bl1_fwu.c 20.9 KB
Newer Older
1
/*
Ambroise Vincent's avatar
Ambroise Vincent committed
2
 * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
3
 *
dp-arm's avatar
dp-arm committed
4
 * SPDX-License-Identifier: BSD-3-Clause
5
6
 */

Isla Mitchell's avatar
Isla Mitchell committed
7
#include <assert.h>
8
#include <errno.h>
9
10
#include <string.h>

11
#include <platform_def.h>
12
13
14
15
16
17
18
19
20
21

#include <arch_helpers.h>
#include <bl1/bl1.h>
#include <common/bl_common.h>
#include <common/debug.h>
#include <context.h>
#include <drivers/auth/auth_mod.h>
#include <lib/el3_runtime/context_mgmt.h>
#include <lib/utils.h>
#include <plat/common/platform.h>
Antonio Nino Diaz's avatar
Antonio Nino Diaz committed
22
#include <smccc_helpers.h>
23

24
25
26
27
28
29
#include "bl1_private.h"

/*
 * Function declarations.
 */
static int bl1_fwu_image_copy(unsigned int image_id,
Roberto Vargas's avatar
Roberto Vargas committed
30
			uintptr_t image_src,
31
32
33
34
			unsigned int block_size,
			unsigned int image_size,
			unsigned int flags);
static int bl1_fwu_image_auth(unsigned int image_id,
Roberto Vargas's avatar
Roberto Vargas committed
35
			uintptr_t image_src,
36
37
38
39
40
			unsigned int image_size,
			unsigned int flags);
static int bl1_fwu_image_execute(unsigned int image_id,
			void **handle,
			unsigned int flags);
41
static register_t bl1_fwu_image_resume(register_t image_param,
42
43
44
45
			void **handle,
			unsigned int flags);
static int bl1_fwu_sec_image_done(void **handle,
			unsigned int flags);
46
47
static int bl1_fwu_image_reset(unsigned int image_id,
			unsigned int flags);
48
__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved);
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

/*
 * This keeps track of last executed secure image id.
 */
static unsigned int sec_exec_image_id = INVALID_IMAGE_ID;

/*******************************************************************************
 * Top level handler for servicing FWU SMCs.
 ******************************************************************************/
register_t bl1_fwu_smc_handler(unsigned int smc_fid,
			register_t x1,
			register_t x2,
			register_t x3,
			register_t x4,
			void *cookie,
			void *handle,
			unsigned int flags)
{

	switch (smc_fid) {
	case FWU_SMC_IMAGE_COPY:
		SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags));

	case FWU_SMC_IMAGE_AUTH:
		SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags));

	case FWU_SMC_IMAGE_EXECUTE:
		SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags));

	case FWU_SMC_IMAGE_RESUME:
79
		SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags));
80
81
82
83

	case FWU_SMC_SEC_IMAGE_DONE:
		SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags));

84
85
86
	case FWU_SMC_IMAGE_RESET:
		SMC_RET1(handle, bl1_fwu_image_reset(x1, flags));

87
	case FWU_SMC_UPDATE_DONE:
88
		bl1_fwu_done((void *)x1, NULL);
89
90

	default:
91
		assert(0); /* Unreachable */
92
93
94
		break;
	}

95
	SMC_RET1(handle, SMC_UNK);
96
97
}

98
99
100
101
102
103
104
105
106
107
/*******************************************************************************
 * Utility functions to keep track of the images that are loaded at any time.
 ******************************************************************************/

#ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
#define FWU_MAX_SIMULTANEOUS_IMAGES	PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
#else
#define FWU_MAX_SIMULTANEOUS_IMAGES	10
#endif

Ambroise Vincent's avatar
Ambroise Vincent committed
108
static unsigned int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = {
109
110
111
112
113
114
115
	[0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID
};

/*
 * Adds an image_id to the bl1_fwu_loaded_ids array.
 * Returns 0 on success, 1 on error.
 */
Ambroise Vincent's avatar
Ambroise Vincent committed
116
static int bl1_fwu_add_loaded_id(unsigned int image_id)
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
{
	int i;

	/* Check if the ID is already in the list */
	for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
		if (bl1_fwu_loaded_ids[i] == image_id)
			return 0;
	}

	/* Find an empty slot */
	for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
		if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) {
			bl1_fwu_loaded_ids[i] = image_id;
			return 0;
		}
	}

	return 1;
}

/*
 * Removes an image_id from the bl1_fwu_loaded_ids array.
 * Returns 0 on success, 1 on error.
 */
Ambroise Vincent's avatar
Ambroise Vincent committed
141
static int bl1_fwu_remove_loaded_id(unsigned int image_id)
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
{
	int i;

	/* Find the ID */
	for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
		if (bl1_fwu_loaded_ids[i] == image_id) {
			bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID;
			return 0;
		}
	}

	return 1;
}

/*******************************************************************************
 * This function checks if the specified image overlaps another image already
 * loaded. It returns 0 if there is no overlap, a negative error code otherwise.
 ******************************************************************************/
Ambroise Vincent's avatar
Ambroise Vincent committed
160
static int bl1_fwu_image_check_overlaps(unsigned int image_id)
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
{
	const image_desc_t *image_desc, *checked_image_desc;
	const image_info_t *info, *checked_info;

	uintptr_t image_base, image_end;
	uintptr_t checked_image_base, checked_image_end;

	checked_image_desc = bl1_plat_get_image_desc(image_id);
	checked_info = &checked_image_desc->image_info;

	/* Image being checked mustn't be empty. */
	assert(checked_info->image_size != 0);

	checked_image_base = checked_info->image_base;
	checked_image_end = checked_image_base + checked_info->image_size - 1;
Soby Mathew's avatar
Soby Mathew committed
176
	/* No need to check for overflows, it's done in bl1_fwu_image_copy(). */
177
178
179

	for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {

Soby Mathew's avatar
Soby Mathew committed
180
181
182
		/* Skip INVALID_IMAGE_IDs and don't check image against itself */
		if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) ||
				(bl1_fwu_loaded_ids[i] == image_id))
183
184
185
186
187
			continue;

		image_desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]);

		/* Only check images that are loaded or being loaded. */
Soby Mathew's avatar
Soby Mathew committed
188
		assert (image_desc && image_desc->state != IMAGE_STATE_RESET);
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216

		info = &image_desc->image_info;

		/* There cannot be overlaps with an empty image. */
		if (info->image_size == 0)
			continue;

		image_base = info->image_base;
		image_end = image_base + info->image_size - 1;
		/*
		 * Overflows cannot happen. It is checked in
		 * bl1_fwu_image_copy() when the image goes from RESET to
		 * COPYING or COPIED.
		 */
		assert (image_end > image_base);

		/* Check if there are overlaps. */
		if (!(image_end < checked_image_base ||
		    checked_image_end < image_base)) {
			VERBOSE("Image with ID %d overlaps existing image with ID %d",
				checked_image_desc->image_id, image_desc->image_id);
			return -EPERM;
		}
	}

	return 0;
}

217
218
219
220
221
222
223
224
225
/*******************************************************************************
 * This function is responsible for copying secure images in AP Secure RAM.
 ******************************************************************************/
static int bl1_fwu_image_copy(unsigned int image_id,
			uintptr_t image_src,
			unsigned int block_size,
			unsigned int image_size,
			unsigned int flags)
{
226
	uintptr_t dest_addr;
227
	unsigned int remaining;
228
229
230

	/* Get the image descriptor. */
	image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
231
232
233
234
	if (!image_desc) {
		WARN("BL1-FWU: Invalid image ID %u\n", image_id);
		return -EPERM;
	}
235

236
237
238
239
240
241
242
243
244
245
	/*
	 * The request must originate from a non-secure caller and target a
	 * secure image. Any other scenario is invalid.
	 */
	if (GET_SECURITY_STATE(flags) == SECURE) {
		WARN("BL1-FWU: Copy not allowed from secure world.\n");
		return -EPERM;
	}
	if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) {
		WARN("BL1-FWU: Copy not allowed for non-secure images.\n");
246
247
248
		return -EPERM;
	}

249
250
251
252
253
	/* Check whether the FWU state machine is in the correct state. */
	if ((image_desc->state != IMAGE_STATE_RESET) &&
	    (image_desc->state != IMAGE_STATE_COPYING)) {
		WARN("BL1-FWU: Copy not allowed at this point of the FWU"
			" process.\n");
254
255
256
		return -EPERM;
	}

257
258
	if ((!image_src) || (!block_size) ||
	    check_uptr_overflow(image_src, block_size - 1)) {
259
260
261
262
263
264
		WARN("BL1-FWU: Copy not allowed due to invalid image source"
			" or block size\n");
		return -ENOMEM;
	}

	if (image_desc->state == IMAGE_STATE_COPYING) {
265
266
267
268
269
270
271
272
273
		/*
		 * There must have been at least 1 copy operation for this image
		 * previously.
		 */
		assert(image_desc->copied_size != 0);
		/*
		 * The image size must have been recorded in the 1st copy
		 * operation.
		 */
274
		image_size = image_desc->image_info.image_size;
275
276
277
		assert(image_size != 0);
		assert(image_desc->copied_size < image_size);

278
		INFO("BL1-FWU: Continuing image copy in blocks\n");
279
280
	} else { /* image_desc->state == IMAGE_STATE_RESET */
		INFO("BL1-FWU: Initial call to copy an image\n");
281

282
283
284
285
		/*
		 * image_size is relevant only for the 1st copy request, it is
		 * then ignored for subsequent calls for this image.
		 */
286
		if (!image_size) {
287
288
			WARN("BL1-FWU: Copy not allowed due to invalid image"
				" size\n");
289
290
291
			return -ENOMEM;
		}

292
293
294
295
296
		/* Check that the image size to load is within limit */
		if (image_size > image_desc->image_info.image_max_size) {
			WARN("BL1-FWU: Image size out of bounds\n");
			return -ENOMEM;
		}
297

298
		/* Save the given image size. */
299
300
		image_desc->image_info.image_size = image_size;

301
302
303
304
305
306
307
		/* Make sure the image doesn't overlap other images. */
		if (bl1_fwu_image_check_overlaps(image_id)) {
			image_desc->image_info.image_size = 0;
			WARN("BL1-FWU: This image overlaps another one\n");
			return -EPERM;
		}

308
309
310
311
312
313
314
		/*
		 * copied_size must be explicitly initialized here because the
		 * FWU code doesn't necessarily do it when it resets the state
		 * machine.
		 */
		image_desc->copied_size = 0;
	}
315

316
317
318
319
320
321
322
323
324
	/*
	 * If the given block size is more than the total image size
	 * then clip the former to the latter.
	 */
	remaining = image_size - image_desc->copied_size;
	if (block_size > remaining) {
		WARN("BL1-FWU: Block size is too big, clipping it.\n");
		block_size = remaining;
	}
325

326
327
328
329
	/* Make sure the source image is mapped in memory. */
	if (bl1_plat_mem_check(image_src, block_size, flags)) {
		WARN("BL1-FWU: Source image is not mapped.\n");
		return -ENOMEM;
330
331
	}

332
333
334
335
336
	if (bl1_fwu_add_loaded_id(image_id)) {
		WARN("BL1-FWU: Too many images loaded at the same time.\n");
		return -ENOMEM;
	}

337
338
339
340
341
342
343
344
345
	/* Allow the platform to handle pre-image load before copying */
	if (image_desc->state == IMAGE_STATE_RESET) {
		if (bl1_plat_handle_pre_image_load(image_id) != 0) {
			ERROR("BL1-FWU: Failure in pre-image load of image id %d\n",
					image_id);
			return -EPERM;
		}
	}

346
347
348
349
350
351
352
353
354
355
	/* Everything looks sane. Go ahead and copy the block of data. */
	dest_addr = image_desc->image_info.image_base + image_desc->copied_size;
	memcpy((void *) dest_addr, (const void *) image_src, block_size);
	flush_dcache_range(dest_addr, block_size);

	image_desc->copied_size += block_size;
	image_desc->state = (block_size == remaining) ?
		IMAGE_STATE_COPIED : IMAGE_STATE_COPYING;

	INFO("BL1-FWU: Copy operation successful.\n");
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
	return 0;
}

/*******************************************************************************
 * This function is responsible for authenticating Normal/Secure images.
 ******************************************************************************/
static int bl1_fwu_image_auth(unsigned int image_id,
			uintptr_t image_src,
			unsigned int image_size,
			unsigned int flags)
{
	int result;
	uintptr_t base_addr;
	unsigned int total_size;

	/* Get the image descriptor. */
	image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
	if (!image_desc)
		return -EPERM;

376
	if (GET_SECURITY_STATE(flags) == SECURE) {
377
378
379
380
381
382
		if (image_desc->state != IMAGE_STATE_RESET) {
			WARN("BL1-FWU: Authentication from secure world "
				"while in invalid state\n");
			return -EPERM;
		}
	} else {
383
		if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) {
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
			if (image_desc->state != IMAGE_STATE_COPIED) {
				WARN("BL1-FWU: Authentication of secure image "
					"from non-secure world while not in copied state\n");
				return -EPERM;
			}
		} else {
			if (image_desc->state != IMAGE_STATE_RESET) {
				WARN("BL1-FWU: Authentication of non-secure image "
					"from non-secure world while in invalid state\n");
				return -EPERM;
			}
		}
	}

	if (image_desc->state == IMAGE_STATE_COPIED) {
		/*
		 * Image is in COPIED state.
		 * Use the stored address and size.
		 */
		base_addr = image_desc->image_info.image_base;
		total_size = image_desc->image_info.image_size;
	} else {
406
407
		if ((!image_src) || (!image_size) ||
		    check_uptr_overflow(image_src, image_size - 1)) {
408
409
410
411
412
413
414
415
416
			WARN("BL1-FWU: Auth not allowed due to invalid"
				" image source/size\n");
			return -ENOMEM;
		}

		/*
		 * Image is in RESET state.
		 * Check the parameters and authenticate the source image in place.
		 */
417
418
		if (bl1_plat_mem_check(image_src, image_size,	\
					image_desc->ep_info.h.attr)) {
419
420
421
422
			WARN("BL1-FWU: Authentication arguments source/size not mapped\n");
			return -ENOMEM;
		}

423
424
425
426
427
		if (bl1_fwu_add_loaded_id(image_id)) {
			WARN("BL1-FWU: Too many images loaded at the same time.\n");
			return -ENOMEM;
		}

428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
		base_addr = image_src;
		total_size = image_size;

		/* Update the image size in the descriptor. */
		image_desc->image_info.image_size = total_size;
	}

	/*
	 * Authenticate the image.
	 */
	INFO("BL1-FWU: Authenticating image_id:%d\n", image_id);
	result = auth_mod_verify_img(image_id, (void *)base_addr, total_size);
	if (result != 0) {
		WARN("BL1-FWU: Authentication Failed err=%d\n", result);

		/*
		 * Authentication has failed.
		 * Clear the memory if the image was copied.
		 * This is to prevent an attack where this contains
		 * some malicious code that can somehow be executed later.
		 */
		if (image_desc->state == IMAGE_STATE_COPIED) {
			/* Clear the memory.*/
451
			zero_normalmem((void *)base_addr, total_size);
452
453
454
455
456
			flush_dcache_range(base_addr, total_size);

			/* Indicate that image can be copied again*/
			image_desc->state = IMAGE_STATE_RESET;
		}
457
458
459
460
461
462
463

		/*
		 * Even if this fails it's ok because the ID isn't in the array.
		 * The image cannot be in RESET state here, it is checked at the
		 * beginning of the function.
		 */
		bl1_fwu_remove_loaded_id(image_id);
464
465
466
467
468
469
		return -EAUTH;
	}

	/* Indicate that image is in authenticated state. */
	image_desc->state = IMAGE_STATE_AUTHENTICATED;

470
471
472
473
474
475
476
477
478
479
480
481
	/* Allow the platform to handle post-image load */
	result = bl1_plat_handle_post_image_load(image_id);
	if (result != 0) {
		ERROR("BL1-FWU: Failure %d in post-image load of image id %d\n",
				result, image_id);
		/*
		 * Panic here as the platform handling of post-image load is
		 * not correct.
		 */
		plat_error_handler(result);
	}

482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
	/*
	 * Flush image_info to memory so that other
	 * secure world images can see changes.
	 */
	flush_dcache_range((unsigned long)&image_desc->image_info,
		sizeof(image_info_t));

	INFO("BL1-FWU: Authentication was successful\n");

	return 0;
}

/*******************************************************************************
 * This function is responsible for executing Secure images.
 ******************************************************************************/
static int bl1_fwu_image_execute(unsigned int image_id,
			void **handle,
			unsigned int flags)
{
	/* Get the image descriptor. */
	image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);

	/*
	 * Execution is NOT allowed if:
506
	 * image_id is invalid OR
507
508
509
510
511
512
	 * Caller is from Secure world OR
	 * Image is Non-Secure OR
	 * Image is Non-Executable OR
	 * Image is NOT in AUTHENTICATED state.
	 */
	if ((!image_desc) ||
513
514
515
516
	    (GET_SECURITY_STATE(flags) == SECURE) ||
	    (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) ||
	    (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) ||
	    (image_desc->state != IMAGE_STATE_AUTHENTICATED)) {
517
518
519
520
521
522
		WARN("BL1-FWU: Execution not allowed due to invalid state/args\n");
		return -EPERM;
	}

	INFO("BL1-FWU: Executing Secure image\n");

523
#ifdef AARCH64
524
525
	/* Save NS-EL1 system registers. */
	cm_el1_sysregs_context_save(NON_SECURE);
526
#endif
527
528
529
530
531
532
533

	/* Prepare the image for execution. */
	bl1_prepare_next_image(image_id);

	/* Update the secure image id. */
	sec_exec_image_id = image_id;

534
#ifdef AARCH64
535
	*handle = cm_get_context(SECURE);
536
537
538
#else
	*handle = smc_get_ctx(SECURE);
#endif
539
540
541
542
	return 0;
}

/*******************************************************************************
543
544
 * This function is responsible for resuming execution in the other security
 * world
545
 ******************************************************************************/
546
static register_t bl1_fwu_image_resume(register_t image_param,
547
548
549
550
551
			void **handle,
			unsigned int flags)
{
	image_desc_t *image_desc;
	unsigned int resume_sec_state;
552
	unsigned int caller_sec_state = GET_SECURITY_STATE(flags);
553

554
555
556
557
558
559
	/* Get the image descriptor for last executed secure image id. */
	image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
	if (caller_sec_state == NON_SECURE) {
		if (!image_desc) {
			WARN("BL1-FWU: Resume not allowed due to no available"
				"secure image\n");
560
561
			return -EPERM;
		}
562
563
564
565
566
	} else {
		/* image_desc must be valid for secure world callers */
		assert(image_desc);
	}

567
568
	assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
	assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
569
570
571

	if (caller_sec_state == SECURE) {
		assert(image_desc->state == IMAGE_STATE_EXECUTED);
572
573
574
575
576

		/* Update the flags. */
		image_desc->state = IMAGE_STATE_INTERRUPTED;
		resume_sec_state = NON_SECURE;
	} else {
577
		assert(image_desc->state == IMAGE_STATE_INTERRUPTED);
578
579
580
581
582
583

		/* Update the flags. */
		image_desc->state = IMAGE_STATE_EXECUTED;
		resume_sec_state = SECURE;
	}

584
585
586
587
	INFO("BL1-FWU: Resuming %s world context\n",
		(resume_sec_state == SECURE) ? "secure" : "normal");

#ifdef AARCH64
588
	/* Save the EL1 system registers of calling world. */
589
	cm_el1_sysregs_context_save(caller_sec_state);
590
591
592
593
594
595
596
597

	/* Restore the EL1 system registers of resuming world. */
	cm_el1_sysregs_context_restore(resume_sec_state);

	/* Update the next context. */
	cm_set_next_eret_context(resume_sec_state);

	*handle = cm_get_context(resume_sec_state);
598
599
600
601
602
603
604
605
606
#else
	/* Update the next context. */
	cm_set_next_context(cm_get_context(resume_sec_state));

	/* Prepare the smc context for the next BL image. */
	smc_set_next_ctx(resume_sec_state);

	*handle = smc_get_ctx(resume_sec_state);
#endif
607
608
609
610
611
612
613
614
	return image_param;
}

/*******************************************************************************
 * This function is responsible for resuming normal world context.
 ******************************************************************************/
static int bl1_fwu_sec_image_done(void **handle, unsigned int flags)
{
615
	image_desc_t *image_desc;
616

617
	/* Make sure caller is from the secure world */
618
	if (GET_SECURITY_STATE(flags) == NON_SECURE) {
619
		WARN("BL1-FWU: Image done not allowed from normal world\n");
620
621
622
		return -EPERM;
	}

623
624
625
626
627
	/* Get the image descriptor for last executed secure image id */
	image_desc = bl1_plat_get_image_desc(sec_exec_image_id);

	/* image_desc must correspond to a valid secure executing image */
	assert(image_desc);
628
629
	assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
	assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
630
631
	assert(image_desc->state == IMAGE_STATE_EXECUTED);

632
633
634
635
636
637
638
#if ENABLE_ASSERTIONS
	int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id);
	assert(rc == 0);
#else
	bl1_fwu_remove_loaded_id(sec_exec_image_id);
#endif

639
640
641
642
	/* Update the flags. */
	image_desc->state = IMAGE_STATE_RESET;
	sec_exec_image_id = INVALID_IMAGE_ID;

643
644
	INFO("BL1-FWU: Resuming Normal world context\n");
#ifdef AARCH64
645
646
647
648
649
650
651
652
653
654
	/*
	 * Secure world is done so no need to save the context.
	 * Just restore the Non-Secure context.
	 */
	cm_el1_sysregs_context_restore(NON_SECURE);

	/* Update the next context. */
	cm_set_next_eret_context(NON_SECURE);

	*handle = cm_get_context(NON_SECURE);
655
656
657
658
659
660
661
662
663
#else
	/* Update the next context. */
	cm_set_next_context(cm_get_context(NON_SECURE));

	/* Prepare the smc context for the next BL image. */
	smc_set_next_ctx(NON_SECURE);

	*handle = smc_get_ctx(NON_SECURE);
#endif
664
665
666
667
668
669
670
	return 0;
}

/*******************************************************************************
 * This function provides the opportunity for users to perform any
 * platform specific handling after the Firmware update is done.
 ******************************************************************************/
671
__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved)
672
673
674
675
676
677
{
	NOTICE("BL1-FWU: *******FWU Process Completed*******\n");

	/*
	 * Call platform done function.
	 */
678
	bl1_plat_fwu_done(client_cookie, reserved);
679
680
	assert(0);
}
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710

/*******************************************************************************
 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is
 * being executed.
 ******************************************************************************/
static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags)
{
	image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);

	if ((!image_desc) || (GET_SECURITY_STATE(flags) == SECURE)) {
		WARN("BL1-FWU: Reset not allowed due to invalid args\n");
		return -EPERM;
	}

	switch (image_desc->state) {

	case IMAGE_STATE_RESET:
		/* Nothing to do. */
		break;

	case IMAGE_STATE_INTERRUPTED:
	case IMAGE_STATE_AUTHENTICATED:
	case IMAGE_STATE_COPIED:
	case IMAGE_STATE_COPYING:

		if (bl1_fwu_remove_loaded_id(image_id)) {
			WARN("BL1-FWU: Image reset couldn't find the image ID\n");
			return -EPERM;
		}

Soby Mathew's avatar
Soby Mathew committed
711
712
713
714
715
716
717
718
719
		if (image_desc->copied_size) {
			/* Clear the memory if the image is copied */
			assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);

			zero_normalmem((void *)image_desc->image_info.image_base,
					image_desc->copied_size);
			flush_dcache_range(image_desc->image_info.image_base,
					image_desc->copied_size);
		}
720
721
722
723
724
725
726
727
728
729
730
731
732

		/* Reset status variables */
		image_desc->copied_size = 0;
		image_desc->image_info.image_size = 0;
		image_desc->state = IMAGE_STATE_RESET;

		/* Clear authentication state */
		auth_img_flags[image_id] = 0;

		break;

	case IMAGE_STATE_EXECUTED:
	default:
733
		assert(0); /* Unreachable */
734
		break;
735
736
737
738
	}

	return 0;
}