refactor(core/embed): remove supervise module

[no changelog]
2025-01-03 03:50:58 +00:00 · 2024-08-08 18:26:25 +02:00 · 2024-08-08 18:26:25 +02:00 · 2fd5aca05c
commit 2fd5aca05c
parent 1443f86983
31 changed files with 114 additions and 328 deletions
--- a/core/embed/extmod/modtrezorutils/modtrezorutils.c
+++ b/core/embed/extmod/modtrezorutils/modtrezorutils.c
@ -19,9 +19,6 @@
 #include "py/objstr.h"
 #include "py/runtime.h"
 #ifndef TREZOR_EMULATOR
 #include "supervise.h"
 #endif
 #include "image.h"
 #include "version.h"
@ -33,6 +30,7 @@
 #include <string.h>
 #include "blake2s.h"
 #include "boot_args.h"
 #include "common.h"
 #include "flash.h"
 #include "unit_variant.h"
--- a/core/embed/firmware/main.c
+++ b/core/embed/firmware/main.c
@ -100,7 +100,6 @@
 #endif
 #include "platform.h"
 #include "rng.h"
 #include "supervise.h"
 #ifdef USE_SECP256K1_ZKP
 #include "zkp_context.h"
 #endif
@ -108,9 +107,6 @@
 #include "haptic.h"
 #endif
 // from util.s
 extern void shutdown_privileged(void);
 #ifdef USE_OPTIGA
 #if !PYOPT
 #include <inttypes.h>
@ -132,7 +128,6 @@ static void optiga_log_hex(const char *prefix, const uint8_t *data,
 #endif
 int main(void) {
  svc_init();
  systick_init();
  systimer_init();
@ -251,10 +246,6 @@ int main(void) {
         "Cannot initialize optiga.");
 #endif
 #if !defined TREZOR_MODEL_1
  drop_privileges();
 #endif
 #ifdef USE_SECP256K1_ZKP
  ensure(sectrue * (zkp_context_init() == 0), NULL);
 #endif
--- a/core/embed/firmware/systemview.c
+++ b/core/embed/firmware/systemview.c
@ -6,7 +6,6 @@
 #include <string.h>
 #include "irq.h"
 #include "mpconfigport.h"
 #include "supervise.h"
 #include "SEGGER_SYSVIEW.h"
 #include "SEGGER_SYSVIEW_Conf.h"
@ -52,6 +51,12 @@ typedef struct {
 extern uint32_t SystemCoreClock;
 static inline uint32_t is_mode_unprivileged(void) {
  uint32_t r0;
  __asm__ volatile("mrs %0, control" : "=r"(r0));
  return r0 & 1;
 }
 uint32_t svc_get_dwt_cyccnt() {
  if (is_mode_unprivileged()) {
    __asm__ __volatile__("svc %0" ::"i"(SVC_GET_DWT_CYCCNT));
--- a/core/embed/lib/error_handling.c
+++ b/core/embed/lib/error_handling.c
@ -22,7 +22,7 @@
 #include <stdio.h>
 #endif
-#include "common.h"
+#include "boot_args.h"
 #include "display.h"
 #include "error_handling.h"
 #include "mini_printf.h"
--- a/core/embed/prodtest/main.c
+++ b/core/embed/prodtest/main.c
@ -25,6 +25,7 @@
 #include STM32_HAL_H
 #include "board_capabilities.h"
 #include "boot_args.h"
 #include "button.h"
 #include "common.h"
 #include "display.h"
@ -34,6 +35,7 @@
 #include "flash.h"
 #include "flash_otp.h"
 #include "i2c.h"
 #include "image.h"
 #include "model.h"
 #include "mpu.h"
 #include "prodtest_common.h"
@ -41,7 +43,6 @@
 #include "sbu.h"
 #include "sdcard.h"
 #include "secbool.h"
 #include "supervise.h"
 #include "systimer.h"
 #include "touch.h"
 #include "usb.h"
@ -777,7 +778,6 @@ void cpuid_read(void) {
 #define BACKLIGHT_NORMAL 150
 int main(void) {
  svc_init();
  systick_init();
  systimer_init();
  rdi_init();
@ -823,8 +823,6 @@ int main(void) {
  mpu_config_prodtest();
  fault_handlers_init();
  drop_privileges();
  display_clear();
  draw_welcome_screen();
--- a/core/embed/trezorhal/boot_args.h
+++ b/core/embed/trezorhal/boot_args.h
@ -36,4 +36,8 @@ boot_command_t bootargs_get_command();
 // Returns the pointer to boot arguments
 const boot_args_t* bootargs_get_args();
 void __attribute__((noreturn)) trezor_shutdown(void);
 void __attribute__((noreturn)) svc_reboot_to_bootloader(void);
 void __attribute__((noreturn)) svc_reboot(void);
 #endif  // TREZORHAL_BOOT_ARGS_H
--- a/core/embed/trezorhal/common.h
+++ b/core/embed/trezorhal/common.h
@ -53,8 +53,6 @@
  })
 #endif
 void __attribute__((noreturn)) trezor_shutdown(void);
 // Invalidates firmware on the device
 // Note: only works when write access to firmware area is enabled by MPU
 void invalidate_firmware(void);
--- a/core/embed/trezorhal/stm32f4/boot_args.c
+++ b/core/embed/trezorhal/stm32f4/boot_args.c
@ -3,6 +3,10 @@
 #include <common.h>
 #include <string.h>
 #include "display.h"
 #include "irq.h"
 #include "mpu.h"
 // The 'g_boot_command_shadow' shadows a real boot command passed
 // to the bootloader.
 // 1. In the bootloader, its value is set in the startup code.
@ -42,3 +46,41 @@ void bootargs_set(boot_command_t command, const void* args, size_t args_size) {
 boot_command_t bootargs_get_command() { return g_boot_command_shadow; }
 const boot_args_t* bootargs_get_args() { return &g_boot_args; }
 void __attribute__((noreturn)) trezor_shutdown(void) {
  display_deinit(DISPLAY_RETAIN_CONTENT);
 #if defined(STM32U5)
  __HAL_RCC_SAES_CLK_DISABLE();
  // Erase all secrets
  TAMP->CR2 |= TAMP_CR2_BKERASE;
 #endif
  // from util.s
  extern void shutdown_privileged(void);
  shutdown_privileged();
  for (;;)
    ;
 }
 void svc_reboot_to_bootloader(void) {
  boot_command_t boot_command = bootargs_get_command();
  display_deinit(DISPLAY_RESET_CONTENT);
 #ifdef ENSURE_COMPATIBLE_SETTINGS
  ensure_compatible_settings();
 #endif
 #ifdef STM32U5
  // extern uint32_t g_boot_command;
  g_boot_command = boot_command;
  disable_irq();
  delete_secrets();
  NVIC_SystemReset();
 #else
  mpu_config_bootloader();
  jump_to_with_flag(BOOTLOADER_START + IMAGE_HEADER_SIZE, boot_command);
  for (;;)
    ;
 #endif
 }
 void svc_reboot(void) { NVIC_SystemReset(); }
--- a/core/embed/trezorhal/stm32f4/common.c
+++ b/core/embed/trezorhal/stm32f4/common.c
@ -23,12 +23,12 @@
 #include "common.h"
 #include "display.h"
 #include "error_handling.h"
 #include "model.h"
 #include "flash_otp.h"
 #include "platform.h"
 #include "rand.h"
 #include "supervise.h"
 #include "stm32f4xx_ll_utils.h"
@ -36,20 +36,10 @@
 #include "backlight_pwm.h"
 #endif
-// from util.s
+uint32_t __stack_chk_guard = 0;
 extern void shutdown_privileged(void);
-void __attribute__((noreturn)) trezor_shutdown(void) {
+void __attribute__((noreturn)) __stack_chk_fail(void) {
-  display_deinit(DISPLAY_RETAIN_CONTENT);
+  error_shutdown("(SS)");
 #ifdef USE_SVC_SHUTDOWN
  svc_shutdown();
 #else
  // It won't work properly unless called from the privileged mode
  shutdown_privileged();
 #endif
  for (;;)
    ;
 }
 // reference RM0090 section 35.12.1 Figure 413
@ -69,12 +59,6 @@ void clear_otg_hs_memory(void) {
                                       // the peripheral is not needed right now
 }
 uint32_t __stack_chk_guard = 0;
 void __attribute__((noreturn)) __stack_chk_fail(void) {
  error_shutdown("(SS)");
 }
 void invalidate_firmware(void) {
  // erase start of the firmware (metadata) -> invalidate FW
  ensure(flash_unlock_write(), NULL);
--- a/core/embed/trezorhal/stm32f4/displays/st7789v.c
+++ b/core/embed/trezorhal/stm32f4/displays/st7789v.c
@ -26,7 +26,6 @@
 #include "irq.h"
 #include "memzero.h"
 #include "st7789v.h"
 #include "supervise.h"
 #include STM32_HAL_H
 #ifdef TREZOR_MODEL_T
@ -253,6 +252,12 @@ int display_orientation(int degrees) {
 int display_get_orientation(void) { return DISPLAY_ORIENTATION; }
 static inline uint32_t is_mode_handler(void) {
  uint32_t r0;
  __asm__ volatile("mrs %0, ipsr" : "=r"(r0));
  return (r0 & 0x1FF) != 0;
 }
 int display_backlight(int val) {
 #ifdef FRAMEBUFFER
 #ifndef BOARDLOADER
@ -624,14 +629,14 @@ static void switch_fb_in_backround(void) {
    pending_fb_switch = true;
    __HAL_GPIO_EXTI_CLEAR_FLAG(DISPLAY_TE_PIN);
-    svc_enableIRQ(DISPLAY_TE_INTERRUPT_NUM);
+    NVIC_EnableIRQ(DISPLAY_TE_INTERRUPT_NUM);
  } else {
    act_frame_buffer = 0;
    memcpy(PhysFrameBuffer1, PhysFrameBuffer0, sizeof(PhysFrameBuffer1));
    pending_fb_switch = true;
    __HAL_GPIO_EXTI_CLEAR_FLAG(DISPLAY_TE_PIN);
-    svc_enableIRQ(DISPLAY_TE_INTERRUPT_NUM);
+    NVIC_EnableIRQ(DISPLAY_TE_INTERRUPT_NUM);
  }
 }
 #endif
--- a/core/embed/trezorhal/stm32f4/fault_handlers.c
+++ b/core/embed/trezorhal/stm32f4/fault_handlers.c
@ -1,3 +1,4 @@
 #include TREZOR_BOARD
 #include "common.h"
 void fault_handlers_init(void) {
@ -21,3 +22,13 @@ void NMI_Handler(void) {
    error_shutdown("(CS)");
  }
 }
 // from util.s
 extern void shutdown_privileged(void);
 void PVD_IRQHandler(void) {
 #ifdef BACKLIGHT_PWM_TIM
  BACKLIGHT_PWM_TIM->BACKLIGHT_PWM_TIM_CCR = 0;  // turn off display backlight
 #endif
  shutdown_privileged();
 }
--- a/core/embed/trezorhal/stm32f4/platform.c
+++ b/core/embed/trezorhal/stm32f4/platform.c
@ -204,20 +204,3 @@ void set_core_clock(clock_settings_t settings) {
    ;
 }
 #endif
 void drop_privileges(void) {
  // jump to unprivileged mode
  // http://infocenter.arm.com/help/topic/com.arm.doc.dui0552a/CHDBIBGJ.html
  __asm__ volatile("msr control, %0" ::"r"(0x1));
  __asm__ volatile("isb");
 }
 // from util.s
 extern void shutdown_privileged(void);
 void PVD_IRQHandler(void) {
 #ifdef BACKLIGHT_PWM_TIM
  BACKLIGHT_PWM_TIM->BACKLIGHT_PWM_TIM_CCR = 0;  // turn off display backlight
 #endif
  shutdown_privileged();
 }
--- a/core/embed/trezorhal/stm32f4/platform.h
+++ b/core/embed/trezorhal/stm32f4/platform.h
@ -36,7 +36,6 @@ void memset_reg(volatile void *start, volatile void *stop, uint32_t val);
 void jump_to(uint32_t address);
 void jump_to_with_flag(uint32_t address, uint32_t register_flag);
 void clear_otg_hs_memory(void);
 void drop_privileges(void);
 extern uint32_t __stack_chk_guard;
--- a/core/embed/trezorhal/stm32f4/sdcard.c
+++ b/core/embed/trezorhal/stm32f4/sdcard.c
@ -51,7 +51,6 @@
 #include "irq.h"
 #include "sdcard-set_clr_card_detect.h"
 #include "sdcard.h"
 #include "supervise.h"
 #define SDMMC_CLK_ENABLE() __HAL_RCC_SDMMC1_CLK_ENABLE()
 #define SDMMC_CLK_DISABLE() __HAL_RCC_SDMMC1_CLK_DISABLE()
@ -134,8 +133,8 @@ void HAL_SD_MspInit(SD_HandleTypeDef *hsd) {
    SDMMC_CLK_ENABLE();
    // NVIC configuration for SDIO interrupts
-    svc_setpriority(SDMMC_IRQn, IRQ_PRI_NORMAL);
+    NVIC_SetPriority(SDMMC_IRQn, IRQ_PRI_NORMAL);
-    svc_enableIRQ(SDMMC_IRQn);
+    NVIC_EnableIRQ(SDMMC_IRQn);
  }
  // GPIO have already been initialised by sdcard_init
@ -143,7 +142,7 @@ void HAL_SD_MspInit(SD_HandleTypeDef *hsd) {
 void HAL_SD_MspDeInit(SD_HandleTypeDef *hsd) {
  if (hsd->Instance == sd_handle.Instance) {
-    svc_disableIRQ(SDMMC_IRQn);
+    NVIC_DisableIRQ(SDMMC_IRQn);
    SDMMC_CLK_DISABLE();
  }
 }
@ -324,7 +323,7 @@ secbool sdcard_read_blocks(uint32_t *dest, uint32_t block_num,
  DMA_HandleTypeDef dummy_dma = {0};
  sd_handle.hdmatx = &dummy_dma;
-  svc_enableIRQ(DMA2_Stream3_IRQn);
+  NVIC_EnableIRQ(DMA2_Stream3_IRQn);
  sdcard_reset_periph();
  err =
@ -333,7 +332,7 @@ secbool sdcard_read_blocks(uint32_t *dest, uint32_t block_num,
    err = sdcard_wait_finished(&sd_handle, 5000);
  }
-  svc_disableIRQ(DMA2_Stream3_IRQn);
+  NVIC_DisableIRQ(DMA2_Stream3_IRQn);
  HAL_DMA_DeInit(&sd_dma);
  sd_handle.hdmarx = NULL;
@ -380,7 +379,7 @@ secbool sdcard_write_blocks(const uint32_t *src, uint32_t block_num,
  DMA_HandleTypeDef dummy_dma = {0};
  sd_handle.hdmarx = &dummy_dma;
-  svc_enableIRQ(DMA2_Stream3_IRQn);
+  NVIC_EnableIRQ(DMA2_Stream3_IRQn);
  sdcard_reset_periph();
  err =
@ -389,9 +388,11 @@ secbool sdcard_write_blocks(const uint32_t *src, uint32_t block_num,
    err = sdcard_wait_finished(&sd_handle, 5000);
  }
-  svc_disableIRQ(DMA2_Stream3_IRQn);
+  NVIC_DisableIRQ(DMA2_Stream3_IRQn);
  HAL_DMA_DeInit(&sd_dma);
  sd_handle.hdmatx = NULL;
  return sectrue * (err == HAL_OK);
 }
 #endif  // KERNEL_MODE
--- a/core/embed/trezorhal/stm32f4/supervise.c
+++ b/core/embed/trezorhal/stm32f4/supervise.c
@ -1,126 +0,0 @@
 #include STM32_HAL_H
 #include <model.h>
 #include "../mpu.h"
 #include "common.h"
 #include "display.h"
 #include "irq.h"
 #include "supervise.h"
 #ifdef ARM_USER_MODE
 void svc_init(void) {
  NVIC_SetPriority(SVCall_IRQn, IRQ_PRI_HIGHEST);
  // We need to ensure that SysTick has the expected priority.
  // The SysTick priority is configured in the boardloader,
  // and some early versions didn't set this properly.
  NVIC_SetPriority(SysTick_IRQn, IRQ_PRI_HIGHEST);
 }
 #ifdef STM32U5
 extern uint32_t g_boot_command;
 __attribute__((noreturn)) static void _reboot_to_bootloader(
    boot_command_t boot_command) {
  g_boot_command = boot_command;
  disable_irq();
  delete_secrets();
  NVIC_SystemReset();
 }
 #else
 __attribute__((noreturn)) static void _reboot_to_bootloader(
    boot_command_t boot_command) {
  display_deinit(DISPLAY_RESET_CONTENT);
 #ifdef ENSURE_COMPATIBLE_SETTINGS
  ensure_compatible_settings();
 #endif
  mpu_config_bootloader();
  jump_to_with_flag(IMAGE_CODE_ALIGN(BOOTLOADER_START + IMAGE_HEADER_SIZE),
                    boot_command);
  for (;;)
    ;
 }
 #endif
 void svc_reboot_to_bootloader(void) {
  boot_command_t boot_command = bootargs_get_command();
  if (is_mode_unprivileged() && !is_mode_handler()) {
    register uint32_t r0 __asm__("r0") = boot_command;
    __asm__ __volatile__("svc %0" ::"i"(SVC_REBOOT_TO_BOOTLOADER), "r"(r0)
                         : "memory");
  } else {
    _reboot_to_bootloader(boot_command);
  }
 }
 void svc_reboot(void) {
  if (is_mode_unprivileged() && !is_mode_handler()) {
    __asm__ __volatile__("svc %0" ::"i"(SVC_REBOOT) : "memory");
  } else {
    NVIC_SystemReset();
  }
 }
 void SVC_C_Handler(uint32_t *stack) {
  uint8_t svc_number = ((uint8_t *)stack[6])[-2];
  switch (svc_number) {
    case SVC_ENABLE_IRQ:
      NVIC_EnableIRQ(stack[0]);
      break;
    case SVC_DISABLE_IRQ:
      NVIC_DisableIRQ(stack[0]);
      break;
    case SVC_SET_PRIORITY:
      NVIC_SetPriority(stack[0], stack[1]);
      break;
 #ifdef SYSTEM_VIEW
    case SVC_GET_DWT_CYCCNT:
      cyccnt_cycles = *DWT_CYCCNT_ADDR;
      break;
 #endif
    case SVC_SHUTDOWN:
      shutdown_privileged();
      for (;;)
        ;
      break;
    case SVC_REBOOT_TO_BOOTLOADER:
      __asm__ volatile("msr control, %0" ::"r"(0x0));
      __asm__ volatile("isb");
      // The input stack[0] argument comes from R0 saved when SVC was called
      // from svc_reboot_to_bootloader. The __asm__ directive expects address as
      // argument, hence the & in front of it, otherwise it would try
      // to dereference the value and fault
      __asm__ volatile(
          "mov r0, %[boot_command]" ::[boot_command] "r"(&stack[0]));
      // See stack layout in
      // https://developer.arm.com/documentation/ka004005/latest We are changing
      // return address in PC to land into reboot to avoid any bug with ROP and
      // raising privileges.
      stack[6] = (uintptr_t)_reboot_to_bootloader;
      return;
    case SVC_REBOOT:
      NVIC_SystemReset();
      break;
    default:
      stack[0] = 0xffffffff;
      break;
  }
 }
 __attribute__((naked)) void SVC_Handler(void) {
  __asm volatile(
      " tst lr, #4    \n"    // Test Bit 3 to see which stack pointer we should
                             // use
      " ite eq        \n"    // Tell the assembler that the nest 2 instructions
                             // are if-then-else
      " mrseq r0, msp \n"    // Make R0 point to main stack pointer
      " mrsne r0, psp \n"    // Make R0 point to process stack pointer
      " b SVC_C_Handler \n"  // Off to C land
  );
 }
 #endif  // ARM_USER_MODE
--- a/core/embed/trezorhal/stm32f4/supervise.h
+++ b/core/embed/trezorhal/stm32f4/supervise.h
@ -1,74 +0,0 @@
 // supervisor call functions
 #define SVC_ENABLE_IRQ 0
 #define SVC_DISABLE_IRQ 1
 #define SVC_SET_PRIORITY 2
 #define SVC_SHUTDOWN 4
 #define SVC_REBOOT_TO_BOOTLOADER 5
 #define SVC_REBOOT 6
 #include <string.h>
 #include "boot_args.h"
 #include "common.h"
 #include "image.h"
 // from util.s
 extern void shutdown_privileged(void);
 // Initializes the supervise module
 //
 // Must be called before invoking the first `svc_xxx` call
 void svc_init(void);
 static inline uint32_t is_mode_unprivileged(void) {
  uint32_t r0;
  __asm__ volatile("mrs %0, control" : "=r"(r0));
  return r0 & 1;
 }
 static inline uint32_t is_mode_handler(void) {
  uint32_t r0;
  __asm__ volatile("mrs %0, ipsr" : "=r"(r0));
  return (r0 & 0x1FF) != 0;
 }
 static inline void svc_enableIRQ(uint32_t IRQn) {
  if (is_mode_unprivileged() && !is_mode_handler()) {
    register uint32_t r0 __asm__("r0") = IRQn;
    __asm__ __volatile__("svc %0" ::"i"(SVC_ENABLE_IRQ), "r"(r0) : "memory");
  } else {
    NVIC_EnableIRQ(IRQn);
  }
 }
 static inline void svc_disableIRQ(uint32_t IRQn) {
  if (is_mode_unprivileged() && !is_mode_handler()) {
    register uint32_t r0 __asm__("r0") = IRQn;
    __asm__ __volatile__("svc %0" ::"i"(SVC_DISABLE_IRQ), "r"(r0) : "memory");
  } else {
    NVIC_DisableIRQ(IRQn);
  }
 }
 static inline void svc_setpriority(uint32_t IRQn, uint32_t priority) {
  if (is_mode_unprivileged() && !is_mode_handler()) {
    register uint32_t r0 __asm__("r0") = IRQn;
    register uint32_t r1 __asm__("r1") = priority;
    __asm__ __volatile__("svc %0" ::"i"(SVC_SET_PRIORITY), "r"(r0), "r"(r1)
                         : "memory");
  } else {
    NVIC_SetPriority(IRQn, priority);
  }
 }
 static inline void svc_shutdown(void) {
  if (is_mode_unprivileged() && !is_mode_handler()) {
    __asm__ __volatile__("svc %0" ::"i"(SVC_SHUTDOWN) : "memory");
  } else {
    shutdown_privileged();
  }
 }
 void svc_reboot_to_bootloader(void);
 void svc_reboot(void);
--- a/core/embed/trezorhal/stm32f4/usb/usbd_conf.c
+++ b/core/embed/trezorhal/stm32f4/usb/usbd_conf.c
@ -55,7 +55,6 @@
 #include "usbd_core.h"
 #include "usb.h"
 #include "irq.h"
 #include "supervise.h"
 #include "systemview.h"
 /* Private typedef -----------------------------------------------------------*/
@ -147,10 +146,10 @@ void HAL_PCD_MspInit(PCD_HandleTypeDef *hpcd)
 #endif
    /* Set USBFS Interrupt priority */
-    svc_setpriority(OTG_FS_IRQn, IRQ_PRI_NORMAL);
+    NVIC_SetPriority(OTG_FS_IRQn, IRQ_PRI_NORMAL);
    /* Enable USBFS Interrupt */
-    svc_enableIRQ(OTG_FS_IRQn);
+    NVIC_EnableIRQ(OTG_FS_IRQn);
  }
 #endif
 #if defined(USE_USB_HS)
@ -302,10 +301,10 @@ void HAL_PCD_MspInit(PCD_HandleTypeDef *hpcd)
 #endif // !USE_USB_HS_IN_FS
    /* Set USBHS Interrupt to the lowest priority */
-    svc_setpriority(OTG_HS_IRQn, IRQ_PRI_NORMAL);
+    NVIC_SetPriority(OTG_HS_IRQn, IRQ_PRI_NORMAL);
    /* Enable USBHS Interrupt */
-    svc_enableIRQ(OTG_HS_IRQn);
+    NVIC_EnableIRQ(OTG_HS_IRQn);
  }
 #endif  // USE_USB_HS
 }
--- a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_driver.c
+++ b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_driver.c
@ -27,7 +27,6 @@
 #include "display_panel.h"
 #include "backlight_pwm.h"
 #include "supervise.h"
 #ifndef BOARDLOADER
 #include "bg_copy.h"
@ -93,7 +92,7 @@ void display_deinit(display_content_mode_t mode) {
  // the display controller
  display_ensure_refreshed();
  // Disable periodical interrupt
-  svc_disableIRQ(DISPLAY_TE_INTERRUPT_NUM);
+  NVIC_DisableIRQ(DISPLAY_TE_INTERRUPT_NUM);
 #endif
 #endif
@ -122,7 +121,7 @@ int display_set_backlight(int level) {
 #ifdef XFRAMEBUFFER
 #ifndef BOARDLOADER
  // if turning on the backlight, wait until the panel is refreshed
-  if (backlight_pwm_get() < level && !is_mode_handler()) {
+  if (backlight_pwm_get() < level && !is_mode_exception()) {
    display_ensure_refreshed();
  }
 #endif
--- a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c
+++ b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c
@ -32,7 +32,6 @@
 #include "gfx_bitblt.h"
 #include "irq.h"
 #include "supervise.h"
 #ifndef BOARDLOADER
 #include "bg_copy.h"
@ -210,7 +209,7 @@ void display_refresh(void) {
  }
 #ifndef BOARDLOADER
-  if (is_mode_handler()) {
+  if (is_mode_exception()) {
    // Disable scheduling of any new background copying
    NVIC_DisableIRQ(DISPLAY_TE_INTERRUPT_NUM);
    // Wait for next TE signal. During this time the
@ -250,7 +249,7 @@ void display_ensure_refreshed(void) {
    return;
  }
-  if (!is_mode_handler()) {
+  if (!is_mode_exception()) {
    bool copy_pending;
    // Wait until all frame buffers are written to the display
--- a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_internal.h
+++ b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_internal.h
@ -59,4 +59,9 @@ typedef struct {
 // Display driver instance
 extern display_driver_t g_display_driver;
 static inline uint32_t is_mode_exception(void) {
  uint32_t isr_number = __get_IPSR() & IPSR_ISR_Msk;
  return (isr_number > 0) && (isr_number << 11);
 }
 #endif  // TREZORHAL_DISPLAY_INTERNAL_H
--- a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_io.c
+++ b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_io.c
@ -22,7 +22,6 @@
 #include "display_io.h"
 #include "irq.h"
 #include "supervise.h"
 __IO DISP_MEM_TYPE *const DISPLAY_CMD_ADDRESS =
    (__IO DISP_MEM_TYPE *const)((uint32_t)DISPLAY_MEMORY_BASE);
--- a/core/embed/trezorhal/stm32u5/common.c
+++ b/core/embed/trezorhal/stm32u5/common.c
@ -23,36 +23,15 @@
 #include "common.h"
 #include "display.h"
 #include "error_handling.h"
 #include "flash_otp.h"
 #include "model.h"
 #include "platform.h"
 #include "rand.h"
 #include "secret.h"
 #include "supervise.h"
 #include "stm32u5xx_ll_utils.h"
 // from util.s
 extern void shutdown_privileged(void);
 void __attribute__((noreturn)) trezor_shutdown(void) {
  display_deinit(DISPLAY_RETAIN_CONTENT);
  __HAL_RCC_SAES_CLK_DISABLE();
  // Erase all secrets
  TAMP->CR2 |= TAMP_CR2_BKERASE;
 #ifdef USE_SVC_SHUTDOWN
  svc_shutdown();
 #else
  // It won't work properly unless called from the privileged mode
  shutdown_privileged();
 #endif
  for (;;)
    ;
 }
 uint32_t __stack_chk_guard = 0;
 void __attribute__((noreturn)) __stack_chk_fail(void) {
--- a/core/embed/trezorhal/stm32u5/fault_handlers.c
+++ b/core/embed/trezorhal/stm32u5/fault_handlers.c
@ -34,3 +34,11 @@ void NMI_Handler(void) {
    error_shutdown("(CS)");
  }
 }
 // from util.s
 extern void shutdown_privileged(void);
 void PVD_PVM_IRQHandler(void) {
  TIM1->CCR1 = 0;  // turn off display backlight
  shutdown_privileged();
 }
--- a/core/embed/trezorhal/stm32u5/platform.c
+++ b/core/embed/trezorhal/stm32u5/platform.c
@ -213,18 +213,3 @@ void SystemInit(void) {
  // enable instruction cache in default 2-way mode
  ICACHE->CR = ICACHE_CR_EN;
 }
 void drop_privileges(void) {
  // jump to unprivileged mode
  // http://infocenter.arm.com/help/topic/com.arm.doc.dui0552a/CHDBIBGJ.html
  __asm__ volatile("msr control, %0" ::"r"(0x1));
  __asm__ volatile("isb");
 }
 // from util.s
 extern void shutdown_privileged(void);
 void PVD_PVM_IRQHandler(void) {
  TIM1->CCR1 = 0;  // turn off display backlight
  shutdown_privileged();
 }
--- a/core/embed/trezorhal/stm32u5/platform.h
+++ b/core/embed/trezorhal/stm32u5/platform.h
@ -34,7 +34,6 @@ typedef enum {
 } clock_settings_t;
 void set_core_clock(clock_settings_t settings);
 void drop_privileges(void);
 // the following functions are defined in util.s
 void memset_reg(volatile void *start, volatile void *stop, uint32_t val);
--- a/core/embed/trezorhal/stm32u5/sdcard.c
+++ b/core/embed/trezorhal/stm32u5/sdcard.c
@ -50,7 +50,6 @@
 #include "irq.h"
 #include "sdcard.h"
 #include "supervise.h"
 #define SDMMC_CLK_ENABLE() __HAL_RCC_SDMMC1_CLK_ENABLE()
 #define SDMMC_CLK_DISABLE() __HAL_RCC_SDMMC1_CLK_DISABLE()
@ -138,8 +137,8 @@ void HAL_SD_MspInit(SD_HandleTypeDef *hsd) {
    SDMMC_CLK_ENABLE();
    // NVIC configuration for SDIO interrupts
-    svc_setpriority(SDMMC_IRQn, IRQ_PRI_NORMAL);
+    NVIC_SetPriority(SDMMC_IRQn, IRQ_PRI_NORMAL);
-    svc_enableIRQ(SDMMC_IRQn);
+    NVIC_EnableIRQ(SDMMC_IRQn);
  }
  // GPIO have already been initialised by sdcard_init
@ -147,7 +146,7 @@ void HAL_SD_MspInit(SD_HandleTypeDef *hsd) {
 void HAL_SD_MspDeInit(SD_HandleTypeDef *hsd) {
  if (hsd->Instance == sd_handle.Instance) {
-    svc_disableIRQ(SDMMC_IRQn);
+    NVIC_DisableIRQ(SDMMC_IRQn);
    SDMMC_CLK_DISABLE();
  }
 }
--- a/core/embed/trezorhal/stm32u5/supervise.c
+++ b/core/embed/trezorhal/stm32u5/supervise.c
@ -1 +0,0 @@
 ../stm32f4/supervise.c
--- a/core/embed/trezorhal/stm32u5/supervise.h
+++ b/core/embed/trezorhal/stm32u5/supervise.h
@ -1 +0,0 @@
 ../stm32f4/supervise.h
--- a/core/embed/trezorhal/stm32u5/tamper.c
+++ b/core/embed/trezorhal/stm32u5/tamper.c
@ -17,8 +17,8 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #include <error_handling.h>
 #include <irq.h>
 #include <supervise.h>
 #include <tamper.h>
 #include STM32_HAL_H
--- a/core/site_scons/models/stm32f4_common.py
+++ b/core/site_scons/models/stm32f4_common.py
@ -54,7 +54,6 @@ def stm32f4_common_files(env, defines, sources, paths):
        "embed/trezorhal/stm32f4/secret.c",
        "embed/trezorhal/stm32f4/systick.c",
        "embed/trezorhal/stm32f4/systimer.c",
        "embed/trezorhal/stm32f4/supervise.c",
        "embed/trezorhal/stm32f4/time_estimate.c",
        "embed/trezorhal/stm32f4/random_delays.c",
        "embed/trezorhal/stm32f4/rng.c",
--- a/core/site_scons/models/stm32u5_common.py
+++ b/core/site_scons/models/stm32u5_common.py
@ -65,7 +65,6 @@ def stm32u5_common_files(env, defines, sources, paths):
        "embed/trezorhal/stm32u5/secure_aes.c",
        "embed/trezorhal/stm32u5/systick.c",
        "embed/trezorhal/stm32f4/systimer.c",
        "embed/trezorhal/stm32f4/supervise.c",
        "embed/trezorhal/stm32u5/random_delays.c",
        "embed/trezorhal/stm32u5/rng.c",
        "embed/trezorhal/stm32u5/tamper.c",