1 /* 2 * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <errno.h> 9 #include <string.h> 10 11 #include <platform_def.h> 12 13 #include <arch_helpers.h> 14 #include <bl1/bl1.h> 15 #include <common/bl_common.h> 16 #include <common/debug.h> 17 #include <context.h> 18 #include <drivers/auth/auth_mod.h> 19 #include <lib/el3_runtime/context_mgmt.h> 20 #include <lib/utils.h> 21 #include <plat/common/platform.h> 22 #include <smccc_helpers.h> 23 24 #include "bl1_private.h" 25 26 /* 27 * Function declarations. 28 */ 29 static int bl1_fwu_image_copy(unsigned int image_id, 30 uintptr_t image_src, 31 unsigned int block_size, 32 unsigned int image_size, 33 unsigned int flags); 34 static int bl1_fwu_image_auth(unsigned int image_id, 35 uintptr_t image_src, 36 unsigned int image_size, 37 unsigned int flags); 38 static int bl1_fwu_image_execute(unsigned int image_id, 39 void **handle, 40 unsigned int flags); 41 static register_t bl1_fwu_image_resume(register_t image_param, 42 void **handle, 43 unsigned int flags); 44 static int bl1_fwu_sec_image_done(void **handle, 45 unsigned int flags); 46 static int bl1_fwu_image_reset(unsigned int image_id, 47 unsigned int flags); 48 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved); 49 50 /* 51 * This keeps track of last executed secure image id. 52 */ 53 static unsigned int sec_exec_image_id = INVALID_IMAGE_ID; 54 55 /******************************************************************************* 56 * Top level handler for servicing FWU SMCs. 57 ******************************************************************************/ 58 u_register_t bl1_fwu_smc_handler(unsigned int smc_fid, 59 u_register_t x1, 60 u_register_t x2, 61 u_register_t x3, 62 u_register_t x4, 63 void *cookie, 64 void *handle, 65 unsigned int flags) 66 { 67 68 switch (smc_fid) { 69 case FWU_SMC_IMAGE_COPY: 70 SMC_RET1(handle, bl1_fwu_image_copy((uint32_t)x1, x2, 71 (uint32_t)x3, (uint32_t)x4, flags)); 72 73 case FWU_SMC_IMAGE_AUTH: 74 SMC_RET1(handle, bl1_fwu_image_auth((uint32_t)x1, x2, 75 (uint32_t)x3, flags)); 76 77 case FWU_SMC_IMAGE_EXECUTE: 78 SMC_RET1(handle, bl1_fwu_image_execute((uint32_t)x1, &handle, 79 flags)); 80 81 case FWU_SMC_IMAGE_RESUME: 82 SMC_RET1(handle, bl1_fwu_image_resume((register_t)x1, &handle, 83 flags)); 84 85 case FWU_SMC_SEC_IMAGE_DONE: 86 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags)); 87 88 case FWU_SMC_IMAGE_RESET: 89 SMC_RET1(handle, bl1_fwu_image_reset((uint32_t)x1, flags)); 90 91 case FWU_SMC_UPDATE_DONE: 92 bl1_fwu_done((void *)x1, NULL); 93 94 default: 95 assert(false); /* Unreachable */ 96 break; 97 } 98 99 SMC_RET1(handle, SMC_UNK); 100 } 101 102 /******************************************************************************* 103 * Utility functions to keep track of the images that are loaded at any time. 104 ******************************************************************************/ 105 106 #ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES 107 #define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES 108 #else 109 #define FWU_MAX_SIMULTANEOUS_IMAGES 10 110 #endif 111 112 static unsigned int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = { 113 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID 114 }; 115 116 /* 117 * Adds an image_id to the bl1_fwu_loaded_ids array. 118 * Returns 0 on success, 1 on error. 119 */ 120 static int bl1_fwu_add_loaded_id(unsigned int image_id) 121 { 122 int i; 123 124 /* Check if the ID is already in the list */ 125 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 126 if (bl1_fwu_loaded_ids[i] == image_id) 127 return 0; 128 } 129 130 /* Find an empty slot */ 131 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 132 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) { 133 bl1_fwu_loaded_ids[i] = image_id; 134 return 0; 135 } 136 } 137 138 return 1; 139 } 140 141 /* 142 * Removes an image_id from the bl1_fwu_loaded_ids array. 143 * Returns 0 on success, 1 on error. 144 */ 145 static int bl1_fwu_remove_loaded_id(unsigned int image_id) 146 { 147 int i; 148 149 /* Find the ID */ 150 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 151 if (bl1_fwu_loaded_ids[i] == image_id) { 152 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID; 153 return 0; 154 } 155 } 156 157 return 1; 158 } 159 160 /******************************************************************************* 161 * This function checks if the specified image overlaps another image already 162 * loaded. It returns 0 if there is no overlap, a negative error code otherwise. 163 ******************************************************************************/ 164 static int bl1_fwu_image_check_overlaps(unsigned int image_id) 165 { 166 const image_desc_t *desc, *checked_desc; 167 const image_info_t *info, *checked_info; 168 169 uintptr_t image_base, image_end; 170 uintptr_t checked_image_base, checked_image_end; 171 172 checked_desc = bl1_plat_get_image_desc(image_id); 173 174 assert(checked_desc != NULL); 175 176 checked_info = &checked_desc->image_info; 177 178 /* Image being checked mustn't be empty. */ 179 assert(checked_info->image_size != 0); 180 181 checked_image_base = checked_info->image_base; 182 checked_image_end = checked_image_base + checked_info->image_size - 1; 183 /* No need to check for overflows, it's done in bl1_fwu_image_copy(). */ 184 185 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 186 187 /* Skip INVALID_IMAGE_IDs and don't check image against itself */ 188 if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) || 189 (bl1_fwu_loaded_ids[i] == image_id)) 190 continue; 191 192 desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]); 193 194 /* Only check images that are loaded or being loaded. */ 195 assert ((desc != NULL) && (desc->state != IMAGE_STATE_RESET)); 196 197 info = &desc->image_info; 198 199 /* There cannot be overlaps with an empty image. */ 200 if (info->image_size == 0) 201 continue; 202 203 image_base = info->image_base; 204 image_end = image_base + info->image_size - 1; 205 /* 206 * Overflows cannot happen. It is checked in 207 * bl1_fwu_image_copy() when the image goes from RESET to 208 * COPYING or COPIED. 209 */ 210 assert (image_end > image_base); 211 212 /* Check if there are overlaps. */ 213 if (!((image_end < checked_image_base) || 214 (checked_image_end < image_base))) { 215 VERBOSE("Image with ID %d overlaps existing image with ID %d", 216 checked_desc->image_id, desc->image_id); 217 return -EPERM; 218 } 219 } 220 221 return 0; 222 } 223 224 /******************************************************************************* 225 * This function is responsible for copying secure images in AP Secure RAM. 226 ******************************************************************************/ 227 static int bl1_fwu_image_copy(unsigned int image_id, 228 uintptr_t image_src, 229 unsigned int block_size, 230 unsigned int image_size, 231 unsigned int flags) 232 { 233 uintptr_t dest_addr; 234 unsigned int remaining; 235 image_desc_t *desc; 236 237 /* Get the image descriptor. */ 238 desc = bl1_plat_get_image_desc(image_id); 239 if (desc == NULL) { 240 WARN("BL1-FWU: Invalid image ID %u\n", image_id); 241 return -EPERM; 242 } 243 244 /* 245 * The request must originate from a non-secure caller and target a 246 * secure image. Any other scenario is invalid. 247 */ 248 if (GET_SECURITY_STATE(flags) == SECURE) { 249 WARN("BL1-FWU: Copy not allowed from secure world.\n"); 250 return -EPERM; 251 } 252 if (GET_SECURITY_STATE(desc->ep_info.h.attr) == NON_SECURE) { 253 WARN("BL1-FWU: Copy not allowed for non-secure images.\n"); 254 return -EPERM; 255 } 256 257 /* Check whether the FWU state machine is in the correct state. */ 258 if ((desc->state != IMAGE_STATE_RESET) && 259 (desc->state != IMAGE_STATE_COPYING)) { 260 WARN("BL1-FWU: Copy not allowed at this point of the FWU" 261 " process.\n"); 262 return -EPERM; 263 } 264 265 if ((image_src == 0U) || (block_size == 0U) || 266 check_uptr_overflow(image_src, block_size - 1)) { 267 WARN("BL1-FWU: Copy not allowed due to invalid image source" 268 " or block size\n"); 269 return -ENOMEM; 270 } 271 272 if (desc->state == IMAGE_STATE_COPYING) { 273 /* 274 * There must have been at least 1 copy operation for this image 275 * previously. 276 */ 277 assert(desc->copied_size != 0U); 278 /* 279 * The image size must have been recorded in the 1st copy 280 * operation. 281 */ 282 image_size = desc->image_info.image_size; 283 assert(image_size != 0); 284 assert(desc->copied_size < image_size); 285 286 INFO("BL1-FWU: Continuing image copy in blocks\n"); 287 } else { /* desc->state == IMAGE_STATE_RESET */ 288 INFO("BL1-FWU: Initial call to copy an image\n"); 289 290 /* 291 * image_size is relevant only for the 1st copy request, it is 292 * then ignored for subsequent calls for this image. 293 */ 294 if (image_size == 0) { 295 WARN("BL1-FWU: Copy not allowed due to invalid image" 296 " size\n"); 297 return -ENOMEM; 298 } 299 300 /* Check that the image size to load is within limit */ 301 if (image_size > desc->image_info.image_max_size) { 302 WARN("BL1-FWU: Image size out of bounds\n"); 303 return -ENOMEM; 304 } 305 306 /* Save the given image size. */ 307 desc->image_info.image_size = image_size; 308 309 /* Make sure the image doesn't overlap other images. */ 310 if (bl1_fwu_image_check_overlaps(image_id) != 0) { 311 desc->image_info.image_size = 0; 312 WARN("BL1-FWU: This image overlaps another one\n"); 313 return -EPERM; 314 } 315 316 /* 317 * copied_size must be explicitly initialized here because the 318 * FWU code doesn't necessarily do it when it resets the state 319 * machine. 320 */ 321 desc->copied_size = 0; 322 } 323 324 /* 325 * If the given block size is more than the total image size 326 * then clip the former to the latter. 327 */ 328 remaining = image_size - desc->copied_size; 329 if (block_size > remaining) { 330 WARN("BL1-FWU: Block size is too big, clipping it.\n"); 331 block_size = remaining; 332 } 333 334 /* Make sure the source image is mapped in memory. */ 335 if (bl1_plat_mem_check(image_src, block_size, flags) != 0) { 336 WARN("BL1-FWU: Source image is not mapped.\n"); 337 return -ENOMEM; 338 } 339 340 if (bl1_fwu_add_loaded_id(image_id) != 0) { 341 WARN("BL1-FWU: Too many images loaded at the same time.\n"); 342 return -ENOMEM; 343 } 344 345 /* Allow the platform to handle pre-image load before copying */ 346 if (desc->state == IMAGE_STATE_RESET) { 347 if (bl1_plat_handle_pre_image_load(image_id) != 0) { 348 ERROR("BL1-FWU: Failure in pre-image load of image id %d\n", 349 image_id); 350 return -EPERM; 351 } 352 } 353 354 /* Everything looks sane. Go ahead and copy the block of data. */ 355 dest_addr = desc->image_info.image_base + desc->copied_size; 356 (void)memcpy((void *) dest_addr, (const void *) image_src, block_size); 357 flush_dcache_range(dest_addr, block_size); 358 359 desc->copied_size += block_size; 360 desc->state = (block_size == remaining) ? 361 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING; 362 363 INFO("BL1-FWU: Copy operation successful.\n"); 364 return 0; 365 } 366 367 /******************************************************************************* 368 * This function is responsible for authenticating Normal/Secure images. 369 ******************************************************************************/ 370 static int bl1_fwu_image_auth(unsigned int image_id, 371 uintptr_t image_src, 372 unsigned int image_size, 373 unsigned int flags) 374 { 375 int result; 376 uintptr_t base_addr; 377 unsigned int total_size; 378 image_desc_t *desc; 379 380 /* Get the image descriptor. */ 381 desc = bl1_plat_get_image_desc(image_id); 382 if (desc == NULL) 383 return -EPERM; 384 385 if (GET_SECURITY_STATE(flags) == SECURE) { 386 if (desc->state != IMAGE_STATE_RESET) { 387 WARN("BL1-FWU: Authentication from secure world " 388 "while in invalid state\n"); 389 return -EPERM; 390 } 391 } else { 392 if (GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE) { 393 if (desc->state != IMAGE_STATE_COPIED) { 394 WARN("BL1-FWU: Authentication of secure image " 395 "from non-secure world while not in copied state\n"); 396 return -EPERM; 397 } 398 } else { 399 if (desc->state != IMAGE_STATE_RESET) { 400 WARN("BL1-FWU: Authentication of non-secure image " 401 "from non-secure world while in invalid state\n"); 402 return -EPERM; 403 } 404 } 405 } 406 407 if (desc->state == IMAGE_STATE_COPIED) { 408 /* 409 * Image is in COPIED state. 410 * Use the stored address and size. 411 */ 412 base_addr = desc->image_info.image_base; 413 total_size = desc->image_info.image_size; 414 } else { 415 if ((image_src == 0U) || (image_size == 0U) || 416 check_uptr_overflow(image_src, image_size - 1)) { 417 WARN("BL1-FWU: Auth not allowed due to invalid" 418 " image source/size\n"); 419 return -ENOMEM; 420 } 421 422 /* 423 * Image is in RESET state. 424 * Check the parameters and authenticate the source image in place. 425 */ 426 if (bl1_plat_mem_check(image_src, image_size, 427 desc->ep_info.h.attr) != 0) { 428 WARN("BL1-FWU: Authentication arguments source/size not mapped\n"); 429 return -ENOMEM; 430 } 431 432 if (bl1_fwu_add_loaded_id(image_id) != 0) { 433 WARN("BL1-FWU: Too many images loaded at the same time.\n"); 434 return -ENOMEM; 435 } 436 437 base_addr = image_src; 438 total_size = image_size; 439 440 /* Update the image size in the descriptor. */ 441 desc->image_info.image_size = total_size; 442 } 443 444 /* 445 * Authenticate the image. 446 */ 447 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id); 448 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size); 449 if (result != 0) { 450 WARN("BL1-FWU: Authentication Failed err=%d\n", result); 451 452 /* 453 * Authentication has failed. 454 * Clear the memory if the image was copied. 455 * This is to prevent an attack where this contains 456 * some malicious code that can somehow be executed later. 457 */ 458 if (desc->state == IMAGE_STATE_COPIED) { 459 /* Clear the memory.*/ 460 zero_normalmem((void *)base_addr, total_size); 461 flush_dcache_range(base_addr, total_size); 462 463 /* Indicate that image can be copied again*/ 464 desc->state = IMAGE_STATE_RESET; 465 } 466 467 /* 468 * Even if this fails it's ok because the ID isn't in the array. 469 * The image cannot be in RESET state here, it is checked at the 470 * beginning of the function. 471 */ 472 (void)bl1_fwu_remove_loaded_id(image_id); 473 return -EAUTH; 474 } 475 476 /* Indicate that image is in authenticated state. */ 477 desc->state = IMAGE_STATE_AUTHENTICATED; 478 479 /* Allow the platform to handle post-image load */ 480 result = bl1_plat_handle_post_image_load(image_id); 481 if (result != 0) { 482 ERROR("BL1-FWU: Failure %d in post-image load of image id %d\n", 483 result, image_id); 484 /* 485 * Panic here as the platform handling of post-image load is 486 * not correct. 487 */ 488 plat_error_handler(result); 489 } 490 491 /* 492 * Flush image_info to memory so that other 493 * secure world images can see changes. 494 */ 495 flush_dcache_range((uintptr_t)&desc->image_info, 496 sizeof(image_info_t)); 497 498 INFO("BL1-FWU: Authentication was successful\n"); 499 500 return 0; 501 } 502 503 /******************************************************************************* 504 * This function is responsible for executing Secure images. 505 ******************************************************************************/ 506 static int bl1_fwu_image_execute(unsigned int image_id, 507 void **handle, 508 unsigned int flags) 509 { 510 /* Get the image descriptor. */ 511 image_desc_t *desc = bl1_plat_get_image_desc(image_id); 512 513 /* 514 * Execution is NOT allowed if: 515 * image_id is invalid OR 516 * Caller is from Secure world OR 517 * Image is Non-Secure OR 518 * Image is Non-Executable OR 519 * Image is NOT in AUTHENTICATED state. 520 */ 521 if ((desc == NULL) || 522 (GET_SECURITY_STATE(flags) == SECURE) || 523 (GET_SECURITY_STATE(desc->ep_info.h.attr) == NON_SECURE) || 524 (EP_GET_EXE(desc->ep_info.h.attr) == NON_EXECUTABLE) || 525 (desc->state != IMAGE_STATE_AUTHENTICATED)) { 526 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n"); 527 return -EPERM; 528 } 529 530 INFO("BL1-FWU: Executing Secure image\n"); 531 532 #ifdef __aarch64__ 533 /* Save NS-EL1 system registers. */ 534 cm_el1_sysregs_context_save(NON_SECURE); 535 #endif 536 537 /* Prepare the image for execution. */ 538 bl1_prepare_next_image(image_id); 539 540 /* Update the secure image id. */ 541 sec_exec_image_id = image_id; 542 543 #ifdef __aarch64__ 544 *handle = cm_get_context(SECURE); 545 #else 546 *handle = smc_get_ctx(SECURE); 547 #endif 548 return 0; 549 } 550 551 /******************************************************************************* 552 * This function is responsible for resuming execution in the other security 553 * world 554 ******************************************************************************/ 555 static register_t bl1_fwu_image_resume(register_t image_param, 556 void **handle, 557 unsigned int flags) 558 { 559 image_desc_t *desc; 560 unsigned int resume_sec_state; 561 unsigned int caller_sec_state = GET_SECURITY_STATE(flags); 562 563 /* Get the image descriptor for last executed secure image id. */ 564 desc = bl1_plat_get_image_desc(sec_exec_image_id); 565 if (caller_sec_state == NON_SECURE) { 566 if (desc == NULL) { 567 WARN("BL1-FWU: Resume not allowed due to no available" 568 "secure image\n"); 569 return -EPERM; 570 } 571 } else { 572 /* desc must be valid for secure world callers */ 573 assert(desc != NULL); 574 } 575 576 assert(GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE); 577 assert(EP_GET_EXE(desc->ep_info.h.attr) == EXECUTABLE); 578 579 if (caller_sec_state == SECURE) { 580 assert(desc->state == IMAGE_STATE_EXECUTED); 581 582 /* Update the flags. */ 583 desc->state = IMAGE_STATE_INTERRUPTED; 584 resume_sec_state = NON_SECURE; 585 } else { 586 assert(desc->state == IMAGE_STATE_INTERRUPTED); 587 588 /* Update the flags. */ 589 desc->state = IMAGE_STATE_EXECUTED; 590 resume_sec_state = SECURE; 591 } 592 593 INFO("BL1-FWU: Resuming %s world context\n", 594 (resume_sec_state == SECURE) ? "secure" : "normal"); 595 596 #ifdef __aarch64__ 597 /* Save the EL1 system registers of calling world. */ 598 cm_el1_sysregs_context_save(caller_sec_state); 599 600 /* Restore the EL1 system registers of resuming world. */ 601 cm_el1_sysregs_context_restore(resume_sec_state); 602 603 /* Update the next context. */ 604 cm_set_next_eret_context(resume_sec_state); 605 606 *handle = cm_get_context(resume_sec_state); 607 #else 608 /* Update the next context. */ 609 cm_set_next_context(cm_get_context(resume_sec_state)); 610 611 /* Prepare the smc context for the next BL image. */ 612 smc_set_next_ctx(resume_sec_state); 613 614 *handle = smc_get_ctx(resume_sec_state); 615 #endif 616 return image_param; 617 } 618 619 /******************************************************************************* 620 * This function is responsible for resuming normal world context. 621 ******************************************************************************/ 622 static int bl1_fwu_sec_image_done(void **handle, unsigned int flags) 623 { 624 image_desc_t *desc; 625 626 /* Make sure caller is from the secure world */ 627 if (GET_SECURITY_STATE(flags) == NON_SECURE) { 628 WARN("BL1-FWU: Image done not allowed from normal world\n"); 629 return -EPERM; 630 } 631 632 /* Get the image descriptor for last executed secure image id */ 633 desc = bl1_plat_get_image_desc(sec_exec_image_id); 634 635 /* desc must correspond to a valid secure executing image */ 636 assert(desc != NULL); 637 assert(GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE); 638 assert(EP_GET_EXE(desc->ep_info.h.attr) == EXECUTABLE); 639 assert(desc->state == IMAGE_STATE_EXECUTED); 640 641 #if ENABLE_ASSERTIONS 642 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id); 643 assert(rc == 0); 644 #else 645 bl1_fwu_remove_loaded_id(sec_exec_image_id); 646 #endif 647 648 /* Update the flags. */ 649 desc->state = IMAGE_STATE_RESET; 650 sec_exec_image_id = INVALID_IMAGE_ID; 651 652 INFO("BL1-FWU: Resuming Normal world context\n"); 653 #ifdef __aarch64__ 654 /* 655 * Secure world is done so no need to save the context. 656 * Just restore the Non-Secure context. 657 */ 658 cm_el1_sysregs_context_restore(NON_SECURE); 659 660 /* Update the next context. */ 661 cm_set_next_eret_context(NON_SECURE); 662 663 *handle = cm_get_context(NON_SECURE); 664 #else 665 /* Update the next context. */ 666 cm_set_next_context(cm_get_context(NON_SECURE)); 667 668 /* Prepare the smc context for the next BL image. */ 669 smc_set_next_ctx(NON_SECURE); 670 671 *handle = smc_get_ctx(NON_SECURE); 672 #endif 673 return 0; 674 } 675 676 /******************************************************************************* 677 * This function provides the opportunity for users to perform any 678 * platform specific handling after the Firmware update is done. 679 ******************************************************************************/ 680 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved) 681 { 682 NOTICE("BL1-FWU: *******FWU Process Completed*******\n"); 683 684 /* 685 * Call platform done function. 686 */ 687 bl1_plat_fwu_done(client_cookie, reserved); 688 assert(false); 689 } 690 691 /******************************************************************************* 692 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is 693 * being executed. 694 ******************************************************************************/ 695 static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags) 696 { 697 image_desc_t *desc = bl1_plat_get_image_desc(image_id); 698 699 if ((desc == NULL) || (GET_SECURITY_STATE(flags) == SECURE)) { 700 WARN("BL1-FWU: Reset not allowed due to invalid args\n"); 701 return -EPERM; 702 } 703 704 switch (desc->state) { 705 706 case IMAGE_STATE_RESET: 707 /* Nothing to do. */ 708 break; 709 710 case IMAGE_STATE_INTERRUPTED: 711 case IMAGE_STATE_AUTHENTICATED: 712 case IMAGE_STATE_COPIED: 713 case IMAGE_STATE_COPYING: 714 715 if (bl1_fwu_remove_loaded_id(image_id) != 0) { 716 WARN("BL1-FWU: Image reset couldn't find the image ID\n"); 717 return -EPERM; 718 } 719 720 if (desc->copied_size != 0U) { 721 /* Clear the memory if the image is copied */ 722 assert(GET_SECURITY_STATE(desc->ep_info.h.attr) 723 == SECURE); 724 725 zero_normalmem((void *)desc->image_info.image_base, 726 desc->copied_size); 727 flush_dcache_range(desc->image_info.image_base, 728 desc->copied_size); 729 } 730 731 /* Reset status variables */ 732 desc->copied_size = 0; 733 desc->image_info.image_size = 0; 734 desc->state = IMAGE_STATE_RESET; 735 736 /* Clear authentication state */ 737 auth_img_flags[image_id] = 0; 738 739 break; 740 741 case IMAGE_STATE_EXECUTED: 742 default: 743 assert(false); /* Unreachable */ 744 break; 745 } 746 747 return 0; 748 } 749