mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-24 14:20:57 +00:00
fix(core): separate bootargs from kernel/aux SRAM
[no changelog]
This commit is contained in:
parent
9befee12c3
commit
b0dd521c5d
@ -40,9 +40,7 @@ ASSETS_MAXSIZE = 0x10000;
|
||||
ASSETS_SECTOR_START = 0x1f8;
|
||||
ASSETS_SECTOR_END = 0x1ff;
|
||||
KERNEL_U_RAM_SIZE = 0x200;
|
||||
KERNEL_SRAM1_SIZE = 0x0;
|
||||
KERNEL_SRAM2_SIZE = 0xfe00;
|
||||
KERNEL_SRAM3_SIZE = 0x0;
|
||||
BOOTARGS_SIZE = 0x100;
|
||||
CODE_ALIGNMENT = 0x400;
|
||||
COREAPP_ALIGNMENT = 0x2000;
|
||||
|
@ -86,9 +86,7 @@
|
||||
|
||||
// RAM layout
|
||||
#define KERNEL_U_RAM_SIZE 512
|
||||
#define KERNEL_SRAM1_SIZE (0 * 1024)
|
||||
#define KERNEL_SRAM2_SIZE (64 * 1024 - 512)
|
||||
#define KERNEL_SRAM3_SIZE (0 * 1024)
|
||||
|
||||
#define BOOTARGS_SIZE 0x100
|
||||
#define CODE_ALIGNMENT 0x400
|
||||
|
@ -39,9 +39,8 @@ ASSETS_MAXSIZE = 0x10000;
|
||||
ASSETS_SECTOR_START = 0xf8;
|
||||
ASSETS_SECTOR_END = 0xff;
|
||||
KERNEL_U_RAM_SIZE = 0x200;
|
||||
KERNEL_SRAM1_SIZE = 0x4000;
|
||||
KERNEL_SRAM2_SIZE = 0x2000;
|
||||
KERNEL_SRAM3_SIZE = 0x38400;
|
||||
KERNEL_SRAM2_SIZE = 0x6000;
|
||||
FRAMEBUFFER_SRAM_SIZE = 0x38400;
|
||||
BOOTARGS_SIZE = 0x100;
|
||||
CODE_ALIGNMENT = 0x200;
|
||||
COREAPP_ALIGNMENT = 0x2000;
|
||||
|
@ -84,9 +84,8 @@
|
||||
|
||||
// RAM layout
|
||||
#define KERNEL_U_RAM_SIZE 512
|
||||
#define KERNEL_SRAM1_SIZE (16 * 1024)
|
||||
#define KERNEL_SRAM2_SIZE (8 * 1024)
|
||||
#define KERNEL_SRAM3_SIZE 0x38400
|
||||
#define KERNEL_SRAM2_SIZE (24 * 1024)
|
||||
#define FRAMEBUFFER_SRAM_SIZE 0x38400
|
||||
|
||||
#define BOOTARGS_SIZE 0x100
|
||||
#define CODE_ALIGNMENT 0x200
|
||||
|
@ -39,9 +39,8 @@ ASSETS_MAXSIZE = 0x10000;
|
||||
ASSETS_SECTOR_START = 0xf8;
|
||||
ASSETS_SECTOR_END = 0xff;
|
||||
KERNEL_U_RAM_SIZE = 0x200;
|
||||
KERNEL_SRAM1_SIZE = 0x4000;
|
||||
KERNEL_SRAM2_SIZE = 0x2000;
|
||||
KERNEL_SRAM3_SIZE = 0x38400;
|
||||
KERNEL_SRAM2_SIZE = 0x6000;
|
||||
FRAMEBUFFER_SRAM_SIZE = 0x38400;
|
||||
BOOTARGS_SIZE = 0x100;
|
||||
CODE_ALIGNMENT = 0x200;
|
||||
COREAPP_ALIGNMENT = 0x2000;
|
||||
|
@ -84,9 +84,8 @@
|
||||
|
||||
// RAM layout
|
||||
#define KERNEL_U_RAM_SIZE 512
|
||||
#define KERNEL_SRAM1_SIZE (16 * 1024)
|
||||
#define KERNEL_SRAM2_SIZE (8 * 1024)
|
||||
#define KERNEL_SRAM3_SIZE 0x38400
|
||||
#define KERNEL_SRAM2_SIZE (24 * 1024)
|
||||
#define FRAMEBUFFER_SRAM_SIZE 0x38400
|
||||
|
||||
#define BOOTARGS_SIZE 0x100
|
||||
#define CODE_ALIGNMENT 0x200
|
||||
|
@ -40,9 +40,7 @@ ASSETS_MAXSIZE = 0x10000;
|
||||
ASSETS_SECTOR_START = 0x1f8;
|
||||
ASSETS_SECTOR_END = 0x1ff;
|
||||
KERNEL_U_RAM_SIZE = 0x200;
|
||||
KERNEL_SRAM1_SIZE = 0x0;
|
||||
KERNEL_SRAM2_SIZE = 0xfe00;
|
||||
KERNEL_SRAM3_SIZE = 0x0;
|
||||
BOOTARGS_SIZE = 0x100;
|
||||
CODE_ALIGNMENT = 0x400;
|
||||
COREAPP_ALIGNMENT = 0x2000;
|
||||
|
@ -92,9 +92,7 @@
|
||||
|
||||
// RAM layout
|
||||
#define KERNEL_U_RAM_SIZE 512
|
||||
#define KERNEL_SRAM1_SIZE (0 * 1024)
|
||||
#define KERNEL_SRAM2_SIZE (64 * 1024 - 512)
|
||||
#define KERNEL_SRAM3_SIZE (0 * 1024)
|
||||
|
||||
#define BOOTARGS_SIZE 0x100
|
||||
#define CODE_ALIGNMENT 0x400
|
||||
|
@ -651,7 +651,10 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size,
|
||||
IMAGE_HASH_FINAL(&ctx, hash);
|
||||
|
||||
// the firmware must be the same as confirmed by the user
|
||||
if (memcmp(bootargs_get_args()->hash, hash, sizeof(hash)) != 0) {
|
||||
boot_args_t args = {0};
|
||||
bootargs_get_args(&args);
|
||||
|
||||
if (memcmp(args.hash, hash, sizeof(hash)) != 0) {
|
||||
MSG_SEND_INIT(Failure);
|
||||
MSG_SEND_ASSIGN_VALUE(code, FailureType_Failure_ProcessError);
|
||||
MSG_SEND_ASSIGN_STRING(message, "Firmware mismatch");
|
||||
|
@ -4,9 +4,9 @@ ENTRY(reset_handler)
|
||||
|
||||
MEMORY {
|
||||
FLASH (rx) : ORIGIN = KERNEL_START, LENGTH = FIRMWARE_MAXSIZE
|
||||
SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - KERNEL_SRAM1_SIZE
|
||||
SRAM2 (wal) : ORIGIN = MCU_SRAM2 + KERNEL_SRAM2_SIZE, LENGTH = MCU_SRAM2_SIZE - KERNEL_SRAM2_SIZE
|
||||
SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = MCU_SRAM3_SIZE - KERNEL_SRAM3_SIZE
|
||||
SRAM1 (wal) : ORIGIN = MCU_SRAM1, LENGTH = MCU_SRAM1_SIZE - 512
|
||||
SRAM2 (wal) : ORIGIN = MCU_SRAM2 + KERNEL_SRAM2_SIZE + KERNEL_U_RAM_SIZE, LENGTH = MCU_SRAM2_SIZE - KERNEL_SRAM2_SIZE - KERNEL_U_RAM_SIZE
|
||||
SRAM3 (wal) : ORIGIN = MCU_SRAM3, LENGTH = MCU_SRAM3_SIZE - FRAMEBUFFER_SRAM_SIZE
|
||||
SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = 0K /* SRAM5 is not available */
|
||||
SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = 0K /* SRAM6 is not available */
|
||||
SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = 0K /* not allocated to coreapp */
|
||||
|
@ -4,11 +4,11 @@ ENTRY(reset_handler)
|
||||
|
||||
MEMORY {
|
||||
FLASH (rx) : ORIGIN = KERNEL_START, LENGTH = KERNEL_MAXSIZE
|
||||
SRAM1 (wal) : ORIGIN = MCU_SRAM2 - KERNEL_SRAM1_SIZE, LENGTH = KERNEL_SRAM1_SIZE - BOOTARGS_SIZE
|
||||
SRAM1 (wal) : ORIGIN = MCU_SRAM2, LENGTH = 0K
|
||||
BOOT_ARGS (wal) : ORIGIN = MCU_SRAM2 - BOOTARGS_SIZE, LENGTH = BOOTARGS_SIZE
|
||||
SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = KERNEL_SRAM2_SIZE - KERNEL_U_RAM_SIZE
|
||||
SRAM2_U (wal) : ORIGIN = MCU_SRAM2 + KERNEL_SRAM2_SIZE - KERNEL_U_RAM_SIZE, LENGTH = KERNEL_U_RAM_SIZE
|
||||
SRAM3 (wal) : ORIGIN = MCU_SRAM3 + MCU_SRAM3_SIZE - KERNEL_SRAM3_SIZE, LENGTH = KERNEL_SRAM3_SIZE
|
||||
SRAM2 (wal) : ORIGIN = MCU_SRAM2, LENGTH = KERNEL_SRAM2_SIZE
|
||||
SRAM2_U (wal) : ORIGIN = MCU_SRAM2 + KERNEL_SRAM2_SIZE, LENGTH = KERNEL_U_RAM_SIZE
|
||||
SRAM3 (wal) : ORIGIN = MCU_SRAM3 + MCU_SRAM3_SIZE - FRAMEBUFFER_SRAM_SIZE, LENGTH = FRAMEBUFFER_SRAM_SIZE
|
||||
SRAM5 (wal) : ORIGIN = MCU_SRAM5, LENGTH = 0K /* SRAM5 is not available */
|
||||
SRAM6 (wal) : ORIGIN = MCU_SRAM6, LENGTH = 0K /* SRAM6 is not available */
|
||||
SRAM4 (wal) : ORIGIN = MCU_SRAM4, LENGTH = MCU_SRAM4_SIZE
|
||||
@ -44,7 +44,7 @@ _startup_clear_ram_2_end = MCU_SRAM4 + MCU_SRAM4_SIZE;
|
||||
|
||||
/* used by the jump code to wipe memory */
|
||||
_handoff_clear_ram_0_start = MCU_SRAM1;
|
||||
_handoff_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - BOOTARGS_SIZE;
|
||||
_handoff_clear_ram_0_end = MCU_SRAM1 + MCU_SRAM1_SIZE - 512;
|
||||
_handoff_clear_ram_1_start = MCU_SRAM2;
|
||||
_handoff_clear_ram_1_end = MCU_SRAM6 + MCU_SRAM6_SIZE;
|
||||
_handoff_clear_ram_2_start = MCU_SRAM4;
|
||||
@ -62,9 +62,9 @@ _shutdown_clear_ram_3_end = 0;
|
||||
|
||||
/* used by applet cleaning code */
|
||||
_coreapp_clear_ram_0_start = MCU_SRAM1;
|
||||
_coreapp_clear_ram_0_size = MCU_SRAM1_SIZE - KERNEL_SRAM1_SIZE;
|
||||
_coreapp_clear_ram_1_start = MCU_SRAM2 + KERNEL_SRAM2_SIZE;
|
||||
_coreapp_clear_ram_1_size = MCU_SRAM2_SIZE - KERNEL_SRAM2_SIZE + MCU_SRAM3_SIZE - KERNEL_SRAM3_SIZE;
|
||||
_coreapp_clear_ram_0_size = MCU_SRAM1_SIZE - 512;
|
||||
_coreapp_clear_ram_1_start = MCU_SRAM2 + KERNEL_SRAM2_SIZE + KERNEL_U_RAM_SIZE;
|
||||
_coreapp_clear_ram_1_size = MCU_SRAM2_SIZE - KERNEL_SRAM2_SIZE - KERNEL_U_RAM_SIZE + MCU_SRAM3_SIZE - FRAMEBUFFER_SRAM_SIZE;
|
||||
|
||||
sram_u_start = ORIGIN(SRAM2_U);
|
||||
sram_u_end = ORIGIN(SRAM2_U) + LENGTH(SRAM2_U);
|
||||
@ -102,10 +102,14 @@ SECTIONS {
|
||||
. = ALIGN(512);
|
||||
} >FLASH AT>FLASH
|
||||
|
||||
.stack : ALIGN(8) {
|
||||
. = 6K; /* Overflow causes UsageFault */
|
||||
} >SRAM2
|
||||
|
||||
.data : ALIGN(4) {
|
||||
*(.data*);
|
||||
. = ALIGN(512);
|
||||
} >SRAM1 AT>FLASH
|
||||
} >SRAM2 AT>FLASH
|
||||
|
||||
/DISCARD/ : {
|
||||
*(.ARM.exidx*);
|
||||
@ -116,10 +120,6 @@ SECTIONS {
|
||||
*(.buf*);
|
||||
*(.bss*);
|
||||
. = ALIGN(4);
|
||||
} >SRAM1
|
||||
|
||||
.stack : ALIGN(8) {
|
||||
. = 6K; /* Overflow causes UsageFault */
|
||||
} >SRAM2
|
||||
|
||||
/* unprivileged data and stack for SAES */
|
||||
|
@ -36,6 +36,7 @@ typedef enum {
|
||||
MPU_MODE_DEFAULT, // Default
|
||||
MPU_MODE_BOARDCAPS, // + boardloader capabilities (privileged RO)
|
||||
MPU_MODE_BOOTUPDATE, // + bootloader area (privileged RW)
|
||||
MPU_MODE_BOOTARGS, // + boot arguments (privileged RW)
|
||||
MPU_MODE_OTP, // + OTP (privileged RW)
|
||||
MPU_MODE_FSMC_REGS, // + FSMC control registers (privileged RW)
|
||||
MPU_MODE_FLASHOB, // + Option bytes mapping (privileged RW)
|
||||
|
@ -128,47 +128,27 @@ _Static_assert(NORCOW_SECTOR_SIZE == STORAGE_1_MAXSIZE, "norcow misconfigured");
|
||||
_Static_assert(NORCOW_SECTOR_SIZE == STORAGE_2_MAXSIZE, "norcow misconfigured");
|
||||
|
||||
#ifdef STM32U585xx
|
||||
// Two frame buffers at the end of SRAM3
|
||||
#define GRAPHICS_START (SRAM3_BASE + SRAM3_SIZE - KERNEL_SRAM3_SIZE)
|
||||
#define GRAPHICS_SIZE KERNEL_SRAM3_SIZE
|
||||
// Extended peripheral block to cover FMC1 that's used for display
|
||||
// 512M of periherals + 16M for FMC1 area that follows
|
||||
#define PERIPH_SIZE (SIZE_512M + SIZE_16M)
|
||||
#else
|
||||
#define GRAPHICS_START GFXMMU_VIRTUAL_BUFFERS_BASE
|
||||
#define GRAPHICS_SIZE SIZE_16M
|
||||
#define PERIPH_SIZE SIZE_512M
|
||||
#endif
|
||||
|
||||
#define OTP_AND_ID_SIZE 0x800
|
||||
|
||||
// clang-format on
|
||||
extern uint8_t boot_args_start;
|
||||
#define BOOTARGS_START ((uint32_t) & boot_args_start)
|
||||
|
||||
#ifdef KERNEL
|
||||
#ifdef STM32U585xx
|
||||
#define KERNEL_RAM_START (SRAM2_BASE - KERNEL_SRAM1_SIZE)
|
||||
#define KERNEL_RAM_SIZE \
|
||||
((KERNEL_SRAM1_SIZE + KERNEL_SRAM2_SIZE) - KERNEL_U_RAM_SIZE)
|
||||
#else
|
||||
_Static_assert(KERNEL_SRAM1_SIZE == 0, "SRAM1 not supported in kernel");
|
||||
_Static_assert(KERNEL_SRAM3_SIZE == 0, "SRAM3 not supported in kernel");
|
||||
#define KERNEL_RAM_START (SRAM2_BASE - BOOTARGS_SIZE)
|
||||
#define KERNEL_RAM_SIZE (BOOTARGS_SIZE + KERNEL_SRAM2_SIZE)
|
||||
#endif
|
||||
|
||||
#ifdef SYSCALL_DISPATCH
|
||||
extern uint8_t _uflash_start;
|
||||
extern uint8_t _uflash_end;
|
||||
#define KERNEL_RAM_U_START (KERNEL_RAM_START + KERNEL_RAM_SIZE)
|
||||
#define KERNEL_RAM_U_SIZE KERNEL_U_RAM_SIZE
|
||||
#define KERNEL_FLASH_U_START (uint32_t) & _uflash_start
|
||||
#define KERNEL_FLASH_U_SIZE ((uint32_t) & _uflash_end - KERNEL_FLASH_U_START)
|
||||
#else
|
||||
#define KERNEL_RAM_U_START 0
|
||||
#define KERNEL_RAM_U_SIZE 0
|
||||
#define KERNEL_FLASH_U_START 0
|
||||
#define KERNEL_FLASH_U_SIZE 0
|
||||
#endif
|
||||
|
||||
extern uint32_t _codelen;
|
||||
#define KERNEL_SIZE (uint32_t) & _codelen
|
||||
@ -181,13 +161,17 @@ extern uint32_t _codelen;
|
||||
#define COREAPP_FLASH_SIZE \
|
||||
(FIRMWARE_MAXSIZE - (COREAPP_FLASH_START - KERNEL_FLASH_START))
|
||||
|
||||
#define KERNEL_RAM_START (SRAM2_BASE)
|
||||
#define KERNEL_RAM_SIZE (KERNEL_SRAM2_SIZE)
|
||||
|
||||
#ifdef STM32U585xx
|
||||
#define COREAPP_RAM1_START SRAM1_BASE
|
||||
#define COREAPP_RAM1_SIZE (SRAM1_SIZE - KERNEL_SRAM1_SIZE)
|
||||
#define COREAPP_RAM1_SIZE (SRAM1_SIZE - 512)
|
||||
|
||||
#define COREAPP_RAM2_START (SRAM2_BASE + KERNEL_SRAM2_SIZE)
|
||||
#define COREAPP_RAM2_START (SRAM2_BASE + KERNEL_SRAM2_SIZE + KERNEL_U_RAM_SIZE)
|
||||
#define COREAPP_RAM2_SIZE \
|
||||
(SRAM2_SIZE - KERNEL_SRAM2_SIZE + SRAM3_SIZE - KERNEL_SRAM3_SIZE)
|
||||
(SRAM2_SIZE - KERNEL_SRAM2_SIZE - KERNEL_U_RAM_SIZE + SRAM3_SIZE - \
|
||||
FRAMEBUFFER_SRAM_SIZE)
|
||||
#else
|
||||
#define COREAPP_RAM1_START SRAM5_BASE
|
||||
#define COREAPP_RAM1_SIZE SRAM5_SIZE
|
||||
@ -199,7 +183,7 @@ extern uint32_t _codelen;
|
||||
#define MAIN_SRAM_START SRAM2_BASE
|
||||
#define MAIN_SRAM_SIZE SRAM2_SIZE
|
||||
#define AUX_SRAM_START SRAM1_BASE
|
||||
#define AUX_SRAM_SIZE SRAM1_SIZE
|
||||
#define AUX_SRAM_SIZE (SRAM1_SIZE - BOOTARGS_SIZE)
|
||||
#else
|
||||
#define MAIN_SRAM_START SRAM2_BASE
|
||||
#define MAIN_SRAM_SIZE SRAM2_SIZE
|
||||
@ -401,6 +385,9 @@ mpu_mode_t mpu_reconfig(mpu_mode_t mode) {
|
||||
case MPU_MODE_APP:
|
||||
SET_REGION( 6, ASSETS_START, ASSETS_MAXSIZE, FLASH_DATA, NO, YES );
|
||||
break;
|
||||
case MPU_MODE_BOOTARGS:
|
||||
SET_REGRUN( 6, BOOTARGS_START, BOOTARGS_SIZE, SRAM, YES, NO );
|
||||
break;
|
||||
default:
|
||||
DIS_REGION( 6 );
|
||||
break;
|
||||
|
@ -50,7 +50,7 @@ void bootargs_set(boot_command_t command, const void* args, size_t args_size);
|
||||
// Returns the last boot command saved during bootloader startup
|
||||
boot_command_t bootargs_get_command();
|
||||
|
||||
// Returns the pointer to boot arguments
|
||||
const boot_args_t* bootargs_get_args();
|
||||
// Copies the boot arguments to the destination buffer
|
||||
void bootargs_get_args(boot_args_t* dest);
|
||||
|
||||
#endif // TREZORHAL_BOOTARGS_H
|
||||
|
@ -47,6 +47,8 @@ static boot_command_t g_boot_command = BOOT_COMMAND_NONE;
|
||||
static boot_args_t __attribute__((section(".boot_args"))) g_boot_args;
|
||||
|
||||
void bootargs_set(boot_command_t command, const void* args, size_t args_size) {
|
||||
mpu_mode_t mode = mpu_reconfig(MPU_MODE_BOOTARGS);
|
||||
|
||||
// save boot command
|
||||
g_boot_command = command;
|
||||
|
||||
@ -62,6 +64,8 @@ void bootargs_set(boot_command_t command, const void* args, size_t args_size) {
|
||||
if (clear_size > 0) {
|
||||
memset(&g_boot_args.raw[copy_size], 0, clear_size);
|
||||
}
|
||||
|
||||
mpu_restore(mode);
|
||||
}
|
||||
|
||||
#ifdef BOOTLOADER
|
||||
@ -70,7 +74,13 @@ boot_command_t g_boot_command_saved;
|
||||
|
||||
boot_command_t bootargs_get_command() { return g_boot_command_saved; }
|
||||
|
||||
const boot_args_t* bootargs_get_args() { return &g_boot_args; }
|
||||
void bootargs_get_args(boot_args_t* dest) {
|
||||
mpu_mode_t mode = mpu_reconfig(MPU_MODE_BOOTARGS);
|
||||
|
||||
memcpy(dest, g_boot_args.raw, BOOT_ARGS_MAX_SIZE);
|
||||
|
||||
mpu_restore(mode);
|
||||
}
|
||||
#endif
|
||||
|
||||
// Deletes all secrets and SRAM2 where stack is located
|
||||
|
@ -51,7 +51,9 @@ void bootargs_set(boot_command_t command, const void* args, size_t args_size) {
|
||||
|
||||
boot_command_t bootargs_get_command() { return g_boot_command; }
|
||||
|
||||
const boot_args_t* bootargs_get_args() { return &g_boot_args; }
|
||||
void bootargs_get_args(boot_args_t* dest) {
|
||||
memcpy(dest, &g_boot_args, sizeof(boot_args_t));
|
||||
}
|
||||
|
||||
void __attribute__((noreturn)) secure_shutdown(void) {
|
||||
printf("SHUTDOWN\n");
|
||||
|
Loading…
Reference in New Issue
Block a user