refactor(core): introduce USE_TRUSTZONE

[no changelog]
2024-11-15 20:19:23 +00:00 · 2024-10-31 09:23:37 +01:00 · 2024-10-31 09:23:37 +01:00 · 4af600d422
commit 4af600d422
parent b174237684
8 changed files with 20 additions and 14 deletions
--- a/core/embed/boardloader/main.c
+++ b/core/embed/boardloader/main.c
@ -59,16 +59,15 @@
 #endif
 #endif

+#include "memzero.h"
 #include "model.h"
 #include "monoctr.h"
 #include "option_bytes.h"
+#include "trustzone.h"
 #include "version.h"

-#include "memzero.h"
-
 #ifdef STM32U5
 #include "tamper.h"
-#include "trustzone.h"
 #endif

 const uint8_t BOARDLOADER_KEY_M = 2;
@ -254,7 +253,9 @@ int main(void) {

 #ifdef STM32U5
  tamper_init();
+#endif

+#ifdef USE_TRUSTZONE
  tz_init_boardloader();
 #endif

--- a/core/embed/kernel/main.c
+++ b/core/embed/kernel/main.c
@ -261,7 +261,7 @@ int main(void) {
  // Initialize system's core services
  system_init(&kernel_panic);

-#ifdef STM32U5
+#ifdef USE_TRUSTZONE
  // Configure unprivileged access for the coreapp
  tz_init_kernel();
 #endif
--- a/core/embed/trezorhal/stm32f4/applet.c
+++ b/core/embed/trezorhal/stm32f4/applet.c
@ -17,8 +17,6 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

-#include STM32_HAL_H
-
 #include <string.h>

 #include "applet.h"
@ -74,7 +72,7 @@ bool applet_reset(applet_t* applet, uint32_t cmd, const void* arg,
                           arg3);
 }

-#ifdef STM32U5
+#ifdef USE_TRUSTZONE
 // Sets unprivileged access to the applet memory regions
 // and allows applet to use some specific peripherals.
 static void applet_set_unpriv(applet_t* applet, bool unpriv) {
@ -87,16 +85,16 @@ static void applet_set_unpriv(applet_t* applet, bool unpriv) {

  display_set_unpriv_access(unpriv);
 }
-#endif  // STM32U5
+#endif  // USE_TRUSTZONE

 void applet_run(applet_t* applet) {
-#ifdef STM32U5
+#ifdef USE_TRUSTZONE
  applet_set_unpriv(applet, true);
 #endif

  systask_yield_to(&applet->task);

-#ifdef STM32U5
+#ifdef USE_TRUSTZONE
  applet_set_unpriv(applet, false);
 #endif
 }
--- a/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c
+++ b/core/embed/trezorhal/stm32f4/xdisplay/st-7789/display_fb.c
@ -75,7 +75,7 @@ static
    uint8_t physical_frame_buffer_1[PHYSICAL_FRAME_BUFFER_SIZE];
 #endif

-#ifdef STM32U5
+#ifdef USE_TRUSTZONE
 void display_set_unpriv_access(bool unpriv) {
  tz_set_sram_unpriv((uint32_t)physical_frame_buffer_0,
                     PHYSICAL_FRAME_BUFFER_SIZE, unpriv);
@ -89,7 +89,7 @@ void display_set_unpriv_access(bool unpriv) {
  tz_set_dma2d_unpriv(unpriv);
 #endif
 }
-#endif  // STM32U5
+#endif  // USE_TRUSTZONE

 // Returns the pointer to the physical frame buffer (0.. FRAME_BUFFER_COUNT-1)
 // Returns NULL if the framebuffer index is out of range.
--- a/core/embed/trezorhal/stm32f4/xdisplay/vg-2864/display_driver.c
+++ b/core/embed/trezorhal/stm32f4/xdisplay/vg-2864/display_driver.c
@ -327,11 +327,11 @@ void display_deinit(display_content_mode_t mode) {
  drv->initialized = false;
 }

-#ifdef STM32U5
+#ifdef USE_TRUSTZONE
 void display_set_unpriv_access(bool unpriv) {
  tz_set_sram_unpriv((uint32_t)g_framebuf, FRAME_BUFFER_SIZE, unpriv);
 }
-#endif  // STM32U5
+#endif  // USE_TRUSTZONE

 int display_set_backlight(int level) {
  display_driver_t *drv = &g_display_driver;
--- a/core/embed/trezorhal/stm32u5/secure_aes.c
+++ b/core/embed/trezorhal/stm32u5/secure_aes.c
@ -162,6 +162,7 @@ secbool unpriv_encrypt(const uint8_t* input, size_t size, uint8_t* output,
  uint32_t basepri = __get_BASEPRI();
  __set_BASEPRI(IRQ_PRI_HIGHEST + 1);

+#ifdef USE_TRUSTZONE
  uint32_t unpriv_ram_start = (uint32_t)&sram_u_start;
  uint32_t unpriv_ram_size = &sram_u_end - &sram_u_start;

@ -179,6 +180,7 @@ secbool unpriv_encrypt(const uint8_t* input, size_t size, uint8_t* output,
  tz_set_flash_unpriv(unpriv_flash_start, unpriv_flash_size, true);
  tz_set_saes_unpriv(true);
  tz_set_tamper_unpriv(true);
+#endif  // USE_TRUSTZONE

  mpu_mode_t mpu_mode = mpu_reconfig(MPU_MODE_SAES);

@ -204,10 +206,12 @@ secbool unpriv_encrypt(const uint8_t* input, size_t size, uint8_t* output,

  mpu_reconfig(mpu_mode);

+#ifdef USE_TRUSTZONE
  tz_set_sram_unpriv(unpriv_ram_start, unpriv_ram_size, false);
  tz_set_flash_unpriv(unpriv_flash_start, unpriv_flash_size, false);
  tz_set_saes_unpriv(false);
  tz_set_tamper_unpriv(false);
+#endif  // USE_TRUSTZONE

  __set_BASEPRI(basepri);
  NVIC_SetPriority(SVCall_IRQn, prev_svc_prio);
--- a/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_fb.c
+++ b/core/embed/trezorhal/stm32u5/xdisplay/stm32u5a9j-dk/display_fb.c
@ -42,6 +42,7 @@ uint8_t physical_frame_buffer_1[PHYSICAL_FRAME_BUFFER_SIZE];
 __attribute__((section(".framebuffer_select"))) uint32_t current_frame_buffer =
    0;

+#ifdef USE_TRUSTZONE
 void display_set_unpriv_access(bool unpriv) {
  // To allow unprivileged access both GFXMMU virtual buffers area and
  // underlying SRAM region must be configured as unprivileged.
@ -69,6 +70,7 @@ void display_set_unpriv_access(bool unpriv) {
  tz_set_dma2d_unpriv(unpriv);
 #endif
 }
+#endif  //  USE_TRUSTZONE

 bool display_get_frame_buffer(display_fb_info_t *fb) {
  display_driver_t *drv = &g_display_driver;
--- a/core/site_scons/models/stm32u5_common.py
+++ b/core/site_scons/models/stm32u5_common.py
@ -5,6 +5,7 @@ def stm32u5_common_files(env, defines, sources, paths):
    defines += [
        ("STM32_HAL_H", '"<stm32u5xx.h>"'),
        ("FLASH_BLOCK_WORDS", "4"),
+        ("USE_TRUSTZONE", "1"),
        ("CONFIDENTIAL", "'__attribute__((section(\".confidential\")))'"),
    ]