fix(core): setup option bytes for STM32U5

[no changelog]

core/embed/bootloader/main.c

@@ -411,20 +411,6 @@ int bootloader_main(void) {
   set_core_clock(CLOCK_180_MHZ);
 #endif
 
-#ifdef STM32U5
-  if (sectrue != flash_configure_sec_area_ob()) {
-#ifdef STM32U5
-    secret_bhk_regenerate();
-#endif
-
-    const secbool r =
-        flash_area_erase_bulk(STORAGE_AREAS, STORAGE_AREAS_COUNT, NULL);
-    (void)r;
-    __disable_irq();
-    HAL_NVIC_SystemReset();
-  }
-#endif
-
 #ifdef USE_HASH_PROCESSOR
   hash_processor_init();
 #endif

core/embed/trezorhal/lowlevel.h

@@ -27,7 +27,6 @@ void flash_lock_option_bytes(void);
 void flash_unlock_option_bytes(void);
 uint32_t flash_set_option_bytes(void);
 secbool flash_configure_option_bytes(void);
-secbool flash_configure_sec_area_ob(void);
 void periph_init(void);
 secbool reset_flags_check(void);
 void reset_flags_reset(void);

core/embed/trezorhal/stm32u5/lowlevel.c

@@ -22,7 +22,6 @@
 #include "lowlevel.h"
 #include "common.h"
 #include "flash.h"
-#include "flash_otp.h"
 #include "model.h"
 #include TREZOR_BOARD
 
@@ -70,6 +69,13 @@
 #error Unknown MCU
 #endif
 
+#define WRP_LOCKED_VALUE                                       \
+  ((WRP_DEFAULT_VALUE &                                        \
+    ~(FLASH_WRP1AR_UNLOCK_Msk | FLASH_WRP1AR_WRP1A_PSTRT_Msk | \
+      FLASH_WRP1AR_WRP1A_PEND_Msk)) |                          \
+   (WANT_WRP_PAGE_START << FLASH_WRP1AR_WRP1A_PSTRT_Pos) |     \
+   (WANT_WRP_PAGE_END << FLASH_WRP1AR_WRP1A_PEND_Pos))
+
 #define FLASH_OPTR_VALUE                                                \
   (FLASH_OPTR_TZEN | FLASH_OPTR_PA15_PUPEN | FLASH_OPTR_nBOOT0 |        \
    FLASH_OPTR_SRAM3_ECC | FLASH_OPTR_BKPRAM_ECC | FLASH_OPTR_DUALBANK | \
@@ -129,9 +135,7 @@ secbool flash_check_option_bytes(void) {
   }
 
 #if PRODUCTION
-  // TODO error this wont work, need to add default/reset values
+  if (FLASH->WRP1AR != WRP_LOCKED_VALUE) {
-#error this wont work, need to add default/reset values
-  if (FLASH->WRP1AR != (WANT_WRP_PAGE_START | (WANT_WRP_PAGE_END << 16))) {
     return secfalse;
   }
 #else
@@ -150,6 +154,19 @@ secbool flash_check_option_bytes(void) {
     return secfalse;
   }
 
+  if (FLASH->SECWM1R1 != FLASH_SECWM1R1_VALUE) {
+    return secfalse;
+  }
+  if (FLASH->SECWM1R2 != FLASH_SECWM1R2_VALUE) {
+    return secfalse;
+  }
+  if (FLASH->SECWM2R1 != FLASH_SECWM2R1_VALUE) {
+    return secfalse;
+  }
+  if (FLASH->SECWM2R2 != FLASH_SECWM2R2_VALUE) {
+    return secfalse;
+  }
+
   return sectrue;
 }
 
@@ -177,19 +194,27 @@ uint32_t flash_set_option_bytes(void) {
   flash_unlock_option_bytes();
   flash_wait_and_clear_status_flags();
 
+  FLASH->SECBOOTADD0R = FALSH_SECBOOTADD0R_VALUE;
+
+  FLASH->SECWM1R1 = FLASH_SECWM1R1_VALUE;
+  FLASH->SECWM1R2 = FLASH_SECWM1R2_VALUE;
+
+  FLASH->SECWM2R1 = FLASH_SECWM2R1_VALUE;
+  FLASH->SECWM2R2 = FLASH_SECWM2R2_VALUE;
+
+#if PRODUCTION
+  FLASH->WRP1AR = WRP_LOCKED_VALUE;
+#else
+  FLASH->WRP1AR = WRP_DEFAULT_VALUE;
+#endif
+  FLASH->WRP1BR = WRP_DEFAULT_VALUE;
+  FLASH->WRP2AR = WRP_DEFAULT_VALUE;
+  FLASH->WRP2BR = WRP_DEFAULT_VALUE;
+
   FLASH->OPTR =
       FLASH_OPTR_VALUE;  // WARNING: dev board safe unless you compile for
   // PRODUCTION or change this value!!!
 
-  FLASH->SECBOOTADD0R = FALSH_SECBOOTADD0R_VALUE;
-
-#if PRODUCTION
-  FLASH->WRP1AR = WANT_WRP_PAGE_START | (WANT_WRP_PAGE_END << 16);
-  FLASH->WRP1BR = 0xFF00FFFF;
-  FLASH->WRP2AR = 0xFF00FFFF;
-  FLASH->WRP2BR = 0xFF00FFFF;
-#endif
-
   FLASH_WaitForLastOperation(HAL_MAX_DELAY);
 
   FLASH->NSCR |= FLASH_NSCR_OPTSTRT;
@@ -210,10 +235,8 @@ uint32_t flash_set_option_bytes(void) {
 }
 
 void check_oem_keys(void) {
-  ensure(((FLASH_S->NSSR & FLASH_NSSR_OEM1LOCK) == 0) * sectrue,
+  ensure(((FLASH->NSSR & FLASH_NSSR_OEM1LOCK) == 0) * sectrue, "OEM1 KEY SET");
-         "OEM1 KEY SET");
+  ensure(((FLASH->NSSR & FLASH_NSSR_OEM2LOCK) == 0) * sectrue, "OEM2 KEY SET");
-  ensure(((FLASH_S->NSSR & FLASH_NSSR_OEM2LOCK) == 0) * sectrue,
-         "OEM2 KEY SET");
 }
 
 secbool flash_configure_option_bytes(void) {
@@ -230,73 +253,6 @@ secbool flash_configure_option_bytes(void) {
   return secfalse;  // notify that we DID have to change the option bytes
 }
 
-secbool flash_check_sec_area_ob(void) {
-  flash_wait_and_clear_status_flags();
-  // check values stored in flash interface registers
-
-  if (FLASH->SECWM1R1 != FLASH_SECWM1R1_VALUE) {
-    return secfalse;
-  }
-  if (FLASH->SECWM1R2 != FLASH_SECWM1R2_VALUE) {
-    return secfalse;
-  }
-  if (FLASH->SECWM2R1 != FLASH_SECWM2R1_VALUE) {
-    return secfalse;
-  }
-  if (FLASH->SECWM2R2 != FLASH_SECWM2R2_VALUE) {
-    return secfalse;
-  }
-
-  return sectrue;
-}
-
-uint32_t flash_set_sec_area_ob(void) {
-  if (flash_unlock_write() != sectrue) {
-    return 0;
-  }
-  flash_wait_and_clear_status_flags();
-  flash_unlock_option_bytes();
-  flash_wait_and_clear_status_flags();
-
-  FLASH->SECWM1R1 = FLASH_SECWM1R1_VALUE;
-  FLASH->SECWM1R2 = FLASH_SECWM1R2_VALUE;
-
-  FLASH->SECWM2R1 = FLASH_SECWM2R1_VALUE;
-  FLASH->SECWM2R2 = FLASH_SECWM2R2_VALUE;
-
-  FLASH_WaitForLastOperation(HAL_MAX_DELAY);
-
-  FLASH->NSCR |= FLASH_NSCR_OPTSTRT;
-  uint32_t result =
-      flash_wait_and_clear_status_flags();  // wait until changes are committed
-
-  FLASH_WaitForLastOperation(HAL_MAX_DELAY);
-
-  FLASH->NSCR |= FLASH_NSCR_OBL_LAUNCH;  // begin committing changes to flash
-  result =
-      flash_wait_and_clear_status_flags();  // wait until changes are committed
-  flash_lock_option_bytes();
-
-  if (flash_lock_write() != sectrue) {
-    return 0;
-  }
-  return result;
-}
-
-secbool flash_configure_sec_area_ob(void) {
-  if (sectrue == flash_check_sec_area_ob()) {
-    return sectrue;  // we DID NOT have to change the option bytes
-  }
-
-  do {
-    flash_set_sec_area_ob();
-  } while (sectrue != flash_check_sec_area_ob());
-
-  check_oem_keys();
-
-  return secfalse;  // notify that we DID have to change the option bytes
-}
-
 void periph_init(void) {
   // STM32U5xx HAL library initialization:
   //  - configure the Flash prefetch, instruction and data caches