1 /* 2 * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <errno.h> 9 #include <string.h> 10 11 #include <platform_def.h> 12 13 #include <arch_helpers.h> 14 #include <bl1/bl1.h> 15 #include <common/bl_common.h> 16 #include <common/debug.h> 17 #include <context.h> 18 #include <drivers/auth/auth_mod.h> 19 #include <lib/el3_runtime/context_mgmt.h> 20 #include <lib/utils.h> 21 #include <plat/common/platform.h> 22 #include <smccc_helpers.h> 23 24 #include "bl1_private.h" 25 26 /* 27 * Function declarations. 28 */ 29 static int bl1_fwu_image_copy(unsigned int image_id, 30 uintptr_t image_src, 31 unsigned int block_size, 32 unsigned int image_size, 33 unsigned int flags); 34 static int bl1_fwu_image_auth(unsigned int image_id, 35 uintptr_t image_src, 36 unsigned int image_size, 37 unsigned int flags); 38 static int bl1_fwu_image_execute(unsigned int image_id, 39 void **handle, 40 unsigned int flags); 41 static register_t bl1_fwu_image_resume(register_t image_param, 42 void **handle, 43 unsigned int flags); 44 static int bl1_fwu_sec_image_done(void **handle, 45 unsigned int flags); 46 static int bl1_fwu_image_reset(unsigned int image_id, 47 unsigned int flags); 48 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved); 49 50 /* 51 * This keeps track of last executed secure image id. 52 */ 53 static unsigned int sec_exec_image_id = INVALID_IMAGE_ID; 54 55 /******************************************************************************* 56 * Top level handler for servicing FWU SMCs. 57 ******************************************************************************/ 58 register_t bl1_fwu_smc_handler(unsigned int smc_fid, 59 register_t x1, 60 register_t x2, 61 register_t x3, 62 register_t x4, 63 void *cookie, 64 void *handle, 65 unsigned int flags) 66 { 67 68 switch (smc_fid) { 69 case FWU_SMC_IMAGE_COPY: 70 SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags)); 71 72 case FWU_SMC_IMAGE_AUTH: 73 SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags)); 74 75 case FWU_SMC_IMAGE_EXECUTE: 76 SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags)); 77 78 case FWU_SMC_IMAGE_RESUME: 79 SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags)); 80 81 case FWU_SMC_SEC_IMAGE_DONE: 82 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags)); 83 84 case FWU_SMC_IMAGE_RESET: 85 SMC_RET1(handle, bl1_fwu_image_reset(x1, flags)); 86 87 case FWU_SMC_UPDATE_DONE: 88 bl1_fwu_done((void *)x1, NULL); 89 90 default: 91 assert(0); /* Unreachable */ 92 break; 93 } 94 95 SMC_RET1(handle, SMC_UNK); 96 } 97 98 /******************************************************************************* 99 * Utility functions to keep track of the images that are loaded at any time. 100 ******************************************************************************/ 101 102 #ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES 103 #define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES 104 #else 105 #define FWU_MAX_SIMULTANEOUS_IMAGES 10 106 #endif 107 108 static unsigned int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = { 109 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID 110 }; 111 112 /* 113 * Adds an image_id to the bl1_fwu_loaded_ids array. 114 * Returns 0 on success, 1 on error. 115 */ 116 static int bl1_fwu_add_loaded_id(unsigned int image_id) 117 { 118 int i; 119 120 /* Check if the ID is already in the list */ 121 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 122 if (bl1_fwu_loaded_ids[i] == image_id) 123 return 0; 124 } 125 126 /* Find an empty slot */ 127 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 128 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) { 129 bl1_fwu_loaded_ids[i] = image_id; 130 return 0; 131 } 132 } 133 134 return 1; 135 } 136 137 /* 138 * Removes an image_id from the bl1_fwu_loaded_ids array. 139 * Returns 0 on success, 1 on error. 140 */ 141 static int bl1_fwu_remove_loaded_id(unsigned int image_id) 142 { 143 int i; 144 145 /* Find the ID */ 146 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 147 if (bl1_fwu_loaded_ids[i] == image_id) { 148 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID; 149 return 0; 150 } 151 } 152 153 return 1; 154 } 155 156 /******************************************************************************* 157 * This function checks if the specified image overlaps another image already 158 * loaded. It returns 0 if there is no overlap, a negative error code otherwise. 159 ******************************************************************************/ 160 static int bl1_fwu_image_check_overlaps(unsigned int image_id) 161 { 162 const image_desc_t *image_desc, *checked_image_desc; 163 const image_info_t *info, *checked_info; 164 165 uintptr_t image_base, image_end; 166 uintptr_t checked_image_base, checked_image_end; 167 168 checked_image_desc = bl1_plat_get_image_desc(image_id); 169 checked_info = &checked_image_desc->image_info; 170 171 /* Image being checked mustn't be empty. */ 172 assert(checked_info->image_size != 0); 173 174 checked_image_base = checked_info->image_base; 175 checked_image_end = checked_image_base + checked_info->image_size - 1; 176 /* No need to check for overflows, it's done in bl1_fwu_image_copy(). */ 177 178 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 179 180 /* Skip INVALID_IMAGE_IDs and don't check image against itself */ 181 if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) || 182 (bl1_fwu_loaded_ids[i] == image_id)) 183 continue; 184 185 image_desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]); 186 187 /* Only check images that are loaded or being loaded. */ 188 assert (image_desc && image_desc->state != IMAGE_STATE_RESET); 189 190 info = &image_desc->image_info; 191 192 /* There cannot be overlaps with an empty image. */ 193 if (info->image_size == 0) 194 continue; 195 196 image_base = info->image_base; 197 image_end = image_base + info->image_size - 1; 198 /* 199 * Overflows cannot happen. It is checked in 200 * bl1_fwu_image_copy() when the image goes from RESET to 201 * COPYING or COPIED. 202 */ 203 assert (image_end > image_base); 204 205 /* Check if there are overlaps. */ 206 if (!(image_end < checked_image_base || 207 checked_image_end < image_base)) { 208 VERBOSE("Image with ID %d overlaps existing image with ID %d", 209 checked_image_desc->image_id, image_desc->image_id); 210 return -EPERM; 211 } 212 } 213 214 return 0; 215 } 216 217 /******************************************************************************* 218 * This function is responsible for copying secure images in AP Secure RAM. 219 ******************************************************************************/ 220 static int bl1_fwu_image_copy(unsigned int image_id, 221 uintptr_t image_src, 222 unsigned int block_size, 223 unsigned int image_size, 224 unsigned int flags) 225 { 226 uintptr_t dest_addr; 227 unsigned int remaining; 228 229 /* Get the image descriptor. */ 230 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 231 if (!image_desc) { 232 WARN("BL1-FWU: Invalid image ID %u\n", image_id); 233 return -EPERM; 234 } 235 236 /* 237 * The request must originate from a non-secure caller and target a 238 * secure image. Any other scenario is invalid. 239 */ 240 if (GET_SECURITY_STATE(flags) == SECURE) { 241 WARN("BL1-FWU: Copy not allowed from secure world.\n"); 242 return -EPERM; 243 } 244 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) { 245 WARN("BL1-FWU: Copy not allowed for non-secure images.\n"); 246 return -EPERM; 247 } 248 249 /* Check whether the FWU state machine is in the correct state. */ 250 if ((image_desc->state != IMAGE_STATE_RESET) && 251 (image_desc->state != IMAGE_STATE_COPYING)) { 252 WARN("BL1-FWU: Copy not allowed at this point of the FWU" 253 " process.\n"); 254 return -EPERM; 255 } 256 257 if ((!image_src) || (!block_size) || 258 check_uptr_overflow(image_src, block_size - 1)) { 259 WARN("BL1-FWU: Copy not allowed due to invalid image source" 260 " or block size\n"); 261 return -ENOMEM; 262 } 263 264 if (image_desc->state == IMAGE_STATE_COPYING) { 265 /* 266 * There must have been at least 1 copy operation for this image 267 * previously. 268 */ 269 assert(image_desc->copied_size != 0); 270 /* 271 * The image size must have been recorded in the 1st copy 272 * operation. 273 */ 274 image_size = image_desc->image_info.image_size; 275 assert(image_size != 0); 276 assert(image_desc->copied_size < image_size); 277 278 INFO("BL1-FWU: Continuing image copy in blocks\n"); 279 } else { /* image_desc->state == IMAGE_STATE_RESET */ 280 INFO("BL1-FWU: Initial call to copy an image\n"); 281 282 /* 283 * image_size is relevant only for the 1st copy request, it is 284 * then ignored for subsequent calls for this image. 285 */ 286 if (!image_size) { 287 WARN("BL1-FWU: Copy not allowed due to invalid image" 288 " size\n"); 289 return -ENOMEM; 290 } 291 292 /* Check that the image size to load is within limit */ 293 if (image_size > image_desc->image_info.image_max_size) { 294 WARN("BL1-FWU: Image size out of bounds\n"); 295 return -ENOMEM; 296 } 297 298 /* Save the given image size. */ 299 image_desc->image_info.image_size = image_size; 300 301 /* Make sure the image doesn't overlap other images. */ 302 if (bl1_fwu_image_check_overlaps(image_id)) { 303 image_desc->image_info.image_size = 0; 304 WARN("BL1-FWU: This image overlaps another one\n"); 305 return -EPERM; 306 } 307 308 /* 309 * copied_size must be explicitly initialized here because the 310 * FWU code doesn't necessarily do it when it resets the state 311 * machine. 312 */ 313 image_desc->copied_size = 0; 314 } 315 316 /* 317 * If the given block size is more than the total image size 318 * then clip the former to the latter. 319 */ 320 remaining = image_size - image_desc->copied_size; 321 if (block_size > remaining) { 322 WARN("BL1-FWU: Block size is too big, clipping it.\n"); 323 block_size = remaining; 324 } 325 326 /* Make sure the source image is mapped in memory. */ 327 if (bl1_plat_mem_check(image_src, block_size, flags)) { 328 WARN("BL1-FWU: Source image is not mapped.\n"); 329 return -ENOMEM; 330 } 331 332 if (bl1_fwu_add_loaded_id(image_id)) { 333 WARN("BL1-FWU: Too many images loaded at the same time.\n"); 334 return -ENOMEM; 335 } 336 337 /* Allow the platform to handle pre-image load before copying */ 338 if (image_desc->state == IMAGE_STATE_RESET) { 339 if (bl1_plat_handle_pre_image_load(image_id) != 0) { 340 ERROR("BL1-FWU: Failure in pre-image load of image id %d\n", 341 image_id); 342 return -EPERM; 343 } 344 } 345 346 /* Everything looks sane. Go ahead and copy the block of data. */ 347 dest_addr = image_desc->image_info.image_base + image_desc->copied_size; 348 memcpy((void *) dest_addr, (const void *) image_src, block_size); 349 flush_dcache_range(dest_addr, block_size); 350 351 image_desc->copied_size += block_size; 352 image_desc->state = (block_size == remaining) ? 353 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING; 354 355 INFO("BL1-FWU: Copy operation successful.\n"); 356 return 0; 357 } 358 359 /******************************************************************************* 360 * This function is responsible for authenticating Normal/Secure images. 361 ******************************************************************************/ 362 static int bl1_fwu_image_auth(unsigned int image_id, 363 uintptr_t image_src, 364 unsigned int image_size, 365 unsigned int flags) 366 { 367 int result; 368 uintptr_t base_addr; 369 unsigned int total_size; 370 371 /* Get the image descriptor. */ 372 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 373 if (!image_desc) 374 return -EPERM; 375 376 if (GET_SECURITY_STATE(flags) == SECURE) { 377 if (image_desc->state != IMAGE_STATE_RESET) { 378 WARN("BL1-FWU: Authentication from secure world " 379 "while in invalid state\n"); 380 return -EPERM; 381 } 382 } else { 383 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) { 384 if (image_desc->state != IMAGE_STATE_COPIED) { 385 WARN("BL1-FWU: Authentication of secure image " 386 "from non-secure world while not in copied state\n"); 387 return -EPERM; 388 } 389 } else { 390 if (image_desc->state != IMAGE_STATE_RESET) { 391 WARN("BL1-FWU: Authentication of non-secure image " 392 "from non-secure world while in invalid state\n"); 393 return -EPERM; 394 } 395 } 396 } 397 398 if (image_desc->state == IMAGE_STATE_COPIED) { 399 /* 400 * Image is in COPIED state. 401 * Use the stored address and size. 402 */ 403 base_addr = image_desc->image_info.image_base; 404 total_size = image_desc->image_info.image_size; 405 } else { 406 if ((!image_src) || (!image_size) || 407 check_uptr_overflow(image_src, image_size - 1)) { 408 WARN("BL1-FWU: Auth not allowed due to invalid" 409 " image source/size\n"); 410 return -ENOMEM; 411 } 412 413 /* 414 * Image is in RESET state. 415 * Check the parameters and authenticate the source image in place. 416 */ 417 if (bl1_plat_mem_check(image_src, image_size, \ 418 image_desc->ep_info.h.attr)) { 419 WARN("BL1-FWU: Authentication arguments source/size not mapped\n"); 420 return -ENOMEM; 421 } 422 423 if (bl1_fwu_add_loaded_id(image_id)) { 424 WARN("BL1-FWU: Too many images loaded at the same time.\n"); 425 return -ENOMEM; 426 } 427 428 base_addr = image_src; 429 total_size = image_size; 430 431 /* Update the image size in the descriptor. */ 432 image_desc->image_info.image_size = total_size; 433 } 434 435 /* 436 * Authenticate the image. 437 */ 438 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id); 439 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size); 440 if (result != 0) { 441 WARN("BL1-FWU: Authentication Failed err=%d\n", result); 442 443 /* 444 * Authentication has failed. 445 * Clear the memory if the image was copied. 446 * This is to prevent an attack where this contains 447 * some malicious code that can somehow be executed later. 448 */ 449 if (image_desc->state == IMAGE_STATE_COPIED) { 450 /* Clear the memory.*/ 451 zero_normalmem((void *)base_addr, total_size); 452 flush_dcache_range(base_addr, total_size); 453 454 /* Indicate that image can be copied again*/ 455 image_desc->state = IMAGE_STATE_RESET; 456 } 457 458 /* 459 * Even if this fails it's ok because the ID isn't in the array. 460 * The image cannot be in RESET state here, it is checked at the 461 * beginning of the function. 462 */ 463 bl1_fwu_remove_loaded_id(image_id); 464 return -EAUTH; 465 } 466 467 /* Indicate that image is in authenticated state. */ 468 image_desc->state = IMAGE_STATE_AUTHENTICATED; 469 470 /* Allow the platform to handle post-image load */ 471 result = bl1_plat_handle_post_image_load(image_id); 472 if (result != 0) { 473 ERROR("BL1-FWU: Failure %d in post-image load of image id %d\n", 474 result, image_id); 475 /* 476 * Panic here as the platform handling of post-image load is 477 * not correct. 478 */ 479 plat_error_handler(result); 480 } 481 482 /* 483 * Flush image_info to memory so that other 484 * secure world images can see changes. 485 */ 486 flush_dcache_range((uintptr_t)&image_desc->image_info, 487 sizeof(image_info_t)); 488 489 INFO("BL1-FWU: Authentication was successful\n"); 490 491 return 0; 492 } 493 494 /******************************************************************************* 495 * This function is responsible for executing Secure images. 496 ******************************************************************************/ 497 static int bl1_fwu_image_execute(unsigned int image_id, 498 void **handle, 499 unsigned int flags) 500 { 501 /* Get the image descriptor. */ 502 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 503 504 /* 505 * Execution is NOT allowed if: 506 * image_id is invalid OR 507 * Caller is from Secure world OR 508 * Image is Non-Secure OR 509 * Image is Non-Executable OR 510 * Image is NOT in AUTHENTICATED state. 511 */ 512 if ((!image_desc) || 513 (GET_SECURITY_STATE(flags) == SECURE) || 514 (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) || 515 (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) || 516 (image_desc->state != IMAGE_STATE_AUTHENTICATED)) { 517 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n"); 518 return -EPERM; 519 } 520 521 INFO("BL1-FWU: Executing Secure image\n"); 522 523 #ifdef __aarch64__ 524 /* Save NS-EL1 system registers. */ 525 cm_el1_sysregs_context_save(NON_SECURE); 526 #endif 527 528 /* Prepare the image for execution. */ 529 bl1_prepare_next_image(image_id); 530 531 /* Update the secure image id. */ 532 sec_exec_image_id = image_id; 533 534 #ifdef __aarch64__ 535 *handle = cm_get_context(SECURE); 536 #else 537 *handle = smc_get_ctx(SECURE); 538 #endif 539 return 0; 540 } 541 542 /******************************************************************************* 543 * This function is responsible for resuming execution in the other security 544 * world 545 ******************************************************************************/ 546 static register_t bl1_fwu_image_resume(register_t image_param, 547 void **handle, 548 unsigned int flags) 549 { 550 image_desc_t *image_desc; 551 unsigned int resume_sec_state; 552 unsigned int caller_sec_state = GET_SECURITY_STATE(flags); 553 554 /* Get the image descriptor for last executed secure image id. */ 555 image_desc = bl1_plat_get_image_desc(sec_exec_image_id); 556 if (caller_sec_state == NON_SECURE) { 557 if (!image_desc) { 558 WARN("BL1-FWU: Resume not allowed due to no available" 559 "secure image\n"); 560 return -EPERM; 561 } 562 } else { 563 /* image_desc must be valid for secure world callers */ 564 assert(image_desc); 565 } 566 567 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 568 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); 569 570 if (caller_sec_state == SECURE) { 571 assert(image_desc->state == IMAGE_STATE_EXECUTED); 572 573 /* Update the flags. */ 574 image_desc->state = IMAGE_STATE_INTERRUPTED; 575 resume_sec_state = NON_SECURE; 576 } else { 577 assert(image_desc->state == IMAGE_STATE_INTERRUPTED); 578 579 /* Update the flags. */ 580 image_desc->state = IMAGE_STATE_EXECUTED; 581 resume_sec_state = SECURE; 582 } 583 584 INFO("BL1-FWU: Resuming %s world context\n", 585 (resume_sec_state == SECURE) ? "secure" : "normal"); 586 587 #ifdef __aarch64__ 588 /* Save the EL1 system registers of calling world. */ 589 cm_el1_sysregs_context_save(caller_sec_state); 590 591 /* Restore the EL1 system registers of resuming world. */ 592 cm_el1_sysregs_context_restore(resume_sec_state); 593 594 /* Update the next context. */ 595 cm_set_next_eret_context(resume_sec_state); 596 597 *handle = cm_get_context(resume_sec_state); 598 #else 599 /* Update the next context. */ 600 cm_set_next_context(cm_get_context(resume_sec_state)); 601 602 /* Prepare the smc context for the next BL image. */ 603 smc_set_next_ctx(resume_sec_state); 604 605 *handle = smc_get_ctx(resume_sec_state); 606 #endif 607 return image_param; 608 } 609 610 /******************************************************************************* 611 * This function is responsible for resuming normal world context. 612 ******************************************************************************/ 613 static int bl1_fwu_sec_image_done(void **handle, unsigned int flags) 614 { 615 image_desc_t *image_desc; 616 617 /* Make sure caller is from the secure world */ 618 if (GET_SECURITY_STATE(flags) == NON_SECURE) { 619 WARN("BL1-FWU: Image done not allowed from normal world\n"); 620 return -EPERM; 621 } 622 623 /* Get the image descriptor for last executed secure image id */ 624 image_desc = bl1_plat_get_image_desc(sec_exec_image_id); 625 626 /* image_desc must correspond to a valid secure executing image */ 627 assert(image_desc); 628 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 629 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); 630 assert(image_desc->state == IMAGE_STATE_EXECUTED); 631 632 #if ENABLE_ASSERTIONS 633 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id); 634 assert(rc == 0); 635 #else 636 bl1_fwu_remove_loaded_id(sec_exec_image_id); 637 #endif 638 639 /* Update the flags. */ 640 image_desc->state = IMAGE_STATE_RESET; 641 sec_exec_image_id = INVALID_IMAGE_ID; 642 643 INFO("BL1-FWU: Resuming Normal world context\n"); 644 #ifdef __aarch64__ 645 /* 646 * Secure world is done so no need to save the context. 647 * Just restore the Non-Secure context. 648 */ 649 cm_el1_sysregs_context_restore(NON_SECURE); 650 651 /* Update the next context. */ 652 cm_set_next_eret_context(NON_SECURE); 653 654 *handle = cm_get_context(NON_SECURE); 655 #else 656 /* Update the next context. */ 657 cm_set_next_context(cm_get_context(NON_SECURE)); 658 659 /* Prepare the smc context for the next BL image. */ 660 smc_set_next_ctx(NON_SECURE); 661 662 *handle = smc_get_ctx(NON_SECURE); 663 #endif 664 return 0; 665 } 666 667 /******************************************************************************* 668 * This function provides the opportunity for users to perform any 669 * platform specific handling after the Firmware update is done. 670 ******************************************************************************/ 671 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved) 672 { 673 NOTICE("BL1-FWU: *******FWU Process Completed*******\n"); 674 675 /* 676 * Call platform done function. 677 */ 678 bl1_plat_fwu_done(client_cookie, reserved); 679 assert(0); 680 } 681 682 /******************************************************************************* 683 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is 684 * being executed. 685 ******************************************************************************/ 686 static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags) 687 { 688 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 689 690 if ((!image_desc) || (GET_SECURITY_STATE(flags) == SECURE)) { 691 WARN("BL1-FWU: Reset not allowed due to invalid args\n"); 692 return -EPERM; 693 } 694 695 switch (image_desc->state) { 696 697 case IMAGE_STATE_RESET: 698 /* Nothing to do. */ 699 break; 700 701 case IMAGE_STATE_INTERRUPTED: 702 case IMAGE_STATE_AUTHENTICATED: 703 case IMAGE_STATE_COPIED: 704 case IMAGE_STATE_COPYING: 705 706 if (bl1_fwu_remove_loaded_id(image_id)) { 707 WARN("BL1-FWU: Image reset couldn't find the image ID\n"); 708 return -EPERM; 709 } 710 711 if (image_desc->copied_size) { 712 /* Clear the memory if the image is copied */ 713 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 714 715 zero_normalmem((void *)image_desc->image_info.image_base, 716 image_desc->copied_size); 717 flush_dcache_range(image_desc->image_info.image_base, 718 image_desc->copied_size); 719 } 720 721 /* Reset status variables */ 722 image_desc->copied_size = 0; 723 image_desc->image_info.image_size = 0; 724 image_desc->state = IMAGE_STATE_RESET; 725 726 /* Clear authentication state */ 727 auth_img_flags[image_id] = 0; 728 729 break; 730 731 case IMAGE_STATE_EXECUTED: 732 default: 733 assert(0); /* Unreachable */ 734 break; 735 } 736 737 return 0; 738 } 739