From 7fb272badef9a6ec4e8dd4f82a251a5da45dd6c1 Mon Sep 17 00:00:00 2001 From: tychovrahe Date: Fri, 7 Mar 2025 09:42:59 +0100 Subject: [PATCH] chore(core): remove unprivileged SAES on U5G models [no changelog] --- core/embed/models/D001/memory.ld | 2 +- core/embed/models/D001/model_D001.h | 2 +- core/embed/models/D002/memory.ld | 5 +--- core/embed/models/D002/model_D002.h | 6 +---- core/embed/models/T2B1/memory.ld | 2 +- core/embed/models/T2B1/model_T2B1.h | 2 +- core/embed/models/T3B1/memory.ld | 2 +- core/embed/models/T3B1/model_T3B1.h | 2 +- core/embed/models/T3T1/memory.ld | 2 +- core/embed/models/T3T1/model_T3T1.h | 2 +- core/embed/models/T3W1/memory.ld | 5 +--- core/embed/models/T3W1/model_T3W1.h | 6 +---- .../embed/sec/secure_aes/stm32u5/secure_aes.c | 21 ++++++++++------- core/embed/sys/linker/stm32u5g/boardloader.ld | 1 - core/embed/sys/linker/stm32u5g/bootloader.ld | 1 - core/embed/sys/linker/stm32u5g/kernel.ld | 23 +------------------ core/embed/sys/linker/stm32u5g/prodtest.ld | 1 - core/embed/sys/mpu/stm32u5/mpu.c | 20 ++++++++++++---- 18 files changed, 42 insertions(+), 63 deletions(-) diff --git a/core/embed/models/D001/memory.ld b/core/embed/models/D001/memory.ld index 075cccbacc..26cd6081c6 100644 --- a/core/embed/models/D001/memory.ld +++ b/core/embed/models/D001/memory.ld @@ -2,7 +2,7 @@ FLASH_START = 0x8000000; NORCOW_SECTOR_SIZE = 0x10000; -NORCOW_MIN_VERSION = 0x0; +NORCOW_MIN_VERSION = 0x6; BOARDLOADER_START = 0x8000000; BOARDLOADER_MAXSIZE = 0xc000; BOARDLOADER_SECTOR_START = 0x0; diff --git a/core/embed/models/D001/model_D001.h b/core/embed/models/D001/model_D001.h index a44f443193..6e213538e0 100644 --- a/core/embed/models/D001/model_D001.h +++ b/core/embed/models/D001/model_D001.h @@ -33,7 +33,7 @@ #define FLASH_START 0x08000000 #define NORCOW_SECTOR_SIZE (1 * 64 * 1024) // 64 kB -#define NORCOW_MIN_VERSION 0x00000000 +#define NORCOW_MIN_VERSION 0x00000006 // FLASH layout #define BOARDLOADER_START 0x08000000 diff --git a/core/embed/models/D002/memory.ld b/core/embed/models/D002/memory.ld index 54540ccdcd..82056cd7a5 100644 --- a/core/embed/models/D002/memory.ld +++ b/core/embed/models/D002/memory.ld @@ -27,7 +27,6 @@ FIRMWARE_SECTOR_START = 0x22; FIRMWARE_SECTOR_END = 0x1cf; KERNEL_START = 0xc044000; KERNEL_MAXSIZE = 0x80000; -KERNEL_U_FLASH_SIZE = 0x200; STORAGE_1_START = 0xc3a0000; STORAGE_1_MAXSIZE = 0x20000; STORAGE_1_SECTOR_START = 0x1d0; @@ -45,9 +44,7 @@ BOOTARGS_SIZE = 0x200; FB1_RAM_START = 0x30000200; FB1_RAM_SIZE = 0xbfe00; MAIN_RAM_START = 0x300c0000; -MAIN_RAM_SIZE = 0xfe00; -SAES_RAM_START = 0x300cfe00; -SAES_RAM_SIZE = 0x200; +MAIN_RAM_SIZE = 0x10000; FB2_RAM_START = 0x300d0000; FB2_RAM_SIZE = 0xc0000; AUX1_RAM_START = 0x30190000; diff --git a/core/embed/models/D002/model_D002.h b/core/embed/models/D002/model_D002.h index 01136e7ca2..34a21371f3 100644 --- a/core/embed/models/D002/model_D002.h +++ b/core/embed/models/D002/model_D002.h @@ -67,7 +67,6 @@ #define FIRMWARE_SECTOR_END 0x1CF #define KERNEL_START 0x0C044000 #define KERNEL_MAXSIZE (512 * 1024) // 512 kB -#define KERNEL_U_FLASH_SIZE 512 #define STORAGE_1_START 0x0C3A0000 #define STORAGE_1_MAXSIZE (16 * 8 * 1024) // 128 kB @@ -92,10 +91,7 @@ #define FB1_RAM_SIZE (768 * 1024 - 512) #define MAIN_RAM_START 0x300C0000 -#define MAIN_RAM_SIZE (64 * 1024 - 512) - -#define SAES_RAM_START 0x300CFE00 -#define SAES_RAM_SIZE 512 +#define MAIN_RAM_SIZE (64 * 1024) #define FB2_RAM_START 0x300D0000 #define FB2_RAM_SIZE (768 * 1024) diff --git a/core/embed/models/T2B1/memory.ld b/core/embed/models/T2B1/memory.ld index bcdbef4add..79a02f8f57 100644 --- a/core/embed/models/T2B1/memory.ld +++ b/core/embed/models/T2B1/memory.ld @@ -2,7 +2,7 @@ FLASH_START = 0x8000000; NORCOW_SECTOR_SIZE = 0x10000; -NORCOW_MIN_VERSION = 0x0; +NORCOW_MIN_VERSION = 0x3; BOARDLOADER_START = 0x8000000; BOARDLOADER_MAXSIZE = 0xc000; BOARDLOADER_SECTOR_START = 0x0; diff --git a/core/embed/models/T2B1/model_T2B1.h b/core/embed/models/T2B1/model_T2B1.h index b556d0b78e..79ec713b3a 100644 --- a/core/embed/models/T2B1/model_T2B1.h +++ b/core/embed/models/T2B1/model_T2B1.h @@ -34,7 +34,7 @@ #define FLASH_START 0x08000000 #define NORCOW_SECTOR_SIZE (1 * 64 * 1024) // 64 kB -#define NORCOW_MIN_VERSION 0x00000000 +#define NORCOW_MIN_VERSION 0x00000003 // FLASH layout #define BOARDLOADER_START 0x08000000 diff --git a/core/embed/models/T3B1/memory.ld b/core/embed/models/T3B1/memory.ld index bd48ee2797..0b45ca6ea7 100644 --- a/core/embed/models/T3B1/memory.ld +++ b/core/embed/models/T3B1/memory.ld @@ -2,7 +2,7 @@ FLASH_START = 0xc004000; NORCOW_SECTOR_SIZE = 0x10000; -NORCOW_MIN_VERSION = 0x0; +NORCOW_MIN_VERSION = 0x5; SECRET_START = 0xc000000; SECRET_MAXSIZE = 0x4000; SECRET_SECTOR_START = 0x0; diff --git a/core/embed/models/T3B1/model_T3B1.h b/core/embed/models/T3B1/model_T3B1.h index fd3bd8d2d1..e5920f13d6 100644 --- a/core/embed/models/T3B1/model_T3B1.h +++ b/core/embed/models/T3B1/model_T3B1.h @@ -34,7 +34,7 @@ // misc #define FLASH_START 0x0C004000 #define NORCOW_SECTOR_SIZE (8 * 8 * 1024) // 64 kB -#define NORCOW_MIN_VERSION 0x00000000 +#define NORCOW_MIN_VERSION 0x00000005 // FLASH layout #define SECRET_START 0x0C000000 diff --git a/core/embed/models/T3T1/memory.ld b/core/embed/models/T3T1/memory.ld index ccec1b04d4..4a08fe0b52 100644 --- a/core/embed/models/T3T1/memory.ld +++ b/core/embed/models/T3T1/memory.ld @@ -2,7 +2,7 @@ FLASH_START = 0xc004000; NORCOW_SECTOR_SIZE = 0x10000; -NORCOW_MIN_VERSION = 0x0; +NORCOW_MIN_VERSION = 0x4; SECRET_START = 0xc000000; SECRET_MAXSIZE = 0x4000; SECRET_SECTOR_START = 0x0; diff --git a/core/embed/models/T3T1/model_T3T1.h b/core/embed/models/T3T1/model_T3T1.h index 2c7d972c58..cb19229795 100644 --- a/core/embed/models/T3T1/model_T3T1.h +++ b/core/embed/models/T3T1/model_T3T1.h @@ -34,7 +34,7 @@ // misc #define FLASH_START 0x0C004000 #define NORCOW_SECTOR_SIZE (8 * 8 * 1024) // 64 kB -#define NORCOW_MIN_VERSION 0x00000000 +#define NORCOW_MIN_VERSION 0x00000004 // FLASH layout #define SECRET_START 0x0C000000 diff --git a/core/embed/models/T3W1/memory.ld b/core/embed/models/T3W1/memory.ld index 54540ccdcd..82056cd7a5 100644 --- a/core/embed/models/T3W1/memory.ld +++ b/core/embed/models/T3W1/memory.ld @@ -27,7 +27,6 @@ FIRMWARE_SECTOR_START = 0x22; FIRMWARE_SECTOR_END = 0x1cf; KERNEL_START = 0xc044000; KERNEL_MAXSIZE = 0x80000; -KERNEL_U_FLASH_SIZE = 0x200; STORAGE_1_START = 0xc3a0000; STORAGE_1_MAXSIZE = 0x20000; STORAGE_1_SECTOR_START = 0x1d0; @@ -45,9 +44,7 @@ BOOTARGS_SIZE = 0x200; FB1_RAM_START = 0x30000200; FB1_RAM_SIZE = 0xbfe00; MAIN_RAM_START = 0x300c0000; -MAIN_RAM_SIZE = 0xfe00; -SAES_RAM_START = 0x300cfe00; -SAES_RAM_SIZE = 0x200; +MAIN_RAM_SIZE = 0x10000; FB2_RAM_START = 0x300d0000; FB2_RAM_SIZE = 0xc0000; AUX1_RAM_START = 0x30190000; diff --git a/core/embed/models/T3W1/model_T3W1.h b/core/embed/models/T3W1/model_T3W1.h index 8012606bc4..8c3d9d6de1 100644 --- a/core/embed/models/T3W1/model_T3W1.h +++ b/core/embed/models/T3W1/model_T3W1.h @@ -66,7 +66,6 @@ #define FIRMWARE_SECTOR_END 0x1CF #define KERNEL_START 0x0C044000 #define KERNEL_MAXSIZE (512 * 1024) // 512 kB -#define KERNEL_U_FLASH_SIZE 512 #define STORAGE_1_START 0x0C3A0000 #define STORAGE_1_MAXSIZE (16 * 8 * 1024) // 128 kB @@ -91,10 +90,7 @@ #define FB1_RAM_SIZE (768 * 1024 - 512) #define MAIN_RAM_START 0x300C0000 -#define MAIN_RAM_SIZE (64 * 1024 - 512) - -#define SAES_RAM_START 0x300CFE00 -#define SAES_RAM_SIZE 512 +#define MAIN_RAM_SIZE (64 * 1024) #define FB2_RAM_START 0x300D0000 #define FB2_RAM_SIZE (768 * 1024) diff --git a/core/embed/sec/secure_aes/stm32u5/secure_aes.c b/core/embed/sec/secure_aes/stm32u5/secure_aes.c index 598fd305db..bc9f065f39 100644 --- a/core/embed/sec/secure_aes/stm32u5/secure_aes.c +++ b/core/embed/sec/secure_aes/stm32u5/secure_aes.c @@ -24,12 +24,6 @@ #include #include -#include -#include - -#ifdef USE_TRUSTZONE -#include -#endif #include "memzero.h" @@ -38,8 +32,6 @@ #ifdef KERNEL_MODE -#include - static void secure_aes_load_bhk(void) { TAMP->BKP0R; TAMP->BKP1R; @@ -76,8 +68,18 @@ static secbool is_key_supported(secure_aes_keysel_t key) { } } +#if NORCOW_MIN_VERSION <= 5 #ifdef SYSCALL_DISPATCH +#include +#include + +#ifdef USE_TRUSTZONE +#include +#endif + +#include + __attribute__((section(".udata"))) uint32_t saes_input[SAES_DATA_SIZE_WITH_UPRIV_KEY / sizeof(uint32_t)]; @@ -220,13 +222,16 @@ secbool unpriv_encrypt(const uint8_t* input, size_t size, uint8_t* output, return retval; } #endif +#endif secbool secure_aes_ecb_encrypt_hw(const uint8_t* input, size_t size, uint8_t* output, secure_aes_keysel_t key) { +#if NORCOW_MIN_VERSION <= 5 #ifdef SYSCALL_DISPATCH if (key == SECURE_AES_KEY_XORK_SN) { return unpriv_encrypt(input, size, output, key); } +#endif #endif if (sectrue != is_key_supported(key)) { diff --git a/core/embed/sys/linker/stm32u5g/boardloader.ld b/core/embed/sys/linker/stm32u5g/boardloader.ld index df63d1203b..f32f17c0a7 100644 --- a/core/embed/sys/linker/stm32u5g/boardloader.ld +++ b/core/embed/sys/linker/stm32u5g/boardloader.ld @@ -9,7 +9,6 @@ MEMORY { MAIN_RAM (wal) : ORIGIN = MAIN_RAM_START, LENGTH = MAIN_RAM_SIZE AUX1_RAM (wal) : ORIGIN = AUX1_RAM_START, LENGTH = AUX1_RAM_SIZE BOOT_ARGS (wal) : ORIGIN = BOOTARGS_START, LENGTH = BOOTARGS_SIZE - SAES_RAM (wal) : ORIGIN = SAES_RAM_START, LENGTH = SAES_RAM_SIZE FB1_RAM (wal) : ORIGIN = FB1_RAM_START, LENGTH = FB1_RAM_SIZE FB2_RAM (wal) : ORIGIN = FB2_RAM_START, LENGTH = FB2_RAM_SIZE } diff --git a/core/embed/sys/linker/stm32u5g/bootloader.ld b/core/embed/sys/linker/stm32u5g/bootloader.ld index ce1557ce7e..b7c75e16c4 100644 --- a/core/embed/sys/linker/stm32u5g/bootloader.ld +++ b/core/embed/sys/linker/stm32u5g/bootloader.ld @@ -8,7 +8,6 @@ MEMORY { MAIN_RAM (wal) : ORIGIN = MAIN_RAM_START, LENGTH = MAIN_RAM_SIZE AUX1_RAM (wal) : ORIGIN = AUX1_RAM_START, LENGTH = AUX1_RAM_SIZE BOOT_ARGS (wal) : ORIGIN = BOOTARGS_START, LENGTH = BOOTARGS_SIZE - SAES_RAM (wal) : ORIGIN = SAES_RAM_START, LENGTH = SAES_RAM_SIZE FB1_RAM (wal) : ORIGIN = FB1_RAM_START, LENGTH = FB1_RAM_SIZE FB2_RAM (wal) : ORIGIN = FB2_RAM_START, LENGTH = FB2_RAM_SIZE } diff --git a/core/embed/sys/linker/stm32u5g/kernel.ld b/core/embed/sys/linker/stm32u5g/kernel.ld index 9ae4b177dc..97c5538043 100644 --- a/core/embed/sys/linker/stm32u5g/kernel.ld +++ b/core/embed/sys/linker/stm32u5g/kernel.ld @@ -7,7 +7,6 @@ MEMORY { MAIN_RAM (wal) : ORIGIN = MAIN_RAM_START, LENGTH = MAIN_RAM_SIZE BOOT_ARGS (wal) : ORIGIN = BOOTARGS_START, LENGTH = BOOTARGS_SIZE - SAES_RAM (wal) : ORIGIN = SAES_RAM_START, LENGTH = SAES_RAM_SIZE FB1_RAM (wal) : ORIGIN = FB1_RAM_START, LENGTH = FB1_RAM_SIZE FB2_RAM (wal) : ORIGIN = FB2_RAM_START, LENGTH = FB2_RAM_SIZE } @@ -15,11 +14,6 @@ MEMORY { _stack_section_start = ADDR(.stack); _stack_section_end = ADDR(.stack) + SIZEOF(.stack); - -ustack_base = ADDR(.udata) + 512; -_sustack = ADDR(.udata) + 256; -_eustack = ustack_base; - _data_section_loadaddr = LOADADDR(.data); _data_section_start = ADDR(.data); _data_section_end = ADDR(.data) + SIZEOF(.data); @@ -39,13 +33,10 @@ _accessible_ram_1_end = MCU_SRAM4 + MCU_SRAM4_SIZE; _bootargs_ram_start = BOOTARGS_START; _bootargs_ram_end = BOOTARGS_START + BOOTARGS_SIZE; -_codelen = SIZEOF(.vendorheader) + SIZEOF(.header) + SIZEOF(.flash) + SIZEOF(.uflash) + SIZEOF(.data) + SIZEOF(.confidential); +_codelen = SIZEOF(.vendorheader) + SIZEOF(.header) + SIZEOF(.flash) + SIZEOF(.data) + SIZEOF(.confidential); _flash_start = ORIGIN(FLASH); _flash_end = ORIGIN(FLASH) + LENGTH(FLASH); -_uflash_start = ADDR(.uflash); -_uflash_end = ADDR(.uflash) + SIZEOF(.uflash); - SECTIONS { .vendorheader : ALIGN(4) { KEEP(*(.vendorheader)) @@ -87,23 +78,11 @@ SECTIONS { . = ALIGN(4); } >MAIN_RAM - /* unprivileged data and stack for SAES */ - .udata : ALIGN(512) { - *(.udata*); - . = ALIGN(256); - . = 256; /* Overflow causes UsageFault */ - } >SAES_RAM - .confidential : ALIGN(512) { *(.confidential*); . = ALIGN(512); } >MAIN_RAM AT>FLASH - .uflash : ALIGN(512) { - *(.uflash*); - . = ALIGN(COREAPP_ALIGNMENT); - } >FLASH AT>FLASH - .fb1 : ALIGN(4) { *(.fb1*); . = ALIGN(4); diff --git a/core/embed/sys/linker/stm32u5g/prodtest.ld b/core/embed/sys/linker/stm32u5g/prodtest.ld index 65821453b9..643fda7a99 100644 --- a/core/embed/sys/linker/stm32u5g/prodtest.ld +++ b/core/embed/sys/linker/stm32u5g/prodtest.ld @@ -8,7 +8,6 @@ MEMORY { MAIN_RAM (wal) : ORIGIN = MAIN_RAM_START, LENGTH = MAIN_RAM_SIZE AUX1_RAM (wal) : ORIGIN = AUX1_RAM_START, LENGTH = AUX1_RAM_SIZE BOOT_ARGS (wal) : ORIGIN = BOOTARGS_START, LENGTH = BOOTARGS_SIZE - SAES_RAM (wal) : ORIGIN = SAES_RAM_START, LENGTH = SAES_RAM_SIZE FB1_RAM (wal) : ORIGIN = FB1_RAM_START, LENGTH = FB1_RAM_SIZE FB2_RAM (wal) : ORIGIN = FB2_RAM_START, LENGTH = FB2_RAM_SIZE } diff --git a/core/embed/sys/mpu/stm32u5/mpu.c b/core/embed/sys/mpu/stm32u5/mpu.c index eda3ed66ed..0f62fd162a 100644 --- a/core/embed/sys/mpu/stm32u5/mpu.c +++ b/core/embed/sys/mpu/stm32u5/mpu.c @@ -143,19 +143,29 @@ _Static_assert(NORCOW_SECTOR_SIZE == STORAGE_2_MAXSIZE, "norcow misconfigured"); #ifdef KERNEL +extern uint32_t _codelen; +#define KERNEL_SIZE (uint32_t) & _codelen +#define KERNEL_FLASH_START KERNEL_START + +#if NORCOW_MIN_VERSION <= 5 extern uint8_t _uflash_start; extern uint8_t _uflash_end; #define KERNEL_FLASH_U_START (uint32_t) & _uflash_start #define KERNEL_FLASH_U_SIZE ((uint32_t) & _uflash_end - KERNEL_FLASH_U_START) -extern uint32_t _codelen; -#define KERNEL_SIZE (uint32_t) & _codelen - -#define KERNEL_FLASH_START KERNEL_START #define KERNEL_FLASH_SIZE (KERNEL_SIZE - KERNEL_FLASH_U_SIZE) #define COREAPP_FLASH_START \ (COREAPP_CODE_ALIGN(KERNEL_FLASH_START + KERNEL_SIZE) - KERNEL_FLASH_U_SIZE) + +#else + +#define KERNEL_FLASH_SIZE KERNEL_SIZE + +#define COREAPP_FLASH_START \ + (COREAPP_CODE_ALIGN(KERNEL_FLASH_START + KERNEL_SIZE)) +#endif + #define COREAPP_FLASH_SIZE \ (FIRMWARE_MAXSIZE - (COREAPP_FLASH_START - FIRMWARE_START)) @@ -401,7 +411,9 @@ mpu_mode_t mpu_reconfig(mpu_mode_t mode) { // REGION ADDRESS SIZE TYPE WRITE UNPRIV #ifdef KERNEL case MPU_MODE_SAES: +#ifdef SAES_RAM_START SET_REGION( 7, SAES_RAM_START, SAES_RAM_SIZE, SRAM, YES, YES ); // Unprivileged kernel SRAM +#endif break; #endif default: