Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(core): refactore trustzone initialization #3398

Merged
merged 1 commit into from
Nov 15, 2023
Merged

chore(core): refactore trustzone initialization #3398

merged 1 commit into from
Nov 15, 2023

Conversation

cepetr
Copy link
Contributor

@cepetr cepetr commented Nov 13, 2023

This pull request focuses on implementing a minimalistic initialization of TrustZone on the STM32U5 in the board loader:

  1. The SAU (Security Attribution Unit) remains uninitialized, ensuring that all memory space is secured
  2. The FPU is enabled in both secured and unsecured modes
  3. FLASH controller per-page settings are utilized to configure all flash pages as secured and unprivileged
  4. GTZC MPCBB block and sets all SRAM blocks are configured as secured and unprivileged
  5. All peripherals are set to be secured & unprivileged

Note: The option bytes for the Flash secure watermark have been modified. As a result, only the first 64KB of FLASH memory is initially marked as secure after a reboot. Subsequently, in step 3 of the initialization process, the remaining FLASH memory is designated as secure.

@cepetr cepetr requested a review from prusnak as a code owner November 13, 2023 16:01
@cepetr cepetr changed the title chore(core): refacore trustzone initialization chore(core): refactore trustzone initialization Nov 14, 2023
TychoVrahe
TychoVrahe reviewed Nov 14, 2023
View reviewed changes
Copy link
Contributor

@TychoVrahe TychoVrahe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just few minor nits

core/embed/boardloader/main.c Outdated Show resolved Hide resolved
core/embed/trezorhal/stm32u5/trustzone.c Outdated Show resolved Hide resolved
core/embed/trezorhal/stm32u5/trustzone.c Outdated Show resolved Hide resolved
core/embed/trezorhal/stm32u5/trustzone.c Outdated Show resolved Hide resolved
@cepetr cepetr force-pushed the cepetr/u5/trustzone-refactor branch from 45e99fe to 8ceb837 Compare November 14, 2023 13:37
@cepetr cepetr force-pushed the cepetr/u5/trustzone-refactor branch from 8ceb837 to f285c41 Compare November 14, 2023 15:13
Base automatically changed from cepetr/u5/mpu-refactor to tychovrahe/u5/basic_support November 15, 2023 08:19
@TychoVrahe TychoVrahe merged commit 2b714cc into tychovrahe/u5/basic_support Nov 15, 2023
7 of 9 checks passed
@TychoVrahe TychoVrahe deleted the cepetr/u5/trustzone-refactor branch November 15, 2023 09:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TychoVrahe TychoVrahe TychoVrahe left review comments

@prusnak prusnak Awaiting requested review from prusnak

Assignees

@cepetr cepetr

Labels
None yet
Projects
Firmware
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cepetr @TychoVrahe