fix(core): fix prodtest WIPE on STM32U5

[no changelog]
2024-12-21 05:48:23 +00:00 · 2024-05-03 13:49:48 +02:00 · 2024-05-03 13:49:48 +02:00 · 8ebb8c2128
commit 8ebb8c2128
parent f8be07b732
5 changed files with 32 additions and 9 deletions
--- a/core/embed/prodtest/main.c
+++ b/core/embed/prodtest/main.c
@ -459,14 +459,7 @@ static void test_firmware_version(void) {
 }

 static void test_wipe(void) {
-  // erase start of the firmware (metadata) -> invalidate FW
-  ensure(flash_unlock_write(), NULL);
-  for (int i = 0; i < (1024 / FLASH_BLOCK_SIZE); i += FLASH_BLOCK_SIZE) {
-    flash_block_t data = {0};
-    ensure(flash_area_write_block(&FIRMWARE_AREA, i * FLASH_BLOCK_SIZE, data),
-           NULL);
-  }
-  ensure(flash_lock_write(), NULL);
+  invalidate_firmware();
  display_clear();
  display_text_center(DISPLAY_RESX / 2, DISPLAY_RESY / 2 + 10, "WIPED", -1,
                      FONT_BOLD, COLOR_WHITE, COLOR_BLACK);
--- a/core/embed/trezorhal/common.h
+++ b/core/embed/trezorhal/common.h
@ -75,4 +75,8 @@ void collect_hw_entropy(void);
 #define HW_ENTROPY_LEN (12 + 32)
 extern uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN];

+// Invalidates firmware on the device
+// Note: only works when write access to firmware area is enabled by MPU
+void invalidate_firmware(void);
+
 #endif
--- a/core/embed/trezorhal/stm32f4/common.c
+++ b/core/embed/trezorhal/stm32f4/common.c
@ -234,3 +234,14 @@ void show_pin_too_many_screen(void) {
  error_uni("TOO MANY PIN ATTEMPTS", "All data has been erased from the device",
            "PLEASE RECONNECT\nTHE DEVICE");
 }
+
+void invalidate_firmware(void) {
+  // erase start of the firmware (metadata) -> invalidate FW
+  ensure(flash_unlock_write(), NULL);
+  for (int i = 0; i < (1024 / FLASH_BLOCK_SIZE); i += FLASH_BLOCK_SIZE) {
+    flash_block_t data = {0};
+    ensure(flash_area_write_block(&FIRMWARE_AREA, i * FLASH_BLOCK_SIZE, data),
+           NULL);
+  }
+  ensure(flash_lock_write(), NULL);
+}
--- a/core/embed/trezorhal/stm32u5/common.c
+++ b/core/embed/trezorhal/stm32u5/common.c
@ -210,3 +210,18 @@ void show_pin_too_many_screen(void) {
  error_uni("TOO MANY PIN ATTEMPTS", "All data has been erased from the device",
            "PLEASE RECONNECT\nTHE DEVICE");
 }
+
+void invalidate_firmware(void) {
+  // on stm32u5, we need to disable the instruction cache before erasing the
+  // firmware - otherwise, the write check will fail
+  ICACHE->CR &= ~ICACHE_CR_EN;
+
+  // erase start of the firmware (metadata) -> invalidate FW
+  ensure(flash_unlock_write(), NULL);
+  for (int i = 0; i < (1024 / FLASH_BLOCK_SIZE); i += FLASH_BLOCK_SIZE) {
+    flash_block_t data = {0};
+    ensure(flash_area_write_block(&FIRMWARE_AREA, i * FLASH_BLOCK_SIZE, data),
+           NULL);
+  }
+  ensure(flash_lock_write(), NULL);
+}
--- a/core/embed/trezorhal/stm32u5/mpu.c
+++ b/core/embed/trezorhal/stm32u5/mpu.c
@ -243,7 +243,7 @@ void mpu_config_prodtest(void) {
  // clang-format off
  //   REGION    ADDRESS                   SIZE                TYPE       WRITE   UNPRIV
  SET_REGION( 0, STORAGE_START,            STORAGE_SIZE,       FLASH_DATA,  YES,   YES ); // Storage
-  SET_REGION( 1, FIRMWARE_START,           FIRMWARE_SIZE,      FLASH_CODE,   NO,   YES ); // Firmware
+  SET_REGION( 1, FIRMWARE_START,           FIRMWARE_SIZE,      FLASH_CODE,  YES,   YES ); // Firmware
  SET_REGION( 2, ASSETS_START,             ASSETS_SIZE,        FLASH_DATA,  YES,   YES ); // Assets
  SET_REGION( 3, SRAM1_BASE,               SRAM_SIZE,          SRAM,        YES,   YES ); // SRAM1/2/3/5
  SET_REGION( 4, GRAPHICS_START,           GRAPHICS_SIZE,      SRAM,        YES,   YES ); // Frame buffer or display interface