mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-29 17:48:10 +00:00
510281590f
[no changelog]
334 lines
7.8 KiB
C
334 lines
7.8 KiB
C
/*
|
|
* This file is part of the Trezor project, https://trezor.io/
|
|
*
|
|
* Copyright (c) SatoshiLabs
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include STM32_HAL_H
|
|
|
|
#include <stdint.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
#include "py/builtin.h"
|
|
#include "py/compile.h"
|
|
#include "py/gc.h"
|
|
#include "py/mperrno.h"
|
|
#include "py/nlr.h"
|
|
#include "py/repl.h"
|
|
#include "py/runtime.h"
|
|
#include "py/stackctrl.h"
|
|
#include "shared/runtime/pyexec.h"
|
|
|
|
#include "ports/stm32/gccollect.h"
|
|
#include "ports/stm32/pendsv.h"
|
|
|
|
#include "bl_check.h"
|
|
#include "board_capabilities.h"
|
|
#include "common.h"
|
|
#include "compiler_traits.h"
|
|
#include "display.h"
|
|
#include "flash.h"
|
|
#include "image.h"
|
|
#include "memzero.h"
|
|
#include "model.h"
|
|
#include "mpu.h"
|
|
#include "random_delays.h"
|
|
|
|
#include TREZOR_BOARD
|
|
|
|
#ifdef USE_RGB_LED
|
|
#include "rgb_led.h"
|
|
#endif
|
|
#ifdef USE_CONSUMPTION_MASK
|
|
#include "consumption_mask.h"
|
|
#endif
|
|
#ifdef USE_DMA2D
|
|
#include "dma2d.h"
|
|
#endif
|
|
#ifdef USE_BUTTON
|
|
#include "button.h"
|
|
#endif
|
|
#ifdef USE_I2C
|
|
#include "i2c.h"
|
|
#endif
|
|
#ifdef USE_TOUCH
|
|
#include "touch.h"
|
|
#endif
|
|
#ifdef USE_SD_CARD
|
|
#include "sdcard.h"
|
|
#endif
|
|
#ifdef USE_OPTIGA
|
|
#include "optiga_commands.h"
|
|
#include "optiga_transport.h"
|
|
#include "secret.h"
|
|
#endif
|
|
#include "unit_variant.h"
|
|
|
|
#ifdef SYSTEM_VIEW
|
|
#include "systemview.h"
|
|
#endif
|
|
#include "platform.h"
|
|
#include "rng.h"
|
|
#include "supervise.h"
|
|
#ifdef USE_SECP256K1_ZKP
|
|
#include "zkp_context.h"
|
|
#endif
|
|
|
|
// from util.s
|
|
extern void shutdown_privileged(void);
|
|
|
|
int main(void) {
|
|
random_delays_init();
|
|
|
|
#ifdef RDI
|
|
rdi_start();
|
|
#endif
|
|
|
|
// reinitialize HAL for Trezor One
|
|
#if defined TREZOR_MODEL_1
|
|
HAL_Init();
|
|
#endif
|
|
|
|
collect_hw_entropy();
|
|
|
|
#ifdef SYSTEM_VIEW
|
|
enable_systemview();
|
|
#endif
|
|
|
|
display_reinit();
|
|
|
|
#if !defined TREZOR_MODEL_1
|
|
parse_boardloader_capabilities();
|
|
|
|
unit_variant_init();
|
|
|
|
#ifdef USE_OPTIGA
|
|
uint8_t secret[SECRET_OPTIGA_KEY_LEN] = {0};
|
|
secbool secret_ok =
|
|
secret_read(secret, SECRET_OPTIGA_KEY_OFFSET, SECRET_OPTIGA_KEY_LEN);
|
|
#endif
|
|
|
|
#if PRODUCTION || BOOTLOADER_QA
|
|
check_and_replace_bootloader();
|
|
#endif
|
|
// Enable MPU
|
|
mpu_config_firmware();
|
|
#endif
|
|
|
|
// Init peripherals
|
|
pendsv_init();
|
|
|
|
#ifdef USE_DMA2D
|
|
dma2d_init();
|
|
#endif
|
|
|
|
#if !PRODUCTION
|
|
// enable BUS fault and USAGE fault handlers
|
|
SCB->SHCSR |= (SCB_SHCSR_USGFAULTENA_Msk | SCB_SHCSR_BUSFAULTENA_Msk);
|
|
#endif
|
|
|
|
#if defined TREZOR_MODEL_T
|
|
set_core_clock(CLOCK_180_MHZ);
|
|
#endif
|
|
|
|
#ifdef USE_BUTTON
|
|
button_init();
|
|
#endif
|
|
|
|
#ifdef USE_RGB_LED
|
|
rgb_led_init();
|
|
#endif
|
|
|
|
#ifdef USE_CONSUMPTION_MASK
|
|
consumption_mask_init();
|
|
#endif
|
|
|
|
#ifdef USE_I2C
|
|
i2c_init();
|
|
#endif
|
|
|
|
#ifdef USE_TOUCH
|
|
touch_init();
|
|
#endif
|
|
|
|
#ifdef USE_SD_CARD
|
|
sdcard_init();
|
|
#endif
|
|
|
|
#ifdef USE_OPTIGA
|
|
optiga_init();
|
|
optiga_open_application();
|
|
if (sectrue == secret_ok) {
|
|
optiga_sec_chan_handshake(secret, sizeof(secret));
|
|
}
|
|
memzero(secret, sizeof(secret));
|
|
#endif
|
|
|
|
#if !defined TREZOR_MODEL_1
|
|
drop_privileges();
|
|
#endif
|
|
|
|
#ifdef USE_SECP256K1_ZKP
|
|
ensure(sectrue * (zkp_context_init() == 0), NULL);
|
|
#endif
|
|
|
|
printf("CORE: Preparing stack\n");
|
|
// Stack limit should be less than real stack size, so we have a chance
|
|
// to recover from limit hit.
|
|
mp_stack_set_top(&_estack);
|
|
mp_stack_set_limit((char *)&_estack - (char *)&_sstack - 1024);
|
|
|
|
#if MICROPY_ENABLE_PYSTACK
|
|
static mp_obj_t pystack[1024];
|
|
mp_pystack_init(pystack, &pystack[MP_ARRAY_SIZE(pystack)]);
|
|
#endif
|
|
|
|
// GC init
|
|
printf("CORE: Starting GC\n");
|
|
gc_init(&_heap_start, &_heap_end);
|
|
|
|
// Interpreter init
|
|
printf("CORE: Starting interpreter\n");
|
|
mp_init();
|
|
mp_obj_list_init(mp_sys_argv, 0);
|
|
mp_obj_list_init(mp_sys_path, 0);
|
|
mp_obj_list_append(mp_sys_path, MP_OBJ_NEW_QSTR(MP_QSTR__dot_frozen));
|
|
|
|
// Execute the main script
|
|
printf("CORE: Executing main script\n");
|
|
pyexec_frozen_module("main.py");
|
|
|
|
// Clean up
|
|
printf("CORE: Main script finished, cleaning up\n");
|
|
mp_deinit();
|
|
|
|
return 0;
|
|
}
|
|
|
|
// MicroPython default exception handler
|
|
|
|
void __attribute__((noreturn)) nlr_jump_fail(void *val) {
|
|
error_shutdown("INTERNAL ERROR", "(UE)");
|
|
}
|
|
|
|
// interrupt handlers
|
|
|
|
void NMI_Handler(void) {
|
|
// Clock Security System triggered NMI
|
|
if ((RCC->CIR & RCC_CIR_CSSF) != 0) {
|
|
error_shutdown("INTERNAL ERROR", "(CS)");
|
|
}
|
|
}
|
|
|
|
void HardFault_Handler(void) { error_shutdown("INTERNAL ERROR", "(HF)"); }
|
|
|
|
void MemManage_Handler_MM(void) { error_shutdown("INTERNAL ERROR", "(MM)"); }
|
|
|
|
void MemManage_Handler_SO(void) { error_shutdown("INTERNAL ERROR", "(SO)"); }
|
|
|
|
void BusFault_Handler(void) { error_shutdown("INTERNAL ERROR", "(BF)"); }
|
|
|
|
void UsageFault_Handler(void) { error_shutdown("INTERNAL ERROR", "(UF)"); }
|
|
|
|
__attribute__((noreturn)) void reboot_to_bootloader() {
|
|
mpu_config_bootloader();
|
|
jump_to_with_flag(BOOTLOADER_START + IMAGE_HEADER_SIZE,
|
|
STAY_IN_BOOTLOADER_FLAG);
|
|
for (;;)
|
|
;
|
|
}
|
|
|
|
void copy_image_header_for_bootloader(const uint8_t *image_header) {
|
|
memcpy(&firmware_header_start, image_header, IMAGE_HEADER_SIZE);
|
|
}
|
|
|
|
void SVC_C_Handler(uint32_t *stack) {
|
|
uint8_t svc_number = ((uint8_t *)stack[6])[-2];
|
|
bool clear_firmware_header = true;
|
|
switch (svc_number) {
|
|
case SVC_ENABLE_IRQ:
|
|
HAL_NVIC_EnableIRQ(stack[0]);
|
|
break;
|
|
case SVC_DISABLE_IRQ:
|
|
HAL_NVIC_DisableIRQ(stack[0]);
|
|
break;
|
|
case SVC_SET_PRIORITY:
|
|
NVIC_SetPriority(stack[0], stack[1]);
|
|
break;
|
|
#ifdef SYSTEM_VIEW
|
|
case SVC_GET_DWT_CYCCNT:
|
|
cyccnt_cycles = *DWT_CYCCNT_ADDR;
|
|
break;
|
|
#endif
|
|
case SVC_SHUTDOWN:
|
|
shutdown_privileged();
|
|
for (;;)
|
|
;
|
|
break;
|
|
case SVC_REBOOT_COPY_IMAGE_HEADER:
|
|
copy_image_header_for_bootloader((uint8_t *)stack[0]);
|
|
clear_firmware_header = false;
|
|
// break is omitted here because we want to continue to reboot below
|
|
case SVC_REBOOT_TO_BOOTLOADER:
|
|
// if not going from copy image header & reboot, clean preventively this
|
|
// part of CCMRAM
|
|
if (clear_firmware_header) {
|
|
explicit_bzero(&firmware_header_start, IMAGE_HEADER_SIZE);
|
|
}
|
|
|
|
ensure_compatible_settings();
|
|
|
|
__asm__ volatile("msr control, %0" ::"r"(0x0));
|
|
__asm__ volatile("isb");
|
|
// See stack layout in
|
|
// https://developer.arm.com/documentation/ka004005/latest We are changing
|
|
// return address in PC to land into reboot to avoid any bug with ROP and
|
|
// raising privileges.
|
|
stack[6] = (uintptr_t)reboot_to_bootloader;
|
|
return;
|
|
case SVC_GET_SYSTICK_VAL: {
|
|
systick_val_copy = SysTick->VAL;
|
|
} break;
|
|
default:
|
|
stack[0] = 0xffffffff;
|
|
break;
|
|
}
|
|
}
|
|
|
|
__attribute__((naked)) void SVC_Handler(void) {
|
|
__asm volatile(
|
|
" tst lr, #4 \n" // Test Bit 3 to see which stack pointer we should
|
|
// use.
|
|
" ite eq \n" // Tell the assembler that the nest 2 instructions
|
|
// are if-then-else
|
|
" mrseq r0, msp \n" // Make R0 point to main stack pointer
|
|
" mrsne r0, psp \n" // Make R0 point to process stack pointer
|
|
" b SVC_C_Handler \n" // Off to C land
|
|
);
|
|
}
|
|
|
|
// MicroPython builtin stubs
|
|
|
|
mp_import_stat_t mp_import_stat(const char *path) {
|
|
return MP_IMPORT_STAT_NO_EXIST;
|
|
}
|
|
|
|
mp_obj_t mp_builtin_open(uint n_args, const mp_obj_t *args, mp_map_t *kwargs) {
|
|
return mp_const_none;
|
|
}
|
|
MP_DEFINE_CONST_FUN_OBJ_KW(mp_builtin_open_obj, 1, mp_builtin_open);
|