1 /*
2 * Copyright (c) 2015-2026, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <errno.h>
9 #include <string.h>
10
11 #include <platform_def.h>
12
13 #include <arch_helpers.h>
14 #include <bl1/bl1.h>
15 #include <common/bl_common.h>
16 #include <common/debug.h>
17 #include <context.h>
18 #include <drivers/auth/auth_mod.h>
19 #include <lib/el3_runtime/context_mgmt.h>
20 #include <lib/utils.h>
21 #include <plat/common/platform.h>
22 #include <smccc_helpers.h>
23
24 #include "bl1_private.h"
25
26 /*
27 * Function declarations.
28 */
29 static int bl1_fwu_image_copy(unsigned int image_id,
30 uintptr_t image_src,
31 unsigned int block_size,
32 unsigned int image_size,
33 unsigned int flags);
34 static int bl1_fwu_image_auth(unsigned int image_id,
35 uintptr_t image_src,
36 unsigned int image_size,
37 unsigned int flags);
38 static int bl1_fwu_image_execute(unsigned int image_id,
39 void **handle,
40 unsigned int flags);
41 static register_t bl1_fwu_image_resume(register_t image_param,
42 void **handle,
43 unsigned int flags);
44 static int bl1_fwu_sec_image_done(void **handle,
45 unsigned int flags);
46 static int bl1_fwu_image_reset(unsigned int image_id,
47 unsigned int flags);
48 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved);
49
50 /*
51 * This keeps track of last executed secure image id.
52 */
53 static unsigned int sec_exec_image_id = INVALID_IMAGE_ID;
54
55 /*******************************************************************************
56 * Top level handler for servicing FWU SMCs.
57 ******************************************************************************/
bl1_fwu_smc_handler(unsigned int smc_fid,u_register_t x1,u_register_t x2,u_register_t x3,u_register_t x4,void * cookie,void * handle,unsigned int flags)58 u_register_t bl1_fwu_smc_handler(unsigned int smc_fid,
59 u_register_t x1,
60 u_register_t x2,
61 u_register_t x3,
62 u_register_t x4,
63 void *cookie,
64 void *handle,
65 unsigned int flags)
66 {
67
68 switch (smc_fid) {
69 case FWU_SMC_IMAGE_COPY:
70 SMC_RET1(handle, bl1_fwu_image_copy((uint32_t)x1, x2,
71 (uint32_t)x3, (uint32_t)x4, flags));
72
73 case FWU_SMC_IMAGE_AUTH:
74 SMC_RET1(handle, bl1_fwu_image_auth((uint32_t)x1, x2,
75 (uint32_t)x3, flags));
76
77 case FWU_SMC_IMAGE_EXECUTE:
78 SMC_RET1(handle, bl1_fwu_image_execute((uint32_t)x1, &handle,
79 flags));
80
81 case FWU_SMC_IMAGE_RESUME:
82 SMC_RET1(handle, bl1_fwu_image_resume((register_t)x1, &handle,
83 flags));
84
85 case FWU_SMC_SEC_IMAGE_DONE:
86 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags));
87
88 case FWU_SMC_IMAGE_RESET:
89 SMC_RET1(handle, bl1_fwu_image_reset((uint32_t)x1, flags));
90
91 case FWU_SMC_UPDATE_DONE:
92 bl1_fwu_done((void *)x1, NULL);
93
94 default:
95 assert(false); /* Unreachable */
96 break;
97 }
98
99 SMC_RET1(handle, SMC_UNK);
100 }
101
102 /*******************************************************************************
103 * Utility functions to keep track of the images that are loaded at any time.
104 ******************************************************************************/
105
106 #ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
107 #define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
108 #else
109 #define FWU_MAX_SIMULTANEOUS_IMAGES 10
110 #endif
111
112 static unsigned int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = {
113 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID
114 };
115
116 /*
117 * Adds an image_id to the bl1_fwu_loaded_ids array.
118 * Returns 0 on success, 1 on error.
119 */
bl1_fwu_add_loaded_id(unsigned int image_id)120 static int bl1_fwu_add_loaded_id(unsigned int image_id)
121 {
122 int i;
123
124 /* Check if the ID is already in the list */
125 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
126 if (bl1_fwu_loaded_ids[i] == image_id)
127 return 0;
128 }
129
130 /* Find an empty slot */
131 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
132 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) {
133 bl1_fwu_loaded_ids[i] = image_id;
134 return 0;
135 }
136 }
137
138 return 1;
139 }
140
141 /*
142 * Removes an image_id from the bl1_fwu_loaded_ids array.
143 * Returns 0 on success, 1 on error.
144 */
bl1_fwu_remove_loaded_id(unsigned int image_id)145 static int bl1_fwu_remove_loaded_id(unsigned int image_id)
146 {
147 int i;
148
149 /* Find the ID */
150 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
151 if (bl1_fwu_loaded_ids[i] == image_id) {
152 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID;
153 return 0;
154 }
155 }
156
157 return 1;
158 }
159
160 /*******************************************************************************
161 * This function checks if the specified image overlaps another image already
162 * loaded. It returns 0 if there is no overlap, a negative error code otherwise.
163 ******************************************************************************/
bl1_fwu_image_check_overlaps(unsigned int image_id)164 static int bl1_fwu_image_check_overlaps(unsigned int image_id)
165 {
166 const image_desc_t *desc, *checked_desc;
167 const image_info_t *info, *checked_info;
168
169 uintptr_t image_base, image_end;
170 uintptr_t checked_image_base, checked_image_end;
171
172 checked_desc = bl1_plat_get_image_desc(image_id);
173
174 assert(checked_desc != NULL);
175
176 checked_info = &checked_desc->image_info;
177
178 /* Image being checked mustn't be empty. */
179 assert(checked_info->image_size != 0);
180
181 checked_image_base = checked_info->image_base;
182 checked_image_end = checked_image_base + checked_info->image_size - 1;
183 /* No need to check for overflows, it's done in bl1_fwu_image_copy(). */
184
185 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
186
187 /* Skip INVALID_IMAGE_IDs and don't check image against itself */
188 if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) ||
189 (bl1_fwu_loaded_ids[i] == image_id))
190 continue;
191
192 desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]);
193
194 /* Only check images that are loaded or being loaded. */
195 assert ((desc != NULL) && (desc->state != IMAGE_STATE_RESET));
196
197 info = &desc->image_info;
198
199 /* There cannot be overlaps with an empty image. */
200 if (info->image_size == 0)
201 continue;
202
203 image_base = info->image_base;
204 image_end = image_base + info->image_size - 1;
205 /*
206 * Overflows cannot happen. It is checked in
207 * bl1_fwu_image_copy() when the image goes from RESET to
208 * COPYING or COPIED.
209 */
210 assert (image_end > image_base);
211
212 /* Check if there are overlaps. */
213 if (!((image_end < checked_image_base) ||
214 (checked_image_end < image_base))) {
215 VERBOSE("Image with ID %d overlaps existing image with ID %d",
216 checked_desc->image_id, desc->image_id);
217 return -EPERM;
218 }
219 }
220
221 return 0;
222 }
223
224 /*******************************************************************************
225 * This function is responsible for copying secure images in AP Secure RAM.
226 ******************************************************************************/
bl1_fwu_image_copy(unsigned int image_id,uintptr_t image_src,unsigned int block_size,unsigned int image_size,unsigned int flags)227 static int bl1_fwu_image_copy(unsigned int image_id,
228 uintptr_t image_src,
229 unsigned int block_size,
230 unsigned int image_size,
231 unsigned int flags)
232 {
233 uintptr_t dest_addr;
234 unsigned int remaining;
235 image_desc_t *desc;
236
237 /* Get the image descriptor. */
238 desc = bl1_plat_get_image_desc(image_id);
239 if (desc == NULL) {
240 WARN("BL1-FWU: Invalid image ID %u\n", image_id);
241 return -EPERM;
242 }
243
244 /*
245 * The request must originate from a non-secure caller and target a
246 * secure image. Any other scenario is invalid.
247 */
248 if (GET_SECURITY_STATE(flags) == SECURE) {
249 WARN("BL1-FWU: Copy not allowed from secure world.\n");
250 return -EPERM;
251 }
252 if (GET_SECURITY_STATE(desc->ep_info.h.attr) == NON_SECURE) {
253 WARN("BL1-FWU: Copy not allowed for non-secure images.\n");
254 return -EPERM;
255 }
256
257 /* Check whether the FWU state machine is in the correct state. */
258 if ((desc->state != IMAGE_STATE_RESET) &&
259 (desc->state != IMAGE_STATE_COPYING)) {
260 WARN("BL1-FWU: Copy not allowed at this point of the FWU"
261 " process.\n");
262 return -EPERM;
263 }
264
265 if ((image_src == 0U) || (block_size == 0U) ||
266 check_uptr_overflow(image_src, block_size - 1)) {
267 WARN("BL1-FWU: Copy not allowed due to invalid image source"
268 " or block size\n");
269 return -ENOMEM;
270 }
271
272 if (desc->state == IMAGE_STATE_COPYING) {
273 /*
274 * There must have been at least 1 copy operation for this image
275 * previously.
276 */
277 assert(desc->copied_size != 0U);
278 /*
279 * The image size must have been recorded in the 1st copy
280 * operation.
281 */
282 image_size = desc->image_info.image_size;
283 assert(image_size != 0);
284 assert(desc->copied_size < image_size);
285
286 INFO("BL1-FWU: Continuing image copy in blocks\n");
287 } else { /* desc->state == IMAGE_STATE_RESET */
288 INFO("BL1-FWU: Initial call to copy an image\n");
289
290 /*
291 * image_size is relevant only for the 1st copy request, it is
292 * then ignored for subsequent calls for this image.
293 */
294 if (image_size == 0) {
295 WARN("BL1-FWU: Copy not allowed due to invalid image"
296 " size\n");
297 return -ENOMEM;
298 }
299
300 /* Check that the image size to load is within limit */
301 if (image_size > desc->image_info.image_max_size) {
302 WARN("BL1-FWU: Image size out of bounds\n");
303 return -ENOMEM;
304 }
305
306 /* Save the given image size. */
307 desc->image_info.image_size = image_size;
308
309 /* Make sure the image doesn't overlap other images. */
310 if (bl1_fwu_image_check_overlaps(image_id) != 0) {
311 desc->image_info.image_size = 0;
312 WARN("BL1-FWU: This image overlaps another one\n");
313 return -EPERM;
314 }
315
316 /*
317 * copied_size must be explicitly initialized here because the
318 * FWU code doesn't necessarily do it when it resets the state
319 * machine.
320 */
321 desc->copied_size = 0;
322 }
323
324 /*
325 * If the given block size is more than the total image size
326 * then clip the former to the latter.
327 */
328 remaining = image_size - desc->copied_size;
329 if (block_size > remaining) {
330 WARN("BL1-FWU: Block size is too big, clipping it.\n");
331 block_size = remaining;
332 }
333
334 /* Make sure the source image is mapped in memory. */
335 if (bl1_plat_mem_check(image_src, block_size, flags) != 0) {
336 WARN("BL1-FWU: Source image is not mapped.\n");
337 return -ENOMEM;
338 }
339
340 if (bl1_fwu_add_loaded_id(image_id) != 0) {
341 WARN("BL1-FWU: Too many images loaded at the same time.\n");
342 return -ENOMEM;
343 }
344
345 /* Allow the platform to handle pre-image load before copying */
346 if (desc->state == IMAGE_STATE_RESET) {
347 if (bl1_plat_handle_pre_image_load(image_id) != 0) {
348 ERROR("BL1-FWU: Failure in pre-image load of image id %d\n",
349 image_id);
350 (void)bl1_fwu_remove_loaded_id(image_id);
351 return -EPERM;
352 }
353 }
354
355 /* Everything looks sane. Go ahead and copy the block of data. */
356 dest_addr = desc->image_info.image_base + desc->copied_size;
357 (void)memcpy((void *) dest_addr, (const void *) image_src, block_size);
358 flush_dcache_range(dest_addr, block_size);
359
360 desc->copied_size += block_size;
361 desc->state = (block_size == remaining) ?
362 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING;
363
364 INFO("BL1-FWU: Copy operation successful.\n");
365 return 0;
366 }
367
368 /*******************************************************************************
369 * This function is responsible for authenticating Normal/Secure images.
370 ******************************************************************************/
bl1_fwu_image_auth(unsigned int image_id,uintptr_t image_src,unsigned int image_size,unsigned int flags)371 static int bl1_fwu_image_auth(unsigned int image_id,
372 uintptr_t image_src,
373 unsigned int image_size,
374 unsigned int flags)
375 {
376 int result;
377 uintptr_t base_addr;
378 unsigned int total_size;
379 image_desc_t *desc;
380
381 /* Get the image descriptor. */
382 desc = bl1_plat_get_image_desc(image_id);
383 if (desc == NULL)
384 return -EPERM;
385
386 if (GET_SECURITY_STATE(flags) == SECURE) {
387 if (desc->state != IMAGE_STATE_RESET) {
388 WARN("BL1-FWU: Authentication from secure world "
389 "while in invalid state\n");
390 return -EPERM;
391 }
392 } else {
393 if (GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE) {
394 if (desc->state != IMAGE_STATE_COPIED) {
395 WARN("BL1-FWU: Authentication of secure image "
396 "from non-secure world while not in copied state\n");
397 return -EPERM;
398 }
399 } else {
400 if (desc->state != IMAGE_STATE_RESET) {
401 WARN("BL1-FWU: Authentication of non-secure image "
402 "from non-secure world while in invalid state\n");
403 return -EPERM;
404 }
405 }
406 }
407
408 if (desc->state == IMAGE_STATE_COPIED) {
409 /*
410 * Image is in COPIED state.
411 * Use the stored address and size.
412 */
413 base_addr = desc->image_info.image_base;
414 total_size = desc->image_info.image_size;
415 } else {
416 if ((image_src == 0U) || (image_size == 0U) ||
417 check_uptr_overflow(image_src, image_size - 1)) {
418 WARN("BL1-FWU: Auth not allowed due to invalid"
419 " image source/size\n");
420 return -ENOMEM;
421 }
422
423 /*
424 * Image is in RESET state.
425 * Check the parameters and authenticate the source image in place.
426 */
427 if (bl1_plat_mem_check(image_src, image_size,
428 desc->ep_info.h.attr) != 0) {
429 WARN("BL1-FWU: Authentication arguments source/size not mapped\n");
430 return -ENOMEM;
431 }
432
433 if (bl1_fwu_add_loaded_id(image_id) != 0) {
434 WARN("BL1-FWU: Too many images loaded at the same time.\n");
435 return -ENOMEM;
436 }
437
438 base_addr = image_src;
439 total_size = image_size;
440
441 /* Update the image size in the descriptor. */
442 desc->image_info.image_size = total_size;
443 }
444
445 /*
446 * Authenticate the image.
447 */
448 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id);
449 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size);
450 if (result != 0) {
451 WARN("BL1-FWU: Authentication Failed err=%d\n", result);
452
453 /*
454 * Authentication has failed.
455 * Clear the memory if the image was copied.
456 * This is to prevent an attack where this contains
457 * some malicious code that can somehow be executed later.
458 */
459 if (desc->state == IMAGE_STATE_COPIED) {
460 /* Clear the memory.*/
461 zero_normalmem((void *)base_addr, total_size);
462 flush_dcache_range(base_addr, total_size);
463
464 /* Indicate that image can be copied again*/
465 desc->state = IMAGE_STATE_RESET;
466 }
467
468 /*
469 * Even if this fails it's ok because the ID isn't in the array.
470 * The image cannot be in RESET state here, it is checked at the
471 * beginning of the function.
472 */
473 (void)bl1_fwu_remove_loaded_id(image_id);
474 return -EAUTH;
475 }
476
477 /* Indicate that image is in authenticated state. */
478 desc->state = IMAGE_STATE_AUTHENTICATED;
479
480 /* Allow the platform to handle post-image load */
481 result = bl1_plat_handle_post_image_load(image_id);
482 if (result != 0) {
483 ERROR("BL1-FWU: Failure %d in post-image load of image id %d\n",
484 result, image_id);
485 /*
486 * Panic here as the platform handling of post-image load is
487 * not correct.
488 */
489 plat_error_handler(result);
490 }
491
492 /*
493 * Flush image_info to memory so that other
494 * secure world images can see changes.
495 */
496 flush_dcache_range((uintptr_t)&desc->image_info,
497 sizeof(image_info_t));
498
499 INFO("BL1-FWU: Authentication was successful\n");
500
501 return 0;
502 }
503
504 /*******************************************************************************
505 * This function is responsible for executing Secure images.
506 ******************************************************************************/
bl1_fwu_image_execute(unsigned int image_id,void ** handle,unsigned int flags)507 static int bl1_fwu_image_execute(unsigned int image_id,
508 void **handle,
509 unsigned int flags)
510 {
511 /* Get the image descriptor. */
512 image_desc_t *desc = bl1_plat_get_image_desc(image_id);
513
514 /*
515 * Execution is NOT allowed if:
516 * image_id is invalid OR
517 * Caller is from Secure world OR
518 * Image is Non-Secure OR
519 * Image is Non-Executable OR
520 * Image is NOT in AUTHENTICATED state.
521 */
522 if ((desc == NULL) ||
523 (GET_SECURITY_STATE(flags) == SECURE) ||
524 (GET_SECURITY_STATE(desc->ep_info.h.attr) == NON_SECURE) ||
525 (EP_GET_EXE(desc->ep_info.h.attr) == NON_EXECUTABLE) ||
526 (desc->state != IMAGE_STATE_AUTHENTICATED)) {
527 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n");
528 return -EPERM;
529 }
530
531 INFO("BL1-FWU: Executing Secure image\n");
532
533 #ifdef __aarch64__
534 /* Save NS-EL1 system registers. */
535 cm_el1_sysregs_context_save(NON_SECURE);
536 #endif
537
538 /* Prepare the image for execution. */
539 bl1_prepare_next_image(image_id);
540
541 /* Update the secure image id. */
542 sec_exec_image_id = image_id;
543
544 #ifdef __aarch64__
545 *handle = cm_get_context(SECURE);
546 #else
547 *handle = smc_get_ctx(SECURE);
548 #endif
549 return 0;
550 }
551
552 /*******************************************************************************
553 * This function is responsible for resuming execution in the other security
554 * world
555 ******************************************************************************/
bl1_fwu_image_resume(register_t image_param,void ** handle,unsigned int flags)556 static register_t bl1_fwu_image_resume(register_t image_param,
557 void **handle,
558 unsigned int flags)
559 {
560 image_desc_t *desc;
561 unsigned int resume_sec_state;
562 unsigned int caller_sec_state = GET_SECURITY_STATE(flags);
563
564 /* Get the image descriptor for last executed secure image id. */
565 desc = bl1_plat_get_image_desc(sec_exec_image_id);
566 if (caller_sec_state == NON_SECURE) {
567 if (desc == NULL) {
568 WARN("BL1-FWU: Resume not allowed due to no available"
569 "secure image\n");
570 return -EPERM;
571 }
572 } else {
573 /* desc must be valid for secure world callers */
574 assert(desc != NULL);
575 }
576
577 assert(GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE);
578 assert(EP_GET_EXE(desc->ep_info.h.attr) == EXECUTABLE);
579
580 if (caller_sec_state == SECURE) {
581 assert(desc->state == IMAGE_STATE_EXECUTED);
582
583 /* Update the flags. */
584 desc->state = IMAGE_STATE_INTERRUPTED;
585 resume_sec_state = NON_SECURE;
586 } else {
587 assert(desc->state == IMAGE_STATE_INTERRUPTED);
588
589 /* Update the flags. */
590 desc->state = IMAGE_STATE_EXECUTED;
591 resume_sec_state = SECURE;
592 }
593
594 INFO("BL1-FWU: Resuming %s world context\n",
595 (resume_sec_state == SECURE) ? "secure" : "normal");
596
597 #ifdef __aarch64__
598 /* Save the EL1 system registers of calling world. */
599 cm_el1_sysregs_context_save(caller_sec_state);
600
601 /* Restore the EL1 system registers of resuming world. */
602 cm_el1_sysregs_context_restore(resume_sec_state);
603
604 /* Update the next context. */
605 cm_set_next_eret_context(resume_sec_state);
606
607 *handle = cm_get_context(resume_sec_state);
608 #else
609 /* Update the next context. */
610 cm_set_next_context(cm_get_context(resume_sec_state));
611
612 /* Prepare the smc context for the next BL image. */
613 smc_set_next_ctx(resume_sec_state);
614
615 *handle = smc_get_ctx(resume_sec_state);
616 #endif
617 return image_param;
618 }
619
620 /*******************************************************************************
621 * This function is responsible for resuming normal world context.
622 ******************************************************************************/
bl1_fwu_sec_image_done(void ** handle,unsigned int flags)623 static int bl1_fwu_sec_image_done(void **handle, unsigned int flags)
624 {
625 image_desc_t *desc;
626
627 /* Make sure caller is from the secure world */
628 if (GET_SECURITY_STATE(flags) == NON_SECURE) {
629 WARN("BL1-FWU: Image done not allowed from normal world\n");
630 return -EPERM;
631 }
632
633 /* Get the image descriptor for last executed secure image id */
634 desc = bl1_plat_get_image_desc(sec_exec_image_id);
635
636 /* desc must correspond to a valid secure executing image */
637 assert(desc != NULL);
638 assert(GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE);
639 assert(EP_GET_EXE(desc->ep_info.h.attr) == EXECUTABLE);
640 assert(desc->state == IMAGE_STATE_EXECUTED);
641
642 #if ENABLE_ASSERTIONS
643 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id);
644 assert(rc == 0);
645 #else
646 bl1_fwu_remove_loaded_id(sec_exec_image_id);
647 #endif
648
649 /* Update the flags. */
650 desc->state = IMAGE_STATE_RESET;
651 sec_exec_image_id = INVALID_IMAGE_ID;
652
653 INFO("BL1-FWU: Resuming Normal world context\n");
654 #ifdef __aarch64__
655 /*
656 * Secure world is done so no need to save the context.
657 * Just restore the Non-Secure context.
658 */
659 cm_el1_sysregs_context_restore(NON_SECURE);
660
661 /* Update the next context. */
662 cm_set_next_eret_context(NON_SECURE);
663
664 *handle = cm_get_context(NON_SECURE);
665 #else
666 /* Update the next context. */
667 cm_set_next_context(cm_get_context(NON_SECURE));
668
669 /* Prepare the smc context for the next BL image. */
670 smc_set_next_ctx(NON_SECURE);
671
672 *handle = smc_get_ctx(NON_SECURE);
673 #endif
674 return 0;
675 }
676
677 /*******************************************************************************
678 * This function provides the opportunity for users to perform any
679 * platform specific handling after the Firmware update is done.
680 ******************************************************************************/
bl1_fwu_done(void * client_cookie,void * reserved)681 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved)
682 {
683 NOTICE("BL1-FWU: *******FWU Process Completed*******\n");
684
685 /*
686 * Call platform done function.
687 */
688 bl1_plat_fwu_done(client_cookie, reserved);
689 assert(false);
690 }
691
692 /*******************************************************************************
693 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is
694 * being executed.
695 ******************************************************************************/
bl1_fwu_image_reset(unsigned int image_id,unsigned int flags)696 static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags)
697 {
698 image_desc_t *desc = bl1_plat_get_image_desc(image_id);
699
700 if ((desc == NULL) || (GET_SECURITY_STATE(flags) == SECURE)) {
701 WARN("BL1-FWU: Reset not allowed due to invalid args\n");
702 return -EPERM;
703 }
704
705 switch (desc->state) {
706
707 case IMAGE_STATE_RESET:
708 /* Nothing to do. */
709 break;
710
711 case IMAGE_STATE_INTERRUPTED:
712 case IMAGE_STATE_AUTHENTICATED:
713 case IMAGE_STATE_COPIED:
714 case IMAGE_STATE_COPYING:
715
716 if (bl1_fwu_remove_loaded_id(image_id) != 0) {
717 WARN("BL1-FWU: Image reset couldn't find the image ID\n");
718 return -EPERM;
719 }
720
721 if (desc->copied_size != 0U) {
722 /* Clear the memory if the image is copied */
723 assert(GET_SECURITY_STATE(desc->ep_info.h.attr)
724 == SECURE);
725
726 zero_normalmem((void *)desc->image_info.image_base,
727 desc->copied_size);
728 flush_dcache_range(desc->image_info.image_base,
729 desc->copied_size);
730 }
731
732 /* Reset status variables */
733 desc->copied_size = 0;
734 desc->image_info.image_size = 0;
735 desc->state = IMAGE_STATE_RESET;
736
737 /* Clear authentication state */
738 auth_img_flags[image_id] = 0;
739
740 break;
741
742 case IMAGE_STATE_EXECUTED:
743 default:
744 assert(false); /* Unreachable */
745 break;
746 }
747
748 return 0;
749 }
750