Skip to content

Commit 16887c6

Browse files
authored
Merge pull request #665 from danielinux/armored-tz-fixes
Improve ARMORED code + minor fixes
2 parents e380365 + 847f1f1 commit 16887c6

7 files changed

Lines changed: 699 additions & 187 deletions

File tree

config/examples/stm32l5-wolfcrypt-tz.config

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,3 +31,6 @@ FLAGS_HOME=0
3131
DISABLE_BACKUP=0
3232
WOLFCRYPT_TZ=1
3333
WOLFCRYPT_TZ_PKCS11=1
34+
35+
# Use a larger image header size to enforce alignment requirements for the interrupt vector table
36+
IMAGE_HEADER_SIZE?=1024

hal/stm32_tz.c

Lines changed: 12 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -95,9 +95,7 @@ static int is_range_nonsecure(uint32_t address, int len)
9595
void hal_tz_claim_nonsecure_area(uint32_t address, int len)
9696
{
9797
int page_n, reg_idx;
98-
uint32_t reg;
9998
uint32_t end = address + len;
100-
uint32_t start_address = address;
10199
uint32_t start_page_n;
102100
uint32_t bank = 0;
103101
int pos;
@@ -124,39 +122,14 @@ void hal_tz_claim_nonsecure_area(uint32_t address, int len)
124122
hal_flash_wait_complete(bank);
125123
hal_flash_clear_errors(bank);
126124
if (bank == 0)
127-
FLASH_SECBB1[reg_idx] |= ( 1 << pos);
125+
FLASH_SECBB1[reg_idx] |= (1u << pos);
128126
else
129-
FLASH_SECBB2[reg_idx] |= ( 1 << pos);
127+
FLASH_SECBB2[reg_idx] |= (1u << pos);
130128
ISB();
131129
hal_flash_wait_complete(bank);
132130
address += FLASH_PAGE_SIZE;
133131
page_n++;
134132
}
135-
address = start_address;
136-
page_n = start_page_n;
137-
while (address < end) {
138-
/* Erase claimed non-secure page, in secure mode */
139-
#ifndef TARGET_stm32h5
140-
reg = FLASH_CR & (~((FLASH_CR_PNB_MASK << FLASH_CR_PNB_SHIFT) | FLASH_CR_PER | FLASH_CR_BKER | FLASH_CR_PG | FLASH_CR_MER1 | FLASH_CR_MER2));
141-
FLASH_CR = reg | ((page_n << FLASH_CR_PNB_SHIFT) | FLASH_CR_PER);
142-
#else
143-
reg = FLASH_CR & (~((FLASH_CR_PNB_MASK << FLASH_CR_PNB_SHIFT) | FLASH_CR_SER | FLASH_CR_BER | FLASH_CR_PG | FLASH_CR_MER | FLASH_CR_BKSEL));
144-
FLASH_CR = reg | ((page_n << FLASH_CR_PNB_SHIFT) | FLASH_CR_SER | (bank << 31));
145-
#endif
146-
147-
DMB();
148-
ISB();
149-
FLASH_CR |= FLASH_CR_STRT;
150-
ISB();
151-
hal_flash_wait_complete(bank);
152-
address += FLASH_PAGE_SIZE;
153-
page_n++;
154-
}
155-
#ifndef TARGET_stm32h5
156-
FLASH_CR &= ~FLASH_CR_PER ;
157-
#else
158-
FLASH_CR &= ~FLASH_CR_SER ;
159-
#endif
160133
}
161134
#else
162135
#define claim_nonsecure_area(...) do{}while(0)
@@ -295,32 +268,24 @@ void hal_gtzc_init(void)
295268

296269
void hal_tz_sau_init(void)
297270
{
298-
/* SAU is set up before staging. Set up all areas as secure. */
271+
/* SAU is set up before staging. Define non-secure windows only. */
299272

300273
/* Non-secure callable: NSC functions area */
301274
sau_init_region(0, WOLFBOOT_NSC_ADDRESS,
302275
WOLFBOOT_NSC_ADDRESS + WOLFBOOT_NSC_SIZE - 1, 1);
303276

304-
/* Secure: application flash area (first bank) */
305-
sau_init_region(1, WOLFBOOT_PARTITION_BOOT_ADDRESS, FLASH_BANK2_BASE - 1, 0);
306-
307-
/* Secure: application flash area (second bank) */
308-
sau_init_region(2, WOLFBOOT_PARTITION_UPDATE_ADDRESS, FLASH_TOP, 0);
309-
310-
/* Secure RAM regions in SRAM1/SRAM2 */
311-
sau_init_region(3, 0x30000000, 0x3004FFFF, 1);
277+
/* Non-secure flash alias (boot partition only) */
278+
sau_init_region(1, WOLFBOOT_PARTITION_BOOT_ADDRESS,
279+
WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE - 1, 0);
312280

313-
/* Non-secure RAM region in SRAM3 */
314-
sau_init_region(4, 0x20050000, 0x2008FFFF, 0);
281+
/* Non-secure RAM region */
282+
sau_init_region(2, 0x20050000, 0x2008FFFF, 0);
315283

316284
/* Non-secure: internal peripherals */
317-
sau_init_region(5, 0x40000000, 0x4FFFFFFF, 0);
318-
319-
/* Secure mapped peripherals */
320-
sau_init_region(6, 0x50000000, 0x5FFFFFFF, 1);
285+
sau_init_region(3, 0x40000000, 0x4FFFFFFF, 0);
321286

322287
/* Set as non-secure: OTP + RO area */
323-
sau_init_region(7, 0x08FFF000, 0x08FFFFFF, 0);
288+
sau_init_region(4, 0x08FFF000, 0x08FFFFFF, 0);
324289

325290
/* Enable SAU */
326291
SAU_CTRL = SAU_INIT_CTRL_ENABLE;
@@ -336,9 +301,9 @@ void hal_tz_sau_init(void)
336301
sau_init_region(0, WOLFBOOT_NSC_ADDRESS,
337302
WOLFBOOT_NSC_ADDRESS + WOLFBOOT_NSC_SIZE - 1, 1);
338303

339-
/* Non-secure: application flash area */
304+
/* Non-secure: application flash area (boot partition only) */
340305
sau_init_region(1, WOLFBOOT_PARTITION_BOOT_ADDRESS,
341-
WOLFBOOT_PARTITION_BOOT_ADDRESS + 2 * WOLFBOOT_PARTITION_SIZE - 1,
306+
WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE - 1,
342307
0);
343308

344309
/* Non-secure RAM region in SRAM1/SRAM2 */
@@ -371,7 +336,6 @@ void hal_tz_sau_init(void)
371336
#define TRNG_CR_CONFIG1_SHIFT (20)
372337
#define TRNG_CR_CONDRST (1 << 30)
373338

374-
375339
static void hsi48_on(void)
376340
{
377341

@@ -435,4 +399,3 @@ int hal_trng_get_entropy(unsigned char *out, unsigned len)
435399
}
436400

437401
#endif
438-

hal/stm32l5.c

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525

2626
#include "hal.h"
2727
#include "hal/stm32l5.h"
28+
#include "printf.h"
2829

2930

3031
static void RAMFUNCTION flash_set_waitstates(unsigned int waitstates)
@@ -146,12 +147,18 @@ void RAMFUNCTION hal_flash_opt_lock(void)
146147
FLASH_CR |= FLASH_CR_OPTLOCK;
147148
}
148149

149-
150150
int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
151151
{
152152
uint32_t end_address;
153153
uint32_t p;
154154

155+
if (address < WOLFBOOT_PARTITION_BOOT_ADDRESS) {
156+
wolfBoot_printf("hal_flash_erase: addr=0x%08x len=%d (below boot)\n",
157+
address, len);
158+
} else {
159+
wolfBoot_printf("hal_flash_erase: addr=0x%08x len=%d\n", address, len);
160+
}
161+
155162
hal_flash_clear_errors(0);
156163
if (len == 0)
157164
return -1;
@@ -170,10 +177,6 @@ int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
170177
}
171178
else if(p >= (FLASH_BANK2_BASE) && (p <= (FLASH_TOP) ))
172179
{
173-
#if TZ_SECURE()
174-
/* When in secure mode, skip erasing non-secure pages: will be erased upon claim */
175-
return 0;
176-
#endif
177180
bker = FLASH_CR_BKER;
178181
base = FLASH_BANK2_BASE;
179182
} else {
@@ -412,4 +415,3 @@ void hal_prepare_boot(void)
412415
periph_unsecure();
413416
#endif
414417
}
415-

0 commit comments

Comments
 (0)