chore(core): refacore trustzone initialization

trezor · Nov 13, 2023 · 71ea72d · 71ea72d
1 parent dea90d4
commit 71ea72d
Show file tree

Hide file tree

Showing 5 changed files with 144 additions and 773 deletions.
diff --git a/core/embed/boardloader/main.c b/core/embed/boardloader/main.c
@@ -252,17 +252,16 @@ int main(void) {
   clear_otg_hs_memory();
 #endif
 
+#ifdef STM32U5
+  trustzone_init_boardloader();
+#endif
+
   mpu_config_boardloader();
 
 #ifdef USE_SDRAM
   sdram_init();
 #endif
 
-#ifdef STM32U5
-  trustzone_init();
-  trustzone_run();
-#endif
-
 #ifdef USE_SDRAM
   sdram_init();
 #endif

diff --git a/core/embed/trezorhal/stm32u5/lowlevel.c b/core/embed/trezorhal/stm32u5/lowlevel.c
@@ -50,15 +50,15 @@
 #if defined STM32U5A9xx | defined STM32U5G9xx
 #define SEC_AREA_1_PAGE_START 0
 #define HDP_AREA_1_PAGE_END 1
-#define SEC_AREA_1_PAGE_END 0xFF
-#define SEC_AREA_2_PAGE_START 0
-#define SEC_AREA_2_PAGE_END 0xFF
+#define SEC_AREA_1_PAGE_END 0x07
+#define SEC_AREA_2_PAGE_START 0xFF
+#define SEC_AREA_2_PAGE_END 0x00
 #elif define STM32U585xx
 #define SEC_AREA_1_PAGE_START 0
 #define HDP_AREA_1_PAGE_END 1
-#define SEC_AREA_1_PAGE_END 0x7F
-#define SEC_AREA_2_PAGE_START 0
-#define SEC_AREA_2_PAGE_END 0x7F
+#define SEC_AREA_1_PAGE_END 0x07
+#define SEC_AREA_2_PAGE_START 0x7F
+#define SEC_AREA_2_PAGE_END 0x00
 #else
 #error Unknown MCU
 #endif

diff --git a/core/embed/trezorhal/stm32u5/mpu.c b/core/embed/trezorhal/stm32u5/mpu.c
@@ -122,21 +122,20 @@ static void mpu_set_attributes() {
 #define SIZE_4M (4 * 1024 * 1024)
 #define SIZE_16M (16 * 1024 * 1024)
 #define SIZE_256M (256 * 1024 * 1024)
-#define SIZE_512M (512 * 1024 * 1024)
 
 void mpu_config_boardloader() {
   HAL_MPU_Disable();
   mpu_set_attributes();
   // clang-format off
-  //   REGION    ADDRESS                   SIZE                TYPE       WRITE   UNPRIV 
-  SET_REGION( 0, FLASH_BASE_S,             SIZE_16K,           FLASH_DATA,  YES,   YES ); // Secret 
-  SET_REGION( 1, FLASH_BASE_S + SIZE_16K,  SIZE_48K,           FLASH_CODE,   NO,   YES ); // Boardloader code 
-  SET_REGION( 2, FLASH_BASE_S + SIZE_64K,  SIZE_4032K,         FLASH_DATA,  YES,   YES ); // Bootloader + Storage + Firmware 
-  SET_REGION( 3, SRAM1_BASE_S,             SIZE_768K,          SRAM,        YES,   YES ); // SRAM1 
-  SET_REGION( 4, SRAM2_BASE_S + 0x100,     SIZE_1728K - 0x100, SRAM,        YES,   YES ); // SRAM2/3/5 + stack guard 
-  SET_REGION( 5, GFXMMU_BUFFERS_S,         SIZE_16M,           SRAM,        YES,   YES ); // Frame buffer 
-  SET_REGION( 6, PERIPH_BASE_S,            SIZE_256M,          PERIPHERAL,  YES,   YES ); // Peripherals
-  SET_REGION( 7, FLASH_BASE_NS,            SIZE_4M,            FLASH_DATA,  YES,   YES ); //
+  //   REGION    ADDRESS                   SIZE                TYPE       WRITE   UNPRIV
+  SET_REGION( 0, FLASH_BASE_S,             SIZE_16K,           FLASH_DATA,  YES,    NO ); // Secret
+  SET_REGION( 1, FLASH_BASE_S + SIZE_16K,  SIZE_48K,           FLASH_CODE,   NO,    NO ); // Boardloader code
+  SET_REGION( 2, FLASH_BASE_S + SIZE_64K,  SIZE_4032K,         FLASH_DATA,  YES,    NO ); // Bootloader + Storage + Firmware
+  SET_REGION( 3, SRAM1_BASE_S,             SIZE_768K,          SRAM,        YES,    NO ); // SRAM1
+  SET_REGION( 4, SRAM2_BASE_S + 0x100,     SIZE_1728K - 0x100, SRAM,        YES,    NO ); // SRAM2/3/5 + stack guard
+  SET_REGION( 5, GFXMMU_BUFFERS_S,         SIZE_16M,           SRAM,        YES,    NO ); // Frame buffer
+  SET_REGION( 6, PERIPH_BASE_S,            SIZE_256M,          PERIPHERAL,  YES,    NO ); // Peripherals
+  DIS_REGION( 7 );
   // clang-format on
   HAL_MPU_Enable(LL_MPU_CTRL_HARDFAULT_NMI);
 }
@@ -145,15 +144,15 @@ void mpu_config_bootloader() {
   HAL_MPU_Disable();
   mpu_set_attributes();
   // clang-format off
-  //   REGION    ADDRESS                   SIZE                TYPE       WRITE   UNPRIV 
-  SET_REGION( 0, FLASH_BASE_S,             SIZE_64K,           FLASH_DATA,  YES,   YES ); // Secret + Boardloader
-  SET_REGION( 1, FLASH_BASE_S + SIZE_64K,  SIZE_128K,          FLASH_CODE,  NO,    YES ); // Bootloader code
-  SET_REGION( 2, FLASH_BASE_S + SIZE_192K, SIZE_3904K,         FLASH_DATA,  YES,   YES ); // Storage + Firmware
-  SET_REGION( 3, SRAM1_BASE_S,             SIZE_768K,          SRAM,        YES,   YES ); // SRAM1 
-  SET_REGION( 4, SRAM2_BASE_S + 0x100,     SIZE_1728K - 0x100, SRAM,        YES,   YES ); // SRAM2/3/5 + stack guard 
-  SET_REGION( 5, GFXMMU_BUFFERS_S,         SIZE_16M,           SRAM,        YES,   YES ); // Frame buffer 
-  SET_REGION( 6, PERIPH_BASE_S,            SIZE_256M,          PERIPHERAL,  YES,   YES ); // Peripherals 
-  SET_REGION( 7, FLASH_OTP_BASE,           FLASH_OTP_SIZE,     FLASH_DATA,  YES,   YES ); // OTP
+  //   REGION    ADDRESS                   SIZE                TYPE       WRITE   UNPRIV
+  SET_REGION( 0, FLASH_BASE_S,             SIZE_64K,           FLASH_DATA,  YES,    NO ); // Secret + Boardloader
+  SET_REGION( 1, FLASH_BASE_S + SIZE_64K,  SIZE_128K,          FLASH_CODE,  NO,     NO ); // Bootloader code
+  SET_REGION( 2, FLASH_BASE_S + SIZE_192K, SIZE_3904K,         FLASH_DATA,  YES,    NO ); // Storage + Firmware
+  SET_REGION( 3, SRAM1_BASE_S,             SIZE_768K,          SRAM,        YES,    NO ); // SRAM1
+  SET_REGION( 4, SRAM2_BASE_S + 0x100,     SIZE_1728K - 0x100, SRAM,        YES,    NO ); // SRAM2/3/5 + stack guard
+  SET_REGION( 5, GFXMMU_BUFFERS_S,         SIZE_16M,           SRAM,        YES,    NO ); // Frame buffer
+  SET_REGION( 6, PERIPH_BASE_S,            SIZE_256M,          PERIPHERAL,  YES,    NO ); // Peripherals
+  SET_REGION( 7, FLASH_OTP_BASE,           FLASH_OTP_SIZE,     FLASH_DATA,  YES,    NO ); // OTP
   // clang-format on
   HAL_MPU_Enable(LL_MPU_CTRL_HARDFAULT_NMI);
 }
@@ -162,13 +161,13 @@ void mpu_config_firmware() {
   HAL_MPU_Disable();
   mpu_set_attributes();
   // clang-format off
-  //   REGION    ADDRESS                   SIZE                TYPE       WRITE   UNPRIV 
-  SET_REGION( 0, FLASH_BASE_S + SIZE_192K, SIZE_128K,          FLASH_DATA,  YES,   YES ); // Storage 
-  SET_REGION( 1, FLASH_BASE_S + SIZE_320K, SIZE_3776K,         FLASH_CODE,   NO,   YES ); // Firmware 
-  SET_REGION( 2, SRAM1_BASE_S,             SIZE_768K,          SRAM,        YES,   YES ); // SRAM1 
+  //   REGION    ADDRESS                   SIZE                TYPE       WRITE   UNPRIV
+  SET_REGION( 0, FLASH_BASE_S + SIZE_192K, SIZE_128K,          FLASH_DATA,  YES,   YES ); // Storage
+  SET_REGION( 1, FLASH_BASE_S + SIZE_320K, SIZE_3776K,         FLASH_CODE,   NO,   YES ); // Firmware
+  SET_REGION( 2, SRAM1_BASE_S,             SIZE_768K,          SRAM,        YES,   YES ); // SRAM1
   SET_REGION( 3, SRAM2_BASE_S + 0x100,     SIZE_1728K - 0x100, SRAM,        YES,   YES ); // SRAM2/3/5 + stack guard
-  SET_REGION( 4, GFXMMU_BUFFERS_S,         SIZE_16M,           SRAM,        YES,   YES ); // Frame buffer 
-  SET_REGION( 5, PERIPH_BASE_S,            SIZE_256M,          PERIPHERAL,  YES,   YES ); // Peripherals 
+  SET_REGION( 4, GFXMMU_BUFFERS_S,         SIZE_16M,           SRAM,        YES,   YES ); // Frame buffer
+  SET_REGION( 5, PERIPH_BASE_S,            SIZE_256M,          PERIPHERAL,  YES,   YES ); // Peripherals
   SET_REGION( 6, FLASH_OTP_BASE,           FLASH_OTP_SIZE,     FLASH_DATA,  YES,   YES ); // OTP
   DIS_REGION( 7 );
   // clang-format on