1 /* 2 * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <arch_helpers.h> 8 #include <assert.h> 9 #include <auth_mod.h> 10 #include <bl1.h> 11 #include <bl_common.h> 12 #include <context.h> 13 #include <context_mgmt.h> 14 #include <debug.h> 15 #include <errno.h> 16 #include <platform.h> 17 #include <platform_def.h> 18 #include <smcc_helpers.h> 19 #include <string.h> 20 #include <utils.h> 21 #include "bl1_private.h" 22 23 /* 24 * Function declarations. 25 */ 26 static int bl1_fwu_image_copy(unsigned int image_id, 27 uintptr_t image_addr, 28 unsigned int block_size, 29 unsigned int image_size, 30 unsigned int flags); 31 static int bl1_fwu_image_auth(unsigned int image_id, 32 uintptr_t image_addr, 33 unsigned int image_size, 34 unsigned int flags); 35 static int bl1_fwu_image_execute(unsigned int image_id, 36 void **handle, 37 unsigned int flags); 38 static register_t bl1_fwu_image_resume(register_t image_param, 39 void **handle, 40 unsigned int flags); 41 static int bl1_fwu_sec_image_done(void **handle, 42 unsigned int flags); 43 static int bl1_fwu_image_reset(unsigned int image_id, 44 unsigned int flags); 45 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved); 46 47 /* 48 * This keeps track of last executed secure image id. 49 */ 50 static unsigned int sec_exec_image_id = INVALID_IMAGE_ID; 51 52 /* Authentication status of each image. */ 53 extern unsigned int auth_img_flags[]; 54 55 /******************************************************************************* 56 * Top level handler for servicing FWU SMCs. 57 ******************************************************************************/ 58 register_t bl1_fwu_smc_handler(unsigned int smc_fid, 59 register_t x1, 60 register_t x2, 61 register_t x3, 62 register_t x4, 63 void *cookie, 64 void *handle, 65 unsigned int flags) 66 { 67 68 switch (smc_fid) { 69 case FWU_SMC_IMAGE_COPY: 70 SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags)); 71 72 case FWU_SMC_IMAGE_AUTH: 73 SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags)); 74 75 case FWU_SMC_IMAGE_EXECUTE: 76 SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags)); 77 78 case FWU_SMC_IMAGE_RESUME: 79 SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags)); 80 81 case FWU_SMC_SEC_IMAGE_DONE: 82 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags)); 83 84 case FWU_SMC_IMAGE_RESET: 85 SMC_RET1(handle, bl1_fwu_image_reset(x1, flags)); 86 87 case FWU_SMC_UPDATE_DONE: 88 bl1_fwu_done((void *)x1, NULL); 89 /* We should never return from bl1_fwu_done() */ 90 91 default: 92 assert(0); 93 break; 94 } 95 96 SMC_RET1(handle, SMC_UNK); 97 } 98 99 /******************************************************************************* 100 * Utility functions to keep track of the images that are loaded at any time. 101 ******************************************************************************/ 102 103 #ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES 104 #define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES 105 #else 106 #define FWU_MAX_SIMULTANEOUS_IMAGES 10 107 #endif 108 109 static int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = { 110 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID 111 }; 112 113 /* 114 * Adds an image_id to the bl1_fwu_loaded_ids array. 115 * Returns 0 on success, 1 on error. 116 */ 117 static int bl1_fwu_add_loaded_id(int image_id) 118 { 119 int i; 120 121 /* Check if the ID is already in the list */ 122 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 123 if (bl1_fwu_loaded_ids[i] == image_id) 124 return 0; 125 } 126 127 /* Find an empty slot */ 128 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 129 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) { 130 bl1_fwu_loaded_ids[i] = image_id; 131 return 0; 132 } 133 } 134 135 return 1; 136 } 137 138 /* 139 * Removes an image_id from the bl1_fwu_loaded_ids array. 140 * Returns 0 on success, 1 on error. 141 */ 142 static int bl1_fwu_remove_loaded_id(int image_id) 143 { 144 int i; 145 146 /* Find the ID */ 147 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 148 if (bl1_fwu_loaded_ids[i] == image_id) { 149 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID; 150 return 0; 151 } 152 } 153 154 return 1; 155 } 156 157 /******************************************************************************* 158 * This function checks if the specified image overlaps another image already 159 * loaded. It returns 0 if there is no overlap, a negative error code otherwise. 160 ******************************************************************************/ 161 static int bl1_fwu_image_check_overlaps(int image_id) 162 { 163 const image_desc_t *image_desc, *checked_image_desc; 164 const image_info_t *info, *checked_info; 165 166 uintptr_t image_base, image_end; 167 uintptr_t checked_image_base, checked_image_end; 168 169 checked_image_desc = bl1_plat_get_image_desc(image_id); 170 checked_info = &checked_image_desc->image_info; 171 172 /* Image being checked mustn't be empty. */ 173 assert(checked_info->image_size != 0); 174 175 checked_image_base = checked_info->image_base; 176 checked_image_end = checked_image_base + checked_info->image_size - 1; 177 /* No need to check for overflows, it's done in bl1_fwu_image_copy(). */ 178 179 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 180 181 /* Skip INVALID_IMAGE_IDs and don't check image against itself */ 182 if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) || 183 (bl1_fwu_loaded_ids[i] == image_id)) 184 continue; 185 186 image_desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]); 187 188 /* Only check images that are loaded or being loaded. */ 189 assert (image_desc && image_desc->state != IMAGE_STATE_RESET); 190 191 info = &image_desc->image_info; 192 193 /* There cannot be overlaps with an empty image. */ 194 if (info->image_size == 0) 195 continue; 196 197 image_base = info->image_base; 198 image_end = image_base + info->image_size - 1; 199 /* 200 * Overflows cannot happen. It is checked in 201 * bl1_fwu_image_copy() when the image goes from RESET to 202 * COPYING or COPIED. 203 */ 204 assert (image_end > image_base); 205 206 /* Check if there are overlaps. */ 207 if (!(image_end < checked_image_base || 208 checked_image_end < image_base)) { 209 VERBOSE("Image with ID %d overlaps existing image with ID %d", 210 checked_image_desc->image_id, image_desc->image_id); 211 return -EPERM; 212 } 213 } 214 215 return 0; 216 } 217 218 /******************************************************************************* 219 * This function is responsible for copying secure images in AP Secure RAM. 220 ******************************************************************************/ 221 static int bl1_fwu_image_copy(unsigned int image_id, 222 uintptr_t image_src, 223 unsigned int block_size, 224 unsigned int image_size, 225 unsigned int flags) 226 { 227 uintptr_t dest_addr; 228 unsigned int remaining; 229 230 /* Get the image descriptor. */ 231 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 232 if (!image_desc) { 233 WARN("BL1-FWU: Invalid image ID %u\n", image_id); 234 return -EPERM; 235 } 236 237 /* 238 * The request must originate from a non-secure caller and target a 239 * secure image. Any other scenario is invalid. 240 */ 241 if (GET_SECURITY_STATE(flags) == SECURE) { 242 WARN("BL1-FWU: Copy not allowed from secure world.\n"); 243 return -EPERM; 244 } 245 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) { 246 WARN("BL1-FWU: Copy not allowed for non-secure images.\n"); 247 return -EPERM; 248 } 249 250 /* Check whether the FWU state machine is in the correct state. */ 251 if ((image_desc->state != IMAGE_STATE_RESET) && 252 (image_desc->state != IMAGE_STATE_COPYING)) { 253 WARN("BL1-FWU: Copy not allowed at this point of the FWU" 254 " process.\n"); 255 return -EPERM; 256 } 257 258 if ((!image_src) || (!block_size) || 259 check_uptr_overflow(image_src, block_size - 1)) { 260 WARN("BL1-FWU: Copy not allowed due to invalid image source" 261 " or block size\n"); 262 return -ENOMEM; 263 } 264 265 if (image_desc->state == IMAGE_STATE_COPYING) { 266 /* 267 * There must have been at least 1 copy operation for this image 268 * previously. 269 */ 270 assert(image_desc->copied_size != 0); 271 /* 272 * The image size must have been recorded in the 1st copy 273 * operation. 274 */ 275 image_size = image_desc->image_info.image_size; 276 assert(image_size != 0); 277 assert(image_desc->copied_size < image_size); 278 279 INFO("BL1-FWU: Continuing image copy in blocks\n"); 280 } else { /* image_desc->state == IMAGE_STATE_RESET */ 281 INFO("BL1-FWU: Initial call to copy an image\n"); 282 283 /* 284 * image_size is relevant only for the 1st copy request, it is 285 * then ignored for subsequent calls for this image. 286 */ 287 if (!image_size) { 288 WARN("BL1-FWU: Copy not allowed due to invalid image" 289 " size\n"); 290 return -ENOMEM; 291 } 292 293 #if LOAD_IMAGE_V2 294 /* Check that the image size to load is within limit */ 295 if (image_size > image_desc->image_info.image_max_size) { 296 WARN("BL1-FWU: Image size out of bounds\n"); 297 return -ENOMEM; 298 } 299 #else 300 /* 301 * Check the image will fit into the free trusted RAM after BL1 302 * load. 303 */ 304 const meminfo_t *mem_layout = bl1_plat_sec_mem_layout(); 305 if (!is_mem_free(mem_layout->free_base, mem_layout->free_size, 306 image_desc->image_info.image_base, 307 image_size)) { 308 WARN("BL1-FWU: Copy not allowed due to insufficient" 309 " resources.\n"); 310 return -ENOMEM; 311 } 312 #endif 313 314 /* Save the given image size. */ 315 image_desc->image_info.image_size = image_size; 316 317 /* Make sure the image doesn't overlap other images. */ 318 if (bl1_fwu_image_check_overlaps(image_id)) { 319 image_desc->image_info.image_size = 0; 320 WARN("BL1-FWU: This image overlaps another one\n"); 321 return -EPERM; 322 } 323 324 /* 325 * copied_size must be explicitly initialized here because the 326 * FWU code doesn't necessarily do it when it resets the state 327 * machine. 328 */ 329 image_desc->copied_size = 0; 330 } 331 332 /* 333 * If the given block size is more than the total image size 334 * then clip the former to the latter. 335 */ 336 remaining = image_size - image_desc->copied_size; 337 if (block_size > remaining) { 338 WARN("BL1-FWU: Block size is too big, clipping it.\n"); 339 block_size = remaining; 340 } 341 342 /* Make sure the source image is mapped in memory. */ 343 if (bl1_plat_mem_check(image_src, block_size, flags)) { 344 WARN("BL1-FWU: Source image is not mapped.\n"); 345 return -ENOMEM; 346 } 347 348 if (bl1_fwu_add_loaded_id(image_id)) { 349 WARN("BL1-FWU: Too many images loaded at the same time.\n"); 350 return -ENOMEM; 351 } 352 353 /* Allow the platform to handle pre-image load before copying */ 354 if (image_desc->state == IMAGE_STATE_RESET) { 355 if (bl1_plat_handle_pre_image_load(image_id) != 0) { 356 ERROR("BL1-FWU: Failure in pre-image load of image id %d\n", 357 image_id); 358 return -EPERM; 359 } 360 } 361 362 /* Everything looks sane. Go ahead and copy the block of data. */ 363 dest_addr = image_desc->image_info.image_base + image_desc->copied_size; 364 memcpy((void *) dest_addr, (const void *) image_src, block_size); 365 flush_dcache_range(dest_addr, block_size); 366 367 image_desc->copied_size += block_size; 368 image_desc->state = (block_size == remaining) ? 369 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING; 370 371 INFO("BL1-FWU: Copy operation successful.\n"); 372 return 0; 373 } 374 375 /******************************************************************************* 376 * This function is responsible for authenticating Normal/Secure images. 377 ******************************************************************************/ 378 static int bl1_fwu_image_auth(unsigned int image_id, 379 uintptr_t image_src, 380 unsigned int image_size, 381 unsigned int flags) 382 { 383 int result; 384 uintptr_t base_addr; 385 unsigned int total_size; 386 387 /* Get the image descriptor. */ 388 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 389 if (!image_desc) 390 return -EPERM; 391 392 if (GET_SECURITY_STATE(flags) == SECURE) { 393 if (image_desc->state != IMAGE_STATE_RESET) { 394 WARN("BL1-FWU: Authentication from secure world " 395 "while in invalid state\n"); 396 return -EPERM; 397 } 398 } else { 399 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) { 400 if (image_desc->state != IMAGE_STATE_COPIED) { 401 WARN("BL1-FWU: Authentication of secure image " 402 "from non-secure world while not in copied state\n"); 403 return -EPERM; 404 } 405 } else { 406 if (image_desc->state != IMAGE_STATE_RESET) { 407 WARN("BL1-FWU: Authentication of non-secure image " 408 "from non-secure world while in invalid state\n"); 409 return -EPERM; 410 } 411 } 412 } 413 414 if (image_desc->state == IMAGE_STATE_COPIED) { 415 /* 416 * Image is in COPIED state. 417 * Use the stored address and size. 418 */ 419 base_addr = image_desc->image_info.image_base; 420 total_size = image_desc->image_info.image_size; 421 } else { 422 if ((!image_src) || (!image_size) || 423 check_uptr_overflow(image_src, image_size - 1)) { 424 WARN("BL1-FWU: Auth not allowed due to invalid" 425 " image source/size\n"); 426 return -ENOMEM; 427 } 428 429 /* 430 * Image is in RESET state. 431 * Check the parameters and authenticate the source image in place. 432 */ 433 if (bl1_plat_mem_check(image_src, image_size, \ 434 image_desc->ep_info.h.attr)) { 435 WARN("BL1-FWU: Authentication arguments source/size not mapped\n"); 436 return -ENOMEM; 437 } 438 439 if (bl1_fwu_add_loaded_id(image_id)) { 440 WARN("BL1-FWU: Too many images loaded at the same time.\n"); 441 return -ENOMEM; 442 } 443 444 base_addr = image_src; 445 total_size = image_size; 446 447 /* Update the image size in the descriptor. */ 448 image_desc->image_info.image_size = total_size; 449 } 450 451 /* 452 * Authenticate the image. 453 */ 454 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id); 455 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size); 456 if (result != 0) { 457 WARN("BL1-FWU: Authentication Failed err=%d\n", result); 458 459 /* 460 * Authentication has failed. 461 * Clear the memory if the image was copied. 462 * This is to prevent an attack where this contains 463 * some malicious code that can somehow be executed later. 464 */ 465 if (image_desc->state == IMAGE_STATE_COPIED) { 466 /* Clear the memory.*/ 467 zero_normalmem((void *)base_addr, total_size); 468 flush_dcache_range(base_addr, total_size); 469 470 /* Indicate that image can be copied again*/ 471 image_desc->state = IMAGE_STATE_RESET; 472 } 473 474 /* 475 * Even if this fails it's ok because the ID isn't in the array. 476 * The image cannot be in RESET state here, it is checked at the 477 * beginning of the function. 478 */ 479 bl1_fwu_remove_loaded_id(image_id); 480 return -EAUTH; 481 } 482 483 /* Indicate that image is in authenticated state. */ 484 image_desc->state = IMAGE_STATE_AUTHENTICATED; 485 486 /* Allow the platform to handle post-image load */ 487 result = bl1_plat_handle_post_image_load(image_id); 488 if (result != 0) { 489 ERROR("BL1-FWU: Failure %d in post-image load of image id %d\n", 490 result, image_id); 491 /* 492 * Panic here as the platform handling of post-image load is 493 * not correct. 494 */ 495 plat_error_handler(result); 496 } 497 498 /* 499 * Flush image_info to memory so that other 500 * secure world images can see changes. 501 */ 502 flush_dcache_range((unsigned long)&image_desc->image_info, 503 sizeof(image_info_t)); 504 505 INFO("BL1-FWU: Authentication was successful\n"); 506 507 return 0; 508 } 509 510 /******************************************************************************* 511 * This function is responsible for executing Secure images. 512 ******************************************************************************/ 513 static int bl1_fwu_image_execute(unsigned int image_id, 514 void **handle, 515 unsigned int flags) 516 { 517 /* Get the image descriptor. */ 518 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 519 520 /* 521 * Execution is NOT allowed if: 522 * image_id is invalid OR 523 * Caller is from Secure world OR 524 * Image is Non-Secure OR 525 * Image is Non-Executable OR 526 * Image is NOT in AUTHENTICATED state. 527 */ 528 if ((!image_desc) || 529 (GET_SECURITY_STATE(flags) == SECURE) || 530 (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) || 531 (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) || 532 (image_desc->state != IMAGE_STATE_AUTHENTICATED)) { 533 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n"); 534 return -EPERM; 535 } 536 537 INFO("BL1-FWU: Executing Secure image\n"); 538 539 #ifdef AARCH64 540 /* Save NS-EL1 system registers. */ 541 cm_el1_sysregs_context_save(NON_SECURE); 542 #endif 543 544 /* Prepare the image for execution. */ 545 bl1_prepare_next_image(image_id); 546 547 /* Update the secure image id. */ 548 sec_exec_image_id = image_id; 549 550 #ifdef AARCH64 551 *handle = cm_get_context(SECURE); 552 #else 553 *handle = smc_get_ctx(SECURE); 554 #endif 555 return 0; 556 } 557 558 /******************************************************************************* 559 * This function is responsible for resuming execution in the other security 560 * world 561 ******************************************************************************/ 562 static register_t bl1_fwu_image_resume(register_t image_param, 563 void **handle, 564 unsigned int flags) 565 { 566 image_desc_t *image_desc; 567 unsigned int resume_sec_state; 568 unsigned int caller_sec_state = GET_SECURITY_STATE(flags); 569 570 /* Get the image descriptor for last executed secure image id. */ 571 image_desc = bl1_plat_get_image_desc(sec_exec_image_id); 572 if (caller_sec_state == NON_SECURE) { 573 if (!image_desc) { 574 WARN("BL1-FWU: Resume not allowed due to no available" 575 "secure image\n"); 576 return -EPERM; 577 } 578 } else { 579 /* image_desc must be valid for secure world callers */ 580 assert(image_desc); 581 } 582 583 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 584 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); 585 586 if (caller_sec_state == SECURE) { 587 assert(image_desc->state == IMAGE_STATE_EXECUTED); 588 589 /* Update the flags. */ 590 image_desc->state = IMAGE_STATE_INTERRUPTED; 591 resume_sec_state = NON_SECURE; 592 } else { 593 assert(image_desc->state == IMAGE_STATE_INTERRUPTED); 594 595 /* Update the flags. */ 596 image_desc->state = IMAGE_STATE_EXECUTED; 597 resume_sec_state = SECURE; 598 } 599 600 INFO("BL1-FWU: Resuming %s world context\n", 601 (resume_sec_state == SECURE) ? "secure" : "normal"); 602 603 #ifdef AARCH64 604 /* Save the EL1 system registers of calling world. */ 605 cm_el1_sysregs_context_save(caller_sec_state); 606 607 /* Restore the EL1 system registers of resuming world. */ 608 cm_el1_sysregs_context_restore(resume_sec_state); 609 610 /* Update the next context. */ 611 cm_set_next_eret_context(resume_sec_state); 612 613 *handle = cm_get_context(resume_sec_state); 614 #else 615 /* Update the next context. */ 616 cm_set_next_context(cm_get_context(resume_sec_state)); 617 618 /* Prepare the smc context for the next BL image. */ 619 smc_set_next_ctx(resume_sec_state); 620 621 *handle = smc_get_ctx(resume_sec_state); 622 #endif 623 return image_param; 624 } 625 626 /******************************************************************************* 627 * This function is responsible for resuming normal world context. 628 ******************************************************************************/ 629 static int bl1_fwu_sec_image_done(void **handle, unsigned int flags) 630 { 631 image_desc_t *image_desc; 632 633 /* Make sure caller is from the secure world */ 634 if (GET_SECURITY_STATE(flags) == NON_SECURE) { 635 WARN("BL1-FWU: Image done not allowed from normal world\n"); 636 return -EPERM; 637 } 638 639 /* Get the image descriptor for last executed secure image id */ 640 image_desc = bl1_plat_get_image_desc(sec_exec_image_id); 641 642 /* image_desc must correspond to a valid secure executing image */ 643 assert(image_desc); 644 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 645 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); 646 assert(image_desc->state == IMAGE_STATE_EXECUTED); 647 648 #if ENABLE_ASSERTIONS 649 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id); 650 assert(rc == 0); 651 #else 652 bl1_fwu_remove_loaded_id(sec_exec_image_id); 653 #endif 654 655 /* Update the flags. */ 656 image_desc->state = IMAGE_STATE_RESET; 657 sec_exec_image_id = INVALID_IMAGE_ID; 658 659 INFO("BL1-FWU: Resuming Normal world context\n"); 660 #ifdef AARCH64 661 /* 662 * Secure world is done so no need to save the context. 663 * Just restore the Non-Secure context. 664 */ 665 cm_el1_sysregs_context_restore(NON_SECURE); 666 667 /* Update the next context. */ 668 cm_set_next_eret_context(NON_SECURE); 669 670 *handle = cm_get_context(NON_SECURE); 671 #else 672 /* Update the next context. */ 673 cm_set_next_context(cm_get_context(NON_SECURE)); 674 675 /* Prepare the smc context for the next BL image. */ 676 smc_set_next_ctx(NON_SECURE); 677 678 *handle = smc_get_ctx(NON_SECURE); 679 #endif 680 return 0; 681 } 682 683 /******************************************************************************* 684 * This function provides the opportunity for users to perform any 685 * platform specific handling after the Firmware update is done. 686 ******************************************************************************/ 687 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved) 688 { 689 NOTICE("BL1-FWU: *******FWU Process Completed*******\n"); 690 691 /* 692 * Call platform done function. 693 */ 694 bl1_plat_fwu_done(client_cookie, reserved); 695 assert(0); 696 } 697 698 /******************************************************************************* 699 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is 700 * being executed. 701 ******************************************************************************/ 702 static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags) 703 { 704 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 705 706 if ((!image_desc) || (GET_SECURITY_STATE(flags) == SECURE)) { 707 WARN("BL1-FWU: Reset not allowed due to invalid args\n"); 708 return -EPERM; 709 } 710 711 switch (image_desc->state) { 712 713 case IMAGE_STATE_RESET: 714 /* Nothing to do. */ 715 break; 716 717 case IMAGE_STATE_INTERRUPTED: 718 case IMAGE_STATE_AUTHENTICATED: 719 case IMAGE_STATE_COPIED: 720 case IMAGE_STATE_COPYING: 721 722 if (bl1_fwu_remove_loaded_id(image_id)) { 723 WARN("BL1-FWU: Image reset couldn't find the image ID\n"); 724 return -EPERM; 725 } 726 727 if (image_desc->copied_size) { 728 /* Clear the memory if the image is copied */ 729 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 730 731 zero_normalmem((void *)image_desc->image_info.image_base, 732 image_desc->copied_size); 733 flush_dcache_range(image_desc->image_info.image_base, 734 image_desc->copied_size); 735 } 736 737 /* Reset status variables */ 738 image_desc->copied_size = 0; 739 image_desc->image_info.image_size = 0; 740 image_desc->state = IMAGE_STATE_RESET; 741 742 /* Clear authentication state */ 743 auth_img_flags[image_id] = 0; 744 745 break; 746 747 case IMAGE_STATE_EXECUTED: 748 default: 749 assert(0); 750 } 751 752 return 0; 753 } 754