more timer changes

application_processor/build.rs

@@ -149,7 +149,7 @@ fn main() {
 
         let sentry = 0x1000e200;
 
-        // by default ap is 192 kib
+        // by default ap is 192 - 193 kib
         // this leaves about 12 kib of extra space in maximum size
         let textoffset = gen_addr(0, 0x4000, &mut rng);
         let rodataoffset = 0;

application_processor/src/ap_driver.rs

@@ -3,7 +3,7 @@ use core::time::Duration;
 use bytemuck::{must_cast_slice, Pod, Zeroable};
 
 use serde::{Serialize, Deserialize};
-use max78000_hal::{flash::PAGE_MASK, i2c::{I2cAddr, MAX_I2C_MESSAGE_LEN}, Flash, MasterI2c, Peripherals, Trng, timer};
+use max78000_hal::{flash::PAGE_MASK, i2c::{I2cAddr, MAX_I2C_MESSAGE_LEN}, Flash, MasterI2c, Peripherals, Trng, timer::sleep};
 use design_utils::{component_id_to_i2c_addr, messages::ProtocolError, I2C_FREQUENCY};
 
 use rand_core::{RngCore, SeedableRng};
@@ -97,13 +97,13 @@ impl ApDriver {
     fn recieve_packet(&mut self, address: I2cAddr) -> Result<&[u8], ApError> {
         let mut recv_len = 0;
 
-        self.sleep(Duration::from_millis(3));
+        sleep(Duration::from_millis(3));
 
         loop {
             self.i2c.recv(address, slice::from_mut(&mut recv_len))?;
 
             // delay to allow component to get work done while requesting response, and delay is needed between next read
-            self.sleep(Duration::from_millis(5));
+            sleep(Duration::from_millis(5));
 
             if recv_len != 0 {
                 self.i2c.recv(address, &mut self.i2c_recv_buffer[..recv_len.into()])?;
@@ -157,10 +157,6 @@ impl ApDriver {
     pub fn gen_nonce(&mut self) -> u64 {
         self.chacha.next_u64()
     }
-
-    pub fn sleep(&mut self, duration: Duration) {
-        timer::sleep(duration);
-    }
 }
 
 #[repr(C)]

application_processor/src/attest.rs

@@ -8,6 +8,7 @@ use design_utils::crypto::{decrypt, hmac, hash, EncryptedData};
 use design_utils::messages::{StartProtocolMessage, AttestationReqMessage, Nonce};
 use design_utils::str::concat;
 use design_utils::const_time_equal_or_error_jump_table;
+use max78000_hal::timer::sleep;
 
 use crate::{recv_input_with_message, try_get_component_id, ApError};
 use crate::ectf_params::{PIN_HASH, PIN_SALT, HMAC_KEY, ADATA_ENC_KEY};
@@ -72,7 +73,7 @@ fn attempt_attest(driver: &mut ApDriver) -> Result<(), ApError> {
 
 pub fn attest(driver: &mut ApDriver) -> Result<(), ApError> {
     if let Err(err) = attempt_attest(driver) {
-        driver.sleep(Duration::from_secs(5));
+        sleep(Duration::from_secs(5));
         Err(err)
     } else {
         Ok(())

application_processor/src/boot.rs

@@ -17,7 +17,7 @@ use design_utils::messages::{
 };
 use max78000_hal::prelude::*;
 use max78000_hal::i2c::{I2cAddr, MAX_I2C_MESSAGE_LEN};
-use max78000_hal::timer::timeout;
+use max78000_hal::timer::{timeout, sleep};
 use tinyvec::ArrayVec;
 
 use crate::ApError;
@@ -202,7 +202,7 @@ pub fn attempt_boot(driver_option: &mut Option<ApDriver>) -> Result<(), ApError>
             }
         }
 
-        driver.sleep(Duration::from_secs(5));
+        sleep(Duration::from_secs(5));
         Err(err)
     } else {
         // if boot succeeds, it will run post boot which runs forever

application_processor/src/main.rs

@@ -12,6 +12,7 @@ use max78000_hal::prelude::*;
 use max78000_hal::uart::uart;
 use max78000_hal::HalError;
 use max78000_hal::led::{led_on, led_off, Led};
+use max78000_hal::timer::sleep;
 use design_utils::{ComponentId, DesignUtilsError};
 use design_utils::messages::ProtocolError;
 
@@ -63,9 +64,8 @@ fn main() -> ! {
         cortex_m::interrupt::enable();
     }
 
-    let mut driver = ApDriver::new();
-    driver.sleep(Duration::from_millis(950));
-    let mut driver = Some(driver);
+    let mut driver = Some(ApDriver::new());
+    sleep(Duration::from_millis(950));
 
     led_on(Led::Blue);
 

application_processor/src/post_boot/mod.rs

@@ -4,9 +4,9 @@ use core::ptr;
 use core::slice;
 use core::time::Duration;
 
-use cortex_m::interrupt::{self, Mutex};
 use design_utils::MAX_POST_BOOT_MESSAGE_SIZE;
 use max78000_hal::i2c::I2cAddr;
+use max78000_hal::timer::sleep;
 
 use crate::ap_driver::ApDriver;
 
@@ -20,22 +20,25 @@ extern "C" {
     pub fn post_boot();
 }
 
-static AP_DRIVER: Mutex<RefCell<Option<ApDriver>>> = Mutex::new(RefCell::new(None));
+// FIXME: don't use static mut
+// Can't use critical section cause interrupts need to be turned on while
+// a mutable reference to this is needed
+static mut AP_DRIVER: Option<ApDriver> = None;
 
-fn with_driver<T>(f: impl FnOnce(&mut ApDriver) -> T) -> T {
-    interrupt::free(|token| {
-        let mut driver_cell = AP_DRIVER.borrow(token).borrow_mut();
-        let driver = driver_cell.as_mut()
+unsafe fn with_driver<T>(f: impl FnOnce(&mut ApDriver) -> T) -> T {
+    unsafe {
+        let driver = AP_DRIVER.as_mut()
             .expect("ap driver not initialized");
 
         f(driver)
-    })
+    }
 }
 
 pub fn boot(driver: ApDriver) -> ! {
-    interrupt::free(|token| {
-        *AP_DRIVER.borrow(token).borrow_mut() = Some(driver);
-    });
+    // safety: no other code is using this ap driver at this time
+    unsafe {
+        AP_DRIVER = Some(driver);
+    }
 
     unsafe { post_boot(); }
 
@@ -51,8 +54,11 @@ extern "C" fn secure_send(address: I2cAddr, buf: *const u8, len: u8) -> c_int {
         slice::from_raw_parts(buf, len.into())
     };
 
-    with_driver(|driver| messaging::secure_send(driver, address, message))
-        .expect("could not send message to component");
+    // safety: no other code is using the ap driver at this time
+    unsafe {
+        with_driver(|driver| messaging::secure_send(driver, address, message))
+            .expect("could not send message to component");
+    }
 
     SUCCESS_RETURN
 }
@@ -65,15 +71,21 @@ extern "C" fn secure_receive(address: I2cAddr, buffer: *mut u8) -> c_int {
     };
 
     // messaging::secure_recieve ensrues recv_len does not exceed MAX_POST_BOOT_MESSAGE_SIZE
-    with_driver(|driver| messaging::secure_receive(driver, address, recv_buf))
-        .expect("could not recieve message from component")
-        .try_into()
-        .unwrap()
+    // safety: no other code is using the ap driver at this time
+    unsafe {
+        with_driver(|driver| messaging::secure_receive(driver, address, recv_buf))
+            .expect("could not recieve message from component")
+            .try_into()
+            .unwrap()
+    }
 }
 
 #[no_mangle]
 extern "C" fn get_provisioned_ids(buffer: *mut u32) -> c_int {
-    let flash_data = with_driver(|driver| driver.get_flash_data());
+    // safety: no other code is using the ap driver at this time
+    let flash_data = unsafe {
+        with_driver(|driver| driver.get_flash_data())
+    };
 
     for i in 0..flash_data.components_len {
         // safety: post boot c code is presumably supposed to give us an aligned buffer for at least 2 u32?
@@ -88,7 +100,5 @@ extern "C" fn get_provisioned_ids(buffer: *mut u32) -> c_int {
 
 #[no_mangle]
 extern "C" fn MXC_Delay(microseconds: u32) {
-    with_driver(|driver| {
-        driver.sleep(Duration::from_micros(microseconds.into()))
-    });
+    sleep(Duration::from_micros(microseconds.into()));
 }

application_processor/src/replace.rs

@@ -1,6 +1,7 @@
 use core::time::Duration;
 
 use max78000_hal::prelude::*;
+use max78000_hal::timer::sleep;
 use design_utils::crypto::hash;
 use design_utils::const_time_equal_or_error_jump_table;
 
@@ -60,7 +61,7 @@ fn attempt_replace(driver: &mut ApDriver) -> Result<(), ApError> {
 
 pub fn replace(driver: &mut ApDriver) -> Result<(), ApError> {
     if let Err(err) = attempt_replace(driver) {
-        driver.sleep(Duration::from_secs(5));
+        sleep(Duration::from_secs(5));
         Err(err)
     } else {
         Ok(())

component/build.rs

@@ -119,7 +119,7 @@ fn main() {
 
         let sentry = 0x1000e200;
 
-        // by default component is 146 kib
+        // by default component is 146 - 147 kib
         // this leaves about 8 kib of space in maximum size configuration
         let textoffset = gen_addr(0, 0x10000, &mut rng);
         let rodataoffset = 0;

component/src/component_driver.rs

@@ -1,10 +1,8 @@
-use core::time::Duration;
-
 use max78000_hal::i2c::MAX_I2C_MESSAGE_LEN;
 use serde::{Serialize, Deserialize};
 use design_utils::{I2C_FREQUENCY, component_id_to_i2c_addr};
 use design_utils::messages::ProtocolError;
-use max78000_hal::{ClientI2c, Peripherals, Trng, timer};
+use max78000_hal::{ClientI2c, Peripherals, Trng};
 
 use crate::ComponentError;
 use crate::ectf_params::COMPONENT_ID;
@@ -92,8 +90,4 @@ impl ComponentDriver {
     pub fn gen_nonce(&mut self) -> u64 {
         self.chacha.next_u64()
     }
-
-    pub fn sleep(&mut self, duration: Duration) {
-        timer::sleep(duration);
-    }
 }

component/src/main.rs

@@ -20,7 +20,7 @@ use design_utils::messages::{
 use design_utils::str::concat;
 use max78000_hal::prelude::*;
 use max78000_hal::HalError;
-use max78000_hal::timer::timeout;
+use max78000_hal::timer::{sleep, timeout};
 use max78000_hal::led::{led_on, led_off, Led};
 
 use ectf_params::{
@@ -61,9 +61,8 @@ fn main() -> ! {
         interrupt::enable();
     }
 
-    let mut driver = ComponentDriver::new();
-    driver.sleep(Duration::from_millis(950));
-    let mut driver = Some(driver);
+    let mut driver = Some(ComponentDriver::new());
+    sleep(Duration::from_millis(950));
 
     led_on(Led::Green);
 
@@ -85,7 +84,7 @@ fn main() -> ! {
             // i2c state will be all messed up if this fails
             // FIXME: not all errors require sending component an error
             let _ = driver.send_error();
-            driver.sleep(Duration::from_secs(5));
+            sleep(Duration::from_secs(5));
 
             uprint_error!("{error}");
         }
@@ -113,7 +112,7 @@ fn process_scan(driver: &mut ComponentDriver) -> Result<(), ComponentError> {
 
 fn process_attest(driver: &mut ComponentDriver) -> Result<(), ComponentError> {
     // I think this should make getting rng samples a little harder
-    driver.sleep(Duration::from_millis(300));
+    sleep(Duration::from_millis(300));
 
     let nonce = driver.gen_nonce();
     driver.send_struct(nonce)?;

component/src/post_boot/messaging.rs

@@ -1,6 +1,6 @@
 use core::time::Duration;
 
-use max78000_hal::timer::timeout;
+use max78000_hal::timer::{timeout, sleep};
 use design_utils::crypto::{sign, verify_signature};
 use tinyvec::ArrayVec;
 use design_utils::{multi_if, MAX_POST_BOOT_MESSAGE_SIZE};
@@ -53,7 +53,7 @@ pub fn secure_receive(
     };
 
     // make pulling rng samples more annoying
-    driver.sleep(Duration::from_millis(300));
+    sleep(Duration::from_millis(300));
 
     let nonce = driver.gen_nonce();
 

component/src/post_boot/mod.rs

@@ -25,6 +25,7 @@ unsafe fn with_driver<T>(f: impl FnOnce(&mut ComponentDriver) -> T) -> T {
 }
 
 pub fn boot(driver: ComponentDriver) -> ! {
+    // safety: no other code has a reference to the component driver at this time
     unsafe {
         COMPONENT_DRIVER = Some(driver);
     }
@@ -43,6 +44,7 @@ extern "C" fn secure_send(buffer: *const u8, len: u8) {
         slice::from_raw_parts(buffer, len.into())
     };
 
+    // safety: no other code is using the component driver at this time
     unsafe { 
         with_driver(|driver| messaging::secure_send(driver, message))
             .expect("secure send failed");
@@ -57,6 +59,7 @@ extern "C" fn secure_receive(buffer: *mut u8) -> c_int {
     };
 
     // messaging::secure_recieve ensrues recv_len does not exceed MAX_POST_BOOT_MESSAGE_SIZE
+    // safety: no other code is using the component driver at this time
     let recv_len = unsafe {
         with_driver(|driver| messaging::secure_receive(driver, recv_buf))
             .expect("secure receive failed")