32f4/displays/st7789v.c @@ -26,7 +26,6 @@ #include "irq.h" #include "memzero.h" #include "st7789v.h" -#include "supervise.h" #include STM32_HAL_H #ifdef TREZOR_MODEL_T @@ -253,6 +252,12 @@ int display_orientation(int degrees) { int display_get_orientation(void) { return DISPLAY_ORIENTATION; } +static inline uint32_t is_mode_handler(void) { + uint32_t r0; + __asm__ volatile("mrs %0, ipsr" : "=r"(r0)); + return (r0 & 0x1FF) != 0; +} + int display_backlight(int val) { #ifdef FRAMEBUFFER #ifndef BOARDLOADER @@ -624,14 +629,14 @@ static void switch_fb_in_backround(void) { pending_fb_switch = true; __HAL_GPIO_EXTI_CLEAR_FLAG(DISPLAY_TE_PIN); - svc_enableIRQ(DISPLAY_TE_INTERRUPT_NUM); + NVIC_EnableIRQ(DISPLAY_TE_INTERRUPT_NUM); } else { act_frame_buffer = 0; memcpy(PhysFrameBuffer1, PhysFrameBuffer0, sizeof(PhysFrameBuffer1)); pending_fb_switch = true; __HAL_GPIO_EXTI_CLEAR_FLAG(DISPLAY_TE_PIN); - svc_enableIRQ(DISPLAY_TE_INTERRUPT_NUM); + NVIC_EnableIRQ(DISPLAY_TE_INTERRUPT_NUM); } } #endif diff --git a/core/embed/trezorhal/stm32f4/fault_handlers.c b/core/embed/trezorhal/stm32f4/fault_handlers.c index f36e286baf..5c6d43152c 100644 --- a/core/embed/trezorhal/stm32f4/fault_handlers.c +++ b/core/embed/trezorhal/stm32f4/fault_handlers.c @@ -1,3 +1,4 @@ +#include TREZOR_BOARD #include "common.h" void fault_handlers_init(void) { @@ -21,3 +22,13 @@ void NMI_Handler(void) { error_shutdown("(CS)"); } } + +// from util.s +extern void shutdown_privileged(void); + +void PVD_IRQHandler(void) { +#ifdef BACKLIGHT_PWM_TIM + BACKLIGHT_PWM_TIM->BACKLIGHT_PWM_TIM_CCR = 0; // turn off display backlight +#endif + shutdown_privileged(); +} diff --git a/core/embed/trezorhal/stm32f4/platform.c b/core/embed/trezorhal/stm32f4/platform.c index 595b9b1378..47aaa72e93 100644 --- a/core/embed/trezorhal/stm32f4/platform.c +++ b/core/embed/trezorhal/stm32f4/platform.c @@ -204,20 +204,3 @@ void set_core_clock(clock_settings_t settings) { ; } #endif - -void drop_privileges(void) { - // jump to unprivileged mode - // http://infocenter.arm.com/help/topic/com.arm.doc.dui0552a/CHDBIBGJ.html - __asm__ volatile("msr control, %0" ::"r"(0x1)); - __asm__ volatile("isb"); -} - -// from util.s -extern void shutdown_privileged(void); - -void PVD_IRQHandler(void) { -#ifdef BACKLIGHT_PWM_TIM - BACKLIGHT_PWM_TIM->BACKLIGHT_PWM_TIM_CCR = 0; // turn off display backlight -#endif - shutdown_privileged(); -} diff --git a/core/embed/trezorhal/stm32f4/platform.h b/core/embed/trezorhal/stm32f4/platform.h index 00a2ce256f..c731465446 100644 --- a/core/embed/trezorhal/stm32f4/platform.h +++ b/core/embed/trezorhal/stm32f4/platform.h @@ -36,7 +36,6 @@ void memset_reg(volatile void *start, volatile void *stop, uint32_t val); void jump_to(uint32_t address); void jump_to_with_flag(uint32_t address, uint32_t register_flag); void clear_otg_hs_memory(void); -void drop_privileges(void); extern uint32_t __stack_chk_guard; diff --git a/core/embed/trezorhal/stm32f4/sdcard.c b/core/embed/trezorhal/stm32f4/sdcard.c index f308dd1265..432e5cb49f 100644 --- a/core/embed/trezorhal/stm32f4/sdcard.c +++ b/core/embed/trezorhal/stm32f4/sdcard.c @@ -51,7 +51,6 @@ #include "irq.h" #include "sdcard-set_clr_card_detect.h" #include "sdcard.h" -#include "supervise.h" #define SDMMC_CLK_ENABLE() __HAL_RCC_SDMMC1_CLK_ENABLE() #define SDMMC_CLK_DISABLE() __HAL_RCC_SDMMC1_CLK_DISABLE() @@ -134,8 +133,8 @@ void HAL_SD_MspInit(SD_HandleTypeDef *hsd) { SDMMC_CLK_ENABLE(); // NVIC configuration for SDIO interrupts - svc_setpriority(SDMMC_IRQn, IRQ_PRI_NORMAL); - svc_enableIRQ(SDMMC_IRQn); + NVIC_SetPriority(SDMMC_IRQn, IRQ_PRI_NORMAL); + NVIC_EnableIRQ(SDMMC_IRQn); } // GPIO have already been initialised by sdcard_init @@ -143,7 +142,7 @@ void HAL_SD_MspInit(SD_HandleTypeDef *hsd) { void HAL_SD_MspDeInit(SD_HandleTypeDef *hsd) { if (hsd->Instance == sd_handle.Instance) { - svc_disableIRQ(SDMMC_IRQn); + NVIC_DisableIRQ(SDMMC_IRQn); SDMMC_CLK_DISABLE(); } } @@ -324,7 +323,7 @@ secbool sdcard_read_blocks(uint32_t *dest, uint32_t block_num, DMA_HandleTypeDef dummy_dma = {0}; sd_handle.hdmatx = &dummy_dma; - svc_enableIRQ(DMA2_Stream3_IRQn); + NVIC_EnableIRQ(DMA2_Stream3_IRQn); sdcard_reset_periph(); err = @@ -333,7 +332,7 @@ secbool sdcard_read_blocks(uint32_t *dest, uint32_t block_num, err = sdcard_wait_finished(&sd_handle, 5000); } - svc_disableIRQ(DMA2_Stream3_IRQn); + NVIC_DisableIRQ(DMA2_Stream3_IRQn); HAL_DMA_DeInit(&sd_dma); sd_handle.hdmarx = NULL; @@ -380,7 +379,7 @@ secbool sdcard_write_blocks(const uint32_t *src, uint32_t block_num, DMA_HandleTypeDef dummy_dma = {0}; sd_handle.hdmarx = &dummy_dma; - svc_enableIRQ(DMA2_Stream3_IRQn); + NVIC_EnableIRQ(DMA2_Stream3_IRQn); sdcard_reset_periph(); err = @@ -389,9 +388,11 @@ secbool sdcard_write_blocks(const uint32_t *src, uint32_t block_num, err = sdcard_wait_finished(&sd_handle, 5000); } - svc_disableIRQ(DMA2_Stream3_IRQn); + NVIC_DisableIRQ(DMA2_Stream3_IRQn); HAL_DMA_DeInit(&sd_dma); sd_handle.hdmatx = NULL; return sectrue * (err == HAL_OK); } + +#endif // KERNEL_MODE diff --git a/core/embed/trezorhal/stm32f4/supervise.c b/core/embed/trezorhal/stm32f4/supervise.c deleted file mode 100644 index d1cfd372e5..0000000000 --- a/core/embed/trezorhal/stm32f4/supervise.c +++ /dev/null @@ -1,126 +0,0 @@ -#include STM32_HAL_H - -#include - -#include "../mpu.h" -#include "common.h" -#include "display.h" -#include "irq.h" -#include "supervise.h" - -#ifdef ARM_USER_MODE - -void svc_init(void) { - NVIC_SetPriority(SVCall_IRQn, IRQ_PRI_HIGHEST); - - // We need to ensure that SysTick has the expected priority. - // The SysTick priority is configured in the boardloader, - // and some early versions didn't set this properly. - NVIC_SetPriority(SysTick_IRQn, IRQ_PRI_HIGHEST); -} - -#ifdef STM32U5 -extern uint32_t g_boot_command; -__attribute__((noreturn)) static void _reboot_to_bootloader( - boot_command_t boot_command) { - g_boot_command = boot_command; - disable_irq(); - delete_secrets(); - NVIC_SystemReset(); -} -#else -__attribute__((noreturn)) static void _reboot_to_bootloader( - boot_command_t boot_command) { - display_deinit(DISPLAY_RESET_CONTENT); -#ifdef ENSURE_COMPATIBLE_SETTINGS - ensure_compatible_settings(); -#endif - mpu_config_bootloader(); - jump_to_with_flag(IMAGE_CODE_ALIGN(BOOTLOADER_START + IMAGE_HEADER_SIZE), - boot_command); - for (;;) - ; -} -#endif - -void svc_reboot_to_bootloader(void) { - boot_command_t boot_command = bootargs_get_command(); - if (is_mode_unprivileged() && !is_mode_handler()) { - register uint32_t r0 __asm__("r0") = boot_command; - __asm__ __volatile__("svc %0" ::"i"(SVC_REBOOT_TO_BOOTLOADER), "r"(r0) - : "memory"); - } else { - _reboot_to_bootloader(boot_command); - } -} - -void svc_reboot(void) { - if (is_mode_unprivileged() && !is_mode_handler()) { - __asm__ __volatile__("svc %0" ::"i"(SVC_REBOOT) : "memory"); - } else { - NVIC_SystemReset(); - } -} - -void SVC_C_Handler(uint32_t *stack) { - uint8_t svc_number = ((uint8_t *)stack[6])[-2]; - switch (svc_number) { - case SVC_ENABLE_IRQ: - NVIC_EnableIRQ(stack[0]); - break; - case SVC_DISABLE_IRQ: - NVIC_DisableIRQ(stack[0]); - break; - case SVC_SET_PRIORITY: - NVIC_SetPriority(stack[0], stack[1]); - break; -#ifdef SYSTEM_VIEW - case SVC_GET_DWT_CYCCNT: - cyccnt_cycles = *DWT_CYCCNT_ADDR; - break; -#endif - case SVC_SHUTDOWN: - shutdown_privileged(); - for (;;) - ; - break; - case SVC_REBOOT_TO_BOOTLOADER: - - __asm__ volatile("msr control, %0" ::"r"(0x0)); - __asm__ volatile("isb"); - - // The input stack[0] argument comes from R0 saved when SVC was called - // from svc_reboot_to_bootloader. The __asm__ directive expects address as - // argument, hence the & in front of it, otherwise it would try - // to dereference the value and fault - __asm__ volatile( - "mov r0, %[boot_command]" ::[boot_command] "r"(&stack[0])); - - // See stack layout in - // https://developer.arm.com/documentation/ka004005/latest We are changing - // return address in PC to land into reboot to avoid any bug with ROP and - // raising privileges. - stack[6] = (uintptr_t)_reboot_to_bootloader; - return; - case SVC_REBOOT: - NVIC_SystemReset(); - break; - default: - stack[0] = 0xffffffff; - break; - } -} - -__attribute__((naked)) void SVC_Handler(void) { - __asm volatile( - " tst lr, #4 \n" // Test Bit 3 to see which stack pointer we should - // use - " ite eq \n" // Tell the assembler that the nest 2 instructions - // are if-then-else - " mrseq r0, msp \n" // Make R0 point to main stack pointer - " mrsne r0, psp \n" // Make R0 point to process stack pointer - " b SVC_C_Handler \n" // Off to C land - ); -} - -#endif // ARM_USER_MODE diff --git a/core/embed/trezorhal/stm32f4/supervise.h b/core/embed/trezorhal/stm32f4/supervise.h deleted file mode 100644 index e693417375..0000000000 --- a/core/embed/trezorhal/stm32f4/supervise.h +++ /dev/null @@ -1,74 +0,0 @@ -// supervisor call functions - -#define SVC_ENABLE_IRQ 0 -#define SVC_DISABLE_IRQ 1 -#define SVC_SET_PRIORITY 2 -#define SVC_SHUTDOWN 4 -#define SVC_REBOOT_TO_BOOTLOADER 5 -#define SVC_REBOOT 6 - -#include -#include "boot_args.h" -#include "common.h" -#include "image.h" - -// from util.s -extern void shutdown_privileged(void); - -// Initializes the supervise module -// -// Must be called before invoking the first `svc_xxx` call -void svc_init(void); - -static inline uint32_t is_mode_unprivileged(void) { - uint32_t r0; - __asm__ volatile("mrs %0, control" : "=r"(r0)); - return r0 & 1; -} - -static inline uint32_t is_mode_handler(void) { - uint32_t r0; - __asm__ volatile("mrs %0, ipsr" : "=r"(r0)); - return (r0 & 0x1FF) != 0; -} - -static inline void svc_enableIRQ(uint32_t IRQn) { - if (is_mode_unprivileged() && !is_mode_handler()) { - register uint32_t r0 __asm__("r0") = IRQn; - __asm__ __volatile__("svc %0" ::"i"(SVC_ENABLE_IRQ), "r"(r0) : "memory"); - } else { - NVIC_EnableIRQ(IRQn); - } -} - -static inline void svc_disableIRQ(uint32_t IRQn) { - if (is_mode_unprivileged() && !is_mode_handler()) { - register uint32_t r0 __asm__("r0") = IRQn; - __asm__ __volatile__("svc %0" ::"i"(SVC_DISABLE_IRQ), "r"(r0) : "memory"); - } else { - NVIC_DisableIRQ(IRQn); - } -} - -static inline void svc_setpriority(uint32_t IRQn, uint32_t priority) { - if (is_mode_unprivileged() && !is_mode_handler()) { - register uint32_t r0 __asm__("r0") = IRQn; - register uint32_t r1 __asm__("r1") = priority; - __asm__ __volatile__("svc %0" ::"i"(SVC_SET_PRIORITY), "r"(r0), "r"(r1) - : "memory"); - } else { - NVIC_SetPriority(IRQn, priority); - } -} - -static inline void svc_shutdown(void) { - if (is_mode_unprivileged() && !is_mode_handler()) { - __asm__ __volatile__("svc %0" ::"i"(SVC_SHUTDOWN) : "memory"); - } else { - shutdown_privileged(); - } -} - -void svc_reboot_to_bootloader(void); - -void svc_reboot(void); diff --git a/core/embed/trezorhal/stm32f4/usb/usbd_conf.c b/core/embed/trezorhal/stm32f4/usb/usbd_conf.c index 452adf4170..598b47e128 100644 --- a/core/embed/trezorhal/stm32f4/usb/usbd_conf.c +++ b/core/embed/trezorhal/stm32f4/usb/usbd_conf.c @@ -55,7 +55,6 @@ #include "usbd_core.h" #include "usb.h" #include "irq.h" -#include "supervise.h" #include "systemview.h" /* Private typedef -----------------------------------------------------------*/ @@ -147,10 +146,10 @@ void HAL_PCD_MspInit(PCD_HandleTypeDef *hpcd) #endif /* Set USBFS Interrupt priority */ - svc_setpriority(OTG_FS_IRQn, IRQ_PRI_NORMAL); + NVIC_SetPriority(OTG_FS_IRQn, IRQ_PRI_NORMAL); /* Enable USBFS Interrupt */ - svc_enableIRQ(OTG_FS_IRQn); + NVIC_EnableIRQ(OTG_FS_IRQn); } #endif #if defined(USE_USB_HS) @@ -302,10 +301,10 @@ void HAL_PCD_MspInit(PCD_HandleTypeDef *hpcd) #endif // !USE_USB_HS_IN_FS /* Set USBHS Interrupt to the lowest priority */ - svc_setpriority(OTG_HS_IRQn, IRQ_PRI_NORMAL); + NVIC_SetPriority(OTG_HS_IRQn, IRQ_PRI_NORMAL); /* Enable USBHS Interrupt */ - svc_enableIRQ(OTG_HS_IRQn); + NVIC_EnableIRQ(OTG_HS_IRQn); } #endif // USE_USB_HS } diff --git a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_driver.c b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_driver.c index c1308a4392..34de6abaee 100644 --- a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_driver.c +++ b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_driver.c @@ -27,7 +27,6 @@ #include "display_panel.h" #include "backlight_pwm.h" -#include "supervise.h" #ifndef BOARDLOADER #include "bg_copy.h" @@ -93,7 +92,7 @@ void display_deinit(display_content_mode_t mode) { // the display controller display_ensure_refreshed(); // Disable periodical interrupt - svc_disableIRQ(DISPLAY_TE_INTERRUPT_NUM); + NVIC_DisableIRQ(DISPLAY_TE_INTERRUPT_NUM); #endif #endif @@ -122,7 +121,7 @@ int display_set_backlight(int level) { #ifdef XFRAMEBUFFER #ifndef BOARDLOADER // if turning on the backlight, wait until the panel is refreshed - if (backlight_pwm_get() < level && !is_mode_handler()) { + if (backlight_pwm_get() < level && !is_mode_exception()) { display_ensure_refreshed(); } #endif diff --git a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c index 5d33219cff..889c79545d 100644 --- a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c +++ b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c @@ -32,7 +32,6 @@ #include "gfx_bitblt.h" #include "irq.h" -#include "supervise.h" #ifndef BOARDLOADER #include "bg_copy.h" @@ -210,7 +209,7 @@ void display_refresh(void) { } #ifndef BOARDLOADER - if (is_mode_handler()) { + if (is_mode_exception()) { // Disable scheduling of any new background copying NVIC_DisableIRQ(DISPLAY_TE_INTERRUPT_NUM); // Wait for next TE signal. During this time the @@ -250,7 +249,7 @@ void display_ensure_refreshed(void) { return; } - if (!is_mode_handler()) { + if (!is_mode_exception()) { bool copy_pending; // Wait until all frame buffers are written to the display diff --git a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_internal.h b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_internal.h index bb6d7805a6..4bcad64c8c 100644 --- a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_internal.h +++ b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_internal.h @@ -59,4 +59,9 @@ typedef struct { // Display driver instance extern display_driver_t g_display_driver; +static inline uint32_t is_mode_exception(void) { + uint32_t isr_number = __get_IPSR() & IPSR_ISR_Msk; + return (isr_number > 0) && (isr_number << 11); +} + #endif // TREZORHAL_DISPLAY_INTERNAL_H diff --git a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_io.c b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_io.c index 57d2baf88e..1f52fdfb25 100644 --- a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_io.c +++ b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_io.c @@ -22,7 +22,6 @@ #include "display_io.h" #include "irq.h" -#include "supervise.h" __IO DISP_MEM_TYPE *const DISPLAY_CMD_ADDRESS = (__IO DISP_MEM_TYPE *const)((uint32_t)DISPLAY_MEMORY_BASE); diff --git a/core/embed/trezorhal/stm32u5/common.c b/core/embed/trezorhal/stm32u5/common.c index d21a8116a4..b6e189b0bf 100644 --- a/core/embed/trezorhal/stm32u5/common.c +++ b/core/embed/trezorhal/stm32u5/common.c @@ -23,36 +23,15 @@ #include "common.h" #include "display.h" +#include "error_handling.h" #include "flash_otp.h" #include "model.h" #include "platform.h" #include "rand.h" #include "secret.h" -#include "supervise.h" #include "stm32u5xx_ll_utils.h" -// from util.s -extern void shutdown_privileged(void); - -void __attribute__((noreturn)) trezor_shutdown(void) { - display_deinit(DISPLAY_RETAIN_CONTENT); - - __HAL_RCC_SAES_CLK_DISABLE(); - // Erase all secrets - TAMP->CR2 |= TAMP_CR2_BKERASE; - -#ifdef USE_SVC_SHUTDOWN - svc_shutdown(); -#else - // It won't work properly unless called from the privileged mode - shutdown_privileged(); -#endif - - for (;;) - ; -} - uint32_t __stack_chk_guard = 0; void __attribute__((noreturn)) __stack_chk_fail(void) { diff --git a/core/embed/trezorhal/stm32u5/fault_handlers.c b/core/embed/trezorhal/stm32u5/fault_handlers.c index bf19c8e8ef..4a35812586 100644 --- a/core/embed/trezorhal/stm32u5/fault_handlers.c +++ b/core/embed/trezorhal/stm32u5/fault_handlers.c @@ -34,3 +34,11 @@ void NMI_Handler(void) { error_shutdown("(CS)"); } } + +// from util.s +extern void shutdown_privileged(void); + +void PVD_PVM_IRQHandler(void) { + TIM1->CCR1 = 0; // turn off display backlight + shutdown_privileged(); +} diff --git a/core/embed/trezorhal/stm32u5/platform.c b/core/embed/trezorhal/stm32u5/platform.c index fd31a29e2b..19feb4d5a4 100644 --- a/core/embed/trezorhal/stm32u5/platform.c +++ b/core/embed/trezorhal/stm32u5/platform.c @@ -213,18 +213,3 @@ void SystemInit(void) { // enable instruction cache in default 2-way mode ICACHE->CR = ICACHE_CR_EN; } - -void drop_privileges(void) { - // jump to unprivileged mode - // http://infocenter.arm.com/help/topic/com.arm.doc.dui0552a/CHDBIBGJ.html - __asm__ volatile("msr control, %0" ::"r"(0x1)); - __asm__ volatile("isb"); -} - -// from util.s -extern void shutdown_privileged(void); - -void PVD_PVM_IRQHandler(void) { - TIM1->CCR1 = 0; // turn off display backlight - shutdown_privileged(); -} diff --git a/core/embed/trezorhal/stm32u5/platform.h b/core/embed/trezorhal/stm32u5/platform.h index fce29fb6ba..55953cc506 100644 --- a/core/embed/trezorhal/stm32u5/platform.h +++ b/core/embed/trezorhal/stm32u5/platform.h @@ -34,7 +34,6 @@ typedef enum { } clock_settings_t; void set_core_clock(clock_settings_t settings); -void drop_privileges(void); // the following functions are defined in util.s void memset_reg(volatile void *start, volatile void *stop, uint32_t val); diff --git a/core/embed/trezorhal/stm32u5/sdcard.c b/core/embed/trezorhal/stm32u5/sdcard.c index 1cfbc6522e..b040e186a7 100644 --- a/core/embed/trezorhal/stm32u5/sdcard.c +++ b/core/embed/trezorhal/stm32u5/sdcard.c @@ -50,7 +50,6 @@ #include "irq.h" #include "sdcard.h" -#include "supervise.h" #define SDMMC_CLK_ENABLE() __HAL_RCC_SDMMC1_CLK_ENABLE() #define SDMMC_CLK_DISABLE() __HAL_RCC_SDMMC1_CLK_DISABLE() @@ -138,8 +137,8 @@ void HAL_SD_MspInit(SD_HandleTypeDef *hsd) { SDMMC_CLK_ENABLE(); // NVIC configuration for SDIO interrupts - svc_setpriority(SDMMC_IRQn, IRQ_PRI_NORMAL); - svc_enableIRQ(SDMMC_IRQn); + NVIC_SetPriority(SDMMC_IRQn, IRQ_PRI_NORMAL); + NVIC_EnableIRQ(SDMMC_IRQn); } // GPIO have already been initialised by sdcard_init @@ -147,7 +146,7 @@ void HAL_SD_MspInit(SD_HandleTypeDef *hsd) { void HAL_SD_MspDeInit(SD_HandleTypeDef *hsd) { if (hsd->Instance == sd_handle.Instance) { - svc_disableIRQ(SDMMC_IRQn); + NVIC_DisableIRQ(SDMMC_IRQn); SDMMC_CLK_DISABLE(); } } diff --git a/core/embed/trezorhal/stm32u5/supervise.c b/core/embed/trezorhal/stm32u5/supervise.c deleted file mode 120000 index 385e9d43ca..0000000000 --- a/core/embed/trezorhal/stm32u5/supervise.c +++ /dev/null @@ -1 +0,0 @@ -../stm32f4/supervise.c \ No newline at end of file diff --git a/core/embed/trezorhal/stm32u5/supervise.h b/core/embed/trezorhal/stm32u5/supervise.h deleted file mode 120000 index f519770f49..0000000000 --- a/core/embed/trezorhal/stm32u5/supervise.h +++ /dev/null @@ -1 +0,0 @@ -../stm32f4/supervise.h \ No newline at end of file diff --git a/core/embed/trezorhal/stm32u5/tamper.c b/core/embed/trezorhal/stm32u5/tamper.c index 9959aeaaa8..a2bbba546e 100644 --- a/core/embed/trezorhal/stm32u5/tamper.c +++ b/core/embed/trezorhal/stm32u5/tamper.c @@ -17,8 +17,8 @@ * along with this program. If not, see . */ +#include #include -#include #include #include STM32_HAL_H diff --git a/core/site_scons/models/stm32f4_common.py b/core/site_scons/models/stm32f4_common.py index 627c5bee41..36df4244db 100644 --- a/core/site_scons/models/stm32f4_common.py +++ b/core/site_scons/models/stm32f4_common.py @@ -54,7 +54,6 @@ def stm32f4_common_files(env, defines, sources, paths): "embed/trezorhal/stm32f4/secret.c", "embed/trezorhal/stm32f4/systick.c", "embed/trezorhal/stm32f4/systimer.c", - "embed/trezorhal/stm32f4/supervise.c", "embed/trezorhal/stm32f4/time_estimate.c", "embed/trezorhal/stm32f4/random_delays.c", "embed/trezorhal/stm32f4/rng.c", diff --git a/core/site_scons/models/stm32u5_common.py b/core/site_scons/models/stm32u5_common.py index 5dba7f550c..8bce578f0a 100644 --- a/core/site_scons/models/stm32u5_common.py +++ b/core/site_scons/models/stm32u5_common.py @@ -65,7 +65,6 @@ def stm32u5_common_files(env, defines, sources, paths): "embed/trezorhal/stm32u5/secure_aes.c", "embed/trezorhal/stm32u5/systick.c", "embed/trezorhal/stm32f4/systimer.c", - "embed/trezorhal/stm32f4/supervise.c", "embed/trezorhal/stm32u5/random_delays.c", "embed/trezorhal/stm32u5/rng.c", "embed/trezorhal/stm32u5/tamper.c",