Startup/shutdown refactoring

core/SConscript.boardloader

@@ -79,10 +79,7 @@ env = Environment(ENV=os.environ,
 
 FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL)
 
-FILE_SUFFIX= env.get('ENV')['SUFFIX']
-
 SOURCE_BOARDLOADER = [
-    f"embed/sys/startup/{FILE_SUFFIX}/startup_stage_0.s",
     'embed/projects/boardloader/main.c',
 ]
 

core/SConscript.bootloader

@@ -101,10 +101,7 @@ env = Environment(
 
 FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL)
 
-FILE_SUFFIX= env.get('ENV')['SUFFIX']
-
 SOURCE_BOOTLOADER = [
-    f'embed/sys/startup/{FILE_SUFFIX}/startup_stage_1.s',
     'embed/projects/bootloader/header.S',
     'embed/projects/bootloader/bootui.c',
     'embed/projects/bootloader/main.c',

core/SConscript.bootloader_ci

@@ -95,10 +95,7 @@ env = Environment(
 
 FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL)
 
-FILE_SUFFIX= env.get('ENV')['SUFFIX']
-
 SOURCE_BOOTLOADER = [
-    f'embed/sys/startup/{FILE_SUFFIX}/startup_stage_1.s',
     'embed/projects/bootloader_ci/header.S',
     'embed/projects/bootloader_ci/bootui.c',
     'embed/projects/bootloader_ci/main.c',

core/SConscript.firmware

@@ -397,14 +397,11 @@ env = Environment(
 
 FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL)
 
-FILE_SUFFIX= env.get('ENV')['SUFFIX']
-
 SOURCE_FIRMWARE = [
     'embed/projects/firmware/header.S',
     'embed/projects/firmware/main.c',
     'embed/projects/firmware/mphalport.c',
     'embed/projects/firmware/nlrthumb.c',
-    f'embed/sys/startup/{FILE_SUFFIX}/startup_stage_4.s',
 ]
 
 if 'sd_card' in FEATURES_AVAILABLE:

core/SConscript.kernel

@@ -258,11 +258,8 @@ env = Environment(
 
 FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL)
 
-FILE_SUFFIX= env.get('ENV')['SUFFIX']
-
 SOURCE_FIRMWARE = [
     'embed/projects/kernel/main.c',
-    f'embed/sys/startup/{FILE_SUFFIX}/startup_stage_2.s',
 ]
 
 if 'sd_card' in FEATURES_AVAILABLE:

core/SConscript.prodtest

@@ -95,11 +95,7 @@ env = Environment(
 
 FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL)
 
-FILE_SUFFIX= env.get('ENV')['SUFFIX']
-
-
 SOURCE_PRODTEST = [
-    f'embed/sys/startup/{FILE_SUFFIX}/startup_stage_2.s',
     'embed/projects/prodtest/header.S',
     'embed/projects/prodtest/main.c',
     'embed/projects/prodtest/prodtest_common.c',

core/SConscript.reflash

@@ -81,10 +81,7 @@ env = Environment(
 
 FEATURES_AVAILABLE = models.configure_board(TREZOR_MODEL, HW_REVISION, FEATURES_WANTED, env, CPPDEFINES_HAL, SOURCE_HAL, PATH_HAL)
 
-FILE_SUFFIX= env.get('ENV')['SUFFIX']
-
 SOURCE_REFLASH = [
-    f'embed/sys/startup/{FILE_SUFFIX}/startup_stage_2.s',
     'embed/projects/reflash/header.S',
     'embed/projects/reflash/main.c',
 ]

core/embed/io/display/ltdc_dsi/display_driver.c

@@ -412,6 +412,8 @@ bool display_init(display_content_mode_t mode) {
 
   __HAL_LTDC_ENABLE_IT(&drv->hlcd_ltdc, LTDC_IT_LI | LTDC_IT_FU | LTDC_IT_TE);
 
+  gfx_bitblt_init();
+
   drv->initialized = true;
   return true;
 
@@ -425,17 +427,10 @@ bool display_init(display_content_mode_t mode) {
 void display_deinit(display_content_mode_t mode) {
   display_driver_t *drv = &g_display_driver;
 
-  if (mode == DISPLAY_RETAIN_CONTENT) {
-    // This is a temporary workaround for T3W1 to avoid clearing
-    // the display after drawing RSOD screen in `secure_shutdown()`
-    // function. The workaround should be removed once we have
-    // proper replacement for `secure_shutdown()` that resets the
-    // device instead of waiting for manual power off.
-    return;
-  }
-
   GPIO_InitTypeDef GPIO_InitStructure = {0};
 
+  gfx_bitblt_deinit();
+
   NVIC_DisableIRQ(LTDC_IRQn);
   NVIC_DisableIRQ(LTDC_ER_IRQn);
 

core/embed/io/display/st-7789/display_driver.c

@@ -89,6 +89,8 @@ bool display_init(display_content_mode_t mode) {
 #endif
 #endif
 
+  gfx_bitblt_init();
+
   drv->initialized = true;
   return true;
 }
@@ -110,6 +112,8 @@ void display_deinit(display_content_mode_t mode) {
 #endif
 #endif
 
+  gfx_bitblt_deinit();
+
   mpu_set_active_fb(NULL, 0);
 
   backlight_pwm_deinit(mode == DISPLAY_RESET_CONTENT ? BACKLIGHT_RESET

core/embed/io/display/stm32f429i-disc1/display_driver.c

@@ -67,13 +67,17 @@ bool display_init(display_content_mode_t mode) {
     ili9341_init();
   }
 
+  gfx_bitblt_init();
+
   drv->initialized = true;
   return true;
 }
 
 void display_deinit(display_content_mode_t mode) {
   display_driver_t *drv = &g_display_driver;
 
+  gfx_bitblt_deinit();
+
   mpu_set_active_fb(NULL, 0);
 
   drv->initialized = false;

core/embed/io/display/unix/display_driver.c

@@ -178,6 +178,9 @@ bool display_init(display_content_mode_t mode) {
 #else
   drv->orientation_angle = 0;
 #endif
+
+  gfx_bitblt_init();
+
   drv->initialized = true;
   return true;
 }
@@ -189,6 +192,8 @@ void display_deinit(display_content_mode_t mode) {
     return;
   }
 
+  gfx_bitblt_deinit();
+
   SDL_FreeSurface(drv->prev_saved);
   SDL_FreeSurface(drv->buffer);
   if (drv->background != NULL) {

core/embed/io/display/vg-2864/display_driver.c

@@ -318,6 +318,8 @@ bool display_init(display_content_mode_t mode) {
     display_init_spi(drv);
   }
 
+  gfx_bitblt_init();
+
   drv->initialized = true;
   return true;
 }
@@ -327,6 +329,8 @@ void display_deinit(display_content_mode_t mode) {
 
   mpu_set_active_fb(NULL, 0);
 
+  gfx_bitblt_deinit();
+
   drv->initialized = false;
 }
 

core/embed/projects/boardloader/main.c

@@ -92,7 +92,6 @@ static void drivers_init(void) {
 #ifdef USE_HASH_PROCESSOR
   hash_processor_init();
 #endif
-  gfx_bitblt_init();
   display_init(DISPLAY_RESET_CONTENT);
 #ifdef USE_SD_CARD
   sdcard_init();
@@ -103,12 +102,10 @@ static void drivers_deinit(void) {
 #ifdef FIXED_HW_DEINIT
   // TODO
 #endif
-  gfx_bitblt_deinit();
   display_deinit(DISPLAY_JUMP_BEHAVIOR);
 #ifdef USE_POWERCTL
   powerctl_deinit();
 #endif
-  ensure_compatible_settings();
 }
 
 static uint8_t get_bootloader_min_version(void) {
@@ -332,7 +329,7 @@ int main(void) {
   system_deinit();
 
   // g_boot_command is preserved on STM32U5
-  jump_to(IMAGE_CODE_ALIGN(BOOTLOADER_START + IMAGE_HEADER_SIZE));
+  jump_to_next_stage(IMAGE_CODE_ALIGN(BOOTLOADER_START + IMAGE_HEADER_SIZE));
 
   return 0;
 }

core/embed/projects/bootloader/emulator.c

@@ -7,6 +7,7 @@
 
 #include <io/display.h>
 #include <sys/bootargs.h>
+#include <sys/bootutils.h>
 #include <sys/systick.h>
 #include <util/flash.h>
 #include <util/flash_otp.h>
@@ -111,7 +112,7 @@ static int sdl_event_filter(void *userdata, SDL_Event *event) {
   return 1;
 }
 
-__attribute__((noreturn)) int main(int argc, char **argv) {
+int main(int argc, char **argv) {
   SDL_SetEventFilter(sdl_event_filter, NULL);
 
   display_init(DISPLAY_RESET_CONTENT);
@@ -189,10 +190,12 @@ __attribute__((noreturn)) int main(int argc, char **argv) {
 
   bootloader_main();
   hal_delay(3000);
-  jump_to(0);
+  jump_to_next_stage(0);
+
+  return 0;
 }
 
-void jump_to(uint32_t address) {
+void jump_to_next_stage(uint32_t address) {
   bool storage_is_erased =
       storage_empty(&STORAGE_AREAS[0]) && storage_empty(&STORAGE_AREAS[1]);
 

core/embed/projects/bootloader/emulator.h

@@ -7,6 +7,4 @@
 
 extern uint8_t *FIRMWARE_START;
 
-__attribute__((noreturn)) void jump_to(uint32_t address);
-
 #endif

core/embed/projects/bootloader/main.c

@@ -98,7 +98,6 @@ static void drivers_init(secbool *touch_initialized) {
 #ifdef USE_HASH_PROCESSOR
   hash_processor_init();
 #endif
-  gfx_bitblt_init();
   display_init(DISPLAY_JUMP_BEHAVIOR);
   unit_properties_init();
 
@@ -138,9 +137,7 @@ static void drivers_deinit(void) {
   button_deinit();
 #endif
 #endif
-  gfx_bitblt_deinit();
   display_deinit(DISPLAY_JUMP_BEHAVIOR);
-  ensure_compatible_settings();
 }
 
 static void usb_init_all(secbool usb21_landing) {
@@ -381,7 +378,8 @@ void real_jump_to_firmware(void) {
 
   system_deinit();
 
-  jump_to(IMAGE_CODE_ALIGN(FIRMWARE_START + vhdr.hdrlen + IMAGE_HEADER_SIZE));
+  jump_to_next_stage(
+      IMAGE_CODE_ALIGN(FIRMWARE_START + vhdr.hdrlen + IMAGE_HEADER_SIZE));
 }
 
 #ifdef USE_RESET_TO_BOOT

core/embed/projects/bootloader_ci/main.c

@@ -276,7 +276,8 @@ int main(void) {
 
   system_deinit();
 
-  jump_to(IMAGE_CODE_ALIGN(FIRMWARE_START + vhdr.hdrlen + IMAGE_HEADER_SIZE));
+  jump_to_next_stage(
+      IMAGE_CODE_ALIGN(FIRMWARE_START + vhdr.hdrlen + IMAGE_HEADER_SIZE));
 
   return 0;
 }

core/embed/projects/firmware/main.c

@@ -32,6 +32,7 @@
 #include "ports/stm32/gccollect.h"
 #include "ports/stm32/pendsv.h"
 
+#include <sys/linker_utils.h>
 #include <sys/systask.h>
 #include <sys/system.h>
 #include <util/rsod.h>
@@ -41,6 +42,10 @@
 #include "zkp_context.h"
 #endif
 
+// symbols defined in the linker script
+extern uint8_t _stack_section_start;
+extern uint8_t _stack_section_end;
+
 int main(uint32_t cmd, void *arg) {
   if (cmd == 1) {
     systask_postmortem_t *info = (systask_postmortem_t *)arg;
@@ -57,8 +62,9 @@ int main(uint32_t cmd, void *arg) {
   printf("CORE: Preparing stack\n");
   // Stack limit should be less than real stack size, so we have a chance
   // to recover from limit hit.
-  mp_stack_set_top(&_estack);
-  mp_stack_set_limit((char *)&_estack - (char *)&_sstack - 1024);
+  mp_stack_set_top(&_stack_section_end);
+  mp_stack_set_limit((char *)&_stack_section_end -
+                     (char *)&_stack_section_start - 1024);
 
 #if MICROPY_ENABLE_PYSTACK
   static mp_obj_t pystack[1024];
@@ -106,3 +112,22 @@ mp_obj_t mp_builtin_open(uint n_args, const mp_obj_t *args, mp_map_t *kwargs) {
   return mp_const_none;
 }
 MP_DEFINE_CONST_FUN_OBJ_KW(mp_builtin_open_obj, 1, mp_builtin_open);
+
+// `reset_handler` is the application entry point (first routine called
+// from kernel)
+__attribute((no_stack_protector)) void reset_handler(uint32_t cmd, void *arg,
+                                                     uint32_t random_value) {
+  // Initialize linker script defined sections (.bss, .data, ...)
+  init_linker_sections();
+
+  // Initialize stack protector
+  extern uint32_t __stack_chk_guard;
+  __stack_chk_guard = random_value;
+
+  // Now everything is perfectly initialized and we can do anything
+  // in C code
+
+  int main_result = main(cmd, arg);
+
+  system_exit(main_result);
+}

core/embed/projects/kernel/main.c

@@ -116,8 +116,6 @@ void drivers_init() {
   hash_processor_init();
 #endif
 
-  gfx_bitblt_init();
-
   display_init(DISPLAY_JUMP_BEHAVIOR);
 
 #ifdef USE_OEM_KEYS_CHECK
@@ -222,8 +220,8 @@ static void show_rsod(const systask_postmortem_t *pminfo) {
     applet_run(&coreapp);
 
     if (coreapp.task.pminfo.reason == TASK_TERM_REASON_EXIT) {
-      // If the RSOD was shown successfully, proceed to shutdown
-      secure_shutdown();
+      // RSOD was shown successfully
+      return;
     }
   }
 #endif
@@ -245,8 +243,9 @@ static void init_and_show_rsod(const systask_postmortem_t *pminfo) {
   // Show RSOD
   show_rsod(pminfo);
 
-  // Wait for the user to manually power off the device
-  secure_shutdown();
+  // Wait for the user to read the RSOD and then reboots
+  // (or enters an infinite loop if RSOD_INFINITE_LOOP is defined)
+  reboot_after_rsod();
 }
 
 // Kernel panic handler
@@ -285,8 +284,9 @@ int main(void) {
   // Coreapp crashed, show RSOD
   show_rsod(&coreapp.task.pminfo);
 
-  // Wait for the user to manually power off the device
-  secure_shutdown();
+  // Wait for the user to read the RSOD and then reboots
+  // (or enters an infinite loop if RSOD_INFINITE_LOOP is defined)
+  reboot_after_rsod();
 
   return 0;
 }