Do not use writeable flash regions for persistent storage

They don't play well with DFU.

src/ctap/storage.rs

@@ -138,12 +138,15 @@ const PAGE_SIZE: usize = 0x100;
 #[cfg(not(feature = "ram_storage"))]
 const PAGE_SIZE: usize = 0x1000;
 
+// We have the following layout:
+// 0x00000-0x2ffff: Tock
+// 0x30000-0x3ffff: Padding
+// 0x40000-0xbffff: App
+// 0xc0000-0xfffff: Store
+const STORE_ADDR: usize = 0xC0000;
+const STORE_SIZE_LIMIT: usize = 0x40000;
 const STORE_SIZE: usize = NUM_PAGES * PAGE_SIZE;
 
-#[cfg(not(any(test, feature = "ram_storage")))]
-#[link_section = ".app_state"]
-static STORE: [u8; STORE_SIZE] = [0xff; STORE_SIZE];
-
 impl PersistentStore {
     /// Gives access to the persistent store.
     ///
@@ -164,9 +167,11 @@ impl PersistentStore {
 
     #[cfg(not(any(test, feature = "ram_storage")))]
     fn new_prod_storage() -> Storage {
+        // This should ideally be a compile-time assert, but Rust doesn't have native support.
+        assert!(STORE_SIZE <= STORE_SIZE_LIMIT);
         let store = unsafe {
             // Safety: The store cannot alias because this function is called only once.
-            core::slice::from_raw_parts_mut(STORE.as_ptr() as *mut u8, STORE_SIZE)
+            core::slice::from_raw_parts_mut(STORE_ADDR as *mut u8, STORE_SIZE)
         };
         unsafe {
             // Safety: The store is in a writeable flash region.