diff --git a/core/embed/rust/build.rs b/core/embed/rust/build.rs index 01bf7430db..f0c8eef141 100644 --- a/core/embed/rust/build.rs +++ b/core/embed/rust/build.rs @@ -291,6 +291,9 @@ fn generate_trezorhal_bindings() { .allowlist_function("storage_set_counter") .allowlist_function("storage_next_counter") .allowlist_function("translations_read") + .allowlist_function("translations_write") + .allowlist_function("translations_erase") + .allowlist_function("translations_area_bytesize") // display .allowlist_function("display_clear") .allowlist_function("display_offset") diff --git a/core/embed/rust/src/trezorhal/translations.rs b/core/embed/rust/src/trezorhal/translations.rs index 6f854b5a5a..db370e9be0 100644 --- a/core/embed/rust/src/trezorhal/translations.rs +++ b/core/embed/rust/src/trezorhal/translations.rs @@ -1,27 +1,29 @@ use super::ffi; -#[repr(C)] -pub struct PointerData { - pub ptr: *const u8, - pub len: u32, -} - -pub fn get_translations_blob() -> &'static [u8] { +// SAFETY: Returned slice is valid and immutable until a call to `erase()` and/or `set_blob()`. +// Caller is responsible for disposing of all references to the slice before touching +// the flash contents. +pub unsafe fn get_blob<'a>() -> &'a [u8] { let mut len: u32 = 0; let ptr = unsafe { ffi::translations_read(&mut len, 0) }; if ptr.is_null() { fatal_error!("Translations read failed", ""); } + // SAFETY: The pointer is always valid. unsafe { core::slice::from_raw_parts(ptr, len as usize) } } -pub fn get_pointer_with_offset(offset: u16, len: u16) -> PointerData { - let ptr = unsafe { ffi::translations_read(&mut 0, offset.into()) }; - if ptr.is_null() { - fatal_error!("Translations read failed", ""); - } - PointerData { - ptr, - len: len.into(), - } +// SAFETY: This call invalidates the reference to the blob returned by `get_blob()`. +pub unsafe fn erase() { + unsafe { ffi::translations_erase() }; +} + +pub fn area_bytesize() -> usize { + // SAFETY: Safe, no side effects. + unsafe { ffi::translations_area_bytesize() as usize } +} + +// SAFETY: This call may invalidate the reference to the blob returned by `get_blob()`. +pub unsafe fn write(data: &[u8], offset: usize) { + unsafe { ffi::translations_write(data.as_ptr(), offset as u32, data.len() as u32) }; } diff --git a/core/embed/trezorhal/stm32f4/translations.c b/core/embed/trezorhal/stm32f4/translations.c index b09b4b4b94..03b044796b 100644 --- a/core/embed/trezorhal/stm32f4/translations.c +++ b/core/embed/trezorhal/stm32f4/translations.c @@ -5,9 +5,11 @@ #include "flash.h" #include "model.h" -void translations_write(uint8_t* data, uint32_t offset, uint32_t len) { +void translations_write(const uint8_t* data, uint32_t offset, uint32_t len) { + // TODO maybe return errors from here? ensure(flash_unlock_write(), "translations_write unlock"); for (int i = 0; i < len; i++) { + // TODO optimize by writing by (quad)words ensure(flash_area_write_byte(&TRANSLATIONS_AREA, offset + i, data[i]), "translations_write write"); } diff --git a/core/embed/trezorhal/translations.h b/core/embed/trezorhal/translations.h index fad8376152..d3d07590f4 100644 --- a/core/embed/trezorhal/translations.h +++ b/core/embed/trezorhal/translations.h @@ -1,6 +1,6 @@ #include -void translations_write(uint8_t* data, uint32_t offset, uint32_t len); +void translations_write(const uint8_t* data, uint32_t offset, uint32_t len); const uint8_t* translations_read(uint32_t* len, uint32_t offset);