1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-24 14:20:57 +00:00

fix(core): separate bootargs from kernel/aux SRAM

[no changelog]
This commit is contained in:
tychovrahe 2024-11-19 16:25:29 +01:00 committed by TychoVrahe
parent 9befee12c3
commit b0dd521c5d
16 changed files with 60 additions and 69 deletions

View File

@ -40,9 +40,7 @@ ASSETS_MAXSIZE = 0x10000;
ASSETS_SECTOR_START = 0x1f8;
ASSETS_SECTOR_END = 0x1ff;
KERNEL_U_RAM_SIZE = 0x200;
KERNEL_SRAM1_SIZE = 0x0;
KERNEL_SRAM2_SIZE = 0xfe00;
KERNEL_SRAM3_SIZE = 0x0;
BOOTARGS_SIZE = 0x100;
CODE_ALIGNMENT = 0x400;
COREAPP_ALIGNMENT = 0x2000;

View File

@ -86,9 +86,7 @@
// RAM layout
#define KERNEL_U_RAM_SIZE 512
#define KERNEL_SRAM1_SIZE (0 * 1024)
#define KERNEL_SRAM2_SIZE (64 * 1024 - 512)
#define KERNEL_SRAM3_SIZE (0 * 1024)
#define BOOTARGS_SIZE 0x100
#define CODE_ALIGNMENT 0x400

View File

@ -39,9 +39,8 @@ ASSETS_MAXSIZE = 0x10000;
ASSETS_SECTOR_START = 0xf8;
ASSETS_SECTOR_END = 0xff;
KERNEL_U_RAM_SIZE = 0x200;
KERNEL_SRAM1_SIZE = 0x4000;
KERNEL_SRAM2_SIZE = 0x2000;
KERNEL_SRAM3_SIZE = 0x38400;
KERNEL_SRAM2_SIZE = 0x6000;
FRAMEBUFFER_SRAM_SIZE = 0x38400;
BOOTARGS_SIZE = 0x100;
CODE_ALIGNMENT = 0x200;
COREAPP_ALIGNMENT = 0x2000;

View File

@ -84,9 +84,8 @@
// RAM layout
#define KERNEL_U_RAM_SIZE 512
#define KERNEL_SRAM1_SIZE (16 * 1024)
#define KERNEL_SRAM2_SIZE (8 * 1024)
#define KERNEL_SRAM3_SIZE 0x38400
#define KERNEL_SRAM2_SIZE (24 * 1024)
#define FRAMEBUFFER_SRAM_SIZE 0x38400
#define BOOTARGS_SIZE 0x100
#define CODE_ALIGNMENT 0x200

View File

@ -39,9 +39,8 @@ ASSETS_MAXSIZE = 0x10000;
ASSETS_SECTOR_START = 0xf8;
ASSETS_SECTOR_END = 0xff;
KERNEL_U_RAM_SIZE = 0x200;
KERNEL_SRAM1_SIZE = 0x4000;
KERNEL_SRAM2_SIZE = 0x2000;
KERNEL_SRAM3_SIZE = 0x38400;
KERNEL_SRAM2_SIZE = 0x6000;
FRAMEBUFFER_SRAM_SIZE = 0x38400;
BOOTARGS_SIZE = 0x100;
CODE_ALIGNMENT = 0x200;
COREAPP_ALIGNMENT = 0x2000;

View File

@ -84,9 +84,8 @@
// RAM layout
#define KERNEL_U_RAM_SIZE 512
#define KERNEL_SRAM1_SIZE (16 * 1024)
#define KERNEL_SRAM2_SIZE (8 * 1024)
#define KERNEL_SRAM3_SIZE 0x38400
#define KERNEL_SRAM2_SIZE (24 * 1024)
#define FRAMEBUFFER_SRAM_SIZE 0x38400
#define BOOTARGS_SIZE 0x100
#define CODE_ALIGNMENT 0x200

View File

@ -40,9 +40,7 @@ ASSETS_MAXSIZE = 0x10000;
ASSETS_SECTOR_START = 0x1f8;
ASSETS_SECTOR_END = 0x1ff;
KERNEL_U_RAM_SIZE = 0x200;
KERNEL_SRAM1_SIZE = 0x0;
KERNEL_SRAM2_SIZE = 0xfe00;
KERNEL_SRAM3_SIZE = 0x0;
BOOTARGS_SIZE = 0x100;
CODE_ALIGNMENT = 0x400;
COREAPP_ALIGNMENT = 0x2000;

View File

@ -92,9 +92,7 @@
// RAM layout
#define KERNEL_U_RAM_SIZE 512
#define KERNEL_SRAM1_SIZE (0 * 1024)
#define KERNEL_SRAM2_SIZE (64 * 1024 - 512)
#define KERNEL_SRAM3_SIZE (0 * 1024)
#define BOOTARGS_SIZE 0x100
#define CODE_ALIGNMENT 0x400

View File

@ -651,7 +651,10 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size,
IMAGE_HASH_FINAL(&ctx, hash);
// the firmware must be the same as confirmed by the user
if (memcmp(bootargs_get_args()->hash, hash, sizeof(hash)) != 0) {
boot_args_t args = {0};
bootargs_get_args(&args);
if (memcmp(args.hash, hash, sizeof(hash)) != 0) {
MSG_SEND_INIT(Failure);
MSG_SEND_ASSIGN_VALUE(code, FailureType_Failure_ProcessError);
MSG_SEND_ASSIGN_STRING(message, "Firmware mismatch");

View File

@ -4,9 +4,9 @@ ENTRY(reset_handler)
MEMORY {
FLASH (rx) : ORIGIN = KERNEL_START, LENGTH = FIRMWARE_MAXSIZE
SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - KERNEL_SRAM1_SIZE
SRAM2 (wal) : ORIGIN = MCU_SRAM2 + KERNEL_SRAM2_SIZE, LENGTH = MCU_SRAM2_SIZE - KERNEL_SRAM2_SIZE
SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = MCU_SRAM3_SIZE - KERNEL_SRAM3_SIZE
SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - 512
SRAM2 (wal) : ORIGIN = MCU_SRAM2 + KERNEL_SRAM2_SIZE + KERNEL_U_RAM_SIZE, LENGTH = MCU_SRAM2_SIZE - KERNEL_SRAM2_SIZE - KERNEL_U_RAM_SIZE
SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = MCU_SRAM3_SIZE - FRAMEBUFFER_SRAM_SIZE
SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = 0K /* SRAM5 is not available */
SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = 0K /* SRAM6 is not available */
SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = 0K /* not allocated to coreapp */

View File

@ -4,11 +4,11 @@ ENTRY(reset_handler)
MEMORY {
FLASH (rx) : ORIGIN = KERNEL_START, LENGTH = KERNEL_MAXSIZE
SRAM1 (wal) : ORIGIN = MCU_SRAM2 - KERNEL_SRAM1_SIZE, LENGTH = KERNEL_SRAM1_SIZE - BOOTARGS_SIZE
SRAM1 (wal) : ORIGIN = MCU_SRAM2, LENGTH = 0K
BOOT_ARGS (wal) : ORIGIN = MCU_SRAM2 - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE
SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = KERNEL_SRAM2_SIZE - KERNEL_U_RAM_SIZE
SRAM2_U (wal) : ORIGIN = MCU_SRAM2 + KERNEL_SRAM2_SIZE - KERNEL_U_RAM_SIZE, LENGTH = KERNEL_U_RAM_SIZE
SRAM3 (wal) : ORIGIN = MCU_SRAM3 + MCU_SRAM3_SIZE - KERNEL_SRAM3_SIZE, LENGTH = KERNEL_SRAM3_SIZE
SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = KERNEL_SRAM2_SIZE
SRAM2_U (wal) : ORIGIN = MCU_SRAM2 + KERNEL_SRAM2_SIZE, LENGTH = KERNEL_U_RAM_SIZE
SRAM3 (wal) : ORIGIN = MCU_SRAM3 + MCU_SRAM3_SIZE - FRAMEBUFFER_SRAM_SIZE, LENGTH = FRAMEBUFFER_SRAM_SIZE
SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = 0K /* SRAM5 is not available */
SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = 0K /* SRAM6 is not available */
SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = MCU_SRAM4_SIZE
@ -44,7 +44,7 @@ _startup_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE;
/* used by the jump code to wipe memory */
_handoff_clear_ram_0_start = MCU_SRAM1;
_handoff_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - BOOTARGS_SIZE;
_handoff_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - 512;
_handoff_clear_ram_1_start = MCU_SRAM2;
_handoff_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE;
_handoff_clear_ram_2_start = MCU_SRAM4;
@ -62,9 +62,9 @@ _shutdown_clear_ram_3_end = 0;
/* used by applet cleaning code */
_coreapp_clear_ram_0_start = MCU_SRAM1;
_coreapp_clear_ram_0_size = MCU_SRAM1_SIZE - KERNEL_SRAM1_SIZE;
_coreapp_clear_ram_1_start = MCU_SRAM2 + KERNEL_SRAM2_SIZE;
_coreapp_clear_ram_1_size = MCU_SRAM2_SIZE - KERNEL_SRAM2_SIZE + MCU_SRAM3_SIZE - KERNEL_SRAM3_SIZE;
_coreapp_clear_ram_0_size = MCU_SRAM1_SIZE - 512;
_coreapp_clear_ram_1_start = MCU_SRAM2 + KERNEL_SRAM2_SIZE + KERNEL_U_RAM_SIZE;
_coreapp_clear_ram_1_size = MCU_SRAM2_SIZE - KERNEL_SRAM2_SIZE - KERNEL_U_RAM_SIZE + MCU_SRAM3_SIZE - FRAMEBUFFER_SRAM_SIZE;
sram_u_start = ORIGIN(SRAM2_U);
sram_u_end = ORIGIN(SRAM2_U) + LENGTH(SRAM2_U);
@ -102,10 +102,14 @@ SECTIONS {
. = ALIGN(512);
} >FLASH AT>FLASH
.stack : ALIGN(8) {
. = 6K; /* Overflow causes UsageFault */
} >SRAM2
.data : ALIGN(4) {
*(.data*);
. = ALIGN(512);
} >SRAM1 AT>FLASH
} >SRAM2 AT>FLASH
/DISCARD/ : {
*(.ARM.exidx*);
@ -116,10 +120,6 @@ SECTIONS {
*(.buf*);
*(.bss*);
. = ALIGN(4);
} >SRAM1
.stack : ALIGN(8) {
. = 6K; /* Overflow causes UsageFault */
} >SRAM2
/* unprivileged data and stack for SAES */

View File

@ -36,6 +36,7 @@ typedef enum {
MPU_MODE_DEFAULT, // Default
MPU_MODE_BOARDCAPS, // + boardloader capabilities (privileged RO)
MPU_MODE_BOOTUPDATE, // + bootloader area (privileged RW)
MPU_MODE_BOOTARGS, // + boot arguments (privileged RW)
MPU_MODE_OTP, // + OTP (privileged RW)
MPU_MODE_FSMC_REGS, // + FSMC control registers (privileged RW)
MPU_MODE_FLASHOB, // + Option bytes mapping (privileged RW)

View File

@ -128,47 +128,27 @@ _Static_assert(NORCOW_SECTOR_SIZE == STORAGE_1_MAXSIZE, "norcow misconfigured");
_Static_assert(NORCOW_SECTOR_SIZE == STORAGE_2_MAXSIZE, "norcow misconfigured");
#ifdef STM32U585xx
// Two frame buffers at the end of SRAM3
#define GRAPHICS_START (SRAM3_BASE + SRAM3_SIZE - KERNEL_SRAM3_SIZE)
#define GRAPHICS_SIZE KERNEL_SRAM3_SIZE
// Extended peripheral block to cover FMC1 that's used for display
// 512M of periherals + 16M for FMC1 area that follows
#define PERIPH_SIZE (SIZE_512M + SIZE_16M)
#else
#define GRAPHICS_START GFXMMU_VIRTUAL_BUFFERS_BASE
#define GRAPHICS_SIZE SIZE_16M
#define PERIPH_SIZE SIZE_512M
#endif
#define OTP_AND_ID_SIZE 0x800
// clang-format on
extern uint8_t boot_args_start;
#define BOOTARGS_START ((uint32_t) & boot_args_start)
#ifdef KERNEL
#ifdef STM32U585xx
#define KERNEL_RAM_START (SRAM2_BASE - KERNEL_SRAM1_SIZE)
#define KERNEL_RAM_SIZE \
((KERNEL_SRAM1_SIZE + KERNEL_SRAM2_SIZE) - KERNEL_U_RAM_SIZE)
#else
_Static_assert(KERNEL_SRAM1_SIZE == 0, "SRAM1 not supported in kernel");
_Static_assert(KERNEL_SRAM3_SIZE == 0, "SRAM3 not supported in kernel");
#define KERNEL_RAM_START (SRAM2_BASE - BOOTARGS_SIZE)
#define KERNEL_RAM_SIZE (BOOTARGS_SIZE + KERNEL_SRAM2_SIZE)
#endif
#ifdef SYSCALL_DISPATCH
extern uint8_t _uflash_start;
extern uint8_t _uflash_end;
#define KERNEL_RAM_U_START (KERNEL_RAM_START + KERNEL_RAM_SIZE)
#define KERNEL_RAM_U_SIZE KERNEL_U_RAM_SIZE
#define KERNEL_FLASH_U_START (uint32_t) & _uflash_start
#define KERNEL_FLASH_U_SIZE ((uint32_t) & _uflash_end - KERNEL_FLASH_U_START)
#else
#define KERNEL_RAM_U_START 0
#define KERNEL_RAM_U_SIZE 0
#define KERNEL_FLASH_U_START 0
#define KERNEL_FLASH_U_SIZE 0
#endif
extern uint32_t _codelen;
#define KERNEL_SIZE (uint32_t) & _codelen
@ -181,13 +161,17 @@ extern uint32_t _codelen;
#define COREAPP_FLASH_SIZE \
(FIRMWARE_MAXSIZE - (COREAPP_FLASH_START - KERNEL_FLASH_START))
#define KERNEL_RAM_START (SRAM2_BASE)
#define KERNEL_RAM_SIZE (KERNEL_SRAM2_SIZE)
#ifdef STM32U585xx
#define COREAPP_RAM1_START SRAM1_BASE
#define COREAPP_RAM1_SIZE (SRAM1_SIZE - KERNEL_SRAM1_SIZE)
#define COREAPP_RAM1_SIZE (SRAM1_SIZE - 512)
#define COREAPP_RAM2_START (SRAM2_BASE + KERNEL_SRAM2_SIZE)
#define COREAPP_RAM2_START (SRAM2_BASE + KERNEL_SRAM2_SIZE + KERNEL_U_RAM_SIZE)
#define COREAPP_RAM2_SIZE \
(SRAM2_SIZE - KERNEL_SRAM2_SIZE + SRAM3_SIZE - KERNEL_SRAM3_SIZE)
(SRAM2_SIZE - KERNEL_SRAM2_SIZE - KERNEL_U_RAM_SIZE + SRAM3_SIZE - \
FRAMEBUFFER_SRAM_SIZE)
#else
#define COREAPP_RAM1_START SRAM5_BASE
#define COREAPP_RAM1_SIZE SRAM5_SIZE
@ -199,7 +183,7 @@ extern uint32_t _codelen;
#define MAIN_SRAM_START SRAM2_BASE
#define MAIN_SRAM_SIZE SRAM2_SIZE
#define AUX_SRAM_START SRAM1_BASE
#define AUX_SRAM_SIZE SRAM1_SIZE
#define AUX_SRAM_SIZE (SRAM1_SIZE - BOOTARGS_SIZE)
#else
#define MAIN_SRAM_START SRAM2_BASE
#define MAIN_SRAM_SIZE SRAM2_SIZE
@ -401,6 +385,9 @@ mpu_mode_t mpu_reconfig(mpu_mode_t mode) {
case MPU_MODE_APP:
SET_REGION( 6, ASSETS_START, ASSETS_MAXSIZE, FLASH_DATA, NO, YES );
break;
case MPU_MODE_BOOTARGS:
SET_REGRUN( 6, BOOTARGS_START, BOOTARGS_SIZE, SRAM, YES, NO );
break;
default:
DIS_REGION( 6 );
break;

View File

@ -50,7 +50,7 @@ void bootargs_set(boot_command_t command, const void* args, size_t args_size);
// Returns the last boot command saved during bootloader startup
boot_command_t bootargs_get_command();
// Returns the pointer to boot arguments
const boot_args_t* bootargs_get_args();
// Copies the boot arguments to the destination buffer
void bootargs_get_args(boot_args_t* dest);
#endif // TREZORHAL_BOOTARGS_H

View File

@ -47,6 +47,8 @@ static boot_command_t g_boot_command = BOOT_COMMAND_NONE;
static boot_args_t __attribute__((section(".boot_args"))) g_boot_args;
void bootargs_set(boot_command_t command, const void* args, size_t args_size) {
mpu_mode_t mode = mpu_reconfig(MPU_MODE_BOOTARGS);
// save boot command
g_boot_command = command;
@ -62,6 +64,8 @@ void bootargs_set(boot_command_t command, const void* args, size_t args_size) {
if (clear_size > 0) {
memset(&g_boot_args.raw[copy_size], 0, clear_size);
}
mpu_restore(mode);
}
#ifdef BOOTLOADER
@ -70,7 +74,13 @@ boot_command_t g_boot_command_saved;
boot_command_t bootargs_get_command() { return g_boot_command_saved; }
const boot_args_t* bootargs_get_args() { return &g_boot_args; }
void bootargs_get_args(boot_args_t* dest) {
mpu_mode_t mode = mpu_reconfig(MPU_MODE_BOOTARGS);
memcpy(dest, g_boot_args.raw, BOOT_ARGS_MAX_SIZE);
mpu_restore(mode);
}
#endif
// Deletes all secrets and SRAM2 where stack is located

View File

@ -51,7 +51,9 @@ void bootargs_set(boot_command_t command, const void* args, size_t args_size) {
boot_command_t bootargs_get_command() { return g_boot_command; }
const boot_args_t* bootargs_get_args() { return &g_boot_args; }
void bootargs_get_args(boot_args_t* dest) {
memcpy(dest, &g_boot_args, sizeof(boot_args_t));
}
void __attribute__((noreturn)) secure_shutdown(void) {
printf("SHUTDOWN\n");