1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-05-07 17:39:03 +00:00

trezorhal: introduce secbool/sectrue/secfalse and use it where possible

This commit is contained in:
Pavol Rusnak 2017-10-26 23:51:39 +02:00
parent 7ddfdf69d6
commit f73eb3effd
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
33 changed files with 271 additions and 252 deletions

View File

@ -41,12 +41,12 @@ void flash_set_option_bytes(void)
} }
} }
bool flash_check_option_bytes(void) secbool flash_check_option_bytes(void)
{ {
return if ((FLASH->OPTCR & FLASH_OPTCR_nWRP) != (FLASH_OPTCR_nWRP_0 | FLASH_OPTCR_nWRP_1 | FLASH_OPTCR_nWRP_2)) return secfalse;
((FLASH->OPTCR & FLASH_OPTCR_nWRP) == (FLASH_OPTCR_nWRP_0 | FLASH_OPTCR_nWRP_1 | FLASH_OPTCR_nWRP_2)) && if ((FLASH->OPTCR & FLASH_OPTCR_RDP) != FLASH_OPTCR_RDP_2) return secfalse;
((FLASH->OPTCR & FLASH_OPTCR_RDP) == FLASH_OPTCR_RDP_2) && if ((FLASH->OPTCR & FLASH_OPTCR_BOR_LEV) != (FLASH_OPTCR_BOR_LEV_0 | FLASH_OPTCR_BOR_LEV_1)) return secfalse;
((FLASH->OPTCR & FLASH_OPTCR_BOR_LEV) == (FLASH_OPTCR_BOR_LEV_0 | FLASH_OPTCR_BOR_LEV_1)); return sectrue;
} }
void periph_init(void) void periph_init(void)
@ -78,18 +78,18 @@ void periph_init(void)
NVIC_EnableIRQ(PVD_IRQn); NVIC_EnableIRQ(PVD_IRQn);
} }
bool reset_flags_init(void) secbool reset_flags_init(void)
{ {
#if PRODUCTION #if PRODUCTION
// this is effective enough that it makes development painful, so only use it for production. // this is effective enough that it makes development painful, so only use it for production.
// check the reset flags to assure that we arrive here due to a regular full power-on event, // check the reset flags to assure that we arrive here due to a regular full power-on event,
// and not as a result of a lesser reset. // and not as a result of a lesser reset.
if ((RCC->CSR & (RCC_CSR_LPWRRSTF | RCC_CSR_WWDGRSTF | RCC_CSR_IWDGRSTF | RCC_CSR_SFTRSTF | RCC_CSR_PORRSTF | RCC_CSR_PINRSTF | RCC_CSR_BORRSTF)) != (RCC_CSR_PORRSTF | RCC_CSR_PINRSTF | RCC_CSR_BORRSTF)) { if ((RCC->CSR & (RCC_CSR_LPWRRSTF | RCC_CSR_WWDGRSTF | RCC_CSR_IWDGRSTF | RCC_CSR_SFTRSTF | RCC_CSR_PORRSTF | RCC_CSR_PINRSTF | RCC_CSR_BORRSTF)) != (RCC_CSR_PORRSTF | RCC_CSR_PINRSTF | RCC_CSR_BORRSTF)) {
return false; return secfalse;
} }
#endif #endif
RCC->CSR |= RCC_CSR_RMVF; // clear the reset flags RCC->CSR |= RCC_CSR_RMVF; // clear the reset flags
return true; return sectrue;
} }

View File

@ -1,11 +1,11 @@
#ifndef __BOARDLOADER_LOWLEVEL_H__ #ifndef __BOARDLOADER_LOWLEVEL_H__
#define __BOARDLOADER_LOWLEVEL_H__ #define __BOARDLOADER_LOWLEVEL_H__
#include <stdbool.h> #include "secbool.h"
void flash_set_option_bytes(void); void flash_set_option_bytes(void);
bool flash_check_option_bytes(void); secbool flash_check_option_bytes(void);
void periph_init(void); void periph_init(void);
bool reset_flags_init(void); secbool reset_flags_init(void);
#endif #endif

View File

@ -49,7 +49,7 @@ static uint32_t check_sdcard(void)
image_header hdr; image_header hdr;
if (load_image_header((const uint8_t *)buf, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS, &hdr)) { if (sectrue == load_image_header((const uint8_t *)buf, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS, &hdr)) {
return hdr.codelen; return hdr.codelen;
} else { } else {
return 0; return 0;
@ -60,7 +60,7 @@ static void progress_callback(int pos, int len) {
display_printf("."); display_printf(".");
} }
static bool copy_sdcard(void) static secbool copy_sdcard(void)
{ {
display_backlight(255); display_backlight(255);
@ -79,7 +79,7 @@ static bool copy_sdcard(void)
codelen = check_sdcard(); codelen = check_sdcard();
if (!codelen) { if (!codelen) {
display_printf("\n\nno SD card, aborting\n"); display_printf("\n\nno SD card, aborting\n");
return false; return secfalse;
} }
} }
@ -111,13 +111,13 @@ static bool copy_sdcard(void)
}; };
if (!flash_erase_sectors(sectors, 2 + 1 + 6 + 4 + 7 + 1, progress_callback)) { if (!flash_erase_sectors(sectors, 2 + 1 + 6 + 4 + 7 + 1, progress_callback)) {
display_printf(" failed\n"); display_printf(" failed\n");
return false; return secfalse;
} }
display_printf(" done\n\n"); display_printf(" done\n\n");
if (!flash_unlock()) { if (!flash_unlock()) {
display_printf("could not unlock flash\n"); display_printf("could not unlock flash\n");
return false; return secfalse;
} }
// copy bootloader from SD card to Flash // copy bootloader from SD card to Flash
@ -133,7 +133,7 @@ static bool copy_sdcard(void)
display_printf("copy failed\n"); display_printf("copy failed\n");
sdcard_power_off(); sdcard_power_off();
flash_lock(); flash_lock();
return false; return secfalse;
} }
} }
} }
@ -144,7 +144,7 @@ static bool copy_sdcard(void)
display_printf("\ndone\n\n"); display_printf("\ndone\n\n");
display_printf("Unplug the device and remove the SD card\n"); display_printf("Unplug the device and remove the SD card\n");
return true; return sectrue;
} }
int main(void) int main(void)
@ -173,7 +173,7 @@ int main(void)
sdcard_init(); sdcard_init();
if (check_sdcard()) { if (check_sdcard()) {
return copy_sdcard() ? 0 : 3; return copy_sdcard() == sectrue ? 0 : 3;
} }
image_header hdr; image_header hdr;

View File

@ -5,11 +5,12 @@
#include "display.h" #include "display.h"
#include "image.h" #include "image.h"
#include "flash.h" #include "flash.h"
#include "mini_printf.h"
#include "rng.h" #include "rng.h"
#include "secbool.h"
#include "touch.h" #include "touch.h"
#include "usb.h" #include "usb.h"
#include "version.h" #include "version.h"
#include "mini_printf.h"
#include "icon_cross.h" #include "icon_cross.h"
#include "icon_lock.h" #include "icon_lock.h"
@ -83,13 +84,14 @@ void display_error(void)
display_footer("Error! Unplug the device", COLOR_BL_RED); display_footer("Error! Unplug the device", COLOR_BL_RED);
} }
void display_welcome(bool firmware_present) void display_welcome(secbool firmware_present)
{ {
display_clear(); display_clear();
if (!firmware_present) { if (secfalse == firmware_present) {
display_icon((DISPLAY_RESX - 124) / 2, (DISPLAY_RESY - 40 - 180) / 2, 124, 180, toi_icon_lock, sizeof(toi_icon_lock), COLOR_WHITE, COLOR_BLACK); display_icon((DISPLAY_RESX - 124) / 2, (DISPLAY_RESY - 40 - 180) / 2, 124, 180, toi_icon_lock, sizeof(toi_icon_lock), COLOR_WHITE, COLOR_BLACK);
display_text_center(DISPLAY_RESX / 2, DISPLAY_RESY - 20, "Go to trezor.io/start", -1, FONT_BOLD, COLOR_WHITE, COLOR_BLACK); display_text_center(DISPLAY_RESX / 2, DISPLAY_RESY - 20, "Go to trezor.io/start", -1, FONT_BOLD, COLOR_WHITE, COLOR_BLACK);
} else { }
if (sectrue == firmware_present) {
display_header(ICON_TOOLS, "TREZOR Bootloader"); display_header(ICON_TOOLS, "TREZOR Bootloader");
uint8_t dom[32]; uint8_t dom[32];
// format: TREZOR2-YYMMDD // format: TREZOR2-YYMMDD
@ -189,7 +191,7 @@ void usb_init_all(void) {
usb_start(); usb_start();
} }
bool bootloader_loop(bool firmware_present) secbool bootloader_loop(secbool firmware_present)
{ {
usb_init_all(); usb_init_all();
@ -202,7 +204,7 @@ bool bootloader_loop(bool firmware_present)
if (r != USB_PACKET_SIZE) { if (r != USB_PACKET_SIZE) {
continue; continue;
} }
ensure(r == USB_PACKET_SIZE, NULL); ensure(sectrue * (r == USB_PACKET_SIZE), NULL);
uint16_t msg_id; uint16_t msg_id;
uint32_t msg_size; uint32_t msg_size;
if (!msg_parse_header(buf, &msg_id, &msg_size)) { if (!msg_parse_header(buf, &msg_id, &msg_size)) {
@ -227,12 +229,12 @@ bool bootloader_loop(bool firmware_present)
display_error(); display_error();
usb_stop(); usb_stop();
usb_deinit(); usb_deinit();
return false; // shutdown return secfalse; // shutdown
} else { // success } else { // success
display_done(0); display_done(0);
usb_stop(); usb_stop();
usb_deinit(); usb_deinit();
return false; // shutdown return secfalse; // shutdown
} }
break; break;
case 6: // FirmwareErase case 6: // FirmwareErase
@ -249,7 +251,7 @@ bool bootloader_loop(bool firmware_present)
display_error(); display_error();
usb_stop(); usb_stop();
usb_deinit(); usb_deinit();
return false; // shutdown return secfalse; // shutdown
} else } else
if (r == 0) { // last chunk received if (r == 0) { // last chunk received
display_done(3); hal_delay(1000); display_done(3); hal_delay(1000);
@ -258,7 +260,7 @@ bool bootloader_loop(bool firmware_present)
usb_stop(); usb_stop();
usb_deinit(); usb_deinit();
display_fade(BACKLIGHT_NORMAL, 0, 500); display_fade(BACKLIGHT_NORMAL, 0, 500);
return true; // jump to firmware return sectrue; // jump to firmware
} }
break; break;
default: default:
@ -282,12 +284,12 @@ void check_bootloader_version(void)
bits[i / 8] |= (1 << (7 - (i % 8))); bits[i / 8] |= (1 << (7 - (i % 8)));
} }
} }
ensure(true == flash_otp_write(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits, FLASH_OTP_BLOCK_SIZE), NULL); ensure(flash_otp_write(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits, FLASH_OTP_BLOCK_SIZE), NULL);
uint8_t bits2[FLASH_OTP_BLOCK_SIZE]; uint8_t bits2[FLASH_OTP_BLOCK_SIZE];
ensure(true == flash_otp_read(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits2, FLASH_OTP_BLOCK_SIZE), NULL); ensure(flash_otp_read(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits2, FLASH_OTP_BLOCK_SIZE), NULL);
ensure(0 == memcmp(bits, bits2, FLASH_OTP_BLOCK_SIZE), "Bootloader downgraded"); ensure(sectrue * (0 == memcmp(bits, bits2, FLASH_OTP_BLOCK_SIZE)), "Bootloader downgraded");
} }
int main(void) int main(void)
@ -310,14 +312,14 @@ int main(void)
vendor_header vhdr; vendor_header vhdr;
// start the bootloader if user touched the screen or no firmware installed // start the bootloader if user touched the screen or no firmware installed
bool firmware_present = load_vendor_header((const uint8_t *)FIRMWARE_START, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, &vhdr); secbool firmware_present = load_vendor_header((const uint8_t *)FIRMWARE_START, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, &vhdr);
if (touched || !firmware_present) { if (touched || firmware_present != sectrue) {
if (!bootloader_loop(firmware_present)) { if (bootloader_loop(firmware_present) != sectrue) {
return 1; return 1;
} }
} }
ensure ( ensure(
load_vendor_header((const uint8_t *)FIRMWARE_START, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, &vhdr), load_vendor_header((const uint8_t *)FIRMWARE_START, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, &vhdr),
"invalid vendor header"); "invalid vendor header");

View File

@ -9,6 +9,7 @@
#include "display.h" #include "display.h"
#include "flash.h" #include "flash.h"
#include "image.h" #include "image.h"
#include "secbool.h"
#include "usb.h" #include "usb.h"
#include "version.h" #include "version.h"
@ -18,14 +19,14 @@
#define MSG_HEADER1_LEN 9 #define MSG_HEADER1_LEN 9
#define MSG_HEADER2_LEN 1 #define MSG_HEADER2_LEN 1
bool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size) secbool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size)
{ {
if (buf[0] != '?' || buf[1] != '#' || buf[2] != '#') { if (buf[0] != '?' || buf[1] != '#' || buf[2] != '#') {
return false; return secfalse;
} }
*msg_id = (buf[3] << 8) + buf[4]; *msg_id = (buf[3] << 8) + buf[4];
*msg_size = (buf[5] << 24) + (buf[6] << 16) + (buf[7] << 8) + buf[8]; *msg_size = (buf[5] << 24) + (buf[6] << 16) + (buf[7] << 8) + buf[8];
return true; return sectrue;
} }
typedef struct { typedef struct {
@ -35,6 +36,7 @@ typedef struct {
uint8_t buf[USB_PACKET_SIZE]; uint8_t buf[USB_PACKET_SIZE];
} usb_write_state; } usb_write_state;
/* we don't use secbool/sectrue/secfalse here as it is a nanopb api */
static bool _usb_write(pb_ostream_t *stream, const pb_byte_t *buf, size_t count) static bool _usb_write(pb_ostream_t *stream, const pb_byte_t *buf, size_t count)
{ {
usb_write_state *state = (usb_write_state *)(stream->state); usb_write_state *state = (usb_write_state *)(stream->state);
@ -79,7 +81,7 @@ static void _usb_write_flush(usb_write_state *state)
usb_hid_write_blocking(state->iface_num, state->buf, USB_PACKET_SIZE, 100); usb_hid_write_blocking(state->iface_num, state->buf, USB_PACKET_SIZE, 100);
} }
static bool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t fields[], const void *msg) static secbool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t fields[], const void *msg)
{ {
// determine message size by serializing it into a dummy stream // determine message size by serializing it into a dummy stream
pb_ostream_t sizestream = { pb_ostream_t sizestream = {
@ -89,7 +91,7 @@ static bool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t field
.bytes_written = 0, .bytes_written = 0,
.errmsg = NULL}; .errmsg = NULL};
if (!pb_encode(&sizestream, fields, msg)) { if (!pb_encode(&sizestream, fields, msg)) {
return false; return secfalse;
} }
const uint32_t msg_size = sizestream.bytes_written; const uint32_t msg_size = sizestream.bytes_written;
@ -113,12 +115,12 @@ static bool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t field
}; };
if (!pb_encode(&stream, fields, msg)) { if (!pb_encode(&stream, fields, msg)) {
return false; return secfalse;
} }
_usb_write_flush(&state); _usb_write_flush(&state);
return true; return sectrue;
} }
#define MSG_SEND_INIT(TYPE) TYPE msg_send = TYPE##_init_default #define MSG_SEND_INIT(TYPE) TYPE msg_send = TYPE##_init_default
@ -134,6 +136,7 @@ typedef struct {
uint8_t *buf; uint8_t *buf;
} usb_read_state; } usb_read_state;
/* we don't use secbool/sectrue/secfalse here as it is a nanopb api */
static bool _usb_read(pb_istream_t *stream, uint8_t *buf, size_t count) static bool _usb_read(pb_istream_t *stream, uint8_t *buf, size_t count)
{ {
usb_read_state *state = (usb_read_state *)(stream->state); usb_read_state *state = (usb_read_state *)(stream->state);
@ -170,7 +173,7 @@ static void _usb_read_flush(usb_read_state *state)
(void)state; (void)state;
} }
static bool _recv_msg(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, const pb_field_t fields[], void *msg) static secbool _recv_msg(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, const pb_field_t fields[], void *msg)
{ {
usb_read_state state = { usb_read_state state = {
.iface_num = iface_num, .iface_num = iface_num,
@ -187,19 +190,19 @@ static bool _recv_msg(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, const
}; };
if (!pb_decode_noinit(&stream, fields, msg)) { if (!pb_decode_noinit(&stream, fields, msg)) {
return false; return secfalse;
} }
_usb_read_flush(&state); _usb_read_flush(&state);
return true; return sectrue;
} }
#define MSG_RECV_INIT(TYPE) TYPE msg_recv = TYPE##_init_default #define MSG_RECV_INIT(TYPE) TYPE msg_recv = TYPE##_init_default
#define MSG_RECV_CALLBACK(FIELD, CALLBACK) do { msg_recv.FIELD.funcs.decode = &CALLBACK; } while (0) #define MSG_RECV_CALLBACK(FIELD, CALLBACK) do { msg_recv.FIELD.funcs.decode = &CALLBACK; } while (0)
#define MSG_RECV(TYPE) do { _recv_msg(iface_num, msg_size, buf, TYPE##_fields, &msg_recv); } while(0) #define MSG_RECV(TYPE) do { _recv_msg(iface_num, msg_size, buf, TYPE##_fields, &msg_recv); } while(0)
void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, bool firmware_present) void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, secbool firmware_present)
{ {
MSG_RECV_INIT(Initialize); MSG_RECV_INIT(Initialize);
MSG_RECV(Initialize); MSG_RECV(Initialize);
@ -281,6 +284,7 @@ void process_msg_FirmwareErase(uint8_t iface_num, uint32_t msg_size, uint8_t *bu
static uint32_t chunk_size = 0; static uint32_t chunk_size = 0;
/* we don't use secbool/sectrue/secfalse here as it is a nanopb api */
static bool _read_payload(pb_istream_t *stream, const pb_field_t *field, void **arg) static bool _read_payload(pb_istream_t *stream, const pb_field_t *field, void **arg)
{ {
#define BUFSIZE 4096 #define BUFSIZE 4096

View File

@ -2,14 +2,14 @@
#define __MESSAGES_H__ #define __MESSAGES_H__
#include <stdint.h> #include <stdint.h>
#include <stdbool.h> #include "secbool.h"
#define USB_PACKET_SIZE 64 #define USB_PACKET_SIZE 64
#define USB_IFACE_NUM 0 #define USB_IFACE_NUM 0
bool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size); secbool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size);
void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, bool firmware_present); void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, secbool firmware_present);
void process_msg_Ping(uint8_t iface_num, uint32_t msg_size, uint8_t *buf); void process_msg_Ping(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);
void process_msg_FirmwareErase(uint8_t iface_num, uint32_t msg_size, uint8_t *buf); void process_msg_FirmwareErase(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);
int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size, uint8_t *buf); int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);

View File

@ -11,37 +11,37 @@ void flash_set_option_bytes(void)
{ {
} }
bool flash_unlock(void) secbool flash_unlock(void)
{ {
return false; return secfalse;
} }
bool flash_lock(void) secbool flash_lock(void)
{ {
return false; return secfalse;
} }
bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)) secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len))
{ {
return false; return secfalse;
} }
bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen) secbool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen)
{ {
return false; return secfalse;
} }
bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen) secbool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen)
{ {
return false; return secfalse;
} }
bool flash_otp_lock(uint8_t block) secbool flash_otp_lock(uint8_t block)
{ {
return false; return secfalse;
} }
bool flash_otp_is_locked(uint8_t block) secbool flash_otp_is_locked(uint8_t block)
{ {
return false; return secfalse;
} }

View File

@ -28,7 +28,7 @@ void usb_init(const usb_dev_info_t *dev_info) {
(void)dev_info; (void)dev_info;
sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
ensure(sock >= 0, NULL); ensure(sectrue * (sock >= 0), NULL);
fcntl(sock, F_SETFL, O_NONBLOCK); fcntl(sock, F_SETFL, O_NONBLOCK);
@ -46,7 +46,7 @@ void usb_init(const usb_dev_info_t *dev_info) {
si_me.sin_port = htons(TREZOR_UDP_PORT); si_me.sin_port = htons(TREZOR_UDP_PORT);
} }
ensure(0 == bind(sock, (struct sockaddr*)&si_me, sizeof(si_me)), NULL); ensure(sectrue * (0 == bind(sock, (struct sockaddr*)&si_me, sizeof(si_me))), NULL);
} }
void usb_deinit(void) { void usb_deinit(void) {
@ -58,34 +58,34 @@ void usb_start(void) {
void usb_stop(void) { void usb_stop(void) {
} }
bool usb_hid_add(const usb_hid_info_t *info) { secbool usb_hid_add(const usb_hid_info_t *info) {
return true; return sectrue;
} }
bool usb_vcp_add(const usb_vcp_info_t *info) { secbool usb_vcp_add(const usb_vcp_info_t *info) {
return true; return sectrue;
} }
bool usb_hid_can_read(uint8_t iface_num) { secbool usb_hid_can_read(uint8_t iface_num) {
if (iface_num != TREZOR_UDP_IFACE) { if (iface_num != TREZOR_UDP_IFACE) {
return false; return secfalse;
} }
struct pollfd fds[] = { struct pollfd fds[] = {
{ sock, POLLIN, 0 }, { sock, POLLIN, 0 },
}; };
int r = poll(fds, 1, 0); int r = poll(fds, 1, 0);
return r > 0; return sectrue * (r > 0);
} }
bool usb_hid_can_write(uint8_t iface_num) { secbool usb_hid_can_write(uint8_t iface_num) {
if (iface_num != TREZOR_UDP_IFACE) { if (iface_num != TREZOR_UDP_IFACE) {
return false; return secfalse;
} }
struct pollfd fds[] = { struct pollfd fds[] = {
{ sock, POLLOUT, 0 }, { sock, POLLOUT, 0 },
}; };
int r = poll(fds, 1, 0); int r = poll(fds, 1, 0);
return r > 0; return sectrue * (r > 0);
} }
int usb_hid_read(uint8_t iface_num, uint8_t *buf, uint32_t len) { int usb_hid_read(uint8_t iface_num, uint8_t *buf, uint32_t len) {

View File

@ -11,6 +11,6 @@ void sbu_init(void)
{ {
} }
void sbu_set(bool sbu1, bool sbu2) void sbu_set(secbool sbu1, secbool sbu2)
{ {
} }

View File

@ -7,31 +7,29 @@
#include "../../trezorhal/sdcard.h" #include "../../trezorhal/sdcard.h"
#define SD_ERROR 41U
void sdcard_init(void) { void sdcard_init(void) {
} }
bool sdcard_is_present(void) { secbool sdcard_is_present(void) {
return false; return secfalse;
} }
bool sdcard_power_on(void) { secbool sdcard_power_on(void) {
return false; return secfalse;
} }
bool sdcard_power_off(void) { secbool sdcard_power_off(void) {
return true; return sectrue;
} }
uint64_t sdcard_get_capacity_in_bytes(void) { uint64_t sdcard_get_capacity_in_bytes(void) {
return 0; return 0;
} }
bool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) { secbool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) {
return false; return secfalse;
} }
bool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks) { secbool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks) {
return false; return secfalse;
} }

View File

@ -86,9 +86,9 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorutils_memcpy_obj, 5, 5, mod
STATIC mp_obj_t mod_trezorutils_halt(size_t n_args, const mp_obj_t *args) { STATIC mp_obj_t mod_trezorutils_halt(size_t n_args, const mp_obj_t *args) {
mp_buffer_info_t msg; mp_buffer_info_t msg;
if (n_args > 0 && mp_get_buffer(args[0], &msg, MP_BUFFER_READ)) { if (n_args > 0 && mp_get_buffer(args[0], &msg, MP_BUFFER_READ)) {
ensure(0, msg.buf); ensure(secfalse, msg.buf);
} else { } else {
ensure(0, "halt"); ensure(secfalse, "halt");
} }
return mp_const_none; return mp_const_none;
} }

View File

@ -68,7 +68,7 @@ int main(void)
// MicroPython default exception handler // MicroPython default exception handler
void __attribute__((noreturn)) nlr_jump_fail(void *val) { void __attribute__((noreturn)) nlr_jump_fail(void *val) {
ensure(0, "uncaught exception"); ensure(secfalse, "uncaught exception");
} }
void PendSV_Handler(void) { void PendSV_Handler(void) {

View File

@ -6,7 +6,7 @@ static int vcp_iface_num = -1;
int mp_hal_stdin_rx_chr(void) { int mp_hal_stdin_rx_chr(void) {
ensure(vcp_iface_num >= 0, "vcp stdio is not configured"); ensure(sectrue * (vcp_iface_num >= 0), "vcp stdio is not configured");
#define VCP_READ_TIMEOUT 25 #define VCP_READ_TIMEOUT 25
uint8_t c = 0; uint8_t c = 0;

View File

@ -34,7 +34,7 @@ uint32_t __stack_chk_guard = 0;
void __attribute__((noreturn)) __stack_chk_fail(void) void __attribute__((noreturn)) __stack_chk_fail(void)
{ {
ensure(0, "Stack smashing detected"); ensure(secfalse, "Stack smashing detected");
} }
#ifndef NDEBUG #ifndef NDEBUG

View File

@ -2,6 +2,7 @@
#define __TREZORHAL_COMMON_H__ #define __TREZORHAL_COMMON_H__
#include <stdint.h> #include <stdint.h>
#include "secbool.h"
extern void memset_reg(volatile void *start, volatile void *stop, uint32_t val); extern void memset_reg(volatile void *start, volatile void *stop, uint32_t val);
@ -9,7 +10,7 @@ void clear_otg_hs_memory(void);
void __attribute__((noreturn)) __fatal_error(const char *expr, const char *msg, const char *file, int line, const char *func); void __attribute__((noreturn)) __fatal_error(const char *expr, const char *msg, const char *file, int line, const char *func);
#define ensure(expr, msg) ((expr) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__)) #define ensure(expr, msg) (((expr) == sectrue) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__))
void jump_to(uint32_t address); void jump_to(uint32_t address);

View File

@ -33,23 +33,23 @@ const uint32_t FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT + 1] = {
[24] = 0x08200000, // last element - not a valid sector [24] = 0x08200000, // last element - not a valid sector
}; };
bool flash_unlock(void) secbool flash_unlock(void)
{ {
HAL_FLASH_Unlock(); HAL_FLASH_Unlock();
__HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP | FLASH_FLAG_OPERR | FLASH_FLAG_WRPERR | FLASH_FLAG_PGAERR | FLASH_FLAG_PGPERR | FLASH_FLAG_PGSERR); __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP | FLASH_FLAG_OPERR | FLASH_FLAG_WRPERR | FLASH_FLAG_PGAERR | FLASH_FLAG_PGPERR | FLASH_FLAG_PGSERR);
return true; return sectrue;
} }
bool flash_lock(void) secbool flash_lock(void)
{ {
HAL_FLASH_Lock(); HAL_FLASH_Lock();
return true; return sectrue;
} }
bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)) secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len))
{ {
if (!flash_unlock()) { if (!flash_unlock()) {
return false; return secfalse;
} }
FLASH_EraseInitTypeDef EraseInitStruct; FLASH_EraseInitTypeDef EraseInitStruct;
EraseInitStruct.TypeErase = FLASH_TYPEERASE_SECTORS; EraseInitStruct.TypeErase = FLASH_TYPEERASE_SECTORS;
@ -63,13 +63,13 @@ bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int p
EraseInitStruct.Sector = sectors[i]; EraseInitStruct.Sector = sectors[i];
if (HAL_FLASHEx_Erase(&EraseInitStruct, &SectorError) != HAL_OK) { if (HAL_FLASHEx_Erase(&EraseInitStruct, &SectorError) != HAL_OK) {
flash_lock(); flash_lock();
return false; return secfalse;
} }
// check whether the sector was really deleted (contains only 0xFF) // check whether the sector was really deleted (contains only 0xFF)
uint32_t addr_start = FLASH_SECTOR_TABLE[sectors[i]], addr_end = FLASH_SECTOR_TABLE[sectors[i] + 1]; uint32_t addr_start = FLASH_SECTOR_TABLE[sectors[i]], addr_end = FLASH_SECTOR_TABLE[sectors[i] + 1];
for (uint32_t addr = addr_start; addr < addr_end; addr += 4) { for (uint32_t addr = addr_start; addr < addr_end; addr += 4) {
if (*((const uint32_t *)addr) != 0xFFFFFFFF) { if (*((const uint32_t *)addr) != 0xFFFFFFFF) {
return false; return secfalse;
} }
} }
if (progress) { if (progress) {
@ -77,44 +77,44 @@ bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int p
} }
} }
flash_lock(); flash_lock();
return true; return sectrue;
} }
bool flash_write_byte(uint32_t address, uint8_t data) secbool flash_write_byte(uint32_t address, uint8_t data)
{ {
return HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, address, data); return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, address, data));
} }
bool flash_write_word(uint32_t address, uint32_t data) secbool flash_write_word(uint32_t address, uint32_t data)
{ {
return HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, address, data); return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, address, data));
} }
#define FLASH_OTP_LOCK_BASE 0x1FFF7A00U #define FLASH_OTP_LOCK_BASE 0x1FFF7A00U
bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen) secbool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen)
{ {
if (block >= FLASH_OTP_NUM_BLOCKS || offset + datalen > FLASH_OTP_BLOCK_SIZE) { if (block >= FLASH_OTP_NUM_BLOCKS || offset + datalen > FLASH_OTP_BLOCK_SIZE) {
return false; return secfalse;
} }
for (uint8_t i = 0; i < datalen; i++) { for (uint8_t i = 0; i < datalen; i++) {
data[i] = *(__IO uint8_t *)(FLASH_OTP_BASE + block * FLASH_OTP_BLOCK_SIZE + offset + i); data[i] = *(__IO uint8_t *)(FLASH_OTP_BASE + block * FLASH_OTP_BLOCK_SIZE + offset + i);
} }
return true; return sectrue;
} }
bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen) secbool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen)
{ {
if (block >= FLASH_OTP_NUM_BLOCKS || offset + datalen > FLASH_OTP_BLOCK_SIZE) { if (block >= FLASH_OTP_NUM_BLOCKS || offset + datalen > FLASH_OTP_BLOCK_SIZE) {
return false; return secfalse;
} }
if (!flash_unlock()) { if (!flash_unlock()) {
return false; return secfalse;
} }
bool ret = false; secbool ret = secfalse;
for (uint8_t i = 0; i < datalen; i++) { for (uint8_t i = 0; i < datalen; i++) {
ret = flash_write_byte(FLASH_OTP_BASE + block * FLASH_OTP_BLOCK_SIZE + offset + i, data[i]); ret = flash_write_byte(FLASH_OTP_BASE + block * FLASH_OTP_BLOCK_SIZE + offset + i, data[i]);
if (!ret) { if (ret != sectrue) {
break; break;
} }
} }
@ -122,20 +122,20 @@ bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t
return ret; return ret;
} }
bool flash_otp_lock(uint8_t block) secbool flash_otp_lock(uint8_t block)
{ {
if (block >= FLASH_OTP_NUM_BLOCKS) { if (block >= FLASH_OTP_NUM_BLOCKS) {
return false; return secfalse;
} }
if (!flash_unlock()) { if (!flash_unlock()) {
return false; return secfalse;
} }
HAL_StatusTypeDef ret = HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, FLASH_OTP_LOCK_BASE + block, 0x00); HAL_StatusTypeDef ret = HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, FLASH_OTP_LOCK_BASE + block, 0x00);
flash_lock(); flash_lock();
return ret == HAL_OK; return sectrue * (ret == HAL_OK);
} }
bool flash_otp_is_locked(uint8_t block) secbool flash_otp_is_locked(uint8_t block)
{ {
return *(__IO uint8_t *)(FLASH_OTP_LOCK_BASE + block) == 0x00; return *(__IO uint8_t *)(FLASH_OTP_LOCK_BASE + block) == 0x00;
} }

View File

@ -1,8 +1,8 @@
#ifndef __TREZORHAL_FLASH_H__ #ifndef __TREZORHAL_FLASH_H__
#define __TREZORHAL_FLASH_H__ #define __TREZORHAL_FLASH_H__
#include <stdbool.h>
#include <stdint.h> #include <stdint.h>
#include "secbool.h"
// see docs/memory.md for more information // see docs/memory.md for more information
@ -44,19 +44,19 @@ extern const uint32_t FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT + 1];
void flash_set_option_bytes(void); void flash_set_option_bytes(void);
bool flash_unlock(void); secbool flash_unlock(void);
bool flash_lock(void); secbool flash_lock(void);
bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)); secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len));
bool flash_write_byte(uint32_t address, uint8_t data); secbool flash_write_byte(uint32_t address, uint8_t data);
bool flash_write_word(uint32_t address, uint32_t data); secbool flash_write_word(uint32_t address, uint32_t data);
#define FLASH_OTP_NUM_BLOCKS 16 #define FLASH_OTP_NUM_BLOCKS 16
#define FLASH_OTP_BLOCK_SIZE 32 #define FLASH_OTP_BLOCK_SIZE 32
bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen); secbool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen);
bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen); secbool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen);
bool flash_otp_lock(uint8_t block); secbool flash_otp_lock(uint8_t block);
bool flash_otp_is_locked(uint8_t block); secbool flash_otp_is_locked(uint8_t block);
#endif #endif

View File

@ -7,16 +7,16 @@
#include "flash.h" #include "flash.h"
#include "image.h" #include "image.h"
static bool compute_pubkey(uint8_t sig_m, uint8_t sig_n, const uint8_t * const *pub, uint8_t sigmask, ed25519_public_key res) static secbool compute_pubkey(uint8_t sig_m, uint8_t sig_n, const uint8_t * const *pub, uint8_t sigmask, ed25519_public_key res)
{ {
if (!sig_m || !sig_n) return false; if (!sig_m || !sig_n) return secfalse;
if (sig_m > sig_n) return false; if (sig_m > sig_n) return secfalse;
// discard bits higher than sig_n // discard bits higher than sig_n
sigmask &= ((1 << sig_n) - 1); sigmask &= ((1 << sig_n) - 1);
// remove if number of set bits in sigmask is not equal to sig_m // remove if number of set bits in sigmask is not equal to sig_m
if (__builtin_popcount(sigmask) != sig_m) return false; if (__builtin_popcount(sigmask) != sig_m) return secfalse;
ed25519_public_key keys[sig_m]; ed25519_public_key keys[sig_m];
int j = 0; int j = 0;
@ -27,26 +27,26 @@ static bool compute_pubkey(uint8_t sig_m, uint8_t sig_n, const uint8_t * const *
} }
} }
return 0 == ed25519_cosi_combine_publickeys(res, keys, sig_m); return sectrue * (0 == ed25519_cosi_combine_publickeys(res, keys, sig_m));
} }
bool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr) secbool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr)
{ {
memcpy(&hdr->magic, data, 4); memcpy(&hdr->magic, data, 4);
if (hdr->magic != magic) return false; if (hdr->magic != magic) return secfalse;
memcpy(&hdr->hdrlen, data + 4, 4); memcpy(&hdr->hdrlen, data + 4, 4);
if (hdr->hdrlen != IMAGE_HEADER_SIZE) return false; if (hdr->hdrlen != IMAGE_HEADER_SIZE) return secfalse;
memcpy(&hdr->expiry, data + 8, 4); memcpy(&hdr->expiry, data + 8, 4);
// TODO: expiry mechanism needs to be ironed out before production or those // TODO: expiry mechanism needs to be ironed out before production or those
// devices won't accept expiring bootloaders (due to boardloader write protection). // devices won't accept expiring bootloaders (due to boardloader write protection).
if (hdr->expiry != 0) return false; if (hdr->expiry != 0) return secfalse;
memcpy(&hdr->codelen, data + 12, 4); memcpy(&hdr->codelen, data + 12, 4);
if (hdr->codelen > (maxsize - hdr->hdrlen)) return false; if (hdr->codelen > (maxsize - hdr->hdrlen)) return secfalse;
if ((hdr->hdrlen + hdr->codelen) < 4 * 1024) return false; if ((hdr->hdrlen + hdr->codelen) < 4 * 1024) return secfalse;
if ((hdr->hdrlen + hdr->codelen) % 512 != 0) return false; if ((hdr->hdrlen + hdr->codelen) % 512 != 0) return secfalse;
memcpy(&hdr->version, data + 16, 4); memcpy(&hdr->version, data + 16, 4);
@ -68,21 +68,21 @@ bool load_image_header(const uint8_t * const data, const uint32_t magic, const u
blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH); blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);
ed25519_public_key pub; ed25519_public_key pub;
if (!compute_pubkey(key_m, key_n, keys, hdr->sigmask, pub)) return false; if (!compute_pubkey(key_m, key_n, keys, hdr->sigmask, pub)) return secfalse;
return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr->sig); return sectrue * (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr->sig));
} }
bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr) secbool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr)
{ {
memcpy(&vhdr->magic, data, 4); memcpy(&vhdr->magic, data, 4);
if (vhdr->magic != 0x565A5254) return false; // TRZV if (vhdr->magic != 0x565A5254) return secfalse; // TRZV
memcpy(&vhdr->hdrlen, data + 4, 4); memcpy(&vhdr->hdrlen, data + 4, 4);
if (vhdr->hdrlen > 64 * 1024) return false; if (vhdr->hdrlen > 64 * 1024) return secfalse;
memcpy(&vhdr->expiry, data + 8, 4); memcpy(&vhdr->expiry, data + 8, 4);
if (vhdr->expiry != 0) return false; if (vhdr->expiry != 0) return secfalse;
memcpy(&vhdr->version, data + 12, 2); memcpy(&vhdr->version, data + 12, 2);
@ -91,7 +91,7 @@ bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n
memcpy(&vhdr->vtrust, data + 16, 1); memcpy(&vhdr->vtrust, data + 16, 1);
if (vhdr->vsig_n > MAX_VENDOR_PUBLIC_KEYS) { if (vhdr->vsig_n > MAX_VENDOR_PUBLIC_KEYS) {
return false; return secfalse;
} }
for (int i = 0; i < vhdr->vsig_n; i++) { for (int i = 0; i < vhdr->vsig_n; i++) {
@ -125,42 +125,42 @@ bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n
blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH); blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);
ed25519_public_key pub; ed25519_public_key pub;
if (!compute_pubkey(key_m, key_n, keys, vhdr->sigmask, pub)) return false; if (!compute_pubkey(key_m, key_n, keys, vhdr->sigmask, pub)) return secfalse;
return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)vhdr->sig); return sectrue * (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)vhdr->sig));
} }
static bool check_hash(const uint8_t * const hash, const uint8_t * const data, int len) static secbool check_hash(const uint8_t * const hash, const uint8_t * const data, int len)
{ {
uint8_t h[BLAKE2S_DIGEST_LENGTH]; uint8_t h[BLAKE2S_DIGEST_LENGTH];
blake2s(data, len, h, BLAKE2S_DIGEST_LENGTH); blake2s(data, len, h, BLAKE2S_DIGEST_LENGTH);
return 0 == memcmp(h, hash, BLAKE2S_DIGEST_LENGTH); return sectrue * (0 == memcmp(h, hash, BLAKE2S_DIGEST_LENGTH));
} }
#define MIN(a,b) ((a) < (b) ? (a) : (b)) #define MIN(a,b) ((a) < (b) ? (a) : (b))
bool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks) secbool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks)
{ {
if (!sectors || blocks < 1) { if (!sectors || blocks < 1) {
return false; return secfalse;
} }
const void *data = (const void *)(FLASH_SECTOR_TABLE[sectors[0]] + firstskip); const void *data = (const void *)(FLASH_SECTOR_TABLE[sectors[0]] + firstskip);
int remaining = hdr->codelen; int remaining = hdr->codelen;
if (!check_hash(hdr->hashes, data, MIN(remaining, IMAGE_CHUNK_SIZE - firstskip))) { if (!check_hash(hdr->hashes, data, MIN(remaining, IMAGE_CHUNK_SIZE - firstskip))) {
return false; return secfalse;
} }
int block = 1; int block = 1;
remaining -= IMAGE_CHUNK_SIZE - firstskip; remaining -= IMAGE_CHUNK_SIZE - firstskip;
while (remaining > 0) { while (remaining > 0) {
if (block >= blocks) { if (block >= blocks) {
return false; return secfalse;
} }
data = (const void *)FLASH_SECTOR_TABLE[sectors[block]]; data = (const void *)FLASH_SECTOR_TABLE[sectors[block]];
if (!check_hash(hdr->hashes + block * 32, data, MIN(remaining, IMAGE_CHUNK_SIZE))) { if (!check_hash(hdr->hashes + block * 32, data, MIN(remaining, IMAGE_CHUNK_SIZE))) {
return false; return secfalse;
} }
block++; block++;
remaining -= IMAGE_CHUNK_SIZE; remaining -= IMAGE_CHUNK_SIZE;
} }
return true; return sectrue;
} }

View File

@ -2,7 +2,7 @@
#define __TREZORHAL_IMAGE_H__ #define __TREZORHAL_IMAGE_H__
#include <stdint.h> #include <stdint.h>
#include <stdbool.h> #include "secbool.h"
#define BOARDLOADER_START 0x08000000 #define BOARDLOADER_START 0x08000000
#define BOOTLOADER_START 0x08020000 #define BOOTLOADER_START 0x08020000
@ -44,10 +44,10 @@ typedef struct {
uint8_t sig[64]; uint8_t sig[64];
} vendor_header; } vendor_header;
bool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr); secbool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr);
bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr); secbool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr);
bool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks); secbool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks);
#endif #endif

View File

@ -23,7 +23,7 @@ void sbu_init(void) {
HAL_GPIO_WritePin(GPIOA, GPIO_PIN_3, GPIO_PIN_RESET); HAL_GPIO_WritePin(GPIOA, GPIO_PIN_3, GPIO_PIN_RESET);
} }
void sbu_set(bool sbu1, bool sbu2) { void sbu_set(secbool sbu1, secbool sbu2) {
HAL_GPIO_WritePin(GPIOA, GPIO_PIN_2, sbu1 ? GPIO_PIN_SET : GPIO_PIN_RESET); HAL_GPIO_WritePin(GPIOA, GPIO_PIN_2, sbu1 == sectrue ? GPIO_PIN_SET : GPIO_PIN_RESET);
HAL_GPIO_WritePin(GPIOA, GPIO_PIN_3, sbu2 ? GPIO_PIN_SET : GPIO_PIN_RESET); HAL_GPIO_WritePin(GPIOA, GPIO_PIN_3, sbu2 == sectrue ? GPIO_PIN_SET : GPIO_PIN_RESET);
} }

View File

@ -8,9 +8,9 @@
#ifndef __TREZORHAL_SBU_H__ #ifndef __TREZORHAL_SBU_H__
#define __TREZORHAL_SBU_H__ #define __TREZORHAL_SBU_H__
#include <stdbool.h> #include "secbool.h"
void sbu_init(void); void sbu_init(void);
void sbu_set(bool sbu1, bool sbu2); void sbu_set(secbool sbu1, secbool sbu2);
#endif #endif

View File

@ -66,16 +66,16 @@ void HAL_SD_MspDeInit(SD_HandleTypeDef *hsd) {
__HAL_RCC_SDIO_CLK_DISABLE(); __HAL_RCC_SDIO_CLK_DISABLE();
} }
bool sdcard_is_present(void) { secbool sdcard_is_present(void) {
return GPIO_PIN_RESET == HAL_GPIO_ReadPin(GPIOC, GPIO_PIN_13); return sectrue * (GPIO_PIN_RESET == HAL_GPIO_ReadPin(GPIOC, GPIO_PIN_13));
} }
bool sdcard_power_on(void) { secbool sdcard_power_on(void) {
if (!sdcard_is_present()) { if (!sdcard_is_present()) {
return false; return secfalse;
} }
if (sd_handle.Instance) { if (sd_handle.Instance) {
return true; return sectrue;
} }
// SD device interface configuration // SD device interface configuration
@ -101,20 +101,20 @@ bool sdcard_power_on(void) {
goto error; goto error;
} }
return true; return sectrue;
error: error:
sd_handle.Instance = NULL; sd_handle.Instance = NULL;
return false; return secfalse;
} }
bool sdcard_power_off(void) { secbool sdcard_power_off(void) {
if (!sd_handle.Instance) { if (!sd_handle.Instance) {
return true; return sectrue;
} }
HAL_SD_DeInit(&sd_handle); HAL_SD_DeInit(&sd_handle);
sd_handle.Instance = NULL; sd_handle.Instance = NULL;
return true; return sectrue;
} }
uint64_t sdcard_get_capacity_in_bytes(void) { uint64_t sdcard_get_capacity_in_bytes(void) {
@ -150,15 +150,15 @@ static HAL_StatusTypeDef sdcard_wait_finished(SD_HandleTypeDef *sd, uint32_t tim
return HAL_OK; return HAL_OK;
} }
bool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) { secbool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) {
// check that SD card is initialised // check that SD card is initialised
if (sd_handle.Instance == NULL) { if (sd_handle.Instance == NULL) {
return false; return secfalse;
} }
// check that dest pointer is aligned on a 4-byte boundary // check that dest pointer is aligned on a 4-byte boundary
if (((uint32_t)dest & 3) != 0) { if (((uint32_t)dest & 3) != 0) {
return false; return secfalse;
} }
HAL_StatusTypeDef err = HAL_OK; HAL_StatusTypeDef err = HAL_OK;
@ -168,18 +168,18 @@ bool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) {
err = sdcard_wait_finished(&sd_handle, 60000); err = sdcard_wait_finished(&sd_handle, 60000);
} }
return err == HAL_OK; return sectrue * (err == HAL_OK);
} }
bool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks) { secbool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks) {
// check that SD card is initialised // check that SD card is initialised
if (sd_handle.Instance == NULL) { if (sd_handle.Instance == NULL) {
return false; return secfalse;
} }
// check that src pointer is aligned on a 4-byte boundary // check that src pointer is aligned on a 4-byte boundary
if (((uint32_t)src & 3) != 0) { if (((uint32_t)src & 3) != 0) {
return false; return secfalse;
} }
HAL_StatusTypeDef err = HAL_OK; HAL_StatusTypeDef err = HAL_OK;
@ -189,5 +189,5 @@ bool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_block
err = sdcard_wait_finished(&sd_handle, 60000); err = sdcard_wait_finished(&sd_handle, 60000);
} }
return err == HAL_OK; return sectrue * (err == HAL_OK);
} }

View File

@ -27,17 +27,17 @@
#ifndef __TREZORHAL_SDCARD_H__ #ifndef __TREZORHAL_SDCARD_H__
#define __TREZORHAL_SDCARD_H__ #define __TREZORHAL_SDCARD_H__
#include <stdbool.h> #include "secbool.h"
// this is a fixed size and should not be changed // this is a fixed size and should not be changed
#define SDCARD_BLOCK_SIZE (512) #define SDCARD_BLOCK_SIZE (512)
void sdcard_init(void); void sdcard_init(void);
bool sdcard_is_present(void); secbool sdcard_is_present(void);
bool sdcard_power_on(void); secbool sdcard_power_on(void);
bool sdcard_power_off(void); secbool sdcard_power_off(void);
uint64_t sdcard_get_capacity_in_bytes(void); uint64_t sdcard_get_capacity_in_bytes(void);
bool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks); secbool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks);
bool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks); secbool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks);
#endif #endif

10
embed/trezorhal/secbool.h Normal file
View File

@ -0,0 +1,10 @@
#ifndef __TREZORHAL_SECBOOL_H__
#define __TREZORHAL_SECBOOL_H__
#include <stdint.h>
typedef uint32_t secbool;
#define sectrue 0xAAAAAAAA
#define secfalse 0x00000000
#endif

View File

@ -10,6 +10,7 @@
#include <string.h> #include <string.h>
#include "common.h" #include "common.h"
#include "secbool.h"
#include "touch.h" #include "touch.h"
I2C_HandleTypeDef i2c_handle = { I2C_HandleTypeDef i2c_handle = {
@ -41,7 +42,7 @@ void touch_init(void)
init->NoStretchMode = I2C_NOSTRETCH_DISABLE; init->NoStretchMode = I2C_NOSTRETCH_DISABLE;
init->OwnAddress2 = 0; init->OwnAddress2 = 0;
ensure(HAL_I2C_Init(&i2c_handle) == HAL_OK, NULL); ensure(sectrue * (HAL_OK == HAL_I2C_Init(&i2c_handle)), NULL);
} }
#define TOUCH_ADDRESS 56 #define TOUCH_ADDRESS 56

View File

@ -8,7 +8,6 @@
#ifndef __TREZORHAL_TOUCH_H__ #ifndef __TREZORHAL_TOUCH_H__
#define __TREZORHAL_TOUCH_H__ #define __TREZORHAL_TOUCH_H__
#include <stdbool.h>
#include <stdint.h> #include <stdint.h>
#define TOUCH_START 0x00010000 #define TOUCH_START 0x00010000

View File

@ -42,8 +42,10 @@ static USBD_HandleTypeDef usb_dev_handle;
static const USBD_DescriptorsTypeDef usb_descriptors; static const USBD_DescriptorsTypeDef usb_descriptors;
static const USBD_ClassTypeDef usb_class; static const USBD_ClassTypeDef usb_class;
static bool check_desc_str(const uint8_t *s) { static secbool check_desc_str(const uint8_t *s) {
return s && strlen((const char *)s) <= USB_MAX_STR_SIZE; if (!s) return secfalse;
if (strlen((const char *)s) > USB_MAX_STR_SIZE) return secfalse;
return sectrue;
} }
void usb_init(const usb_dev_info_t *dev_info) { void usb_init(const usb_dev_info_t *dev_info) {
@ -86,8 +88,8 @@ void usb_init(const usb_dev_info_t *dev_info) {
// Pointer to interface descriptor data // Pointer to interface descriptor data
usb_next_iface_desc = (usb_interface_descriptor_t *)(usb_config_buf + usb_config_desc->wTotalLength); usb_next_iface_desc = (usb_interface_descriptor_t *)(usb_config_buf + usb_config_desc->wTotalLength);
ensure(USBD_OK == USBD_Init(&usb_dev_handle, (USBD_DescriptorsTypeDef*)&usb_descriptors, USB_PHY_ID), NULL); ensure(sectrue * (USBD_OK == USBD_Init(&usb_dev_handle, (USBD_DescriptorsTypeDef*)&usb_descriptors, USB_PHY_ID)), NULL);
ensure(USBD_OK == USBD_RegisterClass(&usb_dev_handle, (USBD_ClassTypeDef*)&usb_class), NULL); ensure(sectrue * (USBD_OK == USBD_RegisterClass(&usb_dev_handle, (USBD_ClassTypeDef*)&usb_class)), NULL);
} }
void usb_deinit(void) { void usb_deinit(void) {

View File

@ -8,8 +8,8 @@
#ifndef __TREZORHAL_USB_H__ #ifndef __TREZORHAL_USB_H__
#define __TREZORHAL_USB_H__ #define __TREZORHAL_USB_H__
#include <stdbool.h>
#include <stdint.h> #include <stdint.h>
#include "secbool.h"
#define USB_EP_DIR_OUT 0x00 #define USB_EP_DIR_OUT 0x00
#define USB_EP_DIR_IN 0x80 #define USB_EP_DIR_IN 0x80

View File

@ -69,9 +69,9 @@ typedef struct {
uint8_t ep_in_is_idle; // Set to 1 after IN endpoint gets idle uint8_t ep_in_is_idle; // Set to 1 after IN endpoint gets idle
} usb_hid_state_t; } usb_hid_state_t;
bool usb_hid_add(const usb_hid_info_t *hid_info); secbool usb_hid_add(const usb_hid_info_t *hid_info);
bool usb_hid_can_read(uint8_t iface_num); secbool usb_hid_can_read(uint8_t iface_num);
bool usb_hid_can_write(uint8_t iface_num); secbool usb_hid_can_write(uint8_t iface_num);
int usb_hid_read(uint8_t iface_num, uint8_t *buf, uint32_t len); int usb_hid_read(uint8_t iface_num, uint8_t *buf, uint32_t len);
int usb_hid_write(uint8_t iface_num, const uint8_t *buf, uint32_t len); int usb_hid_write(uint8_t iface_num, const uint8_t *buf, uint32_t len);

View File

@ -17,34 +17,34 @@
/* usb_hid_add adds and configures new USB HID interface according to /* usb_hid_add adds and configures new USB HID interface according to
* configuration options passed in `info`. */ * configuration options passed in `info`. */
bool usb_hid_add(const usb_hid_info_t *info) { secbool usb_hid_add(const usb_hid_info_t *info) {
usb_iface_t *iface = usb_get_iface(info->iface_num); usb_iface_t *iface = usb_get_iface(info->iface_num);
if (iface == NULL) { if (iface == NULL) {
return false; // Invalid interface number return secfalse; // Invalid interface number
} }
if (iface->type != USB_IFACE_TYPE_DISABLED) { if (iface->type != USB_IFACE_TYPE_DISABLED) {
return false; // Interface is already enabled return secfalse; // Interface is already enabled
} }
usb_hid_descriptor_block_t *d = usb_desc_alloc_iface(sizeof(usb_hid_descriptor_block_t)); usb_hid_descriptor_block_t *d = usb_desc_alloc_iface(sizeof(usb_hid_descriptor_block_t));
if (d == NULL) { if (d == NULL) {
return false; // Not enough space in the configuration descriptor return secfalse; // Not enough space in the configuration descriptor
} }
if ((info->ep_in & USB_EP_DIR_MSK) != USB_EP_DIR_IN) { if ((info->ep_in & USB_EP_DIR_MSK) != USB_EP_DIR_IN) {
return false; // IN EP is invalid return secfalse; // IN EP is invalid
} }
if ((info->ep_out & USB_EP_DIR_MSK) != USB_EP_DIR_OUT) { if ((info->ep_out & USB_EP_DIR_MSK) != USB_EP_DIR_OUT) {
return false; // OUT EP is invalid return secfalse; // OUT EP is invalid
} }
if (info->rx_buffer == NULL) { if (info->rx_buffer == NULL) {
return false; return secfalse;
} }
if (info->report_desc == NULL) { if (info->report_desc == NULL) {
return false; return secfalse;
} }
// Interface descriptor // Interface descriptor
@ -101,41 +101,41 @@ bool usb_hid_add(const usb_hid_info_t *info) {
iface->hid.last_read_len = 0; iface->hid.last_read_len = 0;
iface->hid.ep_in_is_idle = 1; iface->hid.ep_in_is_idle = 1;
return true; return sectrue;
} }
bool usb_hid_can_read(uint8_t iface_num) { secbool usb_hid_can_read(uint8_t iface_num) {
usb_iface_t *iface = usb_get_iface(iface_num); usb_iface_t *iface = usb_get_iface(iface_num);
if (iface == NULL) { if (iface == NULL) {
return false; // Invalid interface number return secfalse; // Invalid interface number
} }
if (iface->type != USB_IFACE_TYPE_HID) { if (iface->type != USB_IFACE_TYPE_HID) {
return false; // Invalid interface type return secfalse; // Invalid interface type
} }
if (iface->hid.last_read_len == 0) { if (iface->hid.last_read_len == 0) {
return false; // Nothing in the receiving buffer return secfalse; // Nothing in the receiving buffer
} }
if (usb_dev_handle.dev_state != USBD_STATE_CONFIGURED) { if (usb_dev_handle.dev_state != USBD_STATE_CONFIGURED) {
return false; // Device is not configured return secfalse; // Device is not configured
} }
return true; return sectrue;
} }
bool usb_hid_can_write(uint8_t iface_num) { secbool usb_hid_can_write(uint8_t iface_num) {
usb_iface_t *iface = usb_get_iface(iface_num); usb_iface_t *iface = usb_get_iface(iface_num);
if (iface == NULL) { if (iface == NULL) {
return false; // Invalid interface number return secfalse; // Invalid interface number
} }
if (iface->type != USB_IFACE_TYPE_HID) { if (iface->type != USB_IFACE_TYPE_HID) {
return false; // Invalid interface type return secfalse; // Invalid interface type
} }
if (iface->hid.ep_in_is_idle == 0) { if (iface->hid.ep_in_is_idle == 0) {
return false; // Last transmission is not over yet return secfalse; // Last transmission is not over yet
} }
if (usb_dev_handle.dev_state != USBD_STATE_CONFIGURED) { if (usb_dev_handle.dev_state != USBD_STATE_CONFIGURED) {
return false; // Device is not configured return secfalse; // Device is not configured
} }
return true; return sectrue;
} }
int usb_hid_read(uint8_t iface_num, uint8_t *buf, uint32_t len) { int usb_hid_read(uint8_t iface_num, uint8_t *buf, uint32_t len) {

View File

@ -119,9 +119,9 @@ typedef struct {
uint8_t ep_in_is_idle; // Set to 1 after IN endpoint gets idle uint8_t ep_in_is_idle; // Set to 1 after IN endpoint gets idle
} usb_vcp_state_t; } usb_vcp_state_t;
bool usb_vcp_add(const usb_vcp_info_t *vcp_info); secbool usb_vcp_add(const usb_vcp_info_t *vcp_info);
bool usb_vcp_can_read(uint8_t iface_num); secbool usb_vcp_can_read(uint8_t iface_num);
bool usb_vcp_can_write(uint8_t iface_num); secbool usb_vcp_can_write(uint8_t iface_num);
int usb_vcp_read(uint8_t iface_num, uint8_t *buf, uint32_t len); int usb_vcp_read(uint8_t iface_num, uint8_t *buf, uint32_t len);
int usb_vcp_write(uint8_t iface_num, const uint8_t *buf, uint32_t len); int usb_vcp_write(uint8_t iface_num, const uint8_t *buf, uint32_t len);

View File

@ -42,49 +42,49 @@
/* usb_vcp_add adds and configures new USB VCP interface according to /* usb_vcp_add adds and configures new USB VCP interface according to
* configuration options passed in `info`. */ * configuration options passed in `info`. */
bool usb_vcp_add(const usb_vcp_info_t *info) { secbool usb_vcp_add(const usb_vcp_info_t *info) {
usb_iface_t *iface = usb_get_iface(info->iface_num); usb_iface_t *iface = usb_get_iface(info->iface_num);
if (iface == NULL) { if (iface == NULL) {
return false; // Invalid interface number return secfalse; // Invalid interface number
} }
if (iface->type != USB_IFACE_TYPE_DISABLED) { if (iface->type != USB_IFACE_TYPE_DISABLED) {
return false; // Interface is already enabled return secfalse; // Interface is already enabled
} }
usb_vcp_descriptor_block_t *d = usb_desc_alloc_iface(sizeof(usb_vcp_descriptor_block_t)); usb_vcp_descriptor_block_t *d = usb_desc_alloc_iface(sizeof(usb_vcp_descriptor_block_t));
if (d == NULL) { if (d == NULL) {
return false; // Not enough space in the configuration descriptor return secfalse; // Not enough space in the configuration descriptor
} }
if ((info->ep_cmd & USB_EP_DIR_MSK) != USB_EP_DIR_IN) { if ((info->ep_cmd & USB_EP_DIR_MSK) != USB_EP_DIR_IN) {
return false; // IN CMD EP is invalid return secfalse; // IN CMD EP is invalid
} }
if ((info->ep_in & USB_EP_DIR_MSK) != USB_EP_DIR_IN) { if ((info->ep_in & USB_EP_DIR_MSK) != USB_EP_DIR_IN) {
return false; // IN EP is invalid return secfalse; // IN EP is invalid
} }
if ((info->ep_out & USB_EP_DIR_MSK) != USB_EP_DIR_OUT) { if ((info->ep_out & USB_EP_DIR_MSK) != USB_EP_DIR_OUT) {
return false; // OUT EP is invalid return secfalse; // OUT EP is invalid
} }
if ((info->rx_buffer_len == 0) || (info->rx_buffer_len & (info->rx_buffer_len - 1)) != 0) { if ((info->rx_buffer_len == 0) || (info->rx_buffer_len & (info->rx_buffer_len - 1)) != 0) {
return false; // Capacity needs to be a power of 2 return secfalse; // Capacity needs to be a power of 2
} }
if ((info->tx_buffer_len == 0) || (info->tx_buffer_len & (info->tx_buffer_len - 1)) != 0) { if ((info->tx_buffer_len == 0) || (info->tx_buffer_len & (info->tx_buffer_len - 1)) != 0) {
return false; // Capacity needs to be a power of 2 return secfalse; // Capacity needs to be a power of 2
} }
if (info->rx_buffer == NULL) { if (info->rx_buffer == NULL) {
return false; return secfalse;
} }
if (info->rx_packet == NULL) { if (info->rx_packet == NULL) {
return false; return secfalse;
} }
if (info->tx_buffer == NULL) { if (info->tx_buffer == NULL) {
return false; return secfalse;
} }
if (info->tx_packet == NULL) { if (info->tx_packet == NULL) {
return false; return secfalse;
} }
// Interface association descriptor // Interface association descriptor
@ -205,7 +205,7 @@ bool usb_vcp_add(const usb_vcp_info_t *info) {
iface->vcp.ep_in_is_idle = 1; iface->vcp.ep_in_is_idle = 1;
return true; return sectrue;
} }
static inline size_t ring_length(usb_rbuf_t *b) { static inline size_t ring_length(usb_rbuf_t *b) {
@ -220,32 +220,32 @@ static inline int ring_full(usb_rbuf_t *b) {
return ring_length(b) == b->cap; return ring_length(b) == b->cap;
} }
bool usb_vcp_can_read(uint8_t iface_num) { secbool usb_vcp_can_read(uint8_t iface_num) {
usb_iface_t *iface = usb_get_iface(iface_num); usb_iface_t *iface = usb_get_iface(iface_num);
if (iface == NULL) { if (iface == NULL) {
return false; // Invalid interface number return secfalse; // Invalid interface number
} }
if (iface->type != USB_IFACE_TYPE_VCP) { if (iface->type != USB_IFACE_TYPE_VCP) {
return false; // Invalid interface type return secfalse; // Invalid interface type
} }
if (ring_empty(&iface->vcp.rx_ring)) { if (ring_empty(&iface->vcp.rx_ring)) {
return false; // Nothing in the rx buffer return secfalse; // Nothing in the rx buffer
} }
return true; return sectrue;
} }
bool usb_vcp_can_write(uint8_t iface_num) { secbool usb_vcp_can_write(uint8_t iface_num) {
usb_iface_t *iface = usb_get_iface(iface_num); usb_iface_t *iface = usb_get_iface(iface_num);
if (iface == NULL) { if (iface == NULL) {
return false; // Invalid interface number return secfalse; // Invalid interface number
} }
if (iface->type != USB_IFACE_TYPE_VCP) { if (iface->type != USB_IFACE_TYPE_VCP) {
return false; // Invalid interface type return secfalse; // Invalid interface type
} }
if (ring_full(&iface->vcp.tx_ring)) { if (ring_full(&iface->vcp.tx_ring)) {
return false; // Tx ring buffer is full return secfalse; // Tx ring buffer is full
} }
return true; return sectrue;
} }
int usb_vcp_read(uint8_t iface_num, uint8_t *buf, uint32_t len) { int usb_vcp_read(uint8_t iface_num, uint8_t *buf, uint32_t len) {

View File

@ -1,8 +1,10 @@
#ifndef __TREZORUNIX_COMMON_H__ #ifndef __TREZORUNIX_COMMON_H__
#define __TREZORUNIX_COMMON_H__ #define __TREZORUNIX_COMMON_H__
#include "../trezorhal/secbool.h"
void __attribute__((noreturn)) __fatal_error(const char *expr, const char *msg, const char *file, int line, const char *func); void __attribute__((noreturn)) __fatal_error(const char *expr, const char *msg, const char *file, int line, const char *func);
#define ensure(expr, msg) ((expr) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__)) #define ensure(expr, msg) (((expr) == sectrue) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__))
#endif #endif