diff --git a/core/embed/extmod/modtrezorconfig/modtrezorconfig.c b/core/embed/extmod/modtrezorconfig/modtrezorconfig.c index 8bd5212e6..10df09495 100644 --- a/core/embed/extmod/modtrezorconfig/modtrezorconfig.c +++ b/core/embed/extmod/modtrezorconfig/modtrezorconfig.c @@ -28,6 +28,7 @@ #include "embed/extmod/trezorobj.h" #include "common.h" +#include "entropy.h" #include "memzero.h" #include "storage.h" @@ -55,13 +56,16 @@ static secbool wrapped_ui_wait_callback(uint32_t wait, uint32_t progress, /// called from this module! /// """ STATIC mp_obj_t mod_trezorconfig_init(size_t n_args, const mp_obj_t *args) { + uint8_t entropy_data[HW_ENTROPY_LEN]; + entropy_get(entropy_data); + if (n_args > 0) { MP_STATE_VM(trezorconfig_ui_wait_callback) = args[0]; - storage_init(wrapped_ui_wait_callback, HW_ENTROPY_DATA, HW_ENTROPY_LEN); + storage_init(wrapped_ui_wait_callback, entropy_data, HW_ENTROPY_LEN); } else { - storage_init(NULL, HW_ENTROPY_DATA, HW_ENTROPY_LEN); + storage_init(NULL, entropy_data, HW_ENTROPY_LEN); } - memzero(HW_ENTROPY_DATA, sizeof(HW_ENTROPY_DATA)); + memzero(entropy_data, sizeof(entropy_data)); return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorconfig_init_obj, 0, 1, diff --git a/core/embed/firmware/main.c b/core/embed/firmware/main.c index 357dcd5e1..a1f8ffed1 100644 --- a/core/embed/firmware/main.c +++ b/core/embed/firmware/main.c @@ -41,6 +41,7 @@ #include "common.h" #include "compiler_traits.h" #include "display.h" +#include "entropy.h" #include "fault_handlers.h" #include "flash.h" #include "image.h" @@ -179,7 +180,7 @@ int main(void) { mpu_config_firmware_initial(); - collect_hw_entropy(); + entropy_init(); #if PRODUCTION || BOOTLOADER_QA check_and_replace_bootloader(); diff --git a/core/embed/rust/build.rs b/core/embed/rust/build.rs index 6f2706e55..543cf5046 100644 --- a/core/embed/rust/build.rs +++ b/core/embed/rust/build.rs @@ -306,8 +306,9 @@ fn generate_trezorhal_bindings() { // model .allowlist_var("MODEL_INTERNAL_NAME") .allowlist_var("MODEL_FULL_NAME") - // common - .allowlist_var("HW_ENTROPY_DATA") + // entropy + .allowlist_var("HW_ENTROPY_LEN") + .allowlist_function("entropy_get") // secbool .allowlist_type("secbool") .must_use_type("secbool") diff --git a/core/embed/rust/src/trezorhal/storage.rs b/core/embed/rust/src/trezorhal/storage.rs index 6bf44a3b7..2a7a94cac 100644 --- a/core/embed/rust/src/trezorhal/storage.rs +++ b/core/embed/rust/src/trezorhal/storage.rs @@ -97,10 +97,13 @@ pub type StorageResult = Result; /// This function must be called before any other storage function. pub fn init() { unsafe { + let mut entropy_data: [u8; ffi::HW_ENTROPY_LEN as usize] = + [0; ffi::HW_ENTROPY_LEN as usize]; + ffi::entropy_get(entropy_data.as_mut_ptr()); ffi::storage_init( Some(callback_wrapper), - ffi::HW_ENTROPY_DATA.as_ptr(), - ffi::HW_ENTROPY_DATA.len() as u16, + entropy_data.as_ptr(), + entropy_data.len() as u16, ); } } diff --git a/core/embed/rust/trezorhal.h b/core/embed/rust/trezorhal.h index 7dadc0abf..48ab14222 100644 --- a/core/embed/rust/trezorhal.h +++ b/core/embed/rust/trezorhal.h @@ -7,6 +7,7 @@ #include "display_draw.h" #include "dma2d.h" #include "dma2d_bitblt.h" +#include "entropy.h" #include "flash.h" #include "fonts/fonts.h" #include "gfx_bitblt.h" diff --git a/core/embed/trezorhal/common.h b/core/embed/trezorhal/common.h index e42dcfd99..07db158bf 100644 --- a/core/embed/trezorhal/common.h +++ b/core/embed/trezorhal/common.h @@ -58,10 +58,6 @@ void hal_delay(uint32_t ms); uint32_t hal_ticks_ms(); void hal_delay_us(uint16_t delay_us); -void collect_hw_entropy(void); -#define HW_ENTROPY_LEN (12 + 32) -extern uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN]; - // Invalidates firmware on the device // Note: only works when write access to firmware area is enabled by MPU void invalidate_firmware(void); diff --git a/core/embed/trezorhal/entropy.h b/core/embed/trezorhal/entropy.h new file mode 100644 index 000000000..bd50b48e3 --- /dev/null +++ b/core/embed/trezorhal/entropy.h @@ -0,0 +1,31 @@ +/* + * This file is part of the Trezor project, https://trezor.io/ + * + * Copyright (c) SatoshiLabs + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef TREZORHAL_ENTROPY_H +#define TREZORHAL_ENTROPY_H + +#include + +void entropy_init(void); + +#define HW_ENTROPY_LEN (12 + 32) + +void entropy_get(uint8_t *buf); + +#endif \ No newline at end of file diff --git a/core/embed/trezorhal/stm32f4/common.c b/core/embed/trezorhal/stm32f4/common.c index 8ebab7425..6eb76497f 100644 --- a/core/embed/trezorhal/stm32f4/common.c +++ b/core/embed/trezorhal/stm32f4/common.c @@ -91,32 +91,6 @@ void __attribute__((noreturn)) __stack_chk_fail(void) { error_shutdown("(SS)"); } -uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN]; - -void collect_hw_entropy(void) { - // collect entropy from UUID - uint32_t w = LL_GetUID_Word0(); - memcpy(HW_ENTROPY_DATA, &w, 4); - w = LL_GetUID_Word1(); - memcpy(HW_ENTROPY_DATA + 4, &w, 4); - w = LL_GetUID_Word2(); - memcpy(HW_ENTROPY_DATA + 8, &w, 4); - - // set entropy in the OTP randomness block - if (secfalse == flash_otp_is_locked(FLASH_OTP_BLOCK_RANDOMNESS)) { - uint8_t entropy[FLASH_OTP_BLOCK_SIZE]; - random_buffer(entropy, FLASH_OTP_BLOCK_SIZE); - ensure(flash_otp_write(FLASH_OTP_BLOCK_RANDOMNESS, 0, entropy, - FLASH_OTP_BLOCK_SIZE), - NULL); - ensure(flash_otp_lock(FLASH_OTP_BLOCK_RANDOMNESS), NULL); - } - // collect entropy from OTP randomness block - ensure(flash_otp_read(FLASH_OTP_BLOCK_RANDOMNESS, 0, HW_ENTROPY_DATA + 12, - FLASH_OTP_BLOCK_SIZE), - NULL); -} - void invalidate_firmware(void) { // erase start of the firmware (metadata) -> invalidate FW ensure(flash_unlock_write(), NULL); diff --git a/core/embed/trezorhal/stm32f4/entropy.c b/core/embed/trezorhal/stm32f4/entropy.c new file mode 100644 index 000000000..0c655c2ec --- /dev/null +++ b/core/embed/trezorhal/stm32f4/entropy.c @@ -0,0 +1,55 @@ +/* + * This file is part of the Trezor project, https://trezor.io/ + * + * Copyright (c) SatoshiLabs + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include "entropy.h" + +#include "entropy.h" +#include "flash_otp.h" +#include "model.h" +#include "rand.h" + +#include "stm32f4xx_ll_utils.h" + +static uint8_t g_hw_entropy[HW_ENTROPY_LEN]; + +void entropy_init(void) { + // collect entropy from UUID + uint32_t w = LL_GetUID_Word0(); + memcpy(g_hw_entropy, &w, 4); + w = LL_GetUID_Word1(); + memcpy(g_hw_entropy + 4, &w, 4); + w = LL_GetUID_Word2(); + memcpy(g_hw_entropy + 8, &w, 4); + + // set entropy in the OTP randomness block + if (secfalse == flash_otp_is_locked(FLASH_OTP_BLOCK_RANDOMNESS)) { + uint8_t entropy[FLASH_OTP_BLOCK_SIZE]; + random_buffer(entropy, FLASH_OTP_BLOCK_SIZE); + ensure(flash_otp_write(FLASH_OTP_BLOCK_RANDOMNESS, 0, entropy, + FLASH_OTP_BLOCK_SIZE), + NULL); + ensure(flash_otp_lock(FLASH_OTP_BLOCK_RANDOMNESS), NULL); + } + // collect entropy from OTP randomness block + ensure(flash_otp_read(FLASH_OTP_BLOCK_RANDOMNESS, 0, g_hw_entropy + 12, + FLASH_OTP_BLOCK_SIZE), + NULL); +} + +void entropy_get(uint8_t *buf) { memcpy(buf, g_hw_entropy, HW_ENTROPY_LEN); } diff --git a/core/embed/trezorhal/stm32u5/common.c b/core/embed/trezorhal/stm32u5/common.c index a10a6ccd0..711c6066e 100644 --- a/core/embed/trezorhal/stm32u5/common.c +++ b/core/embed/trezorhal/stm32u5/common.c @@ -75,32 +75,6 @@ void __attribute__((noreturn)) __stack_chk_fail(void) { error_shutdown("(SS)"); } -uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN]; - -void collect_hw_entropy(void) { - // collect entropy from UUID - uint32_t w = LL_GetUID_Word0(); - memcpy(HW_ENTROPY_DATA, &w, 4); - w = LL_GetUID_Word1(); - memcpy(HW_ENTROPY_DATA + 4, &w, 4); - w = LL_GetUID_Word2(); - memcpy(HW_ENTROPY_DATA + 8, &w, 4); - - // set entropy in the OTP randomness block - if (secfalse == flash_otp_is_locked(FLASH_OTP_BLOCK_RANDOMNESS)) { - uint8_t entropy[FLASH_OTP_BLOCK_SIZE]; - random_buffer(entropy, FLASH_OTP_BLOCK_SIZE); - ensure(flash_otp_write(FLASH_OTP_BLOCK_RANDOMNESS, 0, entropy, - FLASH_OTP_BLOCK_SIZE), - NULL); - // ensure(flash_otp_lock(FLASH_OTP_BLOCK_RANDOMNESS), NULL); - } - // collect entropy from OTP randomness block - ensure(flash_otp_read(FLASH_OTP_BLOCK_RANDOMNESS, 0, HW_ENTROPY_DATA + 12, - FLASH_OTP_BLOCK_SIZE), - NULL); -} - void invalidate_firmware(void) { // on stm32u5, we need to disable the instruction cache before erasing the // firmware - otherwise, the write check will fail diff --git a/core/embed/trezorhal/stm32u5/entropy.c b/core/embed/trezorhal/stm32u5/entropy.c new file mode 100644 index 000000000..c1af6ded3 --- /dev/null +++ b/core/embed/trezorhal/stm32u5/entropy.c @@ -0,0 +1,55 @@ +/* + * This file is part of the Trezor project, https://trezor.io/ + * + * Copyright (c) SatoshiLabs + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include + +#include "entropy.h" +#include "flash_otp.h" +#include "model.h" +#include "rand.h" + +#include "stm32u5xx_ll_utils.h" + +static uint8_t g_hw_entropy[HW_ENTROPY_LEN]; + +void entropy_init(void) { + // collect entropy from UUID + uint32_t w = LL_GetUID_Word0(); + memcpy(g_hw_entropy, &w, 4); + w = LL_GetUID_Word1(); + memcpy(g_hw_entropy + 4, &w, 4); + w = LL_GetUID_Word2(); + memcpy(g_hw_entropy + 8, &w, 4); + + // set entropy in the OTP randomness block + if (secfalse == flash_otp_is_locked(FLASH_OTP_BLOCK_RANDOMNESS)) { + uint8_t entropy[FLASH_OTP_BLOCK_SIZE]; + random_buffer(entropy, FLASH_OTP_BLOCK_SIZE); + ensure(flash_otp_write(FLASH_OTP_BLOCK_RANDOMNESS, 0, entropy, + FLASH_OTP_BLOCK_SIZE), + NULL); + // ensure(flash_otp_lock(FLASH_OTP_BLOCK_RANDOMNESS), NULL); + } + // collect entropy from OTP randomness block + ensure(flash_otp_read(FLASH_OTP_BLOCK_RANDOMNESS, 0, g_hw_entropy + 12, + FLASH_OTP_BLOCK_SIZE), + NULL); +} + +void entropy_get(uint8_t *buf) { memcpy(buf, g_hw_entropy, HW_ENTROPY_LEN); } diff --git a/core/embed/trezorhal/unix/common.c b/core/embed/trezorhal/unix/common.c index afae59830..6a840870e 100644 --- a/core/embed/trezorhal/unix/common.c +++ b/core/embed/trezorhal/unix/common.c @@ -74,7 +74,3 @@ void emulator_poll_events(void) { SDL_PumpEvents(); SDL_FilterEvents(emulator_event_filter, NULL); } - -uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN]; - -void collect_hw_entropy(void) { memzero(HW_ENTROPY_DATA, HW_ENTROPY_LEN); } diff --git a/core/embed/trezorhal/unix/entropy.c b/core/embed/trezorhal/unix/entropy.c new file mode 100644 index 000000000..a7a091b68 --- /dev/null +++ b/core/embed/trezorhal/unix/entropy.c @@ -0,0 +1,28 @@ +/* + * This file is part of the Trezor project, https://trezor.io/ + * + * Copyright (c) SatoshiLabs + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include + +#include "entropy.h" + +static uint8_t g_hw_entropy[HW_ENTROPY_LEN]; + +void entropy_init(void) { memset(g_hw_entropy, 0, HW_ENTROPY_LEN); } + +void entropy_get(uint8_t *buf) { memcpy(buf, g_hw_entropy, HW_ENTROPY_LEN); } diff --git a/core/embed/unix/main_main.c b/core/embed/unix/main_main.c index f1e289312..bdc9d561a 100644 --- a/core/embed/unix/main_main.c +++ b/core/embed/unix/main_main.c @@ -6,11 +6,12 @@ #endif #include "common.h" +#include "entropy.h" MP_NOINLINE int main_(int argc, char **argv); int main(int argc, char **argv) { - collect_hw_entropy(); + entropy_init(); #ifdef USE_SECP256K1_ZKP ensure(sectrue * (zkp_context_init() == 0), NULL); diff --git a/core/site_scons/models/stm32f4_common.py b/core/site_scons/models/stm32f4_common.py index 3a53387f7..839be0364 100644 --- a/core/site_scons/models/stm32f4_common.py +++ b/core/site_scons/models/stm32f4_common.py @@ -43,6 +43,7 @@ def stm32f4_common_files(env, defines, sources, paths): "embed/trezorhal/stm32f4/board_capabilities.c", "embed/trezorhal/stm32f4/boot_args.c", "embed/trezorhal/stm32f4/common.c", + "embed/trezorhal/stm32f4/entropy.c", "embed/trezorhal/stm32f4/fault_handlers.c", "embed/trezorhal/stm32f4/flash.c", "embed/trezorhal/stm32f4/flash_otp.c", diff --git a/core/site_scons/models/stm32u5_common.py b/core/site_scons/models/stm32u5_common.py index ff08f108c..17a4e47fb 100644 --- a/core/site_scons/models/stm32u5_common.py +++ b/core/site_scons/models/stm32u5_common.py @@ -52,6 +52,7 @@ def stm32u5_common_files(env, defines, sources, paths): "embed/trezorhal/stm32u5/board_capabilities.c", "embed/trezorhal/stm32u5/boot_args.c", "embed/trezorhal/stm32u5/common.c", + "embed/trezorhal/stm32u5/entropy.c", "embed/trezorhal/stm32u5/fault_handlers.c", "embed/trezorhal/stm32u5/flash.c", "embed/trezorhal/stm32u5/flash_otp.c",