Syscall verifiers

core/embed/kernel/main.c

@@ -183,10 +183,21 @@ static void coreapp_init(applet_t *applet) {
  (applet_header_t *)COREAPP_CODE_ALIGN(KERNEL_START + KERNEL_SIZE);
 
  applet_layout_t coreapp_layout = {
- .data1_start = (uint32_t)&_coreapp_clear_ram_0_start,
- .data1_size = (uint32_t)&_coreapp_clear_ram_0_size,
- .data2_start = (uint32_t)&_coreapp_clear_ram_1_start,
- .data2_size = (uint32_t)&_coreapp_clear_ram_1_size,
+ .data1.start = (uint32_t)&_coreapp_clear_ram_0_start,
+ .data1.size = (uint32_t)&_coreapp_clear_ram_0_size,
+ .data2.start = (uint32_t)&_coreapp_clear_ram_1_start,
+ .data2.size = (uint32_t)&_coreapp_clear_ram_1_size,
+#ifdef FIRMWARE_P1_START
+ .code1.start = FIRMWARE_P1_START + KERNEL_SIZE,
+ .code1.size = FIRMWARE_P1_MAXSIZE - KERNEL_SIZE,
+ .code2.start = FIRMWARE_P2_START,
+ .code2.size = FIRMWARE_P2_MAXSIZE,
+#else
+ .code1.start = FIRMWARE_START + KERNEL_SIZE,
+ .code1.size = FIRMWARE_MAXSIZE - KERNEL_SIZE,
+ .code2.start = 0,
+ .code2.size = 0,
+#endif
  };
 
  applet_init(applet, coreapp_header, &coreapp_layout);

core/embed/lib/image_hash_conf.h

@@ -7,7 +7,7 @@
 #ifdef IMAGE_HASH_SHA256
 #include "sha2.h"
 #define IMAGE_HASH_DIGEST_LENGTH SHA256_DIGEST_LENGTH
-#ifdef USE_HASH_PROCESSOR
+#if defined(USE_HASH_PROCESSOR) && defined(KERNEL_MODE)
 #include "hash_processor.h"
 #define IMAGE_HASH_CTX hash_sha265_context_t
 #define IMAGE_HASH_INIT(ctx) hash_processor_sha256_init(ctx)

core/embed/rust/src/trezorhal/display.rs

@@ -183,7 +183,12 @@ pub fn clear() {
 
 #[cfg(feature = "xframebuffer")]
 pub fn get_frame_buffer() -> (&'static mut [u8], usize) {
- let fb_info = unsafe { ffi::display_get_frame_buffer() };
+ let mut fb_info = ffi::display_fb_info_t {
+ ptr: ptr::null_mut(),
+ stride: 0,
+ };
+
+ unsafe { ffi::display_get_frame_buffer(&mut fb_info) };
 
  let fb = unsafe {
  core::slice::from_raw_parts_mut(

core/embed/rust/src/trezorhal/fatal_error.rs

@@ -1,27 +1,29 @@
 mod ffi {
  extern "C" {
- // error_handling.h
- pub fn error_shutdown(msg: *const cty::c_char) -> !;
+ // system.h
+ pub fn system_exit_error_ex(
+ title: *const cty::c_char,
+ title_len: usize,
+ message: *const cty::c_char,
+ message_len: usize,
+ footer: *const cty::c_char,
+ footer_len: usize,
+ ) -> !;
  }
 }
 
 pub fn error_shutdown(msg: &str) -> ! {
- const MAX_LEN: usize = 63;
- let mut buffer: [u8; MAX_LEN + 1] = [0; MAX_LEN + 1];
-
- // Copy the message to the buffer
- let msg_bytes = msg.as_bytes();
- let len = if msg_bytes.len() < MAX_LEN {
- msg_bytes.len()
- } else {
- MAX_LEN
- };
- buffer[..len].copy_from_slice(&msg_bytes[..len]);
-
  unsafe {
- // SAFETY: `buffer` is a valid null-terminated string
- // and the function never returns.
- ffi::error_shutdown(buffer.as_ptr() as *const cty::c_char);
+ // SAFETY: we pass a valid string to the C function
+ // and the function does not return.
+ ffi::system_exit_error_ex(
+ core::ptr::null(),
+ 0,
+ msg.as_ptr() as *const cty::c_char,
+ msg.len(),
+ core::ptr::null(),
+ 0,
+ );
  }
 }
 

core/embed/trezorhal/applet.h

@@ -30,23 +30,29 @@
 // Applet entry point
 typedef void (*applet_startup_t)(const char* args, uint32_t random);
 
+typedef struct {
+ uint32_t start;
+ uint32_t size;
+} memory_area_t;
+
 // Applet header found at the beginning of the applet binary
 typedef struct {
  // Stack area
- uint32_t stack_start;
- uint32_t stack_size;
+ memory_area_t stack;
  // Applet entry point
  applet_startup_t startup;
 } applet_header_t;
 
 // Applet memory layout
 typedef struct {
- // Data area 1
- uint32_t data1_start;
- uint32_t data1_size;
- // Data area 2
- uint32_t data2_start;
- uint32_t data2_size;
+ // Read/write data area #1
+ memory_area_t data1;
+ // Read/write data area #2
+ memory_area_t data2;
+ // Read-only code area #1
+ memory_area_t code1;
+ // Read-only code area #2
+ memory_area_t code2;
 
 } applet_layout_t;
 
@@ -76,6 +82,11 @@ void applet_init(applet_t* applet, applet_header_t* header,
 bool applet_reset(applet_t* applet, uint32_t cmd, const void* arg,
  size_t arg_size);
 
+// Returns the currently active applet.
+//
+// Returns `NULL` if no applet is currently active.
+applet_t* applet_active(void);
+
 #endif // SYSCALL_DISPATCH
 
 #endif // TREZORHAL_APPLET_H

core/embed/trezorhal/hash_processor.h

@@ -3,6 +3,8 @@
 
 #include <stdint.h>
 
+#ifdef KERNEL_MODE
+
 #define HASH_SHA256_BUFFER_SIZE 4
 
 typedef struct {
@@ -34,4 +36,6 @@ void hash_processor_sha256_update(hash_sha265_context_t *ctx,
 // Finalize the hash calculation, retrieve the digest
 void hash_processor_sha256_final(hash_sha265_context_t *ctx, uint8_t *output);
 
+#endif // KERNEL_MODE
+
 #endif

core/embed/trezorhal/stm32f4/applet.c

@@ -35,11 +35,11 @@ void applet_init(applet_t* applet, applet_header_t* header,
 }
 
 static void applet_clear_memory(applet_t* applet) {
- if (applet->layout.data1_size > 0) {
- memset((void*)applet->layout.data1_start, 0, applet->layout.data1_size);
+ if (applet->layout.data1.size > 0) {
+ memset((void*)applet->layout.data1.start, 0, applet->layout.data1.size);
  }
- if (applet->layout.data2_size > 0) {
- memset((void*)applet->layout.data2_start, 0, applet->layout.data2_size);
+ if (applet->layout.data2.size > 0) {
+ memset((void*)applet->layout.data2.start, 0, applet->layout.data2.size);
  }
 }
 
@@ -49,8 +49,8 @@ bool applet_reset(applet_t* applet, uint32_t cmd, const void* arg,
  applet_clear_memory(applet);
 
  // Reset the applet task (stack pointer, etc.)
- systask_init(&applet->task, applet->header->stack_start,
- applet->header->stack_size);
+ systask_init(&applet->task, applet->header->stack.start,
+ applet->header->stack.size, applet);
 
  // Copy the arguments onto the applet stack
  void* arg_copy = NULL;
@@ -70,4 +70,14 @@ bool applet_reset(applet_t* applet, uint32_t cmd, const void* arg,
  arg3);
 }
 
+applet_t* applet_active(void) {
+ systask_t* task = systask_active();
+
+ if (task == NULL) {
+ return NULL;
+ }
+
+ return (applet_t*)task->applet;
+}
+
 #endif // SYSCALL_DISPATCH