diff --git a/core/embed/projects/kernel/main.c b/core/embed/projects/kernel/main.c index dff9167743..efaec75d27 100644 --- a/core/embed/projects/kernel/main.c +++ b/core/embed/projects/kernel/main.c @@ -114,16 +114,15 @@ void drivers_init() { #ifdef RDI random_delays_start_rdi(); #endif +#ifdef USE_BACKUP_RAM + backup_ram_init(); +#endif #endif // SECURE_MODE #ifdef USE_CONSUMPTION_MASK consumption_mask_init(); #endif -#ifdef USE_BACKUP_RAM - backup_ram_init(); -#endif - #ifdef USE_POWER_MANAGER pm_init(true); #endif diff --git a/core/embed/projects/secmon/main.c b/core/embed/projects/secmon/main.c index 49abcba5d5..99dc9c23a1 100644 --- a/core/embed/projects/secmon/main.c +++ b/core/embed/projects/secmon/main.c @@ -34,6 +34,10 @@ #include #include +#ifdef USE_BACKUP_RAM +#include +#endif + #ifdef USE_OPTIGA #include #endif @@ -81,6 +85,10 @@ static void drivers_init(void) { #ifdef USE_TROPIC tropic_init(); #endif + +#ifdef USE_BACKUP_RAM + backup_ram_init(); +#endif } // Secure monitor panic handler diff --git a/core/embed/sys/backup_ram/backup_ram.c b/core/embed/sys/backup_ram/backup_ram.c index b73b0e4ab6..be532cb6d9 100644 --- a/core/embed/sys/backup_ram/backup_ram.c +++ b/core/embed/sys/backup_ram/backup_ram.c @@ -17,6 +17,8 @@ * along with this program. If not, see . */ +#ifdef SECURE_MODE + #include #include @@ -316,3 +318,5 @@ static backup_ram_status_t backup_ram_verify_crc(void) { return BACKUP_RAM_OK; } + +#endif // SECURE_MODE diff --git a/core/embed/sys/smcall/stm32/smcall_dispatch.c b/core/embed/sys/smcall/stm32/smcall_dispatch.c index de9fe52637..462720fcca 100644 --- a/core/embed/sys/smcall/stm32/smcall_dispatch.c +++ b/core/embed/sys/smcall/stm32/smcall_dispatch.c @@ -33,6 +33,10 @@ #include #include +#ifdef USE_BACKUP_RAM +#include +#endif + #ifdef USE_OPTIGA #include #endif @@ -356,6 +360,20 @@ __attribute((no_stack_protector)) void smcall_handler(uint32_t *args, } break; #endif +#ifdef USE_BACKUP_RAM + case SMCALL_BACKUP_RAM_READ_POWER_MANAGER_DATA: { + backup_ram_power_manager_data_t *data = + (backup_ram_power_manager_data_t *)args[0]; + args[0] = backup_ram_read_power_manager_data__verified(data); + } break; + + case SMCALL_BACKUP_RAM_STORE_POWER_MANAGER_DATA: { + const backup_ram_power_manager_data_t *data = + (const backup_ram_power_manager_data_t *)args[0]; + args[0] = backup_ram_store_power_manager_data__verified(data); + } break; +#endif + default: system_exit_fatal("Invalid smcall", __FILE__, __LINE__); break; diff --git a/core/embed/sys/smcall/stm32/smcall_numbers.h b/core/embed/sys/smcall/stm32/smcall_numbers.h index b55143924d..98f4f8960a 100644 --- a/core/embed/sys/smcall/stm32/smcall_numbers.h +++ b/core/embed/sys/smcall/stm32/smcall_numbers.h @@ -92,4 +92,7 @@ typedef enum { SMCALL_TROPIC_ECC_KEY_GENERATE, SMCALL_TROPIC_ECC_SIGN, + SMCALL_BACKUP_RAM_READ_POWER_MANAGER_DATA, + SMCALL_BACKUP_RAM_STORE_POWER_MANAGER_DATA, + } smcall_number_t; diff --git a/core/embed/sys/smcall/stm32/smcall_stubs.c b/core/embed/sys/smcall/stm32/smcall_stubs.c index 4e0d69c9d7..f904b0cc30 100644 --- a/core/embed/sys/smcall/stm32/smcall_stubs.c +++ b/core/embed/sys/smcall/stm32/smcall_stubs.c @@ -339,4 +339,26 @@ bool tropic_ecc_sign(uint16_t key_slot_index, const uint8_t *dig, #endif +// ============================================================================= +// backup_ram.h +// ============================================================================= + +#ifdef USE_BACKUP_RAM + +#include + +backup_ram_status_t backup_ram_read_power_manager_data( + backup_ram_power_manager_data_t *data) { + return (backup_ram_status_t)smcall_invoke1( + (uint32_t)data, SMCALL_BACKUP_RAM_READ_POWER_MANAGER_DATA); +} + +backup_ram_status_t backup_ram_store_power_manager_data( + const backup_ram_power_manager_data_t *data) { + return (backup_ram_status_t)smcall_invoke1( + (uint32_t)data, SMCALL_BACKUP_RAM_STORE_POWER_MANAGER_DATA); +} + +#endif // USE_BACKUP_RAM + #endif // defined(KERNEL) && defined(USE_SECMON_LAYOUT) diff --git a/core/embed/sys/smcall/stm32/smcall_verifiers.c b/core/embed/sys/smcall/stm32/smcall_verifiers.c index 353956b83e..4339dcbe92 100644 --- a/core/embed/sys/smcall/stm32/smcall_verifiers.c +++ b/core/embed/sys/smcall/stm32/smcall_verifiers.c @@ -445,4 +445,34 @@ access_violation: } #endif -#endif // SMCALL_DISPATCH +#ifdef USE_BACKUP_RAM + +backup_ram_status_t backup_ram_store_power_manager_data__verified( + const backup_ram_power_manager_data_t *pm_data) { + if (!probe_read_access(pm_data, sizeof(*pm_data))) { + goto access_violation; + } + + return backup_ram_store_power_manager_data(pm_data); + +access_violation: + apptask_access_violation(); + return false; +} + +backup_ram_status_t backup_ram_read_power_manager_data__verified( + backup_ram_power_manager_data_t *pm_data) { + if (!probe_write_access(pm_data, sizeof(*pm_data))) { + goto access_violation; + } + + return backup_ram_read_power_manager_data(pm_data); + +access_violation: + apptask_access_violation(); + return false; +} + +#endif // USE_BACKUP_RAM + +#endif // SECMON diff --git a/core/embed/sys/smcall/stm32/smcall_verifiers.h b/core/embed/sys/smcall/stm32/smcall_verifiers.h index 28c74d3638..789fb6aaa6 100644 --- a/core/embed/sys/smcall/stm32/smcall_verifiers.h +++ b/core/embed/sys/smcall/stm32/smcall_verifiers.h @@ -121,4 +121,14 @@ bool tropic_ecc_sign__verified(uint16_t key_slot_index, const uint8_t *dig, #endif +// --------------------------------------------------------------------- + +#include + +backup_ram_status_t backup_ram_store_power_manager_data__verified( + const backup_ram_power_manager_data_t *pm_data); + +backup_ram_status_t backup_ram_read_power_manager_data__verified( + backup_ram_power_manager_data_t *pm_data); + #endif // SECMON diff --git a/core/embed/sys/trustzone/stm32u5/trustzone.c b/core/embed/sys/trustzone/stm32u5/trustzone.c index 65d27ee07d..b32c0801db 100644 --- a/core/embed/sys/trustzone/stm32u5/trustzone.c +++ b/core/embed/sys/trustzone/stm32u5/trustzone.c @@ -505,19 +505,6 @@ void tz_init(void) { tz_set_flash_unsecure(NONSECURE_CODE_START, NONSECURE_CODE_SIZE, true); tz_set_flash_unsecure(ASSETS_START, ASSETS_MAXSIZE, true); -#ifdef USE_BACKUP_RAM - // Make Backup SRAM accessible in non-secure mode - GTZC_TZSC1->MPCWM4ACFGR = - (GTZC_TZSC1->MPCWM4ACFGR & ~GTZC_TZSC_MPCWM_CFGR_SEC) | - (GTZC_TZSC_MPCWM_CFGR_PRIV | GTZC_TZSC_MPCWM_CFGR_SREN); - - GTZC_TZSC1->MPCWM4AR = - (GTZC_TZSC1->MPCWM4AR & - (~GTZC_TZSC_MPCWMR_SUBZ_START | ~GTZC_TZSC_MPCWMR_SUBZ_LENGTH)) | - (0 << GTZC_TZSC_MPCWMR_SUBZ_START_Pos) | - ((2048 / 32) << GTZC_TZSC_MPCWMR_SUBZ_LENGTH_Pos); -#endif // USE_BACKUP_RAM - // Set all peripherals as non-secure & privileged by default HAL_GTZC_TZSC_ConfigPeriphAttributes( GTZC_PERIPH_ALL, GTZC_TZSC_PERIPH_NSEC | GTZC_TZSC_PERIPH_PRIV);