1 /* 2 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <arch_helpers.h> 9 #include <auth_mod.h> 10 #include <bl1.h> 11 #include <bl_common.h> 12 #include <context.h> 13 #include <context_mgmt.h> 14 #include <debug.h> 15 #include <errno.h> 16 #include <platform.h> 17 #include <platform_def.h> 18 #include <smcc_helpers.h> 19 #include <string.h> 20 #include <utils.h> 21 #include "bl1_private.h" 22 23 /* 24 * Function declarations. 25 */ 26 static int bl1_fwu_image_copy(unsigned int image_id, 27 uintptr_t image_addr, 28 unsigned int block_size, 29 unsigned int image_size, 30 unsigned int flags); 31 static int bl1_fwu_image_auth(unsigned int image_id, 32 uintptr_t image_addr, 33 unsigned int image_size, 34 unsigned int flags); 35 static int bl1_fwu_image_execute(unsigned int image_id, 36 void **handle, 37 unsigned int flags); 38 static register_t bl1_fwu_image_resume(register_t image_param, 39 void **handle, 40 unsigned int flags); 41 static int bl1_fwu_sec_image_done(void **handle, 42 unsigned int flags); 43 static int bl1_fwu_image_reset(unsigned int image_id, 44 unsigned int flags); 45 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved); 46 47 /* 48 * This keeps track of last executed secure image id. 49 */ 50 static unsigned int sec_exec_image_id = INVALID_IMAGE_ID; 51 52 /* Authentication status of each image. */ 53 extern unsigned int auth_img_flags[]; 54 55 /******************************************************************************* 56 * Top level handler for servicing FWU SMCs. 57 ******************************************************************************/ 58 register_t bl1_fwu_smc_handler(unsigned int smc_fid, 59 register_t x1, 60 register_t x2, 61 register_t x3, 62 register_t x4, 63 void *cookie, 64 void *handle, 65 unsigned int flags) 66 { 67 68 switch (smc_fid) { 69 case FWU_SMC_IMAGE_COPY: 70 SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags)); 71 72 case FWU_SMC_IMAGE_AUTH: 73 SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags)); 74 75 case FWU_SMC_IMAGE_EXECUTE: 76 SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags)); 77 78 case FWU_SMC_IMAGE_RESUME: 79 SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags)); 80 81 case FWU_SMC_SEC_IMAGE_DONE: 82 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags)); 83 84 case FWU_SMC_IMAGE_RESET: 85 SMC_RET1(handle, bl1_fwu_image_reset(x1, flags)); 86 87 case FWU_SMC_UPDATE_DONE: 88 bl1_fwu_done((void *)x1, NULL); 89 /* We should never return from bl1_fwu_done() */ 90 91 default: 92 assert(0); 93 break; 94 } 95 96 SMC_RET1(handle, SMC_UNK); 97 } 98 99 /******************************************************************************* 100 * Utility functions to keep track of the images that are loaded at any time. 101 ******************************************************************************/ 102 103 #ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES 104 #define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES 105 #else 106 #define FWU_MAX_SIMULTANEOUS_IMAGES 10 107 #endif 108 109 static int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = { 110 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID 111 }; 112 113 /* 114 * Adds an image_id to the bl1_fwu_loaded_ids array. 115 * Returns 0 on success, 1 on error. 116 */ 117 static int bl1_fwu_add_loaded_id(int image_id) 118 { 119 int i; 120 121 /* Check if the ID is already in the list */ 122 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 123 if (bl1_fwu_loaded_ids[i] == image_id) 124 return 0; 125 } 126 127 /* Find an empty slot */ 128 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 129 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) { 130 bl1_fwu_loaded_ids[i] = image_id; 131 return 0; 132 } 133 } 134 135 return 1; 136 } 137 138 /* 139 * Removes an image_id from the bl1_fwu_loaded_ids array. 140 * Returns 0 on success, 1 on error. 141 */ 142 static int bl1_fwu_remove_loaded_id(int image_id) 143 { 144 int i; 145 146 /* Find the ID */ 147 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 148 if (bl1_fwu_loaded_ids[i] == image_id) { 149 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID; 150 return 0; 151 } 152 } 153 154 return 1; 155 } 156 157 /******************************************************************************* 158 * This function checks if the specified image overlaps another image already 159 * loaded. It returns 0 if there is no overlap, a negative error code otherwise. 160 ******************************************************************************/ 161 static int bl1_fwu_image_check_overlaps(int image_id) 162 { 163 const image_desc_t *image_desc, *checked_image_desc; 164 const image_info_t *info, *checked_info; 165 166 uintptr_t image_base, image_end; 167 uintptr_t checked_image_base, checked_image_end; 168 169 checked_image_desc = bl1_plat_get_image_desc(image_id); 170 checked_info = &checked_image_desc->image_info; 171 172 /* Image being checked mustn't be empty. */ 173 assert(checked_info->image_size != 0); 174 175 checked_image_base = checked_info->image_base; 176 checked_image_end = checked_image_base + checked_info->image_size - 1; 177 /* No need to check for overlaps, it's done in bl1_fwu_image_copy(). */ 178 179 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 180 181 /* Don't check image against itself. */ 182 if (bl1_fwu_loaded_ids[i] == image_id) 183 continue; 184 185 image_desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]); 186 187 /* Only check images that are loaded or being loaded. */ 188 assert (image_desc->state != IMAGE_STATE_RESET); 189 190 info = &image_desc->image_info; 191 192 /* There cannot be overlaps with an empty image. */ 193 if (info->image_size == 0) 194 continue; 195 196 image_base = info->image_base; 197 image_end = image_base + info->image_size - 1; 198 /* 199 * Overflows cannot happen. It is checked in 200 * bl1_fwu_image_copy() when the image goes from RESET to 201 * COPYING or COPIED. 202 */ 203 assert (image_end > image_base); 204 205 /* Check if there are overlaps. */ 206 if (!(image_end < checked_image_base || 207 checked_image_end < image_base)) { 208 VERBOSE("Image with ID %d overlaps existing image with ID %d", 209 checked_image_desc->image_id, image_desc->image_id); 210 return -EPERM; 211 } 212 } 213 214 return 0; 215 } 216 217 /******************************************************************************* 218 * This function is responsible for copying secure images in AP Secure RAM. 219 ******************************************************************************/ 220 static int bl1_fwu_image_copy(unsigned int image_id, 221 uintptr_t image_src, 222 unsigned int block_size, 223 unsigned int image_size, 224 unsigned int flags) 225 { 226 uintptr_t dest_addr; 227 unsigned int remaining; 228 229 /* Get the image descriptor. */ 230 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 231 if (!image_desc) { 232 WARN("BL1-FWU: Invalid image ID %u\n", image_id); 233 return -EPERM; 234 } 235 236 /* 237 * The request must originate from a non-secure caller and target a 238 * secure image. Any other scenario is invalid. 239 */ 240 if (GET_SECURITY_STATE(flags) == SECURE) { 241 WARN("BL1-FWU: Copy not allowed from secure world.\n"); 242 return -EPERM; 243 } 244 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) { 245 WARN("BL1-FWU: Copy not allowed for non-secure images.\n"); 246 return -EPERM; 247 } 248 249 /* Check whether the FWU state machine is in the correct state. */ 250 if ((image_desc->state != IMAGE_STATE_RESET) && 251 (image_desc->state != IMAGE_STATE_COPYING)) { 252 WARN("BL1-FWU: Copy not allowed at this point of the FWU" 253 " process.\n"); 254 return -EPERM; 255 } 256 257 if ((!image_src) || (!block_size) || 258 check_uptr_overflow(image_src, block_size - 1)) { 259 WARN("BL1-FWU: Copy not allowed due to invalid image source" 260 " or block size\n"); 261 return -ENOMEM; 262 } 263 264 if (image_desc->state == IMAGE_STATE_COPYING) { 265 /* 266 * There must have been at least 1 copy operation for this image 267 * previously. 268 */ 269 assert(image_desc->copied_size != 0); 270 /* 271 * The image size must have been recorded in the 1st copy 272 * operation. 273 */ 274 image_size = image_desc->image_info.image_size; 275 assert(image_size != 0); 276 assert(image_desc->copied_size < image_size); 277 278 INFO("BL1-FWU: Continuing image copy in blocks\n"); 279 } else { /* image_desc->state == IMAGE_STATE_RESET */ 280 INFO("BL1-FWU: Initial call to copy an image\n"); 281 282 /* 283 * image_size is relevant only for the 1st copy request, it is 284 * then ignored for subsequent calls for this image. 285 */ 286 if (!image_size) { 287 WARN("BL1-FWU: Copy not allowed due to invalid image" 288 " size\n"); 289 return -ENOMEM; 290 } 291 292 #if LOAD_IMAGE_V2 293 /* Check that the image size to load is within limit */ 294 if (image_size > image_desc->image_info.image_max_size) { 295 WARN("BL1-FWU: Image size out of bounds\n"); 296 return -ENOMEM; 297 } 298 #else 299 /* 300 * Check the image will fit into the free trusted RAM after BL1 301 * load. 302 */ 303 const meminfo_t *mem_layout = bl1_plat_sec_mem_layout(); 304 if (!is_mem_free(mem_layout->free_base, mem_layout->free_size, 305 image_desc->image_info.image_base, 306 image_size)) { 307 WARN("BL1-FWU: Copy not allowed due to insufficient" 308 " resources.\n"); 309 return -ENOMEM; 310 } 311 #endif 312 313 /* Save the given image size. */ 314 image_desc->image_info.image_size = image_size; 315 316 /* Make sure the image doesn't overlap other images. */ 317 if (bl1_fwu_image_check_overlaps(image_id)) { 318 image_desc->image_info.image_size = 0; 319 WARN("BL1-FWU: This image overlaps another one\n"); 320 return -EPERM; 321 } 322 323 /* 324 * copied_size must be explicitly initialized here because the 325 * FWU code doesn't necessarily do it when it resets the state 326 * machine. 327 */ 328 image_desc->copied_size = 0; 329 } 330 331 /* 332 * If the given block size is more than the total image size 333 * then clip the former to the latter. 334 */ 335 remaining = image_size - image_desc->copied_size; 336 if (block_size > remaining) { 337 WARN("BL1-FWU: Block size is too big, clipping it.\n"); 338 block_size = remaining; 339 } 340 341 /* Make sure the source image is mapped in memory. */ 342 if (bl1_plat_mem_check(image_src, block_size, flags)) { 343 WARN("BL1-FWU: Source image is not mapped.\n"); 344 return -ENOMEM; 345 } 346 347 if (bl1_fwu_add_loaded_id(image_id)) { 348 WARN("BL1-FWU: Too many images loaded at the same time.\n"); 349 return -ENOMEM; 350 } 351 352 /* Everything looks sane. Go ahead and copy the block of data. */ 353 dest_addr = image_desc->image_info.image_base + image_desc->copied_size; 354 memcpy((void *) dest_addr, (const void *) image_src, block_size); 355 flush_dcache_range(dest_addr, block_size); 356 357 image_desc->copied_size += block_size; 358 image_desc->state = (block_size == remaining) ? 359 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING; 360 361 INFO("BL1-FWU: Copy operation successful.\n"); 362 return 0; 363 } 364 365 /******************************************************************************* 366 * This function is responsible for authenticating Normal/Secure images. 367 ******************************************************************************/ 368 static int bl1_fwu_image_auth(unsigned int image_id, 369 uintptr_t image_src, 370 unsigned int image_size, 371 unsigned int flags) 372 { 373 int result; 374 uintptr_t base_addr; 375 unsigned int total_size; 376 377 /* Get the image descriptor. */ 378 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 379 if (!image_desc) 380 return -EPERM; 381 382 if (GET_SECURITY_STATE(flags) == SECURE) { 383 if (image_desc->state != IMAGE_STATE_RESET) { 384 WARN("BL1-FWU: Authentication from secure world " 385 "while in invalid state\n"); 386 return -EPERM; 387 } 388 } else { 389 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) { 390 if (image_desc->state != IMAGE_STATE_COPIED) { 391 WARN("BL1-FWU: Authentication of secure image " 392 "from non-secure world while not in copied state\n"); 393 return -EPERM; 394 } 395 } else { 396 if (image_desc->state != IMAGE_STATE_RESET) { 397 WARN("BL1-FWU: Authentication of non-secure image " 398 "from non-secure world while in invalid state\n"); 399 return -EPERM; 400 } 401 } 402 } 403 404 if (image_desc->state == IMAGE_STATE_COPIED) { 405 /* 406 * Image is in COPIED state. 407 * Use the stored address and size. 408 */ 409 base_addr = image_desc->image_info.image_base; 410 total_size = image_desc->image_info.image_size; 411 } else { 412 if ((!image_src) || (!image_size) || 413 check_uptr_overflow(image_src, image_size - 1)) { 414 WARN("BL1-FWU: Auth not allowed due to invalid" 415 " image source/size\n"); 416 return -ENOMEM; 417 } 418 419 /* 420 * Image is in RESET state. 421 * Check the parameters and authenticate the source image in place. 422 */ 423 if (bl1_plat_mem_check(image_src, image_size, \ 424 image_desc->ep_info.h.attr)) { 425 WARN("BL1-FWU: Authentication arguments source/size not mapped\n"); 426 return -ENOMEM; 427 } 428 429 if (bl1_fwu_add_loaded_id(image_id)) { 430 WARN("BL1-FWU: Too many images loaded at the same time.\n"); 431 return -ENOMEM; 432 } 433 434 base_addr = image_src; 435 total_size = image_size; 436 437 /* Update the image size in the descriptor. */ 438 image_desc->image_info.image_size = total_size; 439 } 440 441 /* 442 * Authenticate the image. 443 */ 444 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id); 445 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size); 446 if (result != 0) { 447 WARN("BL1-FWU: Authentication Failed err=%d\n", result); 448 449 /* 450 * Authentication has failed. 451 * Clear the memory if the image was copied. 452 * This is to prevent an attack where this contains 453 * some malicious code that can somehow be executed later. 454 */ 455 if (image_desc->state == IMAGE_STATE_COPIED) { 456 /* Clear the memory.*/ 457 zero_normalmem((void *)base_addr, total_size); 458 flush_dcache_range(base_addr, total_size); 459 460 /* Indicate that image can be copied again*/ 461 image_desc->state = IMAGE_STATE_RESET; 462 } 463 464 /* 465 * Even if this fails it's ok because the ID isn't in the array. 466 * The image cannot be in RESET state here, it is checked at the 467 * beginning of the function. 468 */ 469 bl1_fwu_remove_loaded_id(image_id); 470 return -EAUTH; 471 } 472 473 /* Indicate that image is in authenticated state. */ 474 image_desc->state = IMAGE_STATE_AUTHENTICATED; 475 476 /* 477 * Flush image_info to memory so that other 478 * secure world images can see changes. 479 */ 480 flush_dcache_range((unsigned long)&image_desc->image_info, 481 sizeof(image_info_t)); 482 483 INFO("BL1-FWU: Authentication was successful\n"); 484 485 return 0; 486 } 487 488 /******************************************************************************* 489 * This function is responsible for executing Secure images. 490 ******************************************************************************/ 491 static int bl1_fwu_image_execute(unsigned int image_id, 492 void **handle, 493 unsigned int flags) 494 { 495 /* Get the image descriptor. */ 496 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 497 498 /* 499 * Execution is NOT allowed if: 500 * image_id is invalid OR 501 * Caller is from Secure world OR 502 * Image is Non-Secure OR 503 * Image is Non-Executable OR 504 * Image is NOT in AUTHENTICATED state. 505 */ 506 if ((!image_desc) || 507 (GET_SECURITY_STATE(flags) == SECURE) || 508 (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) || 509 (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) || 510 (image_desc->state != IMAGE_STATE_AUTHENTICATED)) { 511 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n"); 512 return -EPERM; 513 } 514 515 INFO("BL1-FWU: Executing Secure image\n"); 516 517 #ifdef AARCH64 518 /* Save NS-EL1 system registers. */ 519 cm_el1_sysregs_context_save(NON_SECURE); 520 #endif 521 522 /* Prepare the image for execution. */ 523 bl1_prepare_next_image(image_id); 524 525 /* Update the secure image id. */ 526 sec_exec_image_id = image_id; 527 528 #ifdef AARCH64 529 *handle = cm_get_context(SECURE); 530 #else 531 *handle = smc_get_ctx(SECURE); 532 #endif 533 return 0; 534 } 535 536 /******************************************************************************* 537 * This function is responsible for resuming execution in the other security 538 * world 539 ******************************************************************************/ 540 static register_t bl1_fwu_image_resume(register_t image_param, 541 void **handle, 542 unsigned int flags) 543 { 544 image_desc_t *image_desc; 545 unsigned int resume_sec_state; 546 unsigned int caller_sec_state = GET_SECURITY_STATE(flags); 547 548 /* Get the image descriptor for last executed secure image id. */ 549 image_desc = bl1_plat_get_image_desc(sec_exec_image_id); 550 if (caller_sec_state == NON_SECURE) { 551 if (!image_desc) { 552 WARN("BL1-FWU: Resume not allowed due to no available" 553 "secure image\n"); 554 return -EPERM; 555 } 556 } else { 557 /* image_desc must be valid for secure world callers */ 558 assert(image_desc); 559 } 560 561 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 562 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); 563 564 if (caller_sec_state == SECURE) { 565 assert(image_desc->state == IMAGE_STATE_EXECUTED); 566 567 /* Update the flags. */ 568 image_desc->state = IMAGE_STATE_INTERRUPTED; 569 resume_sec_state = NON_SECURE; 570 } else { 571 assert(image_desc->state == IMAGE_STATE_INTERRUPTED); 572 573 /* Update the flags. */ 574 image_desc->state = IMAGE_STATE_EXECUTED; 575 resume_sec_state = SECURE; 576 } 577 578 INFO("BL1-FWU: Resuming %s world context\n", 579 (resume_sec_state == SECURE) ? "secure" : "normal"); 580 581 #ifdef AARCH64 582 /* Save the EL1 system registers of calling world. */ 583 cm_el1_sysregs_context_save(caller_sec_state); 584 585 /* Restore the EL1 system registers of resuming world. */ 586 cm_el1_sysregs_context_restore(resume_sec_state); 587 588 /* Update the next context. */ 589 cm_set_next_eret_context(resume_sec_state); 590 591 *handle = cm_get_context(resume_sec_state); 592 #else 593 /* Update the next context. */ 594 cm_set_next_context(cm_get_context(resume_sec_state)); 595 596 /* Prepare the smc context for the next BL image. */ 597 smc_set_next_ctx(resume_sec_state); 598 599 *handle = smc_get_ctx(resume_sec_state); 600 #endif 601 return image_param; 602 } 603 604 /******************************************************************************* 605 * This function is responsible for resuming normal world context. 606 ******************************************************************************/ 607 static int bl1_fwu_sec_image_done(void **handle, unsigned int flags) 608 { 609 image_desc_t *image_desc; 610 611 /* Make sure caller is from the secure world */ 612 if (GET_SECURITY_STATE(flags) == NON_SECURE) { 613 WARN("BL1-FWU: Image done not allowed from normal world\n"); 614 return -EPERM; 615 } 616 617 /* Get the image descriptor for last executed secure image id */ 618 image_desc = bl1_plat_get_image_desc(sec_exec_image_id); 619 620 /* image_desc must correspond to a valid secure executing image */ 621 assert(image_desc); 622 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 623 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); 624 assert(image_desc->state == IMAGE_STATE_EXECUTED); 625 626 #if ENABLE_ASSERTIONS 627 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id); 628 assert(rc == 0); 629 #else 630 bl1_fwu_remove_loaded_id(sec_exec_image_id); 631 #endif 632 633 /* Update the flags. */ 634 image_desc->state = IMAGE_STATE_RESET; 635 sec_exec_image_id = INVALID_IMAGE_ID; 636 637 INFO("BL1-FWU: Resuming Normal world context\n"); 638 #ifdef AARCH64 639 /* 640 * Secure world is done so no need to save the context. 641 * Just restore the Non-Secure context. 642 */ 643 cm_el1_sysregs_context_restore(NON_SECURE); 644 645 /* Update the next context. */ 646 cm_set_next_eret_context(NON_SECURE); 647 648 *handle = cm_get_context(NON_SECURE); 649 #else 650 /* Update the next context. */ 651 cm_set_next_context(cm_get_context(NON_SECURE)); 652 653 /* Prepare the smc context for the next BL image. */ 654 smc_set_next_ctx(NON_SECURE); 655 656 *handle = smc_get_ctx(NON_SECURE); 657 #endif 658 return 0; 659 } 660 661 /******************************************************************************* 662 * This function provides the opportunity for users to perform any 663 * platform specific handling after the Firmware update is done. 664 ******************************************************************************/ 665 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved) 666 { 667 NOTICE("BL1-FWU: *******FWU Process Completed*******\n"); 668 669 /* 670 * Call platform done function. 671 */ 672 bl1_plat_fwu_done(client_cookie, reserved); 673 assert(0); 674 } 675 676 /******************************************************************************* 677 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is 678 * being executed. 679 ******************************************************************************/ 680 static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags) 681 { 682 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 683 684 if ((!image_desc) || (GET_SECURITY_STATE(flags) == SECURE)) { 685 WARN("BL1-FWU: Reset not allowed due to invalid args\n"); 686 return -EPERM; 687 } 688 689 switch (image_desc->state) { 690 691 case IMAGE_STATE_RESET: 692 /* Nothing to do. */ 693 break; 694 695 case IMAGE_STATE_INTERRUPTED: 696 case IMAGE_STATE_AUTHENTICATED: 697 case IMAGE_STATE_COPIED: 698 case IMAGE_STATE_COPYING: 699 700 if (bl1_fwu_remove_loaded_id(image_id)) { 701 WARN("BL1-FWU: Image reset couldn't find the image ID\n"); 702 return -EPERM; 703 } 704 705 /* Clear the memory.*/ 706 zero_normalmem((void *)image_desc->image_info.image_base, 707 image_desc->copied_size); 708 flush_dcache_range(image_desc->image_info.image_base, 709 image_desc->copied_size); 710 711 /* Reset status variables */ 712 image_desc->copied_size = 0; 713 image_desc->image_info.image_size = 0; 714 image_desc->state = IMAGE_STATE_RESET; 715 716 /* Clear authentication state */ 717 auth_img_flags[image_id] = 0; 718 719 break; 720 721 case IMAGE_STATE_EXECUTED: 722 default: 723 assert(0); 724 } 725 726 return 0; 727 } 728