1 /* 2 * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <arch_helpers.h> 8 #include <assert.h> 9 #include <auth_mod.h> 10 #include <bl1.h> 11 #include <bl_common.h> 12 #include <context.h> 13 #include <context_mgmt.h> 14 #include <debug.h> 15 #include <errno.h> 16 #include <platform.h> 17 #include <platform_def.h> 18 #include <smccc_helpers.h> 19 #include <string.h> 20 #include <utils.h> 21 #include "bl1_private.h" 22 23 /* 24 * Function declarations. 25 */ 26 static int bl1_fwu_image_copy(unsigned int image_id, 27 uintptr_t image_src, 28 unsigned int block_size, 29 unsigned int image_size, 30 unsigned int flags); 31 static int bl1_fwu_image_auth(unsigned int image_id, 32 uintptr_t image_src, 33 unsigned int image_size, 34 unsigned int flags); 35 static int bl1_fwu_image_execute(unsigned int image_id, 36 void **handle, 37 unsigned int flags); 38 static register_t bl1_fwu_image_resume(register_t image_param, 39 void **handle, 40 unsigned int flags); 41 static int bl1_fwu_sec_image_done(void **handle, 42 unsigned int flags); 43 static int bl1_fwu_image_reset(unsigned int image_id, 44 unsigned int flags); 45 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved); 46 47 /* 48 * This keeps track of last executed secure image id. 49 */ 50 static unsigned int sec_exec_image_id = INVALID_IMAGE_ID; 51 52 /* Authentication status of each image. */ 53 extern unsigned int auth_img_flags[MAX_NUMBER_IDS]; 54 55 /******************************************************************************* 56 * Top level handler for servicing FWU SMCs. 57 ******************************************************************************/ 58 register_t bl1_fwu_smc_handler(unsigned int smc_fid, 59 register_t x1, 60 register_t x2, 61 register_t x3, 62 register_t x4, 63 void *cookie, 64 void *handle, 65 unsigned int flags) 66 { 67 68 switch (smc_fid) { 69 case FWU_SMC_IMAGE_COPY: 70 SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags)); 71 72 case FWU_SMC_IMAGE_AUTH: 73 SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags)); 74 75 case FWU_SMC_IMAGE_EXECUTE: 76 SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags)); 77 78 case FWU_SMC_IMAGE_RESUME: 79 SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags)); 80 81 case FWU_SMC_SEC_IMAGE_DONE: 82 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags)); 83 84 case FWU_SMC_IMAGE_RESET: 85 SMC_RET1(handle, bl1_fwu_image_reset(x1, flags)); 86 87 case FWU_SMC_UPDATE_DONE: 88 bl1_fwu_done((void *)x1, NULL); 89 /* We should never return from bl1_fwu_done() */ 90 break; 91 92 default: 93 assert(0); 94 break; 95 } 96 97 SMC_RET1(handle, SMC_UNK); 98 } 99 100 /******************************************************************************* 101 * Utility functions to keep track of the images that are loaded at any time. 102 ******************************************************************************/ 103 104 #ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES 105 #define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES 106 #else 107 #define FWU_MAX_SIMULTANEOUS_IMAGES 10 108 #endif 109 110 static int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = { 111 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID 112 }; 113 114 /* 115 * Adds an image_id to the bl1_fwu_loaded_ids array. 116 * Returns 0 on success, 1 on error. 117 */ 118 static int bl1_fwu_add_loaded_id(int image_id) 119 { 120 int i; 121 122 /* Check if the ID is already in the list */ 123 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 124 if (bl1_fwu_loaded_ids[i] == image_id) 125 return 0; 126 } 127 128 /* Find an empty slot */ 129 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 130 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) { 131 bl1_fwu_loaded_ids[i] = image_id; 132 return 0; 133 } 134 } 135 136 return 1; 137 } 138 139 /* 140 * Removes an image_id from the bl1_fwu_loaded_ids array. 141 * Returns 0 on success, 1 on error. 142 */ 143 static int bl1_fwu_remove_loaded_id(int image_id) 144 { 145 int i; 146 147 /* Find the ID */ 148 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 149 if (bl1_fwu_loaded_ids[i] == image_id) { 150 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID; 151 return 0; 152 } 153 } 154 155 return 1; 156 } 157 158 /******************************************************************************* 159 * This function checks if the specified image overlaps another image already 160 * loaded. It returns 0 if there is no overlap, a negative error code otherwise. 161 ******************************************************************************/ 162 static int bl1_fwu_image_check_overlaps(int image_id) 163 { 164 const image_desc_t *image_desc, *checked_image_desc; 165 const image_info_t *info, *checked_info; 166 167 uintptr_t image_base, image_end; 168 uintptr_t checked_image_base, checked_image_end; 169 170 checked_image_desc = bl1_plat_get_image_desc(image_id); 171 checked_info = &checked_image_desc->image_info; 172 173 /* Image being checked mustn't be empty. */ 174 assert(checked_info->image_size != 0); 175 176 checked_image_base = checked_info->image_base; 177 checked_image_end = checked_image_base + checked_info->image_size - 1; 178 /* No need to check for overflows, it's done in bl1_fwu_image_copy(). */ 179 180 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 181 182 /* Skip INVALID_IMAGE_IDs and don't check image against itself */ 183 if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) || 184 (bl1_fwu_loaded_ids[i] == image_id)) 185 continue; 186 187 image_desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]); 188 189 /* Only check images that are loaded or being loaded. */ 190 assert (image_desc && image_desc->state != IMAGE_STATE_RESET); 191 192 info = &image_desc->image_info; 193 194 /* There cannot be overlaps with an empty image. */ 195 if (info->image_size == 0) 196 continue; 197 198 image_base = info->image_base; 199 image_end = image_base + info->image_size - 1; 200 /* 201 * Overflows cannot happen. It is checked in 202 * bl1_fwu_image_copy() when the image goes from RESET to 203 * COPYING or COPIED. 204 */ 205 assert (image_end > image_base); 206 207 /* Check if there are overlaps. */ 208 if (!(image_end < checked_image_base || 209 checked_image_end < image_base)) { 210 VERBOSE("Image with ID %d overlaps existing image with ID %d", 211 checked_image_desc->image_id, image_desc->image_id); 212 return -EPERM; 213 } 214 } 215 216 return 0; 217 } 218 219 /******************************************************************************* 220 * This function is responsible for copying secure images in AP Secure RAM. 221 ******************************************************************************/ 222 static int bl1_fwu_image_copy(unsigned int image_id, 223 uintptr_t image_src, 224 unsigned int block_size, 225 unsigned int image_size, 226 unsigned int flags) 227 { 228 uintptr_t dest_addr; 229 unsigned int remaining; 230 231 /* Get the image descriptor. */ 232 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 233 if (!image_desc) { 234 WARN("BL1-FWU: Invalid image ID %u\n", image_id); 235 return -EPERM; 236 } 237 238 /* 239 * The request must originate from a non-secure caller and target a 240 * secure image. Any other scenario is invalid. 241 */ 242 if (GET_SECURITY_STATE(flags) == SECURE) { 243 WARN("BL1-FWU: Copy not allowed from secure world.\n"); 244 return -EPERM; 245 } 246 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) { 247 WARN("BL1-FWU: Copy not allowed for non-secure images.\n"); 248 return -EPERM; 249 } 250 251 /* Check whether the FWU state machine is in the correct state. */ 252 if ((image_desc->state != IMAGE_STATE_RESET) && 253 (image_desc->state != IMAGE_STATE_COPYING)) { 254 WARN("BL1-FWU: Copy not allowed at this point of the FWU" 255 " process.\n"); 256 return -EPERM; 257 } 258 259 if ((!image_src) || (!block_size) || 260 check_uptr_overflow(image_src, block_size - 1)) { 261 WARN("BL1-FWU: Copy not allowed due to invalid image source" 262 " or block size\n"); 263 return -ENOMEM; 264 } 265 266 if (image_desc->state == IMAGE_STATE_COPYING) { 267 /* 268 * There must have been at least 1 copy operation for this image 269 * previously. 270 */ 271 assert(image_desc->copied_size != 0); 272 /* 273 * The image size must have been recorded in the 1st copy 274 * operation. 275 */ 276 image_size = image_desc->image_info.image_size; 277 assert(image_size != 0); 278 assert(image_desc->copied_size < image_size); 279 280 INFO("BL1-FWU: Continuing image copy in blocks\n"); 281 } else { /* image_desc->state == IMAGE_STATE_RESET */ 282 INFO("BL1-FWU: Initial call to copy an image\n"); 283 284 /* 285 * image_size is relevant only for the 1st copy request, it is 286 * then ignored for subsequent calls for this image. 287 */ 288 if (!image_size) { 289 WARN("BL1-FWU: Copy not allowed due to invalid image" 290 " size\n"); 291 return -ENOMEM; 292 } 293 294 /* Check that the image size to load is within limit */ 295 if (image_size > image_desc->image_info.image_max_size) { 296 WARN("BL1-FWU: Image size out of bounds\n"); 297 return -ENOMEM; 298 } 299 300 /* Save the given image size. */ 301 image_desc->image_info.image_size = image_size; 302 303 /* Make sure the image doesn't overlap other images. */ 304 if (bl1_fwu_image_check_overlaps(image_id)) { 305 image_desc->image_info.image_size = 0; 306 WARN("BL1-FWU: This image overlaps another one\n"); 307 return -EPERM; 308 } 309 310 /* 311 * copied_size must be explicitly initialized here because the 312 * FWU code doesn't necessarily do it when it resets the state 313 * machine. 314 */ 315 image_desc->copied_size = 0; 316 } 317 318 /* 319 * If the given block size is more than the total image size 320 * then clip the former to the latter. 321 */ 322 remaining = image_size - image_desc->copied_size; 323 if (block_size > remaining) { 324 WARN("BL1-FWU: Block size is too big, clipping it.\n"); 325 block_size = remaining; 326 } 327 328 /* Make sure the source image is mapped in memory. */ 329 if (bl1_plat_mem_check(image_src, block_size, flags)) { 330 WARN("BL1-FWU: Source image is not mapped.\n"); 331 return -ENOMEM; 332 } 333 334 if (bl1_fwu_add_loaded_id(image_id)) { 335 WARN("BL1-FWU: Too many images loaded at the same time.\n"); 336 return -ENOMEM; 337 } 338 339 /* Allow the platform to handle pre-image load before copying */ 340 if (image_desc->state == IMAGE_STATE_RESET) { 341 if (bl1_plat_handle_pre_image_load(image_id) != 0) { 342 ERROR("BL1-FWU: Failure in pre-image load of image id %d\n", 343 image_id); 344 return -EPERM; 345 } 346 } 347 348 /* Everything looks sane. Go ahead and copy the block of data. */ 349 dest_addr = image_desc->image_info.image_base + image_desc->copied_size; 350 memcpy((void *) dest_addr, (const void *) image_src, block_size); 351 flush_dcache_range(dest_addr, block_size); 352 353 image_desc->copied_size += block_size; 354 image_desc->state = (block_size == remaining) ? 355 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING; 356 357 INFO("BL1-FWU: Copy operation successful.\n"); 358 return 0; 359 } 360 361 /******************************************************************************* 362 * This function is responsible for authenticating Normal/Secure images. 363 ******************************************************************************/ 364 static int bl1_fwu_image_auth(unsigned int image_id, 365 uintptr_t image_src, 366 unsigned int image_size, 367 unsigned int flags) 368 { 369 int result; 370 uintptr_t base_addr; 371 unsigned int total_size; 372 373 /* Get the image descriptor. */ 374 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 375 if (!image_desc) 376 return -EPERM; 377 378 if (GET_SECURITY_STATE(flags) == SECURE) { 379 if (image_desc->state != IMAGE_STATE_RESET) { 380 WARN("BL1-FWU: Authentication from secure world " 381 "while in invalid state\n"); 382 return -EPERM; 383 } 384 } else { 385 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) { 386 if (image_desc->state != IMAGE_STATE_COPIED) { 387 WARN("BL1-FWU: Authentication of secure image " 388 "from non-secure world while not in copied state\n"); 389 return -EPERM; 390 } 391 } else { 392 if (image_desc->state != IMAGE_STATE_RESET) { 393 WARN("BL1-FWU: Authentication of non-secure image " 394 "from non-secure world while in invalid state\n"); 395 return -EPERM; 396 } 397 } 398 } 399 400 if (image_desc->state == IMAGE_STATE_COPIED) { 401 /* 402 * Image is in COPIED state. 403 * Use the stored address and size. 404 */ 405 base_addr = image_desc->image_info.image_base; 406 total_size = image_desc->image_info.image_size; 407 } else { 408 if ((!image_src) || (!image_size) || 409 check_uptr_overflow(image_src, image_size - 1)) { 410 WARN("BL1-FWU: Auth not allowed due to invalid" 411 " image source/size\n"); 412 return -ENOMEM; 413 } 414 415 /* 416 * Image is in RESET state. 417 * Check the parameters and authenticate the source image in place. 418 */ 419 if (bl1_plat_mem_check(image_src, image_size, \ 420 image_desc->ep_info.h.attr)) { 421 WARN("BL1-FWU: Authentication arguments source/size not mapped\n"); 422 return -ENOMEM; 423 } 424 425 if (bl1_fwu_add_loaded_id(image_id)) { 426 WARN("BL1-FWU: Too many images loaded at the same time.\n"); 427 return -ENOMEM; 428 } 429 430 base_addr = image_src; 431 total_size = image_size; 432 433 /* Update the image size in the descriptor. */ 434 image_desc->image_info.image_size = total_size; 435 } 436 437 /* 438 * Authenticate the image. 439 */ 440 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id); 441 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size); 442 if (result != 0) { 443 WARN("BL1-FWU: Authentication Failed err=%d\n", result); 444 445 /* 446 * Authentication has failed. 447 * Clear the memory if the image was copied. 448 * This is to prevent an attack where this contains 449 * some malicious code that can somehow be executed later. 450 */ 451 if (image_desc->state == IMAGE_STATE_COPIED) { 452 /* Clear the memory.*/ 453 zero_normalmem((void *)base_addr, total_size); 454 flush_dcache_range(base_addr, total_size); 455 456 /* Indicate that image can be copied again*/ 457 image_desc->state = IMAGE_STATE_RESET; 458 } 459 460 /* 461 * Even if this fails it's ok because the ID isn't in the array. 462 * The image cannot be in RESET state here, it is checked at the 463 * beginning of the function. 464 */ 465 bl1_fwu_remove_loaded_id(image_id); 466 return -EAUTH; 467 } 468 469 /* Indicate that image is in authenticated state. */ 470 image_desc->state = IMAGE_STATE_AUTHENTICATED; 471 472 /* Allow the platform to handle post-image load */ 473 result = bl1_plat_handle_post_image_load(image_id); 474 if (result != 0) { 475 ERROR("BL1-FWU: Failure %d in post-image load of image id %d\n", 476 result, image_id); 477 /* 478 * Panic here as the platform handling of post-image load is 479 * not correct. 480 */ 481 plat_error_handler(result); 482 } 483 484 /* 485 * Flush image_info to memory so that other 486 * secure world images can see changes. 487 */ 488 flush_dcache_range((unsigned long)&image_desc->image_info, 489 sizeof(image_info_t)); 490 491 INFO("BL1-FWU: Authentication was successful\n"); 492 493 return 0; 494 } 495 496 /******************************************************************************* 497 * This function is responsible for executing Secure images. 498 ******************************************************************************/ 499 static int bl1_fwu_image_execute(unsigned int image_id, 500 void **handle, 501 unsigned int flags) 502 { 503 /* Get the image descriptor. */ 504 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 505 506 /* 507 * Execution is NOT allowed if: 508 * image_id is invalid OR 509 * Caller is from Secure world OR 510 * Image is Non-Secure OR 511 * Image is Non-Executable OR 512 * Image is NOT in AUTHENTICATED state. 513 */ 514 if ((!image_desc) || 515 (GET_SECURITY_STATE(flags) == SECURE) || 516 (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) || 517 (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) || 518 (image_desc->state != IMAGE_STATE_AUTHENTICATED)) { 519 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n"); 520 return -EPERM; 521 } 522 523 INFO("BL1-FWU: Executing Secure image\n"); 524 525 #ifdef AARCH64 526 /* Save NS-EL1 system registers. */ 527 cm_el1_sysregs_context_save(NON_SECURE); 528 #endif 529 530 /* Prepare the image for execution. */ 531 bl1_prepare_next_image(image_id); 532 533 /* Update the secure image id. */ 534 sec_exec_image_id = image_id; 535 536 #ifdef AARCH64 537 *handle = cm_get_context(SECURE); 538 #else 539 *handle = smc_get_ctx(SECURE); 540 #endif 541 return 0; 542 } 543 544 /******************************************************************************* 545 * This function is responsible for resuming execution in the other security 546 * world 547 ******************************************************************************/ 548 static register_t bl1_fwu_image_resume(register_t image_param, 549 void **handle, 550 unsigned int flags) 551 { 552 image_desc_t *image_desc; 553 unsigned int resume_sec_state; 554 unsigned int caller_sec_state = GET_SECURITY_STATE(flags); 555 556 /* Get the image descriptor for last executed secure image id. */ 557 image_desc = bl1_plat_get_image_desc(sec_exec_image_id); 558 if (caller_sec_state == NON_SECURE) { 559 if (!image_desc) { 560 WARN("BL1-FWU: Resume not allowed due to no available" 561 "secure image\n"); 562 return -EPERM; 563 } 564 } else { 565 /* image_desc must be valid for secure world callers */ 566 assert(image_desc); 567 } 568 569 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 570 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); 571 572 if (caller_sec_state == SECURE) { 573 assert(image_desc->state == IMAGE_STATE_EXECUTED); 574 575 /* Update the flags. */ 576 image_desc->state = IMAGE_STATE_INTERRUPTED; 577 resume_sec_state = NON_SECURE; 578 } else { 579 assert(image_desc->state == IMAGE_STATE_INTERRUPTED); 580 581 /* Update the flags. */ 582 image_desc->state = IMAGE_STATE_EXECUTED; 583 resume_sec_state = SECURE; 584 } 585 586 INFO("BL1-FWU: Resuming %s world context\n", 587 (resume_sec_state == SECURE) ? "secure" : "normal"); 588 589 #ifdef AARCH64 590 /* Save the EL1 system registers of calling world. */ 591 cm_el1_sysregs_context_save(caller_sec_state); 592 593 /* Restore the EL1 system registers of resuming world. */ 594 cm_el1_sysregs_context_restore(resume_sec_state); 595 596 /* Update the next context. */ 597 cm_set_next_eret_context(resume_sec_state); 598 599 *handle = cm_get_context(resume_sec_state); 600 #else 601 /* Update the next context. */ 602 cm_set_next_context(cm_get_context(resume_sec_state)); 603 604 /* Prepare the smc context for the next BL image. */ 605 smc_set_next_ctx(resume_sec_state); 606 607 *handle = smc_get_ctx(resume_sec_state); 608 #endif 609 return image_param; 610 } 611 612 /******************************************************************************* 613 * This function is responsible for resuming normal world context. 614 ******************************************************************************/ 615 static int bl1_fwu_sec_image_done(void **handle, unsigned int flags) 616 { 617 image_desc_t *image_desc; 618 619 /* Make sure caller is from the secure world */ 620 if (GET_SECURITY_STATE(flags) == NON_SECURE) { 621 WARN("BL1-FWU: Image done not allowed from normal world\n"); 622 return -EPERM; 623 } 624 625 /* Get the image descriptor for last executed secure image id */ 626 image_desc = bl1_plat_get_image_desc(sec_exec_image_id); 627 628 /* image_desc must correspond to a valid secure executing image */ 629 assert(image_desc); 630 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 631 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); 632 assert(image_desc->state == IMAGE_STATE_EXECUTED); 633 634 #if ENABLE_ASSERTIONS 635 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id); 636 assert(rc == 0); 637 #else 638 bl1_fwu_remove_loaded_id(sec_exec_image_id); 639 #endif 640 641 /* Update the flags. */ 642 image_desc->state = IMAGE_STATE_RESET; 643 sec_exec_image_id = INVALID_IMAGE_ID; 644 645 INFO("BL1-FWU: Resuming Normal world context\n"); 646 #ifdef AARCH64 647 /* 648 * Secure world is done so no need to save the context. 649 * Just restore the Non-Secure context. 650 */ 651 cm_el1_sysregs_context_restore(NON_SECURE); 652 653 /* Update the next context. */ 654 cm_set_next_eret_context(NON_SECURE); 655 656 *handle = cm_get_context(NON_SECURE); 657 #else 658 /* Update the next context. */ 659 cm_set_next_context(cm_get_context(NON_SECURE)); 660 661 /* Prepare the smc context for the next BL image. */ 662 smc_set_next_ctx(NON_SECURE); 663 664 *handle = smc_get_ctx(NON_SECURE); 665 #endif 666 return 0; 667 } 668 669 /******************************************************************************* 670 * This function provides the opportunity for users to perform any 671 * platform specific handling after the Firmware update is done. 672 ******************************************************************************/ 673 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved) 674 { 675 NOTICE("BL1-FWU: *******FWU Process Completed*******\n"); 676 677 /* 678 * Call platform done function. 679 */ 680 bl1_plat_fwu_done(client_cookie, reserved); 681 assert(0); 682 } 683 684 /******************************************************************************* 685 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is 686 * being executed. 687 ******************************************************************************/ 688 static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags) 689 { 690 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 691 692 if ((!image_desc) || (GET_SECURITY_STATE(flags) == SECURE)) { 693 WARN("BL1-FWU: Reset not allowed due to invalid args\n"); 694 return -EPERM; 695 } 696 697 switch (image_desc->state) { 698 699 case IMAGE_STATE_RESET: 700 /* Nothing to do. */ 701 break; 702 703 case IMAGE_STATE_INTERRUPTED: 704 case IMAGE_STATE_AUTHENTICATED: 705 case IMAGE_STATE_COPIED: 706 case IMAGE_STATE_COPYING: 707 708 if (bl1_fwu_remove_loaded_id(image_id)) { 709 WARN("BL1-FWU: Image reset couldn't find the image ID\n"); 710 return -EPERM; 711 } 712 713 if (image_desc->copied_size) { 714 /* Clear the memory if the image is copied */ 715 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 716 717 zero_normalmem((void *)image_desc->image_info.image_base, 718 image_desc->copied_size); 719 flush_dcache_range(image_desc->image_info.image_base, 720 image_desc->copied_size); 721 } 722 723 /* Reset status variables */ 724 image_desc->copied_size = 0; 725 image_desc->image_info.image_size = 0; 726 image_desc->state = IMAGE_STATE_RESET; 727 728 /* Clear authentication state */ 729 auth_img_flags[image_id] = 0; 730 731 break; 732 733 case IMAGE_STATE_EXECUTED: 734 default: 735 assert(0); 736 break; 737 } 738 739 return 0; 740 } 741