refactor(core/embed): improve bootuils api

[no changelog]
2024-11-14 03:30:02 +00:00 · 2024-08-16 13:33:58 +02:00 · 2024-08-16 13:33:58 +02:00 · f8a2a980e8
commit f8a2a980e8
parent c56d6f1276
8 changed files with 35 additions and 26 deletions
--- a/core/embed/extmod/modtrezorutils/modtrezorutils.c
+++ b/core/embed/extmod/modtrezorutils/modtrezorutils.c
@ -308,7 +308,7 @@ STATIC mp_obj_t mod_trezorutils_reboot_to_bootloader(size_t n_args,
  }

  bootargs_set(boot_command, boot_args.buf, boot_args.len);
-  svc_reboot_to_bootloader();
+  reboot_to_bootloader();
 #endif
  return mp_const_none;
 }
--- a/core/embed/lib/error_handling.c
+++ b/core/embed/lib/error_handling.c
@ -58,7 +58,7 @@ error_shutdown_ex(const char *title, const char *message, const char *footer) {
  }
  term_printf("\n%s\n", footer);
  display_backlight(255);
-  trezor_shutdown();
+  secure_shutdown();
 #endif
 }

@ -99,7 +99,7 @@ __fatal_error(const char *msg, const char *file, int line) {
 #endif
  term_printf("\nPlease contact Trezor support.\n");
  display_backlight(255);
-  trezor_shutdown();
+  secure_shutdown();
 #endif
 }

--- a/core/embed/prodtest/main.c
+++ b/core/embed/prodtest/main.c
@ -763,7 +763,7 @@ static void test_otp_write_device_variant(const char *args) {
  vcp_println("OK");
 }

-static void test_reboot(void) { svc_reboot(); }
+static void test_reboot(void) { reboot(); }

 void cpuid_read(void) {
  uint32_t cpuid[3];
--- a/core/embed/rust/src/trezorhal/fatal_error.rs
+++ b/core/embed/rust/src/trezorhal/fatal_error.rs
@ -1,7 +1,7 @@
 mod ffi {
    extern "C" {
-        // trezorhal/common.c
-        pub fn trezor_shutdown() -> !;
+        // trezorhal/bootuils.c
+        pub fn secure_shutdown() -> !;
    }
 }

@ -11,7 +11,7 @@ use crate::ui::{
 };

 fn shutdown() -> ! {
-    unsafe { ffi::trezor_shutdown() }
+    unsafe { ffi::secure_shutdown() }
 }

 /// Shows an error message and shuts down the device.
--- a/core/embed/trezorhal/bootutils.h
+++ b/core/embed/trezorhal/bootutils.h
@ -4,7 +4,7 @@
 #include <stddef.h>
 #include <stdint.h>

-// Defines boot command for 'svc_reboot_to_bootloader()' function
+// Defines boot command for 'reboot_to_bootloader()' function
 typedef enum {
  // Normal boot sequence
  BOOT_COMMAND_NONE = 0x00000000,
@ -36,8 +36,15 @@ boot_command_t bootargs_get_command();
 // Returns the pointer to boot arguments
 const boot_args_t* bootargs_get_args();

-void __attribute__((noreturn)) trezor_shutdown(void);
-void __attribute__((noreturn)) svc_reboot_to_bootloader(void);
-void __attribute__((noreturn)) svc_reboot(void);
+// Reboots the device into the bootloader.
+// The bootloader will read the command set by `bootargs_set()`.
+void __attribute__((noreturn)) reboot_to_bootloader(void);
+
+// Causes immediate reset of the device.
+void __attribute__((noreturn)) reboot(void);
+
+// Safely shuts down the device (clears secrets, memory, etc.).
+// This function is called when the device is in an unrecoverable state.
+void __attribute__((noreturn)) secure_shutdown(void);

 #endif  // TREZORHAL_BOOTUTILS_H
--- a/core/embed/trezorhal/stm32f4/bootutils.c
+++ b/core/embed/trezorhal/stm32f4/bootutils.c
@ -11,13 +11,13 @@
 // to the bootloader.
 // 1. In the bootloader, its value is set in the startup code.
 // 2. In the firmware it holds command for the next boot and it is used
-//    when svc_reboot_to_bootloader() is called
+//    when reboot_to_bootloader() is called
 boot_command_t g_boot_command_shadow;

 #ifdef STM32U5
 // The 'g_boot_command' is persistent variable that holds the 'command'
 // for the next reboot/jump to the bootloader. Its value is set to
-// g_boot_command_shadow when 'svc_reboot_to_bootloader()' is called.
+// g_boot_command_shadow when 'reboot_to_bootloader()' is called.
 boot_command_t __attribute__((section(".boot_command"))) g_boot_command;
 #endif

@ -47,7 +47,7 @@ boot_command_t bootargs_get_command() { return g_boot_command_shadow; }

 const boot_args_t* bootargs_get_args() { return &g_boot_args; }

-void __attribute__((noreturn)) trezor_shutdown(void) {
+void __attribute__((noreturn)) secure_shutdown(void) {
  display_deinit(DISPLAY_RETAIN_CONTENT);

 #if defined(STM32U5)
@ -63,7 +63,7 @@ void __attribute__((noreturn)) trezor_shutdown(void) {
    ;
 }

-void svc_reboot_to_bootloader(void) {
+void reboot_to_bootloader(void) {
  boot_command_t boot_command = bootargs_get_command();
  display_deinit(DISPLAY_RESET_CONTENT);
 #ifdef ENSURE_COMPATIBLE_SETTINGS
@ -83,4 +83,4 @@ void svc_reboot_to_bootloader(void) {
 #endif
 }

-void svc_reboot(void) { NVIC_SystemReset(); }
+void reboot(void) { NVIC_SystemReset(); }
--- a/core/embed/trezorhal/unix/bootutils.c
+++ b/core/embed/trezorhal/unix/bootutils.c
@ -1,6 +1,8 @@

 #include "../bootutils.h"
 #include <common.h>
+#include <stdio.h>
+#include <stdlib.h>
 #include <string.h>

 // The 'g_boot_command_shadow' variable stores the 'command' for the next
@ -42,3 +44,13 @@ void bootargs_clear() {
 boot_command_t bootargs_get_command() { return g_boot_command_shadow; }

 const boot_args_t* bootargs_get_args() { return &g_boot_args; }
+
+void __attribute__((noreturn)) secure_shutdown(void) {
+  printf("SHUTDOWN\n");
+
+  // Wait some time to let the user see the displayed
+  // message before shutting down
+  hal_delay(3000);
+
+  exit(3);
+}
--- a/core/embed/trezorhal/unix/common.c
+++ b/core/embed/trezorhal/unix/common.c
@ -30,16 +30,6 @@

 void __attribute__((noreturn)) main_clean_exit();

-void __attribute__((noreturn)) trezor_shutdown(void) {
-  printf("SHUTDOWN\n");
-
-  // Wait some time to let the user see the displayed
-  // message before shutting down
-  hal_delay(3000);
-
-  exit(3);
-}
-
 static int SDLCALL emulator_event_filter(void *userdata, SDL_Event *event) {
  switch (event->type) {
    case SDL_QUIT: