arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-07-19 04:58:11 +00:00
Code Issues Releases Wiki Activity

refactor(core): introduce USE_TRUSTZONE

Browse Source 
[no changelog]
This commit is contained in:
cepetr 2024-10-31 09:23:37 +01:00 committed by cepetr
parent b174237684
commit 4af600d422
8 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/embed/boardloader/main.c
View File

@ -59,16 +59,15 @@
#endif #endif
#endif #endif
#include "memzero.h"
#include "model.h" #include "model.h"
#include "monoctr.h" #include "monoctr.h"
#include "option_bytes.h" #include "option_bytes.h"
#include "trustzone.h"
#include "version.h" #include "version.h"
#include "memzero.h"
#ifdef STM32U5 #ifdef STM32U5
#include "tamper.h" #include "tamper.h"
#include "trustzone.h"
#endif #endif
const uint8_t BOARDLOADER_KEY_M = 2; const uint8_t BOARDLOADER_KEY_M = 2;
@ -254,7 +253,9 @@ int main(void) {
#ifdef STM32U5 #ifdef STM32U5
tamper_init(); tamper_init();
#endif
#ifdef USE_TRUSTZONE
tz_init_boardloader(); tz_init_boardloader();
#endif #endif

2
core/embed/kernel/main.c
View File

@ -261,7 +261,7 @@ int main(void) {
// Initialize system's core services // Initialize system's core services
system_init(&kernel_panic); system_init(&kernel_panic);
#ifdef STM32U5 #ifdef USE_TRUSTZONE
// Configure unprivileged access for the coreapp // Configure unprivileged access for the coreapp
tz_init_kernel(); tz_init_kernel();
#endif #endif

10
core/embed/trezorhal/stm32f4/applet.c
View File

@ -17,8 +17,6 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include STM32_HAL_H
#include <string.h> #include <string.h>
#include "applet.h" #include "applet.h"
@ -74,7 +72,7 @@ bool applet_reset(applet_t* applet, uint32_t cmd, const void* arg,
arg3); arg3);
} }
#ifdef STM32U5 #ifdef USE_TRUSTZONE
// Sets unprivileged access to the applet memory regions // Sets unprivileged access to the applet memory regions
// and allows applet to use some specific peripherals. // and allows applet to use some specific peripherals.
static void applet_set_unpriv(applet_t* applet, bool unpriv) { static void applet_set_unpriv(applet_t* applet, bool unpriv) {
@ -87,16 +85,16 @@ static void applet_set_unpriv(applet_t* applet, bool unpriv) {
display_set_unpriv_access(unpriv); display_set_unpriv_access(unpriv);
} }
#endif // STM32U5 #endif // USE_TRUSTZONE
void applet_run(applet_t* applet) { void applet_run(applet_t* applet) {
#ifdef STM32U5 #ifdef USE_TRUSTZONE
applet_set_unpriv(applet, true); applet_set_unpriv(applet, true);
#endif #endif
systask_yield_to(&applet->task); systask_yield_to(&applet->task);
#ifdef STM32U5 #ifdef USE_TRUSTZONE
applet_set_unpriv(applet, false); applet_set_unpriv(applet, false);
#endif #endif
} }

4
core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c
View File

@ -75,7 +75,7 @@ static
uint8_t physical_frame_buffer_1[PHYSICAL_FRAME_BUFFER_SIZE]; uint8_t physical_frame_buffer_1[PHYSICAL_FRAME_BUFFER_SIZE];
#endif #endif
#ifdef STM32U5 #ifdef USE_TRUSTZONE
void display_set_unpriv_access(bool unpriv) { void display_set_unpriv_access(bool unpriv) {
tz_set_sram_unpriv((uint32_t)physical_frame_buffer_0, tz_set_sram_unpriv((uint32_t)physical_frame_buffer_0,
PHYSICAL_FRAME_BUFFER_SIZE, unpriv); PHYSICAL_FRAME_BUFFER_SIZE, unpriv);
@ -89,7 +89,7 @@ void display_set_unpriv_access(bool unpriv) {
tz_set_dma2d_unpriv(unpriv); tz_set_dma2d_unpriv(unpriv);
#endif #endif
} }
#endif // STM32U5 #endif // USE_TRUSTZONE
// Returns the pointer to the physical frame buffer (0.. FRAME_BUFFER_COUNT-1) // Returns the pointer to the physical frame buffer (0.. FRAME_BUFFER_COUNT-1)
// Returns NULL if the framebuffer index is out of range. // Returns NULL if the framebuffer index is out of range.

4
core/embed/trezorhal/stm32f4/xdisplay/vg-2864/display_driver.c
View File

@ -327,11 +327,11 @@ void display_deinit(display_content_mode_t mode) {
drv->initialized = false; drv->initialized = false;
} }
#ifdef STM32U5 #ifdef USE_TRUSTZONE
void display_set_unpriv_access(bool unpriv) { void display_set_unpriv_access(bool unpriv) {
tz_set_sram_unpriv((uint32_t)g_framebuf, FRAME_BUFFER_SIZE, unpriv); tz_set_sram_unpriv((uint32_t)g_framebuf, FRAME_BUFFER_SIZE, unpriv);
} }
#endif // STM32U5 #endif // USE_TRUSTZONE
int display_set_backlight(int level) { int display_set_backlight(int level) {
display_driver_t *drv = &g_display_driver; display_driver_t *drv = &g_display_driver;

4
core/embed/trezorhal/stm32u5/secure_aes.c
View File

@ -162,6 +162,7 @@ secbool unpriv_encrypt(const uint8_t* input, size_t size, uint8_t* output,
uint32_t basepri = __get_BASEPRI(); uint32_t basepri = __get_BASEPRI();
__set_BASEPRI(IRQ_PRI_HIGHEST + 1); __set_BASEPRI(IRQ_PRI_HIGHEST + 1);
#ifdef USE_TRUSTZONE
uint32_t unpriv_ram_start = (uint32_t)&sram_u_start; uint32_t unpriv_ram_start = (uint32_t)&sram_u_start;
uint32_t unpriv_ram_size = &sram_u_end - &sram_u_start; uint32_t unpriv_ram_size = &sram_u_end - &sram_u_start;
@ -179,6 +180,7 @@ secbool unpriv_encrypt(const uint8_t* input, size_t size, uint8_t* output,
tz_set_flash_unpriv(unpriv_flash_start, unpriv_flash_size, true); tz_set_flash_unpriv(unpriv_flash_start, unpriv_flash_size, true);
tz_set_saes_unpriv(true); tz_set_saes_unpriv(true);
tz_set_tamper_unpriv(true); tz_set_tamper_unpriv(true);
#endif // USE_TRUSTZONE
mpu_mode_t mpu_mode = mpu_reconfig(MPU_MODE_SAES); mpu_mode_t mpu_mode = mpu_reconfig(MPU_MODE_SAES);
@ -204,10 +206,12 @@ secbool unpriv_encrypt(const uint8_t* input, size_t size, uint8_t* output,
mpu_reconfig(mpu_mode); mpu_reconfig(mpu_mode);
#ifdef USE_TRUSTZONE
tz_set_sram_unpriv(unpriv_ram_start, unpriv_ram_size, false); tz_set_sram_unpriv(unpriv_ram_start, unpriv_ram_size, false);
tz_set_flash_unpriv(unpriv_flash_start, unpriv_flash_size, false); tz_set_flash_unpriv(unpriv_flash_start, unpriv_flash_size, false);
tz_set_saes_unpriv(false); tz_set_saes_unpriv(false);
tz_set_tamper_unpriv(false); tz_set_tamper_unpriv(false);
#endif // USE_TRUSTZONE
__set_BASEPRI(basepri); __set_BASEPRI(basepri);
NVIC_SetPriority(SVCall_IRQn, prev_svc_prio); NVIC_SetPriority(SVCall_IRQn, prev_svc_prio);

2
core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_fb.c
View File

@ -42,6 +42,7 @@ uint8_t physical_frame_buffer_1[PHYSICAL_FRAME_BUFFER_SIZE];
__attribute__((section(".framebuffer_select"))) uint32_t current_frame_buffer = __attribute__((section(".framebuffer_select"))) uint32_t current_frame_buffer =
0; 0;
#ifdef USE_TRUSTZONE
void display_set_unpriv_access(bool unpriv) { void display_set_unpriv_access(bool unpriv) {
// To allow unprivileged access both GFXMMU virtual buffers area and // To allow unprivileged access both GFXMMU virtual buffers area and
// underlying SRAM region must be configured as unprivileged. // underlying SRAM region must be configured as unprivileged.
@ -69,6 +70,7 @@ void display_set_unpriv_access(bool unpriv) {
tz_set_dma2d_unpriv(unpriv); tz_set_dma2d_unpriv(unpriv);
#endif #endif
} }
#endif // USE_TRUSTZONE
bool display_get_frame_buffer(display_fb_info_t *fb) { bool display_get_frame_buffer(display_fb_info_t *fb) {
display_driver_t *drv = &g_display_driver; display_driver_t *drv = &g_display_driver;

1
core/site_scons/models/stm32u5_common.py
View File

@ -5,6 +5,7 @@ def stm32u5_common_files(env, defines, sources, paths):
defines += [ defines += [
("STM32_HAL_H", '"<stm32u5xx.h>"'), ("STM32_HAL_H", '"<stm32u5xx.h>"'),
("FLASH_BLOCK_WORDS", "4"), ("FLASH_BLOCK_WORDS", "4"),
("USE_TRUSTZONE", "1"),
("CONFIDENTIAL", "'__attribute__((section(\".confidential\")))'"), ("CONFIDENTIAL", "'__attribute__((section(\".confidential\")))'"),
] ]