feat(core): move backup_ram driver to secmon

[no changelog]

core/embed/projects/kernel/main.c

@@ -114,16 +114,15 @@ void drivers_init() {
 #ifdef RDI
   random_delays_start_rdi();
 #endif
+#ifdef USE_BACKUP_RAM
+  backup_ram_init();
+#endif
 #endif  // SECURE_MODE
 
 #ifdef USE_CONSUMPTION_MASK
   consumption_mask_init();
 #endif
 
-#ifdef USE_BACKUP_RAM
-  backup_ram_init();
-#endif
-
 #ifdef USE_POWER_MANAGER
   pm_init(true);
 #endif

core/embed/projects/secmon/main.c

@@ -34,6 +34,10 @@
 #include <util/option_bytes.h>
 #include <util/unit_properties.h>
 
+#ifdef USE_BACKUP_RAM
+#include <sys/backup_ram.h>
+#endif
+
 #ifdef USE_OPTIGA
 #include <sec/optiga_config.h>
 #endif
@@ -81,6 +85,10 @@ static void drivers_init(void) {
 #ifdef USE_TROPIC
   tropic_init();
 #endif
+
+#ifdef USE_BACKUP_RAM
+  backup_ram_init();
+#endif
 }
 
 // Secure monitor panic handler

core/embed/sys/backup_ram/backup_ram.c

@@ -17,6 +17,8 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#ifdef SECURE_MODE
+
 #include <trezor_bsp.h>
 #include <trezor_rtl.h>
 
@@ -316,3 +318,5 @@ static backup_ram_status_t backup_ram_verify_crc(void) {
 
   return BACKUP_RAM_OK;
 }
+
+#endif  // SECURE_MODE

core/embed/sys/smcall/stm32/smcall_dispatch.c

@@ -33,6 +33,10 @@
 #include <util/fwutils.h>
 #include <util/unit_properties.h>
 
+#ifdef USE_BACKUP_RAM
+#include <sys/backup_ram.h>
+#endif
+
 #ifdef USE_OPTIGA
 #include <sec/optiga.h>
 #endif
@@ -356,6 +360,20 @@ __attribute((no_stack_protector)) void smcall_handler(uint32_t *args,
     } break;
 #endif
 
+#ifdef USE_BACKUP_RAM
+    case SMCALL_BACKUP_RAM_READ_POWER_MANAGER_DATA: {
+      backup_ram_power_manager_data_t *data =
+          (backup_ram_power_manager_data_t *)args[0];
+      args[0] = backup_ram_read_power_manager_data__verified(data);
+    } break;
+
+    case SMCALL_BACKUP_RAM_STORE_POWER_MANAGER_DATA: {
+      const backup_ram_power_manager_data_t *data =
+          (const backup_ram_power_manager_data_t *)args[0];
+      args[0] = backup_ram_store_power_manager_data__verified(data);
+    } break;
+#endif
+
     default:
       system_exit_fatal("Invalid smcall", __FILE__, __LINE__);
       break;

core/embed/sys/smcall/stm32/smcall_numbers.h

@@ -92,4 +92,7 @@ typedef enum {
   SMCALL_TROPIC_ECC_KEY_GENERATE,
   SMCALL_TROPIC_ECC_SIGN,
 
+  SMCALL_BACKUP_RAM_READ_POWER_MANAGER_DATA,
+  SMCALL_BACKUP_RAM_STORE_POWER_MANAGER_DATA,
+
 } smcall_number_t;

core/embed/sys/smcall/stm32/smcall_stubs.c

@@ -339,4 +339,26 @@ bool tropic_ecc_sign(uint16_t key_slot_index, const uint8_t *dig,
 
 #endif
 
+// =============================================================================
+// backup_ram.h
+// =============================================================================
+
+#ifdef USE_BACKUP_RAM
+
+#include <sys/backup_ram.h>
+
+backup_ram_status_t backup_ram_read_power_manager_data(
+    backup_ram_power_manager_data_t *data) {
+  return (backup_ram_status_t)smcall_invoke1(
+      (uint32_t)data, SMCALL_BACKUP_RAM_READ_POWER_MANAGER_DATA);
+}
+
+backup_ram_status_t backup_ram_store_power_manager_data(
+    const backup_ram_power_manager_data_t *data) {
+  return (backup_ram_status_t)smcall_invoke1(
+      (uint32_t)data, SMCALL_BACKUP_RAM_STORE_POWER_MANAGER_DATA);
+}
+
+#endif  // USE_BACKUP_RAM
+
 #endif  // defined(KERNEL) && defined(USE_SECMON_LAYOUT)

core/embed/sys/smcall/stm32/smcall_verifiers.c

@@ -445,4 +445,34 @@ access_violation:
 }
 #endif
 
-#endif  // SMCALL_DISPATCH
+#ifdef USE_BACKUP_RAM
+
+backup_ram_status_t backup_ram_store_power_manager_data__verified(
+    const backup_ram_power_manager_data_t *pm_data) {
+  if (!probe_read_access(pm_data, sizeof(*pm_data))) {
+    goto access_violation;
+  }
+
+  return backup_ram_store_power_manager_data(pm_data);
+
+access_violation:
+  apptask_access_violation();
+  return false;
+}
+
+backup_ram_status_t backup_ram_read_power_manager_data__verified(
+    backup_ram_power_manager_data_t *pm_data) {
+  if (!probe_write_access(pm_data, sizeof(*pm_data))) {
+    goto access_violation;
+  }
+
+  return backup_ram_read_power_manager_data(pm_data);
+
+access_violation:
+  apptask_access_violation();
+  return false;
+}
+
+#endif  // USE_BACKUP_RAM
+
+#endif  // SECMON

core/embed/sys/smcall/stm32/smcall_verifiers.h

@@ -121,4 +121,14 @@ bool tropic_ecc_sign__verified(uint16_t key_slot_index, const uint8_t *dig,
 
 #endif
 
+// ---------------------------------------------------------------------
+
+#include <sys/backup_ram.h>
+
+backup_ram_status_t backup_ram_store_power_manager_data__verified(
+    const backup_ram_power_manager_data_t *pm_data);
+
+backup_ram_status_t backup_ram_read_power_manager_data__verified(
+    backup_ram_power_manager_data_t *pm_data);
+
 #endif  // SECMON

core/embed/sys/trustzone/stm32u5/trustzone.c

@@ -505,19 +505,6 @@ void tz_init(void) {
   tz_set_flash_unsecure(NONSECURE_CODE_START, NONSECURE_CODE_SIZE, true);
   tz_set_flash_unsecure(ASSETS_START, ASSETS_MAXSIZE, true);
 
-#ifdef USE_BACKUP_RAM
-  // Make Backup SRAM accessible in non-secure mode
-  GTZC_TZSC1->MPCWM4ACFGR =
-      (GTZC_TZSC1->MPCWM4ACFGR & ~GTZC_TZSC_MPCWM_CFGR_SEC) |
-      (GTZC_TZSC_MPCWM_CFGR_PRIV | GTZC_TZSC_MPCWM_CFGR_SREN);
-
-  GTZC_TZSC1->MPCWM4AR =
-      (GTZC_TZSC1->MPCWM4AR &
-       (~GTZC_TZSC_MPCWMR_SUBZ_START | ~GTZC_TZSC_MPCWMR_SUBZ_LENGTH)) |
-      (0 << GTZC_TZSC_MPCWMR_SUBZ_START_Pos) |
-      ((2048 / 32) << GTZC_TZSC_MPCWMR_SUBZ_LENGTH_Pos);
-#endif  // USE_BACKUP_RAM
-
   // Set all peripherals as non-secure & privileged by default
   HAL_GTZC_TZSC_ConfigPeriphAttributes(
       GTZC_PERIPH_ALL, GTZC_TZSC_PERIPH_NSEC | GTZC_TZSC_PERIPH_PRIV);