embed/trezorhal: collect HW entropy before MPU kicks in

5 years ago · b754ee8cf6
parent c0317e1aff
commit b754ee8cf6
13 changed files with 41 additions and 194 deletions
--- a/SConscript.firmware
+++ b/SConscript.firmware
@ -280,7 +280,6 @@ SOURCE_TREZORHAL = [
    'embed/trezorhal/usbd_ctlreq.c',
    'embed/trezorhal/usbd_ioreq.c',
    'embed/trezorhal/util.s',
-    'embed/trezorhal/utils.c',
    'embed/trezorhal/vectortable.s',
 ]

--- a/SConscript.unix
+++ b/SConscript.unix
@ -258,7 +258,6 @@ SOURCE_UNIX = [
    'embed/unix/sbu.c',
    'embed/unix/touch.c',
    'embed/unix/usb.c',
-    'embed/unix/utils.c',
 ]

 SOURCE_QSTR = SOURCE_MOD + SOURCE_MICROPYTHON + SOURCE_UNIX
--- a/embed/extmod/modtrezorconfig/modtrezorconfig.c
+++ b/embed/extmod/modtrezorconfig/modtrezorconfig.c
@ -26,7 +26,7 @@
 #include "embed/extmod/trezorobj.h"

 #include "storage.h"
-#include "utils.h"
+#include "common.h"

 STATIC mp_obj_t ui_wait_callback = mp_const_none;

@ -42,16 +42,11 @@ STATIC void wrapped_ui_wait_callback(uint32_t wait, uint32_t progress) {
 ///     called from this module!
 ///     '''
 STATIC mp_obj_t mod_trezorconfig_init(size_t n_args, const mp_obj_t *args) {
-    uint32_t salt[] = {
-        utils_get_uid_word0(),
-        utils_get_uid_word1(),
-        utils_get_uid_word2()
-    };
    if (n_args > 0) {
        ui_wait_callback = args[0];
-        storage_init(wrapped_ui_wait_callback, (const uint8_t*)salt, sizeof(salt));
+        storage_init(wrapped_ui_wait_callback, HW_ENTROPY_DATA, HW_ENTROPY_LEN);
    } else {
-        storage_init(NULL, (const uint8_t*)salt, sizeof(salt));
+        storage_init(NULL, HW_ENTROPY_DATA, HW_ENTROPY_LEN);
    }
    return mp_const_none;
 }
--- a/embed/firmware/main.c
+++ b/embed/firmware/main.c
@ -48,6 +48,8 @@ int main(void)
    HAL_Init();
 #endif

+    collect_hw_entropy();
+
 #if TREZOR_MODEL == T
    // Enable MPU
    mpu_config();
--- a/embed/trezorhal/common.c
+++ b/embed/trezorhal/common.c
@ -19,10 +19,14 @@

 #include STM32_HAL_H

+#include <string.h>
+
 #include "common.h"
 #include "display.h"
 #include "rng.h"

+#include "stm32f4xx_ll_utils.h"
+
 void shutdown(void);

 #define COLOR_FATAL_ERROR RGB16(0x7F, 0x00, 0x00)
@ -80,3 +84,15 @@ void __attribute__((noreturn)) __stack_chk_fail(void)
 {
    ensure(secfalse, "Stack smashing detected");
 }
+
+uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN];
+
+void collect_hw_entropy(void)
+{
+    uint32_t w = LL_GetUID_Word0();
+    memcpy(HW_ENTROPY_DATA, &w, 4);
+    w = LL_GetUID_Word1();
+    memcpy(HW_ENTROPY_DATA + 4, &w, 4);
+    w = LL_GetUID_Word2();
+    memcpy(HW_ENTROPY_DATA + 8, &w, 4);
+}
--- a/embed/trezorhal/common.h
+++ b/embed/trezorhal/common.h
@ -43,6 +43,10 @@ void clear_otg_hs_memory(void);

 extern uint32_t __stack_chk_guard;

+void collect_hw_entropy(void);
+#define HW_ENTROPY_LEN 12
+extern uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN];
+
 // the following functions are defined in util.s

 void memset_reg(volatile void *start, volatile void *stop, uint32_t val);
--- a/embed/trezorhal/utils.c
+++ b/embed/trezorhal/utils.c
@ -1,62 +0,0 @@
-/*
- * This file is part of the TREZOR project, https://trezor.io/
- *
- * Copyright (c) SatoshiLabs
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "utils.h"
-#include STM32_HAL_H
-#include "stm32f4xx_ll_utils.h"
-
-/*
- * Returns the CPUID Base Register of the System Control Block.
- */
-uint32_t utils_get_cpu_id()
-{
-    return SCB->CPUID;
-}
-
-/*
- * Returns the size of the device flash memory expressed in kilobytes, e.g. 0x040 corresponds to 64 kB.
- */
-uint32_t utils_get_flash_size()
-{
-    return LL_GetFlashSize();
-}
-
-/*
- * Returns word 0 of the unique device identifier.
- */
-uint32_t utils_get_uid_word0()
-{
-    return LL_GetUID_Word0();
-}
-
-/*
- * Returns word 1 of the unique device identifier.
- */
-uint32_t utils_get_uid_word1()
-{
-    return LL_GetUID_Word1();
-}
-
-/*
- * Returns word 2 of the unique device identifier.
- */
-uint32_t utils_get_uid_word2()
-{
-    return LL_GetUID_Word2();
-}
--- a/embed/trezorhal/utils.h
+++ b/embed/trezorhal/utils.h
@ -1,31 +0,0 @@
-/*
- * This file is part of the TREZOR project, https://trezor.io/
- *
- * Copyright (c) SatoshiLabs
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef __TREZORHAL_UTILS_H__
-#define __TREZORHAL_UTILS_H__
-
-#include <stdint.h>
-
-uint32_t utils_get_cpu_id();
-uint32_t utils_get_flash_size();
-uint32_t utils_get_uid_word0();
-uint32_t utils_get_uid_word1();
-uint32_t utils_get_uid_word2();
-
-#endif
--- a/embed/unix/common.c
+++ b/embed/unix/common.c
@ -23,6 +23,7 @@

 #include "common.h"
 #include "display.h"
+#include "memzero.h"

 void __shutdown(void)
 {
@ -68,3 +69,10 @@ void hal_delay(uint32_t ms)
 {
    usleep(1000 * ms);
 }
+
+uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN];
+
+void collect_hw_entropy(void)
+{
+    memzero(HW_ENTROPY_DATA, HW_ENTROPY_LEN);
+}
--- a/embed/unix/common.h
+++ b/embed/unix/common.h
@ -39,4 +39,8 @@ void __attribute__((noreturn)) __fatal_error(const char *expr, const char *msg,

 void hal_delay(uint32_t ms);

+void collect_hw_entropy(void);
+#define HW_ENTROPY_LEN 12
+extern uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN];
+
 #endif
--- a/embed/unix/main.c
+++ b/embed/unix/main.c
@ -50,6 +50,8 @@
 #include "input.h"
 #include "profile.h"

+#include "common.h"
+
 // Command line options, with their defaults
 STATIC bool compile_only = false;
 STATIC uint emit_opt = MP_EMIT_OPT_NONE;
@ -409,6 +411,8 @@ int main(int argc, char **argv) {
    // Through TREZOR_PROFILE you can set the directory for trezor.flash file.
    profile_init();

+    collect_hw_entropy();
+
    #if MICROPY_PY_THREAD
    mp_thread_init();
    #endif
--- a/embed/unix/utils.c
+++ b/embed/unix/utils.c
@ -1,60 +0,0 @@
-/*
- * This file is part of the TREZOR project, https://trezor.io/
- *
- * Copyright (c) SatoshiLabs
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "utils.h"
-
-/*
- * Returns the CPUID Base Register of the System Control Block.
- */
-uint32_t utils_get_cpu_id()
-{
-    return 0;
-}
-
-/*
- * Returns the size of the device flash memory expressed in kilobytes, e.g. 0x040 corresponds to 64 kB.
- */
-uint32_t utils_get_flash_size()
-{
-    return 0;
-}
-
-/*
- * Returns word 0 of the unique device identifier.
- */
-uint32_t utils_get_uid_word0()
-{
-    return 0;
-}
-
-/*
- * Returns word 1 of the unique device identifier.
- */
-uint32_t utils_get_uid_word1()
-{
-    return 0;
-}
-
-/*
- * Returns word 2 of the unique device identifier.
- */
-uint32_t utils_get_uid_word2()
-{
-    return 0;
-}
--- a/embed/unix/utils.h
+++ b/embed/unix/utils.h
@ -1,31 +0,0 @@
-/*
- * This file is part of the TREZOR project, https://trezor.io/
- *
- * Copyright (c) SatoshiLabs
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef __TREZORHAL_UTILS_H__
-#define __TREZORHAL_UTILS_H__
-
-#include <stdint.h>
-
-uint32_t utils_get_cpu_id();
-uint32_t utils_get_flash_size();
-uint32_t utils_get_uid_word0();
-uint32_t utils_get_uid_word1();
-uint32_t utils_get_uid_word2();
-
-#endif