summaryrefslogtreecommitdiff
path: root/board/nocturne_fp/board.h
blob: 704c5a056590ef1f67b006964957dbdba78bbbad (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237

/* Copyright 2017 The Chromium OS Authors. All rights reserved.
 * Use of this source code is governed by a BSD-style license that can be
 * found in the LICENSE file.
 */

/*
 * STM32H743 + FPC 1145 Fingerprint MCU configuration
 *
 * Alternate names that share this same board file:
 *   nocturne_fp
 *   nami_fp
 *   dartmonkey
 *   dragontalon
 */

#ifndef __BOARD_H
#define __BOARD_H

#undef CONFIG_SYSTEM_UNLOCKED

/*
 * These allow console commands to be flagged as restricted.
 * Restricted commands will only be permitted to run when
 * console_is_restricted() returns false.
 * See console_is_restricted's definition in board.c.
 */
#define CONFIG_CONSOLE_COMMAND_FLAGS
#define CONFIG_RESTRICTED_CONSOLE_COMMANDS

/*
 * Flash layout: we redefine the sections offsets and sizes as we want to
 * include a rollback region, and will use RO/RW regions of different sizes.
 */
#undef _IMAGE_SIZE
#undef CONFIG_ROLLBACK_OFF
#undef CONFIG_ROLLBACK_SIZE
#undef CONFIG_FLASH_PSTATE
#undef CONFIG_FW_PSTATE_SIZE
#undef CONFIG_FW_PSTATE_OFF
#undef CONFIG_SHAREDLIB_SIZE
#undef CONFIG_RO_MEM_OFF
#undef CONFIG_RO_STORAGE_OFF
#undef CONFIG_RO_SIZE
#undef CONFIG_RW_MEM_OFF
#undef CONFIG_RW_STORAGE_OFF
#undef CONFIG_RW_SIZE
#undef CONFIG_EC_PROTECTED_STORAGE_OFF
#undef CONFIG_EC_PROTECTED_STORAGE_SIZE
#undef CONFIG_EC_WRITABLE_STORAGE_OFF
#undef CONFIG_EC_WRITABLE_STORAGE_SIZE
#undef CONFIG_WP_STORAGE_OFF
#undef CONFIG_WP_STORAGE_SIZE

#define CONFIG_SHAREDLIB_SIZE   0

#define CONFIG_RO_MEM_OFF       0
#define CONFIG_RO_STORAGE_OFF   0
#define CONFIG_RO_SIZE          (768*1024)

/* EC rollback protection block */
#define CONFIG_ROLLBACK_OFF (CONFIG_RO_MEM_OFF + CONFIG_RO_SIZE)
#define CONFIG_ROLLBACK_SIZE (CONFIG_FLASH_BANK_SIZE * 2)

#define CONFIG_RW_MEM_OFF	(CONFIG_ROLLBACK_OFF + CONFIG_ROLLBACK_SIZE)
#define CONFIG_RW_STORAGE_OFF	0
#define CONFIG_RW_SIZE		(CONFIG_FLASH_SIZE_BYTES -		\
				(CONFIG_RW_MEM_OFF - CONFIG_RO_MEM_OFF))

#define CONFIG_EC_PROTECTED_STORAGE_OFF         CONFIG_RO_MEM_OFF
#define CONFIG_EC_PROTECTED_STORAGE_SIZE        CONFIG_RO_SIZE
#define CONFIG_EC_WRITABLE_STORAGE_OFF          CONFIG_RW_MEM_OFF
#define CONFIG_EC_WRITABLE_STORAGE_SIZE         CONFIG_RW_SIZE

#define CONFIG_WP_STORAGE_OFF           CONFIG_EC_PROTECTED_STORAGE_OFF
#define CONFIG_WP_STORAGE_SIZE          CONFIG_EC_PROTECTED_STORAGE_SIZE

/*
 * We want to prevent flash readout, and use it as indicator of protection
 * status.
 */
#define CONFIG_FLASH_READOUT_PROTECTION_AS_PSTATE

/* the UART console is on USART1 */
#undef CONFIG_UART_CONSOLE
#define CONFIG_UART_CONSOLE 1
#define CONFIG_UART_TX_DMA
#define CONFIG_UART_TX_DMA_PH DMAMUX1_REQ_USART1_TX
#undef CONFIG_UART_TX_BUF_SIZE
#define CONFIG_UART_TX_BUF_SIZE 2048

/* Optional features */
#undef CONFIG_ADC
#define CONFIG_CMD_IDLE_STATS
#define CONFIG_DMA
#define CONFIG_FORCE_CONSOLE_RESUME
#define CONFIG_FPU
/*
 * Don't enable FPU warnings on STM32H7, because FPU interrupt is not triggered
 * (see, errata ES0392 Rev 8, 2.1.2 Cortex-M7 FPU interrupt not present on NVIC
 * line 81).
 */
#undef CONFIG_FPU_WARNINGS
#undef CONFIG_HIBERNATE
#define CONFIG_HOST_COMMAND_STATUS
#undef CONFIG_I2C
#undef CONFIG_LID_SWITCH
#define CONFIG_MKBP_EVENT
#define CONFIG_MKBP_USE_GPIO
#define CONFIG_PRINTF_LEGACY_LI_FORMAT
#define CONFIG_SHA256
#define CONFIG_SHA256_UNROLLED
#define CONFIG_SPI
#define CONFIG_STM_HWTIMER32
#undef CONFIG_TASK_PROFILING
#define CONFIG_WATCHDOG_HELP
#define CONFIG_WP_ACTIVE_HIGH
#define CONFIG_PANIC_STRIP_GPR

#if defined(BOARD_NOCTURNE_FP) || defined(BOARD_NAMI_FP)
/*
 * FPMCU RO for nocturne (nocturne_fp_v2.2.64-58cf5974e) and
 * FPMCU RO for nami (nami_fp_v2.2.144-7a08e07eb)
 * don't have the RV32I core panic data in their panic data structure.
 * As a consequence the size of panic data structure is different between RO
 * and RW (RO panic data structure is smaller). This results in overwriting RW
 * panic data (if it exists) by RO when jumping to RW. Another problem is that
 * RW can't find the jump data, because owerwritten panic data structure created
 * by RW still contains RW panic data structure size (bigger than RO's), so
 * calculated jump data address is wrong.
 *
 * The problem is fixed by excluding RV32I core panic data from RW, only when
 * compiling firmware for nami_fp and nocturne_fp. Expected size of the
 * structure is 116 bytes.
 */
#define CONFIG_DO_NOT_INCLUDE_RV32I_PANIC_DATA
#define CONFIG_RO_PANIC_DATA_SIZE 116

/*
 * FPMCU RO for nocturne and nami don't support extended reset flags in backup
 * RAM. RO interprets the register as saved panic reason, so it tries to restore
 * panic data when value in the register is different than 0. Another problem is
 * that panic data saved in backup RAM on hard reset is restored incorrectly.
 *
 * CL:1295890 is the change which introduced extended reset flags.
 */
#undef CONFIG_STM32_EXTENDED_RESET_FLAGS
#else
/*
 * Dartmonkey FPMCU RO (dartmonkey_v2.0.2887-311310808) has RV32I core panic
 * data structure in their panic data structure, so expected size of the
 * structure is 144 bytes.
 */
#define CONFIG_RO_PANIC_DATA_SIZE 144
#endif /* defined(BOARD_NOCTURNE_FP) || defined(BOARD_NAMI_FP) */

/* SPI configuration for the fingerprint sensor */
#define CONFIG_SPI_CONTROLLER
#define CONFIG_SPI_FP_PORT  2 /* SPI4: third master config */

#define CONFIG_FINGERPRINT_MCU
#ifdef SECTION_IS_RW
#define CONFIG_FP_SENSOR_FPC1145
#define CONFIG_CMD_FPSENSOR_DEBUG
/*
 * Use the malloc code only in the RW section (for the private library),
 * we cannot enable it in RO since it is not compatible with the RW verification
 * (shared_mem_init done too late).
 */
#define CONFIG_MALLOC
/* Special memory regions to store large arrays */
#define FP_FRAME_SECTION    __SECTION(ahb4)
#define FP_TEMPLATE_SECTION __SECTION(ahb)

#else /* SECTION_IS_RO */
/* RO verifies the RW partition signature */
#define CONFIG_RSA
#define CONFIG_RWSIG
#endif

#define CONFIG_RSA_KEY_SIZE 3072
#define CONFIG_RSA_EXPONENT_3
#define CONFIG_RWSIG_TYPE_RWSIG

/* RW does slow compute, RO does slow flash erase. */
#undef CONFIG_WATCHDOG_PERIOD_MS
#define CONFIG_WATCHDOG_PERIOD_MS 10000

/*
 * Add rollback protection
 */
#define CONFIG_ROLLBACK
#define CONFIG_ROLLBACK_SECRET_SIZE 32

#define CONFIG_ROLLBACK_MPU_PROTECT

/*
 * We do not use any "locally" generated entropy: this is normally used
 * to add local entropy when the main source of entropy is remote.
 */
#undef CONFIG_ROLLBACK_SECRET_LOCAL_ENTROPY_SIZE
#ifdef SECTION_IS_RW
#undef CONFIG_ROLLBACK_UPDATE
#endif

#define CONFIG_AES
#define CONFIG_AES_GCM

#define CONFIG_RNG

#define CONFIG_CMD_FLASH

#ifdef SECTION_IS_RW
#define CONFIG_LOW_POWER_IDLE
#define CONFIG_CMD_SPI_XFER
#endif

#ifdef SECTION_IS_RW
/*
 * Mitigating the effects of b/146428434.
 */
#define APPLY_RESET_LOOP_FIX
#endif

#ifndef __ASSEMBLER__

/* Timer selection */
#define TIM_CLOCK32 2
#define TIM_WATCHDOG 16

#include "gpio_signal.h"
#include "board_rw.h"

void slp_event(enum gpio_signal signal);

#endif /* !__ASSEMBLER__ */

#endif /* __BOARD_H */
View Lorry Controller Status