fix(core): fix optiga pairing issue

[no changelog]
trezor · Feb 7, 2025 · addf18a · addf18a
1 parent 061e712
commit addf18a
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 17 deletions.
diff --git a/core/embed/sys/startup/inc/sys/sysutils.h b/core/embed/sys/startup/inc/sys/sysutils.h
@@ -31,6 +31,7 @@ typedef void (*new_stack_callback_t)(uint32_t arg1, uint32_t arg2);
 // The function is intended to be used in special cases, like
 // emergency situations, where the current stack may be corrupted.
 __attribute((noreturn)) void call_with_new_stack(uint32_t arg1, uint32_t arg2,
+                                                 bool clear_bksram,
                                                  new_stack_callback_t callback);
 
 // Ensure that we are running in privileged thread mode.

diff --git a/core/embed/sys/startup/stm32/bootutils.c b/core/embed/sys/startup/stm32/bootutils.c
@@ -136,7 +136,7 @@ __attribute__((noreturn)) static void halt_device(void) {
 
   // Disable interrupts, MPU, clear all registers and set up a new stack
   // (on STM32U5 it also clear all CPU secrets and SRAM2).
-  call_with_new_stack(0, 0, halt_device_phase_2);
+  call_with_new_stack(0, 0, true, halt_device_phase_2);
 }
 #endif  // RSOD_INFINITE_LOOP
 
@@ -188,7 +188,7 @@ __attribute__((noreturn)) static void reboot_with_args(boot_command_t command,
 
   // Disable interrupts, MPU, clear all registers and set up a new stack
   // (on STM32U5 it also clear all CPU secrets and SRAM2).
-  call_with_new_stack(command, 0, reboot_with_args_phase_2);
+  call_with_new_stack(command, 0, true, reboot_with_args_phase_2);
 }
 
 __attribute__((noreturn)) void reboot_to_bootloader(void) {
@@ -247,7 +247,7 @@ void __attribute__((noreturn)) jump_to_next_stage(uint32_t vectbl_address) {
 
   // Disable interrupts, MPU, clear all registers and set up a new stack
   // (on STM32U5 it also clear all CPU secrets and SRAM2).
-  call_with_new_stack(vectbl_address, 0, jump_to_next_stage_phase_2);
+  call_with_new_stack(vectbl_address, 0, false, jump_to_next_stage_phase_2);
 }
 
 #endif  // KERNEL_MODE
diff --git a/core/embed/sys/startup/stm32/sysutils.c b/core/embed/sys/startup/stm32/sysutils.c
@@ -29,7 +29,8 @@
 #endif
 
 __attribute((naked, noreturn, no_stack_protector)) void call_with_new_stack(
-    uint32_t arg1, uint32_t arg2, new_stack_callback_t callback) {
+    uint32_t arg1, uint32_t arg2, bool clear_bksram,
+    new_stack_callback_t callback) {
   __asm__ volatile(
 
       // R0, R1, R2 are used for arguments
@@ -48,6 +49,8 @@ __attribute((naked, noreturn, no_stack_protector)) void call_with_new_stack(
 
 #ifdef STM32U5
   __asm__ volatile(
+      "CMP     R2, #0              \n"  // clear_bksram?
+      "BEQ     1f                  \n"
       // --------------------------------------------------------------
       // Delete all secrets and SRAM2 where stack is located.
       // SAES peripheral need to be disabled, so that we don't get
@@ -67,7 +70,7 @@ __attribute((naked, noreturn, no_stack_protector)) void call_with_new_stack(
       "LDR     R6, [R4]            \n"
       "ORR     R6, R6, R5          \n"
       "STR     R6, [R4]            \n"
-
+      "1:                          \n"
       :  // no output
       : [_RCC_AHB2ENR1] "i"(&RCC->AHB2ENR1),
         [_RCC_AHB2ENR1_SAESEN] "i"(RCC_AHB2ENR1_SAESEN),
@@ -107,16 +110,15 @@ __attribute((naked, noreturn, no_stack_protector)) void call_with_new_stack(
       // Clear all unused registers
       // --------------------------------------------------------------
 
-      "MOV     R3, #0              \n"
-      "MOV     R4, R3              \n"
-      "MOV     R5, R3              \n"
-      "MOV     R6, R3              \n"
-      "MOV     R7, R3              \n"
-      "MOV     R8, R3              \n"
-      "MOV     R9, R3              \n"
-      "MOV     R10, R3             \n"
-      "MOV     R11, R3             \n"
-      "MOV     R12, R3             \n"
+      "MOV     R4, #0              \n"
+      "MOV     R5, R4              \n"
+      "MOV     R6, R4              \n"
+      "MOV     R7, R4              \n"
+      "MOV     R8, R4              \n"
+      "MOV     R9, R4              \n"
+      "MOV     R10, R4             \n"
+      "MOV     R11, R4             \n"
+      "MOV     R12, R4             \n"
 
       // --------------------------------------------------------------
       // Invoke phase 2 function
@@ -125,7 +127,7 @@ __attribute((naked, noreturn, no_stack_protector)) void call_with_new_stack(
       // R0 = arg1
       // R1 = arg2
 
-      "BX      R2                  \n"
+      "BX      R3                  \n"
 
       :  // no output
       : [estack] "i"(&_stack_section_end),

diff --git a/core/embed/sys/task/stm32/system.c b/core/embed/sys/task/stm32/system.c
@@ -131,7 +131,7 @@ __attribute((naked, noreturn, no_stack_protector)) void system_emergency_rescue(
   // Save `pminfo` to bootargs so it isn't overwritten by succesive call
   bootargs_set(BOOT_COMMAND_SHOW_RSOD, pminfo, sizeof(*pminfo));
 
-  call_with_new_stack((uint32_t)error_handler, 0,
+  call_with_new_stack((uint32_t)error_handler, 0, true,
                       system_emergency_rescue_phase_2);
 }