From 6413c2c23ea6628e30c4024f539fe6e688a20661 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Wed, 11 Oct 2017 21:15:22 +0200 Subject: [PATCH] embed: rework memory layout, enable stack protector --- Makefile | 28 +++++++++++++------- SConscript.boardloader | 1 + SConscript.bootloader | 2 ++ SConscript.firmware | 1 + docs/memory.md | 21 ++++++++++++--- embed/boardloader/main.c | 3 +++ embed/boardloader/memory.ld | 2 +- embed/bootloader/main.c | 6 ++++- embed/bootloader/memory.ld | 2 +- embed/extmod/modtrezorconfig/norcow_config.h | 4 +-- embed/firmware/main.c | 23 ++++------------ embed/firmware/memory.ld | 2 +- embed/trezorhal/common.c | 7 +++++ embed/trezorhal/common.h | 6 +++-- vendor/norcow | 2 +- 15 files changed, 69 insertions(+), 41 deletions(-) diff --git a/Makefile b/Makefile index 98a55739e..12f161ded 100644 --- a/Makefile +++ b/Makefile @@ -28,6 +28,14 @@ endif STLINK_VER ?= v2 OPENOCD = openocd -f interface/stlink-$(STLINK_VER).cfg -c "transport select hla_swd" -f target/stm32f4x.cfg +BOARDLOADER_START = 0x08000000 +BOOTLOADER_START = 0x08020000 +FIRMWARE_START = 0x08040000 + +BOARDLOADER_MAXSIZE = 49152 +BOOTLOADER_MAXSIZE = 131072 +FIRMWARE_MAXSIZE = 786432 + ## help commands: help: ## show this help @@ -109,16 +117,16 @@ clean_cross: ## clean mpy-cross build flash: flash_boardloader flash_bootloader flash_firmware ## flash everything using OpenOCD flash_boardloader: $(BOARDLOADER_BUILD_DIR)/boardloader.bin ## flash boardloader using OpenOCD - $(OPENOCD) -c "init; reset halt; flash write_image erase $< 0x08000000; exit" + $(OPENOCD) -c "init; reset halt; flash write_image erase $< $(BOARDLOADER_START); exit" flash_bootloader: $(BOOTLOADER_BUILD_DIR)/bootloader.bin ## flash bootloader using OpenOCD - $(OPENOCD) -c "init; reset halt; flash write_image erase $< 0x08010000; exit" + $(OPENOCD) -c "init; reset halt; flash write_image erase $< $(BOOTLOADER_START); exit" flash_firmware: $(FIRMWARE_BUILD_DIR)/firmware.bin ## flash firmware using OpenOCD - $(OPENOCD) -c "init; reset halt; flash write_image erase $< 0x08020000; exit" + $(OPENOCD) -c "init; reset halt; flash write_image erase $< $(FIRMWARE_START); exit" flash_combine: $(FIRMWARE_BUILD_DIR)/combined.bin ## flash combined using OpenOCD - $(OPENOCD) -c "init; reset halt; flash write_image erase $< 0x08000000; exit" + $(OPENOCD) -c "init; reset halt; flash write_image erase $< $(BOARDLOADER_START); exit" flash_erase: ## erase all sectors in flash bank 0 $(OPENOCD) -c "init; reset halt; flash info 0; flash erase_sector 0 0 last; flash erase_check 0; exit" @@ -159,13 +167,13 @@ bloaty: ## run bloaty size profiler bloaty -d compileunits -n 0 -s file $(FIRMWARE_BUILD_DIR)/firmware.elf | less sizecheck: ## check sizes of binary files - test 32768 -ge $(shell stat -c%s $(BOARDLOADER_BUILD_DIR)/boardloader.bin) - test 65536 -ge $(shell stat -c%s $(BOOTLOADER_BUILD_DIR)/bootloader.bin) - test 917504 -ge $(shell stat -c%s $(FIRMWARE_BUILD_DIR)/firmware.bin) + test $(BOARDLOADER_MAXSIZE) -ge $(shell stat -c%s $(BOARDLOADER_BUILD_DIR)/boardloader.bin) + test $(BOOTLOADER_MAXSIZE) -ge $(shell stat -c%s $(BOOTLOADER_BUILD_DIR)/bootloader.bin) + test $(FIRMWARE_MAXSIZE) -ge $(shell stat -c%s $(FIRMWARE_BUILD_DIR)/firmware.bin) combine: ## combine boardloader + bootloader + firmware into one combined image ./tools/combine_firmware \ - 0x08000000 $(BOARDLOADER_BUILD_DIR)/boardloader.bin \ - 0x08010000 $(BOOTLOADER_BUILD_DIR)/bootloader.bin \ - 0x08020000 $(FIRMWARE_BUILD_DIR)/firmware.bin \ + $(BOARDLOADER_START) $(BOARDLOADER_BUILD_DIR)/boardloader.bin \ + $(BOOTLOADER_START) $(BOOTLOADER_BUILD_DIR)/bootloader.bin \ + $(FIRMWARE_START) $(FIRMWARE_BUILD_DIR)/firmware.bin \ > $(FIRMWARE_BUILD_DIR)/combined.bin \ diff --git a/SConscript.boardloader b/SConscript.boardloader index faa851f94..22d9dba7f 100644 --- a/SConscript.boardloader +++ b/SConscript.boardloader @@ -105,6 +105,7 @@ env.Replace( '-std=gnu99 -Wall -Werror -Wdouble-promotion -Wpointer-arith ' '-mthumb -mtune=cortex-m4 -mcpu=cortex-m4 -mfpu=fpv4-sp-d16 -mfloat-abi=hard ' '-fsingle-precision-constant -fdata-sections -ffunction-sections ' + + '-fstack-protector-all ' + CCFLAGS_MOD, CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB', LINKFLAGS='-nostdlib -T embed/boardloader/memory.ld --gc-sections', diff --git a/SConscript.bootloader b/SConscript.bootloader index 9356130ef..321f7954b 100644 --- a/SConscript.bootloader +++ b/SConscript.bootloader @@ -93,6 +93,7 @@ SOURCE_TREZORHAL = [ 'embed/trezorhal/image.c', 'embed/trezorhal/flash.c', 'embed/trezorhal/mini_printf.c', + 'embed/trezorhal/rng.c', 'embed/trezorhal/stm32.c', 'embed/trezorhal/touch.c', 'embed/trezorhal/usb.c', @@ -122,6 +123,7 @@ env.Replace( '-std=gnu99 -Wall -Werror -Wdouble-promotion -Wpointer-arith ' '-mthumb -mtune=cortex-m4 -mcpu=cortex-m4 -mfpu=fpv4-sp-d16 -mfloat-abi=hard ' '-fsingle-precision-constant -fdata-sections -ffunction-sections ' + + '-fstack-protector-all ' + CCFLAGS_MOD, CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB', LINKFLAGS='-nostdlib -T embed/bootloader/memory.ld --gc-sections', diff --git a/SConscript.firmware b/SConscript.firmware index 126eb6f06..7e2c0190d 100644 --- a/SConscript.firmware +++ b/SConscript.firmware @@ -324,6 +324,7 @@ env.Replace( '-std=gnu99 -Wall -Werror -Wdouble-promotion -Wpointer-arith ' '-mthumb -mtune=cortex-m4 -mcpu=cortex-m4 -mfpu=fpv4-sp-d16 -mfloat-abi=hard ' '-fsingle-precision-constant -fdata-sections -ffunction-sections ' + + '-fstack-protector-all ' + CCFLAGS_MOD, CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB', CCFLAGS_OPT='-O3', diff --git a/docs/memory.md b/docs/memory.md index eec9934d0..044eeda82 100644 --- a/docs/memory.md +++ b/docs/memory.md @@ -6,16 +6,29 @@ |-----------|-------------------------|--------:|---------------------- | Sector 0 | 0x08000000 - 0x08003FFF | 16 KiB | boardloader (1st stage) (write-protected) | Sector 1 | 0x08004000 - 0x08007FFF | 16 KiB | boardloader (1st stage) (write-protected) -| Sector 2 | 0x08008000 - 0x0800BFFF | 16 KiB | storage area -| Sector 3 | 0x0800C000 - 0x0800FFFF | 16 KiB | storage area -| Sector 4 | 0x08010000 - 0x0801FFFF | 64 KiB | bootloader (2nd stage) -| Sector 5 | 0x08020000 - 0x0803FFFF | 128 KiB | firmware +| Sector 2 | 0x08008000 - 0x0800BFFF | 16 KiB | boardloader (1st stage) (write-protected) +| Sector 3 | 0x0800C000 - 0x0800FFFF | 16 KiB | ? +| Sector 4 | 0x08010000 - 0x0801FFFF | 64 KiB | storage area #1 +| Sector 5 | 0x08020000 - 0x0803FFFF | 128 KiB | boardloader (2nd stage) | Sector 6 | 0x08040000 - 0x0805FFFF | 128 KiB | firmware | Sector 7 | 0x08060000 - 0x0807FFFF | 128 KiB | firmware | Sector 8 | 0x08080000 - 0x0809FFFF | 128 KiB | firmware | Sector 9 | 0x080A0000 - 0x080BFFFF | 128 KiB | firmware | Sector 10 | 0x080C0000 - 0x080DFFFF | 128 KiB | firmware | Sector 11 | 0x080E0000 - 0x080FFFFF | 128 KiB | firmware +|-----------|-------------------------|--------:|---------------------- +| Sector 12 | 0x08100000 - 0x08103FFF | 16 KiB | ? +| Sector 13 | 0x08104000 - 0x08107FFF | 16 KiB | ? +| Sector 14 | 0x08108000 - 0x0810BFFF | 16 KiB | ? +| Sector 15 | 0x0810C000 - 0x0810FFFF | 16 KiB | ? +| Sector 16 | 0x08110000 - 0x0811FFFF | 64 KiB | storage area #2 +| Sector 17 | 0x08120000 - 0x0813FFFF | 128 KiB | ? +| Sector 18 | 0x08140000 - 0x0815FFFF | 128 KiB | ? +| Sector 19 | 0x08160000 - 0x0817FFFF | 128 KiB | ? +| Sector 20 | 0x08180000 - 0x0819FFFF | 128 KiB | ? +| Sector 21 | 0x081A0000 - 0x081BFFFF | 128 KiB | ? +| Sector 22 | 0x081C0000 - 0x081DFFFF | 128 KiB | ? +| Sector 23 | 0x081E0000 - 0x081FFFFF | 128 KiB | ? ## RAM diff --git a/embed/boardloader/main.c b/embed/boardloader/main.c index 49cb6c090..882a31287 100644 --- a/embed/boardloader/main.c +++ b/embed/boardloader/main.c @@ -4,6 +4,7 @@ #include "display.h" #include "image.h" #include "flash.h" +#include "rng.h" #include "sdcard.h" #include "version.h" @@ -143,6 +144,8 @@ void check_and_jump(void) int main(void) { + __stack_chk_guard = rng_get(); + clear_peripheral_local_memory(); periph_init(); diff --git a/embed/boardloader/memory.ld b/embed/boardloader/memory.ld index f59cb7ace..72c0f6192 100644 --- a/embed/boardloader/memory.ld +++ b/embed/boardloader/memory.ld @@ -3,7 +3,7 @@ ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x08000000, LENGTH = 32K + FLASH (rx) : ORIGIN = 0x08000000, LENGTH = 48K CCMRAM (wal) : ORIGIN = 0x10000000, LENGTH = 64K SRAM (wal) : ORIGIN = 0x20000000, LENGTH = 128K } diff --git a/embed/bootloader/main.c b/embed/bootloader/main.c index 8a3559e5b..61926bfca 100644 --- a/embed/bootloader/main.c +++ b/embed/bootloader/main.c @@ -6,6 +6,7 @@ #include "display.h" #include "image.h" #include "flash.h" +#include "rng.h" #include "touch.h" #include "usb.h" #include "version.h" @@ -16,7 +17,8 @@ #define IMAGE_MAGIC 0x465A5254 // TRZF #define IMAGE_MAXSIZE (7 * 128 * 1024) -void pendsv_isr_handler(void) { +void pendsv_isr_handler(void) +{ __fatal_error("pendsv", __FILE__, __LINE__, __FUNCTION__); } @@ -193,6 +195,8 @@ void mainloop(void) int main(void) { + __stack_chk_guard = rng_get(); + periph_init(); display_pwm_init(); diff --git a/embed/bootloader/memory.ld b/embed/bootloader/memory.ld index df637d658..017036058 100644 --- a/embed/bootloader/memory.ld +++ b/embed/bootloader/memory.ld @@ -3,7 +3,7 @@ ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x08010000, LENGTH = 64K + FLASH (rx) : ORIGIN = 0x08020000, LENGTH = 128K CCMRAM (wal) : ORIGIN = 0x10000000, LENGTH = 64K SRAM (wal) : ORIGIN = 0x20000000, LENGTH = 128K } diff --git a/embed/extmod/modtrezorconfig/norcow_config.h b/embed/extmod/modtrezorconfig/norcow_config.h index 826011f90..dfa38e0dc 100644 --- a/embed/extmod/modtrezorconfig/norcow_config.h +++ b/embed/extmod/modtrezorconfig/norcow_config.h @@ -2,8 +2,8 @@ #define NORCOW_STM32 1 -#define NORCOW_START_SECTOR 2 -#define NORCOW_START_ADDRESS 0x08008000 +#define NORCOW_SECTORS {4, 16} +#define NORCOW_ADDRESSES {0x08010000, 0x08110000} #elif defined TREZOR_UNIX diff --git a/embed/firmware/main.c b/embed/firmware/main.c index 754bc2314..ae69c8906 100644 --- a/embed/firmware/main.c +++ b/embed/firmware/main.c @@ -21,30 +21,17 @@ #include "sdcard.h" #include "touch.h" -bool firmware_standalone(void) +int main(void) { - // linker script defined symbol -- reference 3.5.5 in GNU linker manual - extern const uint32_t _flash_start; - return &_flash_start == ((uint32_t *) 0x0800000); -} - -int main(void) { - - if (firmware_standalone()) { - SystemInit(); - } + __stack_chk_guard = rng_get(); periph_init(); pendsv_init(); - if (firmware_standalone()) { - display_init(); - } else { - display_pwm_init(); - display_orientation(0); - display_backlight(255); - } + display_pwm_init(); + display_orientation(0); + display_backlight(255); if (0 != flash_init()) { __fatal_error("flash_init", __FILE__, __LINE__, __FUNCTION__); diff --git a/embed/firmware/memory.ld b/embed/firmware/memory.ld index 2b3829b08..1ea26a3f3 100644 --- a/embed/firmware/memory.ld +++ b/embed/firmware/memory.ld @@ -3,7 +3,7 @@ ENTRY(reset_handler) MEMORY { - FLASH (rx) : ORIGIN = 0x08020000, LENGTH = 896K + FLASH (rx) : ORIGIN = 0x08040000, LENGTH = 768K CCMRAM (wal) : ORIGIN = 0x10000000, LENGTH = 64K SRAM (wal) : ORIGIN = 0x20000000, LENGTH = 128K } diff --git a/embed/trezorhal/common.c b/embed/trezorhal/common.c index 99bb03441..7125fb448 100644 --- a/embed/trezorhal/common.c +++ b/embed/trezorhal/common.c @@ -19,6 +19,13 @@ void __attribute__((noreturn)) __fatal_error(const char *msg, const char *file, for (;;); } +uint32_t __stack_chk_guard; + +void __attribute__((noreturn)) __stack_chk_fail(void) +{ + __fatal_error("Stack smashing detected.", NULL, 0, NULL); +} + #ifndef NDEBUG void __assert_func(const char *file, int line, const char *func, const char *expr) { display_printf("\nassert(%s)\n", expr); diff --git a/embed/trezorhal/common.h b/embed/trezorhal/common.h index e784a2616..9606404b8 100644 --- a/embed/trezorhal/common.h +++ b/embed/trezorhal/common.h @@ -4,8 +4,8 @@ #include #define BOARDLOADER_START 0x08000000 -#define BOOTLOADER_START 0x08010000 -#define FIRMWARE_START 0x08020000 +#define BOOTLOADER_START 0x08020000 +#define FIRMWARE_START 0x08040000 #define HEADER_SIZE 0x200 extern void memset_reg(volatile void *start, volatile void *stop, uint32_t val); @@ -20,4 +20,6 @@ void jump_to(uint32_t address); void hal_delay(uint32_t ms); +extern uint32_t __stack_chk_guard; + #endif diff --git a/vendor/norcow b/vendor/norcow index 8d2843aeb..56f11a3d6 160000 --- a/vendor/norcow +++ b/vendor/norcow @@ -1 +1 @@ -Subproject commit 8d2843aeb58f8fd0fc5162a11d5be1e2575776ca +Subproject commit 56f11a3d6c8c77d4ecb82e1a55d3003263ef2a72