diff --git a/embed/boardloader/lowlevel.c b/embed/boardloader/lowlevel.c index 91cf10b689..058048f7a6 100644 --- a/embed/boardloader/lowlevel.c +++ b/embed/boardloader/lowlevel.c @@ -41,12 +41,12 @@ void flash_set_option_bytes(void) } } -bool flash_check_option_bytes(void) +secbool flash_check_option_bytes(void) { - return - ((FLASH->OPTCR & FLASH_OPTCR_nWRP) == (FLASH_OPTCR_nWRP_0 | FLASH_OPTCR_nWRP_1 | FLASH_OPTCR_nWRP_2)) && - ((FLASH->OPTCR & FLASH_OPTCR_RDP) == FLASH_OPTCR_RDP_2) && - ((FLASH->OPTCR & FLASH_OPTCR_BOR_LEV) == (FLASH_OPTCR_BOR_LEV_0 | FLASH_OPTCR_BOR_LEV_1)); + if ((FLASH->OPTCR & FLASH_OPTCR_nWRP) != (FLASH_OPTCR_nWRP_0 | FLASH_OPTCR_nWRP_1 | FLASH_OPTCR_nWRP_2)) return secfalse; + if ((FLASH->OPTCR & FLASH_OPTCR_RDP) != FLASH_OPTCR_RDP_2) return secfalse; + if ((FLASH->OPTCR & FLASH_OPTCR_BOR_LEV) != (FLASH_OPTCR_BOR_LEV_0 | FLASH_OPTCR_BOR_LEV_1)) return secfalse; + return sectrue; } void periph_init(void) @@ -78,18 +78,18 @@ void periph_init(void) NVIC_EnableIRQ(PVD_IRQn); } -bool reset_flags_init(void) +secbool reset_flags_init(void) { #if PRODUCTION // this is effective enough that it makes development painful, so only use it for production. // check the reset flags to assure that we arrive here due to a regular full power-on event, // and not as a result of a lesser reset. if ((RCC->CSR & (RCC_CSR_LPWRRSTF | RCC_CSR_WWDGRSTF | RCC_CSR_IWDGRSTF | RCC_CSR_SFTRSTF | RCC_CSR_PORRSTF | RCC_CSR_PINRSTF | RCC_CSR_BORRSTF)) != (RCC_CSR_PORRSTF | RCC_CSR_PINRSTF | RCC_CSR_BORRSTF)) { - return false; + return secfalse; } #endif RCC->CSR |= RCC_CSR_RMVF; // clear the reset flags - return true; + return sectrue; } diff --git a/embed/boardloader/lowlevel.h b/embed/boardloader/lowlevel.h index c156747755..a4dc39bbbf 100644 --- a/embed/boardloader/lowlevel.h +++ b/embed/boardloader/lowlevel.h @@ -1,11 +1,11 @@ #ifndef __BOARDLOADER_LOWLEVEL_H__ #define __BOARDLOADER_LOWLEVEL_H__ -#include +#include "secbool.h" void flash_set_option_bytes(void); -bool flash_check_option_bytes(void); +secbool flash_check_option_bytes(void); void periph_init(void); -bool reset_flags_init(void); +secbool reset_flags_init(void); #endif diff --git a/embed/boardloader/main.c b/embed/boardloader/main.c index e6cbe90494..672074f1a2 100644 --- a/embed/boardloader/main.c +++ b/embed/boardloader/main.c @@ -49,7 +49,7 @@ static uint32_t check_sdcard(void) image_header hdr; - if (load_image_header((const uint8_t *)buf, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS, &hdr)) { + if (sectrue == load_image_header((const uint8_t *)buf, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS, &hdr)) { return hdr.codelen; } else { return 0; @@ -60,7 +60,7 @@ static void progress_callback(int pos, int len) { display_printf("."); } -static bool copy_sdcard(void) +static secbool copy_sdcard(void) { display_backlight(255); @@ -79,7 +79,7 @@ static bool copy_sdcard(void) codelen = check_sdcard(); if (!codelen) { display_printf("\n\nno SD card, aborting\n"); - return false; + return secfalse; } } @@ -111,13 +111,13 @@ static bool copy_sdcard(void) }; if (!flash_erase_sectors(sectors, 2 + 1 + 6 + 4 + 7 + 1, progress_callback)) { display_printf(" failed\n"); - return false; + return secfalse; } display_printf(" done\n\n"); if (!flash_unlock()) { display_printf("could not unlock flash\n"); - return false; + return secfalse; } // copy bootloader from SD card to Flash @@ -133,7 +133,7 @@ static bool copy_sdcard(void) display_printf("copy failed\n"); sdcard_power_off(); flash_lock(); - return false; + return secfalse; } } } @@ -144,7 +144,7 @@ static bool copy_sdcard(void) display_printf("\ndone\n\n"); display_printf("Unplug the device and remove the SD card\n"); - return true; + return sectrue; } int main(void) @@ -173,7 +173,7 @@ int main(void) sdcard_init(); if (check_sdcard()) { - return copy_sdcard() ? 0 : 3; + return copy_sdcard() == sectrue ? 0 : 3; } image_header hdr; diff --git a/embed/bootloader/main.c b/embed/bootloader/main.c index 95741e1d16..0b69f08928 100644 --- a/embed/bootloader/main.c +++ b/embed/bootloader/main.c @@ -5,11 +5,12 @@ #include "display.h" #include "image.h" #include "flash.h" +#include "mini_printf.h" #include "rng.h" +#include "secbool.h" #include "touch.h" #include "usb.h" #include "version.h" -#include "mini_printf.h" #include "icon_cross.h" #include "icon_lock.h" @@ -83,13 +84,14 @@ void display_error(void) display_footer("Error! Unplug the device", COLOR_BL_RED); } -void display_welcome(bool firmware_present) +void display_welcome(secbool firmware_present) { display_clear(); - if (!firmware_present) { + if (secfalse == firmware_present) { display_icon((DISPLAY_RESX - 124) / 2, (DISPLAY_RESY - 40 - 180) / 2, 124, 180, toi_icon_lock, sizeof(toi_icon_lock), COLOR_WHITE, COLOR_BLACK); display_text_center(DISPLAY_RESX / 2, DISPLAY_RESY - 20, "Go to trezor.io/start", -1, FONT_BOLD, COLOR_WHITE, COLOR_BLACK); - } else { + } + if (sectrue == firmware_present) { display_header(ICON_TOOLS, "TREZOR Bootloader"); uint8_t dom[32]; // format: TREZOR2-YYMMDD @@ -189,7 +191,7 @@ void usb_init_all(void) { usb_start(); } -bool bootloader_loop(bool firmware_present) +secbool bootloader_loop(secbool firmware_present) { usb_init_all(); @@ -202,7 +204,7 @@ bool bootloader_loop(bool firmware_present) if (r != USB_PACKET_SIZE) { continue; } - ensure(r == USB_PACKET_SIZE, NULL); + ensure(sectrue * (r == USB_PACKET_SIZE), NULL); uint16_t msg_id; uint32_t msg_size; if (!msg_parse_header(buf, &msg_id, &msg_size)) { @@ -227,12 +229,12 @@ bool bootloader_loop(bool firmware_present) display_error(); usb_stop(); usb_deinit(); - return false; // shutdown + return secfalse; // shutdown } else { // success display_done(0); usb_stop(); usb_deinit(); - return false; // shutdown + return secfalse; // shutdown } break; case 6: // FirmwareErase @@ -249,7 +251,7 @@ bool bootloader_loop(bool firmware_present) display_error(); usb_stop(); usb_deinit(); - return false; // shutdown + return secfalse; // shutdown } else if (r == 0) { // last chunk received display_done(3); hal_delay(1000); @@ -258,7 +260,7 @@ bool bootloader_loop(bool firmware_present) usb_stop(); usb_deinit(); display_fade(BACKLIGHT_NORMAL, 0, 500); - return true; // jump to firmware + return sectrue; // jump to firmware } break; default: @@ -282,12 +284,12 @@ void check_bootloader_version(void) bits[i / 8] |= (1 << (7 - (i % 8))); } } - ensure(true == flash_otp_write(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits, FLASH_OTP_BLOCK_SIZE), NULL); + ensure(flash_otp_write(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits, FLASH_OTP_BLOCK_SIZE), NULL); uint8_t bits2[FLASH_OTP_BLOCK_SIZE]; - ensure(true == flash_otp_read(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits2, FLASH_OTP_BLOCK_SIZE), NULL); + ensure(flash_otp_read(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits2, FLASH_OTP_BLOCK_SIZE), NULL); - ensure(0 == memcmp(bits, bits2, FLASH_OTP_BLOCK_SIZE), "Bootloader downgraded"); + ensure(sectrue * (0 == memcmp(bits, bits2, FLASH_OTP_BLOCK_SIZE)), "Bootloader downgraded"); } int main(void) @@ -310,14 +312,14 @@ int main(void) vendor_header vhdr; // start the bootloader if user touched the screen or no firmware installed - bool firmware_present = load_vendor_header((const uint8_t *)FIRMWARE_START, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, &vhdr); - if (touched || !firmware_present) { - if (!bootloader_loop(firmware_present)) { + secbool firmware_present = load_vendor_header((const uint8_t *)FIRMWARE_START, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, &vhdr); + if (touched || firmware_present != sectrue) { + if (bootloader_loop(firmware_present) != sectrue) { return 1; } } - ensure ( + ensure( load_vendor_header((const uint8_t *)FIRMWARE_START, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, &vhdr), "invalid vendor header"); diff --git a/embed/bootloader/messages.c b/embed/bootloader/messages.c index 1217a76fc0..db27cab704 100644 --- a/embed/bootloader/messages.c +++ b/embed/bootloader/messages.c @@ -9,6 +9,7 @@ #include "display.h" #include "flash.h" #include "image.h" +#include "secbool.h" #include "usb.h" #include "version.h" @@ -18,14 +19,14 @@ #define MSG_HEADER1_LEN 9 #define MSG_HEADER2_LEN 1 -bool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size) +secbool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size) { if (buf[0] != '?' || buf[1] != '#' || buf[2] != '#') { - return false; + return secfalse; } *msg_id = (buf[3] << 8) + buf[4]; *msg_size = (buf[5] << 24) + (buf[6] << 16) + (buf[7] << 8) + buf[8]; - return true; + return sectrue; } typedef struct { @@ -35,6 +36,7 @@ typedef struct { uint8_t buf[USB_PACKET_SIZE]; } usb_write_state; +/* we don't use secbool/sectrue/secfalse here as it is a nanopb api */ static bool _usb_write(pb_ostream_t *stream, const pb_byte_t *buf, size_t count) { usb_write_state *state = (usb_write_state *)(stream->state); @@ -79,7 +81,7 @@ static void _usb_write_flush(usb_write_state *state) usb_hid_write_blocking(state->iface_num, state->buf, USB_PACKET_SIZE, 100); } -static bool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t fields[], const void *msg) +static secbool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t fields[], const void *msg) { // determine message size by serializing it into a dummy stream pb_ostream_t sizestream = { @@ -89,7 +91,7 @@ static bool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t field .bytes_written = 0, .errmsg = NULL}; if (!pb_encode(&sizestream, fields, msg)) { - return false; + return secfalse; } const uint32_t msg_size = sizestream.bytes_written; @@ -113,12 +115,12 @@ static bool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t field }; if (!pb_encode(&stream, fields, msg)) { - return false; + return secfalse; } _usb_write_flush(&state); - return true; + return sectrue; } #define MSG_SEND_INIT(TYPE) TYPE msg_send = TYPE##_init_default @@ -134,6 +136,7 @@ typedef struct { uint8_t *buf; } usb_read_state; +/* we don't use secbool/sectrue/secfalse here as it is a nanopb api */ static bool _usb_read(pb_istream_t *stream, uint8_t *buf, size_t count) { usb_read_state *state = (usb_read_state *)(stream->state); @@ -170,7 +173,7 @@ static void _usb_read_flush(usb_read_state *state) (void)state; } -static bool _recv_msg(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, const pb_field_t fields[], void *msg) +static secbool _recv_msg(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, const pb_field_t fields[], void *msg) { usb_read_state state = { .iface_num = iface_num, @@ -187,19 +190,19 @@ static bool _recv_msg(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, const }; if (!pb_decode_noinit(&stream, fields, msg)) { - return false; + return secfalse; } _usb_read_flush(&state); - return true; + return sectrue; } #define MSG_RECV_INIT(TYPE) TYPE msg_recv = TYPE##_init_default #define MSG_RECV_CALLBACK(FIELD, CALLBACK) do { msg_recv.FIELD.funcs.decode = &CALLBACK; } while (0) #define MSG_RECV(TYPE) do { _recv_msg(iface_num, msg_size, buf, TYPE##_fields, &msg_recv); } while(0) -void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, bool firmware_present) +void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, secbool firmware_present) { MSG_RECV_INIT(Initialize); MSG_RECV(Initialize); @@ -281,6 +284,7 @@ void process_msg_FirmwareErase(uint8_t iface_num, uint32_t msg_size, uint8_t *bu static uint32_t chunk_size = 0; +/* we don't use secbool/sectrue/secfalse here as it is a nanopb api */ static bool _read_payload(pb_istream_t *stream, const pb_field_t *field, void **arg) { #define BUFSIZE 4096 diff --git a/embed/bootloader/messages.h b/embed/bootloader/messages.h index b1dfef88ec..fbd23067f5 100644 --- a/embed/bootloader/messages.h +++ b/embed/bootloader/messages.h @@ -2,14 +2,14 @@ #define __MESSAGES_H__ #include -#include +#include "secbool.h" #define USB_PACKET_SIZE 64 #define USB_IFACE_NUM 0 -bool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size); +secbool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size); -void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, bool firmware_present); +void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, secbool firmware_present); void process_msg_Ping(uint8_t iface_num, uint32_t msg_size, uint8_t *buf); void process_msg_FirmwareErase(uint8_t iface_num, uint32_t msg_size, uint8_t *buf); int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size, uint8_t *buf); diff --git a/embed/extmod/modtrezorio/unix-flash-mock.h b/embed/extmod/modtrezorio/unix-flash-mock.h index 5ed26bb599..a7562d6214 100644 --- a/embed/extmod/modtrezorio/unix-flash-mock.h +++ b/embed/extmod/modtrezorio/unix-flash-mock.h @@ -11,37 +11,37 @@ void flash_set_option_bytes(void) { } -bool flash_unlock(void) +secbool flash_unlock(void) { - return false; + return secfalse; } -bool flash_lock(void) +secbool flash_lock(void) { - return false; + return secfalse; } -bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)) +secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)) { - return false; + return secfalse; } -bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen) +secbool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen) { - return false; + return secfalse; } -bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen) +secbool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen) { - return false; + return secfalse; } -bool flash_otp_lock(uint8_t block) +secbool flash_otp_lock(uint8_t block) { - return false; + return secfalse; } -bool flash_otp_is_locked(uint8_t block) +secbool flash_otp_is_locked(uint8_t block) { - return false; + return secfalse; } diff --git a/embed/extmod/modtrezorio/unix-msg-mock.h b/embed/extmod/modtrezorio/unix-msg-mock.h index 96b47e643d..31adc5b665 100644 --- a/embed/extmod/modtrezorio/unix-msg-mock.h +++ b/embed/extmod/modtrezorio/unix-msg-mock.h @@ -28,7 +28,7 @@ void usb_init(const usb_dev_info_t *dev_info) { (void)dev_info; sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); - ensure(sock >= 0, NULL); + ensure(sectrue * (sock >= 0), NULL); fcntl(sock, F_SETFL, O_NONBLOCK); @@ -46,7 +46,7 @@ void usb_init(const usb_dev_info_t *dev_info) { si_me.sin_port = htons(TREZOR_UDP_PORT); } - ensure(0 == bind(sock, (struct sockaddr*)&si_me, sizeof(si_me)), NULL); + ensure(sectrue * (0 == bind(sock, (struct sockaddr*)&si_me, sizeof(si_me))), NULL); } void usb_deinit(void) { @@ -58,34 +58,34 @@ void usb_start(void) { void usb_stop(void) { } -bool usb_hid_add(const usb_hid_info_t *info) { - return true; +secbool usb_hid_add(const usb_hid_info_t *info) { + return sectrue; } -bool usb_vcp_add(const usb_vcp_info_t *info) { - return true; +secbool usb_vcp_add(const usb_vcp_info_t *info) { + return sectrue; } -bool usb_hid_can_read(uint8_t iface_num) { +secbool usb_hid_can_read(uint8_t iface_num) { if (iface_num != TREZOR_UDP_IFACE) { - return false; + return secfalse; } struct pollfd fds[] = { { sock, POLLIN, 0 }, }; int r = poll(fds, 1, 0); - return r > 0; + return sectrue * (r > 0); } -bool usb_hid_can_write(uint8_t iface_num) { +secbool usb_hid_can_write(uint8_t iface_num) { if (iface_num != TREZOR_UDP_IFACE) { - return false; + return secfalse; } struct pollfd fds[] = { { sock, POLLOUT, 0 }, }; int r = poll(fds, 1, 0); - return r > 0; + return sectrue * (r > 0); } int usb_hid_read(uint8_t iface_num, uint8_t *buf, uint32_t len) { diff --git a/embed/extmod/modtrezorio/unix-sbu-mock.h b/embed/extmod/modtrezorio/unix-sbu-mock.h index 58c61b9160..101fdb9f57 100644 --- a/embed/extmod/modtrezorio/unix-sbu-mock.h +++ b/embed/extmod/modtrezorio/unix-sbu-mock.h @@ -11,6 +11,6 @@ void sbu_init(void) { } -void sbu_set(bool sbu1, bool sbu2) +void sbu_set(secbool sbu1, secbool sbu2) { } diff --git a/embed/extmod/modtrezorio/unix-sdcard-mock.h b/embed/extmod/modtrezorio/unix-sdcard-mock.h index 74caafcefe..31a04bfea7 100644 --- a/embed/extmod/modtrezorio/unix-sdcard-mock.h +++ b/embed/extmod/modtrezorio/unix-sdcard-mock.h @@ -7,31 +7,29 @@ #include "../../trezorhal/sdcard.h" -#define SD_ERROR 41U - void sdcard_init(void) { } -bool sdcard_is_present(void) { - return false; +secbool sdcard_is_present(void) { + return secfalse; } -bool sdcard_power_on(void) { - return false; +secbool sdcard_power_on(void) { + return secfalse; } -bool sdcard_power_off(void) { - return true; +secbool sdcard_power_off(void) { + return sectrue; } uint64_t sdcard_get_capacity_in_bytes(void) { return 0; } -bool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) { - return false; +secbool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) { + return secfalse; } -bool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks) { - return false; +secbool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks) { + return secfalse; } diff --git a/embed/extmod/modtrezorutils/modtrezorutils.c b/embed/extmod/modtrezorutils/modtrezorutils.c index a5ffdf2f23..51b187d384 100644 --- a/embed/extmod/modtrezorutils/modtrezorutils.c +++ b/embed/extmod/modtrezorutils/modtrezorutils.c @@ -86,9 +86,9 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorutils_memcpy_obj, 5, 5, mod STATIC mp_obj_t mod_trezorutils_halt(size_t n_args, const mp_obj_t *args) { mp_buffer_info_t msg; if (n_args > 0 && mp_get_buffer(args[0], &msg, MP_BUFFER_READ)) { - ensure(0, msg.buf); + ensure(secfalse, msg.buf); } else { - ensure(0, "halt"); + ensure(secfalse, "halt"); } return mp_const_none; } diff --git a/embed/firmware/main.c b/embed/firmware/main.c index ec098d9590..6ca621e69e 100644 --- a/embed/firmware/main.c +++ b/embed/firmware/main.c @@ -68,7 +68,7 @@ int main(void) // MicroPython default exception handler void __attribute__((noreturn)) nlr_jump_fail(void *val) { - ensure(0, "uncaught exception"); + ensure(secfalse, "uncaught exception"); } void PendSV_Handler(void) { diff --git a/embed/firmware/mphalport.c b/embed/firmware/mphalport.c index 74986fb455..7d0150dbe1 100644 --- a/embed/firmware/mphalport.c +++ b/embed/firmware/mphalport.c @@ -6,7 +6,7 @@ static int vcp_iface_num = -1; int mp_hal_stdin_rx_chr(void) { - ensure(vcp_iface_num >= 0, "vcp stdio is not configured"); + ensure(sectrue * (vcp_iface_num >= 0), "vcp stdio is not configured"); #define VCP_READ_TIMEOUT 25 uint8_t c = 0; diff --git a/embed/trezorhal/common.c b/embed/trezorhal/common.c index f2004eb87f..381936f91d 100644 --- a/embed/trezorhal/common.c +++ b/embed/trezorhal/common.c @@ -34,7 +34,7 @@ uint32_t __stack_chk_guard = 0; void __attribute__((noreturn)) __stack_chk_fail(void) { - ensure(0, "Stack smashing detected"); + ensure(secfalse, "Stack smashing detected"); } #ifndef NDEBUG diff --git a/embed/trezorhal/common.h b/embed/trezorhal/common.h index 3c8cdf8285..1bcc86ffab 100644 --- a/embed/trezorhal/common.h +++ b/embed/trezorhal/common.h @@ -2,6 +2,7 @@ #define __TREZORHAL_COMMON_H__ #include +#include "secbool.h" extern void memset_reg(volatile void *start, volatile void *stop, uint32_t val); @@ -9,7 +10,7 @@ void clear_otg_hs_memory(void); void __attribute__((noreturn)) __fatal_error(const char *expr, const char *msg, const char *file, int line, const char *func); -#define ensure(expr, msg) ((expr) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__)) +#define ensure(expr, msg) (((expr) == sectrue) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__)) void jump_to(uint32_t address); diff --git a/embed/trezorhal/flash.c b/embed/trezorhal/flash.c index d59ce77d2d..f9421949d5 100644 --- a/embed/trezorhal/flash.c +++ b/embed/trezorhal/flash.c @@ -33,23 +33,23 @@ const uint32_t FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT + 1] = { [24] = 0x08200000, // last element - not a valid sector }; -bool flash_unlock(void) +secbool flash_unlock(void) { HAL_FLASH_Unlock(); __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP | FLASH_FLAG_OPERR | FLASH_FLAG_WRPERR | FLASH_FLAG_PGAERR | FLASH_FLAG_PGPERR | FLASH_FLAG_PGSERR); - return true; + return sectrue; } -bool flash_lock(void) +secbool flash_lock(void) { HAL_FLASH_Lock(); - return true; + return sectrue; } -bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)) +secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)) { if (!flash_unlock()) { - return false; + return secfalse; } FLASH_EraseInitTypeDef EraseInitStruct; EraseInitStruct.TypeErase = FLASH_TYPEERASE_SECTORS; @@ -63,13 +63,13 @@ bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int p EraseInitStruct.Sector = sectors[i]; if (HAL_FLASHEx_Erase(&EraseInitStruct, &SectorError) != HAL_OK) { flash_lock(); - return false; + return secfalse; } // check whether the sector was really deleted (contains only 0xFF) uint32_t addr_start = FLASH_SECTOR_TABLE[sectors[i]], addr_end = FLASH_SECTOR_TABLE[sectors[i] + 1]; for (uint32_t addr = addr_start; addr < addr_end; addr += 4) { if (*((const uint32_t *)addr) != 0xFFFFFFFF) { - return false; + return secfalse; } } if (progress) { @@ -77,44 +77,44 @@ bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int p } } flash_lock(); - return true; + return sectrue; } -bool flash_write_byte(uint32_t address, uint8_t data) +secbool flash_write_byte(uint32_t address, uint8_t data) { - return HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, address, data); + return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, address, data)); } -bool flash_write_word(uint32_t address, uint32_t data) +secbool flash_write_word(uint32_t address, uint32_t data) { - return HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, address, data); + return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, address, data)); } #define FLASH_OTP_LOCK_BASE 0x1FFF7A00U -bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen) +secbool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen) { if (block >= FLASH_OTP_NUM_BLOCKS || offset + datalen > FLASH_OTP_BLOCK_SIZE) { - return false; + return secfalse; } for (uint8_t i = 0; i < datalen; i++) { data[i] = *(__IO uint8_t *)(FLASH_OTP_BASE + block * FLASH_OTP_BLOCK_SIZE + offset + i); } - return true; + return sectrue; } -bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen) +secbool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen) { if (block >= FLASH_OTP_NUM_BLOCKS || offset + datalen > FLASH_OTP_BLOCK_SIZE) { - return false; + return secfalse; } if (!flash_unlock()) { - return false; + return secfalse; } - bool ret = false; + secbool ret = secfalse; for (uint8_t i = 0; i < datalen; i++) { ret = flash_write_byte(FLASH_OTP_BASE + block * FLASH_OTP_BLOCK_SIZE + offset + i, data[i]); - if (!ret) { + if (ret != sectrue) { break; } } @@ -122,20 +122,20 @@ bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t return ret; } -bool flash_otp_lock(uint8_t block) +secbool flash_otp_lock(uint8_t block) { if (block >= FLASH_OTP_NUM_BLOCKS) { - return false; + return secfalse; } if (!flash_unlock()) { - return false; + return secfalse; } HAL_StatusTypeDef ret = HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, FLASH_OTP_LOCK_BASE + block, 0x00); flash_lock(); - return ret == HAL_OK; + return sectrue * (ret == HAL_OK); } -bool flash_otp_is_locked(uint8_t block) +secbool flash_otp_is_locked(uint8_t block) { return *(__IO uint8_t *)(FLASH_OTP_LOCK_BASE + block) == 0x00; } diff --git a/embed/trezorhal/flash.h b/embed/trezorhal/flash.h index 6b97bef0b8..a3bd5d6dad 100644 --- a/embed/trezorhal/flash.h +++ b/embed/trezorhal/flash.h @@ -1,8 +1,8 @@ #ifndef __TREZORHAL_FLASH_H__ #define __TREZORHAL_FLASH_H__ -#include #include +#include "secbool.h" // see docs/memory.md for more information @@ -44,19 +44,19 @@ extern const uint32_t FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT + 1]; void flash_set_option_bytes(void); -bool flash_unlock(void); -bool flash_lock(void); +secbool flash_unlock(void); +secbool flash_lock(void); -bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)); -bool flash_write_byte(uint32_t address, uint8_t data); -bool flash_write_word(uint32_t address, uint32_t data); +secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)); +secbool flash_write_byte(uint32_t address, uint8_t data); +secbool flash_write_word(uint32_t address, uint32_t data); #define FLASH_OTP_NUM_BLOCKS 16 #define FLASH_OTP_BLOCK_SIZE 32 -bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen); -bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen); -bool flash_otp_lock(uint8_t block); -bool flash_otp_is_locked(uint8_t block); +secbool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen); +secbool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen); +secbool flash_otp_lock(uint8_t block); +secbool flash_otp_is_locked(uint8_t block); #endif diff --git a/embed/trezorhal/image.c b/embed/trezorhal/image.c index 7e310ab121..bac823816c 100644 --- a/embed/trezorhal/image.c +++ b/embed/trezorhal/image.c @@ -7,16 +7,16 @@ #include "flash.h" #include "image.h" -static bool compute_pubkey(uint8_t sig_m, uint8_t sig_n, const uint8_t * const *pub, uint8_t sigmask, ed25519_public_key res) +static secbool compute_pubkey(uint8_t sig_m, uint8_t sig_n, const uint8_t * const *pub, uint8_t sigmask, ed25519_public_key res) { - if (!sig_m || !sig_n) return false; - if (sig_m > sig_n) return false; + if (!sig_m || !sig_n) return secfalse; + if (sig_m > sig_n) return secfalse; // discard bits higher than sig_n sigmask &= ((1 << sig_n) - 1); // remove if number of set bits in sigmask is not equal to sig_m - if (__builtin_popcount(sigmask) != sig_m) return false; + if (__builtin_popcount(sigmask) != sig_m) return secfalse; ed25519_public_key keys[sig_m]; int j = 0; @@ -27,26 +27,26 @@ static bool compute_pubkey(uint8_t sig_m, uint8_t sig_n, const uint8_t * const * } } - return 0 == ed25519_cosi_combine_publickeys(res, keys, sig_m); + return sectrue * (0 == ed25519_cosi_combine_publickeys(res, keys, sig_m)); } -bool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr) +secbool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr) { memcpy(&hdr->magic, data, 4); - if (hdr->magic != magic) return false; + if (hdr->magic != magic) return secfalse; memcpy(&hdr->hdrlen, data + 4, 4); - if (hdr->hdrlen != IMAGE_HEADER_SIZE) return false; + if (hdr->hdrlen != IMAGE_HEADER_SIZE) return secfalse; memcpy(&hdr->expiry, data + 8, 4); // TODO: expiry mechanism needs to be ironed out before production or those // devices won't accept expiring bootloaders (due to boardloader write protection). - if (hdr->expiry != 0) return false; + if (hdr->expiry != 0) return secfalse; memcpy(&hdr->codelen, data + 12, 4); - if (hdr->codelen > (maxsize - hdr->hdrlen)) return false; - if ((hdr->hdrlen + hdr->codelen) < 4 * 1024) return false; - if ((hdr->hdrlen + hdr->codelen) % 512 != 0) return false; + if (hdr->codelen > (maxsize - hdr->hdrlen)) return secfalse; + if ((hdr->hdrlen + hdr->codelen) < 4 * 1024) return secfalse; + if ((hdr->hdrlen + hdr->codelen) % 512 != 0) return secfalse; memcpy(&hdr->version, data + 16, 4); @@ -68,21 +68,21 @@ bool load_image_header(const uint8_t * const data, const uint32_t magic, const u blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH); ed25519_public_key pub; - if (!compute_pubkey(key_m, key_n, keys, hdr->sigmask, pub)) return false; + if (!compute_pubkey(key_m, key_n, keys, hdr->sigmask, pub)) return secfalse; - return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr->sig); + return sectrue * (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr->sig)); } -bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr) +secbool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr) { memcpy(&vhdr->magic, data, 4); - if (vhdr->magic != 0x565A5254) return false; // TRZV + if (vhdr->magic != 0x565A5254) return secfalse; // TRZV memcpy(&vhdr->hdrlen, data + 4, 4); - if (vhdr->hdrlen > 64 * 1024) return false; + if (vhdr->hdrlen > 64 * 1024) return secfalse; memcpy(&vhdr->expiry, data + 8, 4); - if (vhdr->expiry != 0) return false; + if (vhdr->expiry != 0) return secfalse; memcpy(&vhdr->version, data + 12, 2); @@ -91,7 +91,7 @@ bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n memcpy(&vhdr->vtrust, data + 16, 1); if (vhdr->vsig_n > MAX_VENDOR_PUBLIC_KEYS) { - return false; + return secfalse; } for (int i = 0; i < vhdr->vsig_n; i++) { @@ -125,42 +125,42 @@ bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH); ed25519_public_key pub; - if (!compute_pubkey(key_m, key_n, keys, vhdr->sigmask, pub)) return false; + if (!compute_pubkey(key_m, key_n, keys, vhdr->sigmask, pub)) return secfalse; - return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)vhdr->sig); + return sectrue * (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)vhdr->sig)); } -static bool check_hash(const uint8_t * const hash, const uint8_t * const data, int len) +static secbool check_hash(const uint8_t * const hash, const uint8_t * const data, int len) { uint8_t h[BLAKE2S_DIGEST_LENGTH]; blake2s(data, len, h, BLAKE2S_DIGEST_LENGTH); - return 0 == memcmp(h, hash, BLAKE2S_DIGEST_LENGTH); + return sectrue * (0 == memcmp(h, hash, BLAKE2S_DIGEST_LENGTH)); } #define MIN(a,b) ((a) < (b) ? (a) : (b)) -bool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks) +secbool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks) { if (!sectors || blocks < 1) { - return false; + return secfalse; } const void *data = (const void *)(FLASH_SECTOR_TABLE[sectors[0]] + firstskip); int remaining = hdr->codelen; if (!check_hash(hdr->hashes, data, MIN(remaining, IMAGE_CHUNK_SIZE - firstskip))) { - return false; + return secfalse; } int block = 1; remaining -= IMAGE_CHUNK_SIZE - firstskip; while (remaining > 0) { if (block >= blocks) { - return false; + return secfalse; } data = (const void *)FLASH_SECTOR_TABLE[sectors[block]]; if (!check_hash(hdr->hashes + block * 32, data, MIN(remaining, IMAGE_CHUNK_SIZE))) { - return false; + return secfalse; } block++; remaining -= IMAGE_CHUNK_SIZE; } - return true; + return sectrue; } diff --git a/embed/trezorhal/image.h b/embed/trezorhal/image.h index ca9da002d9..19e5f725c9 100644 --- a/embed/trezorhal/image.h +++ b/embed/trezorhal/image.h @@ -2,7 +2,7 @@ #define __TREZORHAL_IMAGE_H__ #include -#include +#include "secbool.h" #define BOARDLOADER_START 0x08000000 #define BOOTLOADER_START 0x08020000 @@ -44,10 +44,10 @@ typedef struct { uint8_t sig[64]; } vendor_header; -bool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr); +secbool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr); -bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr); +secbool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr); -bool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks); +secbool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks); #endif diff --git a/embed/trezorhal/sbu.c b/embed/trezorhal/sbu.c index 76237f250b..79c753da2e 100644 --- a/embed/trezorhal/sbu.c +++ b/embed/trezorhal/sbu.c @@ -23,7 +23,7 @@ void sbu_init(void) { HAL_GPIO_WritePin(GPIOA, GPIO_PIN_3, GPIO_PIN_RESET); } -void sbu_set(bool sbu1, bool sbu2) { - HAL_GPIO_WritePin(GPIOA, GPIO_PIN_2, sbu1 ? GPIO_PIN_SET : GPIO_PIN_RESET); - HAL_GPIO_WritePin(GPIOA, GPIO_PIN_3, sbu2 ? GPIO_PIN_SET : GPIO_PIN_RESET); +void sbu_set(secbool sbu1, secbool sbu2) { + HAL_GPIO_WritePin(GPIOA, GPIO_PIN_2, sbu1 == sectrue ? GPIO_PIN_SET : GPIO_PIN_RESET); + HAL_GPIO_WritePin(GPIOA, GPIO_PIN_3, sbu2 == sectrue ? GPIO_PIN_SET : GPIO_PIN_RESET); } diff --git a/embed/trezorhal/sbu.h b/embed/trezorhal/sbu.h index 2369d96402..ba65408ac1 100644 --- a/embed/trezorhal/sbu.h +++ b/embed/trezorhal/sbu.h @@ -8,9 +8,9 @@ #ifndef __TREZORHAL_SBU_H__ #define __TREZORHAL_SBU_H__ -#include +#include "secbool.h" void sbu_init(void); -void sbu_set(bool sbu1, bool sbu2); +void sbu_set(secbool sbu1, secbool sbu2); #endif diff --git a/embed/trezorhal/sdcard.c b/embed/trezorhal/sdcard.c index 2c79b35cc5..49e2d29fb9 100644 --- a/embed/trezorhal/sdcard.c +++ b/embed/trezorhal/sdcard.c @@ -66,16 +66,16 @@ void HAL_SD_MspDeInit(SD_HandleTypeDef *hsd) { __HAL_RCC_SDIO_CLK_DISABLE(); } -bool sdcard_is_present(void) { - return GPIO_PIN_RESET == HAL_GPIO_ReadPin(GPIOC, GPIO_PIN_13); +secbool sdcard_is_present(void) { + return sectrue * (GPIO_PIN_RESET == HAL_GPIO_ReadPin(GPIOC, GPIO_PIN_13)); } -bool sdcard_power_on(void) { +secbool sdcard_power_on(void) { if (!sdcard_is_present()) { - return false; + return secfalse; } if (sd_handle.Instance) { - return true; + return sectrue; } // SD device interface configuration @@ -101,20 +101,20 @@ bool sdcard_power_on(void) { goto error; } - return true; + return sectrue; error: sd_handle.Instance = NULL; - return false; + return secfalse; } -bool sdcard_power_off(void) { +secbool sdcard_power_off(void) { if (!sd_handle.Instance) { - return true; + return sectrue; } HAL_SD_DeInit(&sd_handle); sd_handle.Instance = NULL; - return true; + return sectrue; } uint64_t sdcard_get_capacity_in_bytes(void) { @@ -150,15 +150,15 @@ static HAL_StatusTypeDef sdcard_wait_finished(SD_HandleTypeDef *sd, uint32_t tim return HAL_OK; } -bool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) { +secbool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) { // check that SD card is initialised if (sd_handle.Instance == NULL) { - return false; + return secfalse; } // check that dest pointer is aligned on a 4-byte boundary if (((uint32_t)dest & 3) != 0) { - return false; + return secfalse; } HAL_StatusTypeDef err = HAL_OK; @@ -168,18 +168,18 @@ bool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) { err = sdcard_wait_finished(&sd_handle, 60000); } - return err == HAL_OK; + return sectrue * (err == HAL_OK); } -bool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks) { +secbool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks) { // check that SD card is initialised if (sd_handle.Instance == NULL) { - return false; + return secfalse; } // check that src pointer is aligned on a 4-byte boundary if (((uint32_t)src & 3) != 0) { - return false; + return secfalse; } HAL_StatusTypeDef err = HAL_OK; @@ -189,5 +189,5 @@ bool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_block err = sdcard_wait_finished(&sd_handle, 60000); } - return err == HAL_OK; + return sectrue * (err == HAL_OK); } diff --git a/embed/trezorhal/sdcard.h b/embed/trezorhal/sdcard.h index 1f4d92092e..feaa823c79 100644 --- a/embed/trezorhal/sdcard.h +++ b/embed/trezorhal/sdcard.h @@ -27,17 +27,17 @@ #ifndef __TREZORHAL_SDCARD_H__ #define __TREZORHAL_SDCARD_H__ -#include +#include "secbool.h" // this is a fixed size and should not be changed #define SDCARD_BLOCK_SIZE (512) void sdcard_init(void); -bool sdcard_is_present(void); -bool sdcard_power_on(void); -bool sdcard_power_off(void); +secbool sdcard_is_present(void); +secbool sdcard_power_on(void); +secbool sdcard_power_off(void); uint64_t sdcard_get_capacity_in_bytes(void); -bool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks); -bool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks); +secbool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks); +secbool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks); #endif diff --git a/embed/trezorhal/secbool.h b/embed/trezorhal/secbool.h new file mode 100644 index 0000000000..cfb6086f74 --- /dev/null +++ b/embed/trezorhal/secbool.h @@ -0,0 +1,10 @@ +#ifndef __TREZORHAL_SECBOOL_H__ +#define __TREZORHAL_SECBOOL_H__ + +#include + +typedef uint32_t secbool; +#define sectrue 0xAAAAAAAA +#define secfalse 0x00000000 + +#endif diff --git a/embed/trezorhal/touch.c b/embed/trezorhal/touch.c index 64b0aa5b55..c6af6a38c2 100644 --- a/embed/trezorhal/touch.c +++ b/embed/trezorhal/touch.c @@ -10,6 +10,7 @@ #include #include "common.h" +#include "secbool.h" #include "touch.h" I2C_HandleTypeDef i2c_handle = { @@ -41,7 +42,7 @@ void touch_init(void) init->NoStretchMode = I2C_NOSTRETCH_DISABLE; init->OwnAddress2 = 0; - ensure(HAL_I2C_Init(&i2c_handle) == HAL_OK, NULL); + ensure(sectrue * (HAL_OK == HAL_I2C_Init(&i2c_handle)), NULL); } #define TOUCH_ADDRESS 56 diff --git a/embed/trezorhal/touch.h b/embed/trezorhal/touch.h index 3ec9a7c55d..84f5181967 100644 --- a/embed/trezorhal/touch.h +++ b/embed/trezorhal/touch.h @@ -8,7 +8,6 @@ #ifndef __TREZORHAL_TOUCH_H__ #define __TREZORHAL_TOUCH_H__ -#include #include #define TOUCH_START 0x00010000 diff --git a/embed/trezorhal/usb.c b/embed/trezorhal/usb.c index d0d7033936..0d55e4544e 100644 --- a/embed/trezorhal/usb.c +++ b/embed/trezorhal/usb.c @@ -42,8 +42,10 @@ static USBD_HandleTypeDef usb_dev_handle; static const USBD_DescriptorsTypeDef usb_descriptors; static const USBD_ClassTypeDef usb_class; -static bool check_desc_str(const uint8_t *s) { - return s && strlen((const char *)s) <= USB_MAX_STR_SIZE; +static secbool check_desc_str(const uint8_t *s) { + if (!s) return secfalse; + if (strlen((const char *)s) > USB_MAX_STR_SIZE) return secfalse; + return sectrue; } void usb_init(const usb_dev_info_t *dev_info) { @@ -86,8 +88,8 @@ void usb_init(const usb_dev_info_t *dev_info) { // Pointer to interface descriptor data usb_next_iface_desc = (usb_interface_descriptor_t *)(usb_config_buf + usb_config_desc->wTotalLength); - ensure(USBD_OK == USBD_Init(&usb_dev_handle, (USBD_DescriptorsTypeDef*)&usb_descriptors, USB_PHY_ID), NULL); - ensure(USBD_OK == USBD_RegisterClass(&usb_dev_handle, (USBD_ClassTypeDef*)&usb_class), NULL); + ensure(sectrue * (USBD_OK == USBD_Init(&usb_dev_handle, (USBD_DescriptorsTypeDef*)&usb_descriptors, USB_PHY_ID)), NULL); + ensure(sectrue * (USBD_OK == USBD_RegisterClass(&usb_dev_handle, (USBD_ClassTypeDef*)&usb_class)), NULL); } void usb_deinit(void) { diff --git a/embed/trezorhal/usb.h b/embed/trezorhal/usb.h index ca318f22bb..858ab31986 100644 --- a/embed/trezorhal/usb.h +++ b/embed/trezorhal/usb.h @@ -8,8 +8,8 @@ #ifndef __TREZORHAL_USB_H__ #define __TREZORHAL_USB_H__ -#include #include +#include "secbool.h" #define USB_EP_DIR_OUT 0x00 #define USB_EP_DIR_IN 0x80 diff --git a/embed/trezorhal/usb_hid-defs.h b/embed/trezorhal/usb_hid-defs.h index 3d6ce4993d..8f5d22cca2 100644 --- a/embed/trezorhal/usb_hid-defs.h +++ b/embed/trezorhal/usb_hid-defs.h @@ -69,9 +69,9 @@ typedef struct { uint8_t ep_in_is_idle; // Set to 1 after IN endpoint gets idle } usb_hid_state_t; -bool usb_hid_add(const usb_hid_info_t *hid_info); -bool usb_hid_can_read(uint8_t iface_num); -bool usb_hid_can_write(uint8_t iface_num); +secbool usb_hid_add(const usb_hid_info_t *hid_info); +secbool usb_hid_can_read(uint8_t iface_num); +secbool usb_hid_can_write(uint8_t iface_num); int usb_hid_read(uint8_t iface_num, uint8_t *buf, uint32_t len); int usb_hid_write(uint8_t iface_num, const uint8_t *buf, uint32_t len); diff --git a/embed/trezorhal/usb_hid-impl.h b/embed/trezorhal/usb_hid-impl.h index b9be77dfb4..28effeee31 100644 --- a/embed/trezorhal/usb_hid-impl.h +++ b/embed/trezorhal/usb_hid-impl.h @@ -17,34 +17,34 @@ /* usb_hid_add adds and configures new USB HID interface according to * configuration options passed in `info`. */ -bool usb_hid_add(const usb_hid_info_t *info) { +secbool usb_hid_add(const usb_hid_info_t *info) { usb_iface_t *iface = usb_get_iface(info->iface_num); if (iface == NULL) { - return false; // Invalid interface number + return secfalse; // Invalid interface number } if (iface->type != USB_IFACE_TYPE_DISABLED) { - return false; // Interface is already enabled + return secfalse; // Interface is already enabled } usb_hid_descriptor_block_t *d = usb_desc_alloc_iface(sizeof(usb_hid_descriptor_block_t)); if (d == NULL) { - return false; // Not enough space in the configuration descriptor + return secfalse; // Not enough space in the configuration descriptor } if ((info->ep_in & USB_EP_DIR_MSK) != USB_EP_DIR_IN) { - return false; // IN EP is invalid + return secfalse; // IN EP is invalid } if ((info->ep_out & USB_EP_DIR_MSK) != USB_EP_DIR_OUT) { - return false; // OUT EP is invalid + return secfalse; // OUT EP is invalid } if (info->rx_buffer == NULL) { - return false; + return secfalse; } if (info->report_desc == NULL) { - return false; + return secfalse; } // Interface descriptor @@ -101,41 +101,41 @@ bool usb_hid_add(const usb_hid_info_t *info) { iface->hid.last_read_len = 0; iface->hid.ep_in_is_idle = 1; - return true; + return sectrue; } -bool usb_hid_can_read(uint8_t iface_num) { +secbool usb_hid_can_read(uint8_t iface_num) { usb_iface_t *iface = usb_get_iface(iface_num); if (iface == NULL) { - return false; // Invalid interface number + return secfalse; // Invalid interface number } if (iface->type != USB_IFACE_TYPE_HID) { - return false; // Invalid interface type + return secfalse; // Invalid interface type } if (iface->hid.last_read_len == 0) { - return false; // Nothing in the receiving buffer + return secfalse; // Nothing in the receiving buffer } if (usb_dev_handle.dev_state != USBD_STATE_CONFIGURED) { - return false; // Device is not configured + return secfalse; // Device is not configured } - return true; + return sectrue; } -bool usb_hid_can_write(uint8_t iface_num) { +secbool usb_hid_can_write(uint8_t iface_num) { usb_iface_t *iface = usb_get_iface(iface_num); if (iface == NULL) { - return false; // Invalid interface number + return secfalse; // Invalid interface number } if (iface->type != USB_IFACE_TYPE_HID) { - return false; // Invalid interface type + return secfalse; // Invalid interface type } if (iface->hid.ep_in_is_idle == 0) { - return false; // Last transmission is not over yet + return secfalse; // Last transmission is not over yet } if (usb_dev_handle.dev_state != USBD_STATE_CONFIGURED) { - return false; // Device is not configured + return secfalse; // Device is not configured } - return true; + return sectrue; } int usb_hid_read(uint8_t iface_num, uint8_t *buf, uint32_t len) { diff --git a/embed/trezorhal/usb_vcp-defs.h b/embed/trezorhal/usb_vcp-defs.h index 6db7a52988..c3c6cd8fb0 100644 --- a/embed/trezorhal/usb_vcp-defs.h +++ b/embed/trezorhal/usb_vcp-defs.h @@ -119,9 +119,9 @@ typedef struct { uint8_t ep_in_is_idle; // Set to 1 after IN endpoint gets idle } usb_vcp_state_t; -bool usb_vcp_add(const usb_vcp_info_t *vcp_info); -bool usb_vcp_can_read(uint8_t iface_num); -bool usb_vcp_can_write(uint8_t iface_num); +secbool usb_vcp_add(const usb_vcp_info_t *vcp_info); +secbool usb_vcp_can_read(uint8_t iface_num); +secbool usb_vcp_can_write(uint8_t iface_num); int usb_vcp_read(uint8_t iface_num, uint8_t *buf, uint32_t len); int usb_vcp_write(uint8_t iface_num, const uint8_t *buf, uint32_t len); diff --git a/embed/trezorhal/usb_vcp-impl.h b/embed/trezorhal/usb_vcp-impl.h index 8bcf8d971d..1b96ce9ddc 100644 --- a/embed/trezorhal/usb_vcp-impl.h +++ b/embed/trezorhal/usb_vcp-impl.h @@ -42,49 +42,49 @@ /* usb_vcp_add adds and configures new USB VCP interface according to * configuration options passed in `info`. */ -bool usb_vcp_add(const usb_vcp_info_t *info) { +secbool usb_vcp_add(const usb_vcp_info_t *info) { usb_iface_t *iface = usb_get_iface(info->iface_num); if (iface == NULL) { - return false; // Invalid interface number + return secfalse; // Invalid interface number } if (iface->type != USB_IFACE_TYPE_DISABLED) { - return false; // Interface is already enabled + return secfalse; // Interface is already enabled } usb_vcp_descriptor_block_t *d = usb_desc_alloc_iface(sizeof(usb_vcp_descriptor_block_t)); if (d == NULL) { - return false; // Not enough space in the configuration descriptor + return secfalse; // Not enough space in the configuration descriptor } if ((info->ep_cmd & USB_EP_DIR_MSK) != USB_EP_DIR_IN) { - return false; // IN CMD EP is invalid + return secfalse; // IN CMD EP is invalid } if ((info->ep_in & USB_EP_DIR_MSK) != USB_EP_DIR_IN) { - return false; // IN EP is invalid + return secfalse; // IN EP is invalid } if ((info->ep_out & USB_EP_DIR_MSK) != USB_EP_DIR_OUT) { - return false; // OUT EP is invalid + return secfalse; // OUT EP is invalid } if ((info->rx_buffer_len == 0) || (info->rx_buffer_len & (info->rx_buffer_len - 1)) != 0) { - return false; // Capacity needs to be a power of 2 + return secfalse; // Capacity needs to be a power of 2 } if ((info->tx_buffer_len == 0) || (info->tx_buffer_len & (info->tx_buffer_len - 1)) != 0) { - return false; // Capacity needs to be a power of 2 + return secfalse; // Capacity needs to be a power of 2 } if (info->rx_buffer == NULL) { - return false; + return secfalse; } if (info->rx_packet == NULL) { - return false; + return secfalse; } if (info->tx_buffer == NULL) { - return false; + return secfalse; } if (info->tx_packet == NULL) { - return false; + return secfalse; } // Interface association descriptor @@ -205,7 +205,7 @@ bool usb_vcp_add(const usb_vcp_info_t *info) { iface->vcp.ep_in_is_idle = 1; - return true; + return sectrue; } static inline size_t ring_length(usb_rbuf_t *b) { @@ -220,32 +220,32 @@ static inline int ring_full(usb_rbuf_t *b) { return ring_length(b) == b->cap; } -bool usb_vcp_can_read(uint8_t iface_num) { +secbool usb_vcp_can_read(uint8_t iface_num) { usb_iface_t *iface = usb_get_iface(iface_num); if (iface == NULL) { - return false; // Invalid interface number + return secfalse; // Invalid interface number } if (iface->type != USB_IFACE_TYPE_VCP) { - return false; // Invalid interface type + return secfalse; // Invalid interface type } if (ring_empty(&iface->vcp.rx_ring)) { - return false; // Nothing in the rx buffer + return secfalse; // Nothing in the rx buffer } - return true; + return sectrue; } -bool usb_vcp_can_write(uint8_t iface_num) { +secbool usb_vcp_can_write(uint8_t iface_num) { usb_iface_t *iface = usb_get_iface(iface_num); if (iface == NULL) { - return false; // Invalid interface number + return secfalse; // Invalid interface number } if (iface->type != USB_IFACE_TYPE_VCP) { - return false; // Invalid interface type + return secfalse; // Invalid interface type } if (ring_full(&iface->vcp.tx_ring)) { - return false; // Tx ring buffer is full + return secfalse; // Tx ring buffer is full } - return true; + return sectrue; } int usb_vcp_read(uint8_t iface_num, uint8_t *buf, uint32_t len) { diff --git a/embed/unix/common.h b/embed/unix/common.h index 1fa0d689b1..a9068eb0bc 100644 --- a/embed/unix/common.h +++ b/embed/unix/common.h @@ -1,8 +1,10 @@ #ifndef __TREZORUNIX_COMMON_H__ #define __TREZORUNIX_COMMON_H__ +#include "../trezorhal/secbool.h" + void __attribute__((noreturn)) __fatal_error(const char *expr, const char *msg, const char *file, int line, const char *func); -#define ensure(expr, msg) ((expr) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__)) +#define ensure(expr, msg) (((expr) == sectrue) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__)) #endif