Core firmware split

[cepetr]

This PR introduces a significant conceptual change to our Trezor firmware. It divides the firmware into two parts: a privileged and an unprivileged section. We refer to these as the kernel and the coreapp.

The kernel includes all hardware drivers, storage management, and necessary cryptographic functions. It operates in privileged mode, providing interfaces to the less trusted coreapp via approximately 100 syscalls.

The coreapp contains the MicroPython core, MicroPython applications, and the Rust-based UI. It runs entirely in unprivileged mode, with no direct access to hardware, except for DMA2D in its current implementation.

Kernel and coreapp are built as two separate applications but eventually glued together by build scripts as a single binary. So you can make firmware as before with no change at the first glance.

Benefits:

1. Enhanced security by separating the trusted kernel from the untrusted coreapp.
2. Enhanced security by enabling access to specific memory regions (storage, OTP, secrets) only on demand, reducing the risk of random overwrites).
3. Improved maintainability, with a clearer separation of concerns between hardware-level operations and application logic.

Known issues:

1. Syscall arguments are currently not verified.
2. TrustZone settings need to be updated to reflect the new architecture.

These issues need to be resolved soon, but they do not have a significant impact on security at the moment, as they have not been addressed in the firmware until now.

This PR brings also a lot of changes and improvements to drivers code:

1. Improved display driver API (preparation for init/deinit sequence)
2. Refactored interrupt handling routines API, reduced number of used priorities.
3. New systick driver that offer more precise time measurement.
4. New systimer for scheduling timer callbacks for background operations.
5. New i2c_bus driver, enabling non-blocking i2c operations
6. New mpu driver for region banking, that overcomes cortex-m cpu limitations.
7. New systask module, which allows manuall switching between privileged and unprivileged tasks
8. New system module with more reliable error handling (emergency mode)
9. Completely refactored and simplified linker scripts and startup codes.

[TychoVrahe]

First part of the review, focusing mainly on drivers up to introduction of non-blocking i2c driver, of which the review is not yet complete.

[TychoVrahe]

some more stuff related to drivers part, up to and excluding the new mpu driver.

[cepetr]

@TychoVrahe I would prefer to remove all enum variants ending with _NP and _NN, as they are unused and unlikely to be needed in the future.

[TychoVrahe]

removed 30248cb

[cepetr]

@TychoVrahe You can call syscall_return_from_callback() here. The function name may not be ideal, but it performs the same task.

[TychoVrahe]

used in 30248cb , had to compile the function for kernel too.

[cepetr]

@TychoVrahe KERNEL_UNPRIVILEGED_SIZE is a bit of an odd name. How about using SHA256_BLOCK_SIZE instead? We might already have a constant like that defined somewhere.

[TychoVrahe]

renamed to a bit different name than suggested, as this, in principle, has nothing to do with SHA256,
see 30248cb , let me know if you agree

[cepetr]

@TychoVrahe It might be more semantically appropriate to use size variable instead of the constant here. The same applies to the code below.

[TychoVrahe]

see 30248cb

[cepetr]

@TychoVrahe I would be a bit safer to use NVIC_GetPriority and store the previous value.

[TychoVrahe]

see 30248cb

[cepetr]

@TychoVrahe Why not to use memset & memcpy?

[TychoVrahe]

see 30248cb

[cepetr]

@TychoVrahe What do you think about relocating secure_aes_init() either before or after the encrypt and decrypt routines? It might be a bit confusing when placed between them.

[TychoVrahe]

moved to the end 30248cb

[cepetr]

@TychoVrahe This might better convey the intention: _set_BASEPRI(1) -> __set_BASEPRI(IRQ_PRI_HIGHEST + 1). I’m not entirely happy with it, but I don’t have a better suggestion at the moment.

[TychoVrahe]

fixed 30248cb

[cepetr]

@TychoVrahe Shouldn't we use BOARDLOADER_START instead of MCU_FLASH_ORIGIN here?

[TychoVrahe]

fixed 6f0da0b

[cepetr]

@TychoVrahe We could rename _sstack and _estack to _stack_addr and _stack_end, and add an underscore prefix to data_lma, data_vma, bss_start, etc., so that all symbols coming from linker scripts have an underscore prefix. However, I would prefer to do this in a subsequent PR.

[TychoVrahe]

created an issue #4199

[cepetr]

@TychoVrahe What about renaming this to something that includes the word "handover" (to be consistent with the symbol in the linker script)? Something like DISPLAY_CONTENT_AFTER_HANDOVER... It’s a bit weird, but it might better convey the intent.

[TychoVrahe]

hmm the functions we use to move between stages are still called jump, so there gonna be inconsistencies anyway until we can rename it all. I slightly prefer to keep current name until we do that

[cepetr]

@TychoVrahe Not sure about this, but I think these symbols are more like _coreapp_clear_ram_xxx then _aplet_clear_ram_xx, because applet is more general.

[TychoVrahe]

renamed: 6f0da0b

[cepetr]

@TychoVrahe What's the purpose of renaming the .data section here?

[TychoVrahe]

The objcopy input target is -I binary, so everything in that file is considered .data, so i need to differentiate it in linker script somehow to ensure proper placement. And also need to ensure that it isn't dropped by linker since it otherwise seems unused.

I could also do something like this in linker script
KEEP(build/firmware/build/kernel/kernel.o(.data));
instead of current
KEEP(*(.kernel));
but if find current solution a bit nicer.

[cepetr]

@TychoVrahe We're a bit inconsistent with the startup_xxx file extensions (.s vs .S). I think we should unify them. Maybe .S is more versatile since it is processed by the C preprocessor and can contain #ifdefs, but we don't necessarily need that here.

[TychoVrahe]

renamed to .s.We used to have ifdefs for model one in here, but its not needed, for now.
6f0da0b

[cepetr]

@TychoVrahe These model_xxx.h headers are starting to get a bit messy. I don't think we need to address it right now, but we could group related symbols together and unify the order of symbols across all these files. Maybe in some subsequent PR...

[TychoVrahe]

added an issue #4200

[TychoVrahe]

some more issues/questions related to the last part - mpu, split and tasks+etc.

[TychoVrahe]

lets add message to the static asset, below too

[TychoVrahe]

it might be slightly more appropriate to report after the progress calculation, otherwise the last progress won't get reported. If we need to report 0 progress probably it should be done before the loops

[TychoVrahe]

should not be commented out? also its seems to be renamed to UNUSED_AREA

[TychoVrahe]

typo

[TychoVrahe]

typo asssets

[TychoVrahe]

i guess we should check that the arg was pushed successfully

[TychoVrahe]

in startup_stage_2.S (and stages 0 and 1) we use safety margin 128 bytes. Should we unify that? Or maybe even, do we need to reset it here? it shouldn't be changed anywhere i think

[TychoVrahe]

reboot is called if, for some reason, error_handler returns. do i understand correctly?

[TychoVrahe]

the ifdefs in this function make it virtually unreadable. maybe we can ifdef the whole function instead

[TychoVrahe]

could we use better labels then 1,2,3 in here?