From dafea51a0e2f2fd8fc8c271f84283a82dca95e20 Mon Sep 17 00:00:00 2001
From: cepetr <petr@cerninovi.cz>
Date: Fri, 16 Aug 2024 13:33:58 +0200
Subject: [PATCH] refactor(core/embed): improve bootuils api

[no changelog]
---
 core/embed/extmod/modtrezorutils/modtrezorutils.c |  2 +-
 core/embed/lib/error_handling.c                   |  4 ++--
 core/embed/prodtest/main.c                        |  2 +-
 core/embed/rust/src/trezorhal/fatal_error.rs      |  6 +++---
 core/embed/trezorhal/bootutils.h                  | 15 +++++++++++----
 core/embed/trezorhal/stm32f4/bootutils.c          | 10 +++++-----
 core/embed/trezorhal/unix/bootutils.c             | 12 ++++++++++++
 core/embed/trezorhal/unix/common.c                | 10 ----------
 8 files changed, 35 insertions(+), 26 deletions(-)

diff --git a/core/embed/extmod/modtrezorutils/modtrezorutils.c b/core/embed/extmod/modtrezorutils/modtrezorutils.c
index f779864ef..69d48673a 100644
--- a/core/embed/extmod/modtrezorutils/modtrezorutils.c
+++ b/core/embed/extmod/modtrezorutils/modtrezorutils.c
@@ -308,7 +308,7 @@ STATIC mp_obj_t mod_trezorutils_reboot_to_bootloader(size_t n_args,
   }
 
   bootargs_set(boot_command, boot_args.buf, boot_args.len);
-  svc_reboot_to_bootloader();
+  reboot_to_bootloader();
 #endif
   return mp_const_none;
 }
diff --git a/core/embed/lib/error_handling.c b/core/embed/lib/error_handling.c
index 0906598d2..266df4f59 100644
--- a/core/embed/lib/error_handling.c
+++ b/core/embed/lib/error_handling.c
@@ -58,7 +58,7 @@ error_shutdown_ex(const char *title, const char *message, const char *footer) {
   }
   term_printf("\n%s\n", footer);
   display_backlight(255);
-  trezor_shutdown();
+  secure_shutdown();
 #endif
 }
 
@@ -99,7 +99,7 @@ __fatal_error(const char *msg, const char *file, int line) {
 #endif
   term_printf("\nPlease contact Trezor support.\n");
   display_backlight(255);
-  trezor_shutdown();
+  secure_shutdown();
 #endif
 }
 
diff --git a/core/embed/prodtest/main.c b/core/embed/prodtest/main.c
index af08a9122..4712891ef 100644
--- a/core/embed/prodtest/main.c
+++ b/core/embed/prodtest/main.c
@@ -763,7 +763,7 @@ static void test_otp_write_device_variant(const char *args) {
   vcp_println("OK");
 }
 
-static void test_reboot(void) { svc_reboot(); }
+static void test_reboot(void) { reboot(); }
 
 void cpuid_read(void) {
   uint32_t cpuid[3];
diff --git a/core/embed/rust/src/trezorhal/fatal_error.rs b/core/embed/rust/src/trezorhal/fatal_error.rs
index 20c9692bb..132c41eb1 100644
--- a/core/embed/rust/src/trezorhal/fatal_error.rs
+++ b/core/embed/rust/src/trezorhal/fatal_error.rs
@@ -1,7 +1,7 @@
 mod ffi {
     extern "C" {
-        // trezorhal/common.c
-        pub fn trezor_shutdown() -> !;
+        // trezorhal/bootuils.c
+        pub fn secure_shutdown() -> !;
     }
 }
 
@@ -11,7 +11,7 @@ use crate::ui::{
 };
 
 fn shutdown() -> ! {
-    unsafe { ffi::trezor_shutdown() }
+    unsafe { ffi::secure_shutdown() }
 }
 
 /// Shows an error message and shuts down the device.
diff --git a/core/embed/trezorhal/bootutils.h b/core/embed/trezorhal/bootutils.h
index 6a6d2f842..acf892075 100644
--- a/core/embed/trezorhal/bootutils.h
+++ b/core/embed/trezorhal/bootutils.h
@@ -4,7 +4,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
-// Defines boot command for 'svc_reboot_to_bootloader()' function
+// Defines boot command for 'reboot_to_bootloader()' function
 typedef enum {
   // Normal boot sequence
   BOOT_COMMAND_NONE = 0x00000000,
@@ -36,8 +36,15 @@ boot_command_t bootargs_get_command();
 // Returns the pointer to boot arguments
 const boot_args_t* bootargs_get_args();
 
-void __attribute__((noreturn)) trezor_shutdown(void);
-void __attribute__((noreturn)) svc_reboot_to_bootloader(void);
-void __attribute__((noreturn)) svc_reboot(void);
+// Reboots the device into the bootloader.
+// The bootloader will read the command set by `bootargs_set()`.
+void __attribute__((noreturn)) reboot_to_bootloader(void);
+
+// Causes immediate reset of the device.
+void __attribute__((noreturn)) reboot(void);
+
+// Safely shuts down the device (clears secrets, memory, etc.).
+// This function is called when the device is in an unrecoverable state.
+void __attribute__((noreturn)) secure_shutdown(void);
 
 #endif  // TREZORHAL_BOOTUTILS_H
diff --git a/core/embed/trezorhal/stm32f4/bootutils.c b/core/embed/trezorhal/stm32f4/bootutils.c
index d069545d1..08ffc2147 100644
--- a/core/embed/trezorhal/stm32f4/bootutils.c
+++ b/core/embed/trezorhal/stm32f4/bootutils.c
@@ -11,13 +11,13 @@
 // to the bootloader.
 // 1. In the bootloader, its value is set in the startup code.
 // 2. In the firmware it holds command for the next boot and it is used
-//    when svc_reboot_to_bootloader() is called
+//    when reboot_to_bootloader() is called
 boot_command_t g_boot_command_shadow;
 
 #ifdef STM32U5
 // The 'g_boot_command' is persistent variable that holds the 'command'
 // for the next reboot/jump to the bootloader. Its value is set to
-// g_boot_command_shadow when 'svc_reboot_to_bootloader()' is called.
+// g_boot_command_shadow when 'reboot_to_bootloader()' is called.
 boot_command_t __attribute__((section(".boot_command"))) g_boot_command;
 #endif
 
@@ -47,7 +47,7 @@ boot_command_t bootargs_get_command() { return g_boot_command_shadow; }
 
 const boot_args_t* bootargs_get_args() { return &g_boot_args; }
 
-void __attribute__((noreturn)) trezor_shutdown(void) {
+void __attribute__((noreturn)) secure_shutdown(void) {
   display_deinit(DISPLAY_RETAIN_CONTENT);
 
 #if defined(STM32U5)
@@ -63,7 +63,7 @@ void __attribute__((noreturn)) trezor_shutdown(void) {
     ;
 }
 
-void svc_reboot_to_bootloader(void) {
+void reboot_to_bootloader(void) {
   boot_command_t boot_command = bootargs_get_command();
   display_deinit(DISPLAY_RESET_CONTENT);
 #ifdef ENSURE_COMPATIBLE_SETTINGS
@@ -83,4 +83,4 @@ void svc_reboot_to_bootloader(void) {
 #endif
 }
 
-void svc_reboot(void) { NVIC_SystemReset(); }
+void reboot(void) { NVIC_SystemReset(); }
diff --git a/core/embed/trezorhal/unix/bootutils.c b/core/embed/trezorhal/unix/bootutils.c
index f88e76de3..a80e560a5 100644
--- a/core/embed/trezorhal/unix/bootutils.c
+++ b/core/embed/trezorhal/unix/bootutils.c
@@ -1,6 +1,8 @@
 
 #include "../bootutils.h"
 #include <common.h>
+#include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 
 // The 'g_boot_command_shadow' variable stores the 'command' for the next
@@ -42,3 +44,13 @@ void bootargs_clear() {
 boot_command_t bootargs_get_command() { return g_boot_command_shadow; }
 
 const boot_args_t* bootargs_get_args() { return &g_boot_args; }
+
+void __attribute__((noreturn)) secure_shutdown(void) {
+  printf("SHUTDOWN\n");
+
+  // Wait some time to let the user see the displayed
+  // message before shutting down
+  hal_delay(3000);
+
+  exit(3);
+}
diff --git a/core/embed/trezorhal/unix/common.c b/core/embed/trezorhal/unix/common.c
index 71830560a..de06ef6de 100644
--- a/core/embed/trezorhal/unix/common.c
+++ b/core/embed/trezorhal/unix/common.c
@@ -30,16 +30,6 @@
 
 void __attribute__((noreturn)) main_clean_exit();
 
-void __attribute__((noreturn)) trezor_shutdown(void) {
-  printf("SHUTDOWN\n");
-
-  // Wait some time to let the user see the displayed
-  // message before shutting down
-  hal_delay(3000);
-
-  exit(3);
-}
-
 static int SDLCALL emulator_event_filter(void *userdata, SDL_Event *event) {
   switch (event->type) {
     case SDL_QUIT: