1 /* 2 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <arch_helpers.h> 9 #include <auth_mod.h> 10 #include <bl1.h> 11 #include <bl_common.h> 12 #include <context.h> 13 #include <context_mgmt.h> 14 #include <debug.h> 15 #include <errno.h> 16 #include <platform.h> 17 #include <platform_def.h> 18 #include <smcc_helpers.h> 19 #include <string.h> 20 #include <utils.h> 21 #include "bl1_private.h" 22 23 /* 24 * Function declarations. 25 */ 26 static int bl1_fwu_image_copy(unsigned int image_id, 27 uintptr_t image_addr, 28 unsigned int block_size, 29 unsigned int image_size, 30 unsigned int flags); 31 static int bl1_fwu_image_auth(unsigned int image_id, 32 uintptr_t image_addr, 33 unsigned int image_size, 34 unsigned int flags); 35 static int bl1_fwu_image_execute(unsigned int image_id, 36 void **handle, 37 unsigned int flags); 38 static register_t bl1_fwu_image_resume(register_t image_param, 39 void **handle, 40 unsigned int flags); 41 static int bl1_fwu_sec_image_done(void **handle, 42 unsigned int flags); 43 static int bl1_fwu_image_reset(unsigned int image_id, 44 unsigned int flags); 45 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved); 46 47 /* 48 * This keeps track of last executed secure image id. 49 */ 50 static unsigned int sec_exec_image_id = INVALID_IMAGE_ID; 51 52 /* Authentication status of each image. */ 53 extern unsigned int auth_img_flags[]; 54 55 void cm_set_next_context(void *cpu_context); 56 57 /******************************************************************************* 58 * Top level handler for servicing FWU SMCs. 59 ******************************************************************************/ 60 register_t bl1_fwu_smc_handler(unsigned int smc_fid, 61 register_t x1, 62 register_t x2, 63 register_t x3, 64 register_t x4, 65 void *cookie, 66 void *handle, 67 unsigned int flags) 68 { 69 70 switch (smc_fid) { 71 case FWU_SMC_IMAGE_COPY: 72 SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags)); 73 74 case FWU_SMC_IMAGE_AUTH: 75 SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags)); 76 77 case FWU_SMC_IMAGE_EXECUTE: 78 SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags)); 79 80 case FWU_SMC_IMAGE_RESUME: 81 SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags)); 82 83 case FWU_SMC_SEC_IMAGE_DONE: 84 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags)); 85 86 case FWU_SMC_IMAGE_RESET: 87 SMC_RET1(handle, bl1_fwu_image_reset(x1, flags)); 88 89 case FWU_SMC_UPDATE_DONE: 90 bl1_fwu_done((void *)x1, NULL); 91 /* We should never return from bl1_fwu_done() */ 92 93 default: 94 assert(0); 95 break; 96 } 97 98 SMC_RET1(handle, SMC_UNK); 99 } 100 101 /******************************************************************************* 102 * Utility functions to keep track of the images that are loaded at any time. 103 ******************************************************************************/ 104 105 #ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES 106 #define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES 107 #else 108 #define FWU_MAX_SIMULTANEOUS_IMAGES 10 109 #endif 110 111 static int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = { 112 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID 113 }; 114 115 /* 116 * Adds an image_id to the bl1_fwu_loaded_ids array. 117 * Returns 0 on success, 1 on error. 118 */ 119 static int bl1_fwu_add_loaded_id(int image_id) 120 { 121 int i; 122 123 /* Check if the ID is already in the list */ 124 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 125 if (bl1_fwu_loaded_ids[i] == image_id) 126 return 0; 127 } 128 129 /* Find an empty slot */ 130 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 131 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) { 132 bl1_fwu_loaded_ids[i] = image_id; 133 return 0; 134 } 135 } 136 137 return 1; 138 } 139 140 /* 141 * Removes an image_id from the bl1_fwu_loaded_ids array. 142 * Returns 0 on success, 1 on error. 143 */ 144 static int bl1_fwu_remove_loaded_id(int image_id) 145 { 146 int i; 147 148 /* Find the ID */ 149 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 150 if (bl1_fwu_loaded_ids[i] == image_id) { 151 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID; 152 return 0; 153 } 154 } 155 156 return 1; 157 } 158 159 /******************************************************************************* 160 * This function checks if the specified image overlaps another image already 161 * loaded. It returns 0 if there is no overlap, a negative error code otherwise. 162 ******************************************************************************/ 163 static int bl1_fwu_image_check_overlaps(int image_id) 164 { 165 const image_desc_t *image_desc, *checked_image_desc; 166 const image_info_t *info, *checked_info; 167 168 uintptr_t image_base, image_end; 169 uintptr_t checked_image_base, checked_image_end; 170 171 checked_image_desc = bl1_plat_get_image_desc(image_id); 172 checked_info = &checked_image_desc->image_info; 173 174 /* Image being checked mustn't be empty. */ 175 assert(checked_info->image_size != 0); 176 177 checked_image_base = checked_info->image_base; 178 checked_image_end = checked_image_base + checked_info->image_size - 1; 179 /* No need to check for overflows, it's done in bl1_fwu_image_copy(). */ 180 181 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) { 182 183 /* Skip INVALID_IMAGE_IDs and don't check image against itself */ 184 if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) || 185 (bl1_fwu_loaded_ids[i] == image_id)) 186 continue; 187 188 image_desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]); 189 190 /* Only check images that are loaded or being loaded. */ 191 assert (image_desc && image_desc->state != IMAGE_STATE_RESET); 192 193 info = &image_desc->image_info; 194 195 /* There cannot be overlaps with an empty image. */ 196 if (info->image_size == 0) 197 continue; 198 199 image_base = info->image_base; 200 image_end = image_base + info->image_size - 1; 201 /* 202 * Overflows cannot happen. It is checked in 203 * bl1_fwu_image_copy() when the image goes from RESET to 204 * COPYING or COPIED. 205 */ 206 assert (image_end > image_base); 207 208 /* Check if there are overlaps. */ 209 if (!(image_end < checked_image_base || 210 checked_image_end < image_base)) { 211 VERBOSE("Image with ID %d overlaps existing image with ID %d", 212 checked_image_desc->image_id, image_desc->image_id); 213 return -EPERM; 214 } 215 } 216 217 return 0; 218 } 219 220 /******************************************************************************* 221 * This function is responsible for copying secure images in AP Secure RAM. 222 ******************************************************************************/ 223 static int bl1_fwu_image_copy(unsigned int image_id, 224 uintptr_t image_src, 225 unsigned int block_size, 226 unsigned int image_size, 227 unsigned int flags) 228 { 229 uintptr_t dest_addr; 230 unsigned int remaining; 231 232 /* Get the image descriptor. */ 233 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 234 if (!image_desc) { 235 WARN("BL1-FWU: Invalid image ID %u\n", image_id); 236 return -EPERM; 237 } 238 239 /* 240 * The request must originate from a non-secure caller and target a 241 * secure image. Any other scenario is invalid. 242 */ 243 if (GET_SECURITY_STATE(flags) == SECURE) { 244 WARN("BL1-FWU: Copy not allowed from secure world.\n"); 245 return -EPERM; 246 } 247 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) { 248 WARN("BL1-FWU: Copy not allowed for non-secure images.\n"); 249 return -EPERM; 250 } 251 252 /* Check whether the FWU state machine is in the correct state. */ 253 if ((image_desc->state != IMAGE_STATE_RESET) && 254 (image_desc->state != IMAGE_STATE_COPYING)) { 255 WARN("BL1-FWU: Copy not allowed at this point of the FWU" 256 " process.\n"); 257 return -EPERM; 258 } 259 260 if ((!image_src) || (!block_size) || 261 check_uptr_overflow(image_src, block_size - 1)) { 262 WARN("BL1-FWU: Copy not allowed due to invalid image source" 263 " or block size\n"); 264 return -ENOMEM; 265 } 266 267 if (image_desc->state == IMAGE_STATE_COPYING) { 268 /* 269 * There must have been at least 1 copy operation for this image 270 * previously. 271 */ 272 assert(image_desc->copied_size != 0); 273 /* 274 * The image size must have been recorded in the 1st copy 275 * operation. 276 */ 277 image_size = image_desc->image_info.image_size; 278 assert(image_size != 0); 279 assert(image_desc->copied_size < image_size); 280 281 INFO("BL1-FWU: Continuing image copy in blocks\n"); 282 } else { /* image_desc->state == IMAGE_STATE_RESET */ 283 INFO("BL1-FWU: Initial call to copy an image\n"); 284 285 /* 286 * image_size is relevant only for the 1st copy request, it is 287 * then ignored for subsequent calls for this image. 288 */ 289 if (!image_size) { 290 WARN("BL1-FWU: Copy not allowed due to invalid image" 291 " size\n"); 292 return -ENOMEM; 293 } 294 295 #if LOAD_IMAGE_V2 296 /* Check that the image size to load is within limit */ 297 if (image_size > image_desc->image_info.image_max_size) { 298 WARN("BL1-FWU: Image size out of bounds\n"); 299 return -ENOMEM; 300 } 301 #else 302 /* 303 * Check the image will fit into the free trusted RAM after BL1 304 * load. 305 */ 306 const meminfo_t *mem_layout = bl1_plat_sec_mem_layout(); 307 if (!is_mem_free(mem_layout->free_base, mem_layout->free_size, 308 image_desc->image_info.image_base, 309 image_size)) { 310 WARN("BL1-FWU: Copy not allowed due to insufficient" 311 " resources.\n"); 312 return -ENOMEM; 313 } 314 #endif 315 316 /* Save the given image size. */ 317 image_desc->image_info.image_size = image_size; 318 319 /* Make sure the image doesn't overlap other images. */ 320 if (bl1_fwu_image_check_overlaps(image_id)) { 321 image_desc->image_info.image_size = 0; 322 WARN("BL1-FWU: This image overlaps another one\n"); 323 return -EPERM; 324 } 325 326 /* 327 * copied_size must be explicitly initialized here because the 328 * FWU code doesn't necessarily do it when it resets the state 329 * machine. 330 */ 331 image_desc->copied_size = 0; 332 } 333 334 /* 335 * If the given block size is more than the total image size 336 * then clip the former to the latter. 337 */ 338 remaining = image_size - image_desc->copied_size; 339 if (block_size > remaining) { 340 WARN("BL1-FWU: Block size is too big, clipping it.\n"); 341 block_size = remaining; 342 } 343 344 /* Make sure the source image is mapped in memory. */ 345 if (bl1_plat_mem_check(image_src, block_size, flags)) { 346 WARN("BL1-FWU: Source image is not mapped.\n"); 347 return -ENOMEM; 348 } 349 350 if (bl1_fwu_add_loaded_id(image_id)) { 351 WARN("BL1-FWU: Too many images loaded at the same time.\n"); 352 return -ENOMEM; 353 } 354 355 /* Everything looks sane. Go ahead and copy the block of data. */ 356 dest_addr = image_desc->image_info.image_base + image_desc->copied_size; 357 memcpy((void *) dest_addr, (const void *) image_src, block_size); 358 flush_dcache_range(dest_addr, block_size); 359 360 image_desc->copied_size += block_size; 361 image_desc->state = (block_size == remaining) ? 362 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING; 363 364 INFO("BL1-FWU: Copy operation successful.\n"); 365 return 0; 366 } 367 368 /******************************************************************************* 369 * This function is responsible for authenticating Normal/Secure images. 370 ******************************************************************************/ 371 static int bl1_fwu_image_auth(unsigned int image_id, 372 uintptr_t image_src, 373 unsigned int image_size, 374 unsigned int flags) 375 { 376 int result; 377 uintptr_t base_addr; 378 unsigned int total_size; 379 380 /* Get the image descriptor. */ 381 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 382 if (!image_desc) 383 return -EPERM; 384 385 if (GET_SECURITY_STATE(flags) == SECURE) { 386 if (image_desc->state != IMAGE_STATE_RESET) { 387 WARN("BL1-FWU: Authentication from secure world " 388 "while in invalid state\n"); 389 return -EPERM; 390 } 391 } else { 392 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) { 393 if (image_desc->state != IMAGE_STATE_COPIED) { 394 WARN("BL1-FWU: Authentication of secure image " 395 "from non-secure world while not in copied state\n"); 396 return -EPERM; 397 } 398 } else { 399 if (image_desc->state != IMAGE_STATE_RESET) { 400 WARN("BL1-FWU: Authentication of non-secure image " 401 "from non-secure world while in invalid state\n"); 402 return -EPERM; 403 } 404 } 405 } 406 407 if (image_desc->state == IMAGE_STATE_COPIED) { 408 /* 409 * Image is in COPIED state. 410 * Use the stored address and size. 411 */ 412 base_addr = image_desc->image_info.image_base; 413 total_size = image_desc->image_info.image_size; 414 } else { 415 if ((!image_src) || (!image_size) || 416 check_uptr_overflow(image_src, image_size - 1)) { 417 WARN("BL1-FWU: Auth not allowed due to invalid" 418 " image source/size\n"); 419 return -ENOMEM; 420 } 421 422 /* 423 * Image is in RESET state. 424 * Check the parameters and authenticate the source image in place. 425 */ 426 if (bl1_plat_mem_check(image_src, image_size, \ 427 image_desc->ep_info.h.attr)) { 428 WARN("BL1-FWU: Authentication arguments source/size not mapped\n"); 429 return -ENOMEM; 430 } 431 432 if (bl1_fwu_add_loaded_id(image_id)) { 433 WARN("BL1-FWU: Too many images loaded at the same time.\n"); 434 return -ENOMEM; 435 } 436 437 base_addr = image_src; 438 total_size = image_size; 439 440 /* Update the image size in the descriptor. */ 441 image_desc->image_info.image_size = total_size; 442 } 443 444 /* 445 * Authenticate the image. 446 */ 447 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id); 448 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size); 449 if (result != 0) { 450 WARN("BL1-FWU: Authentication Failed err=%d\n", result); 451 452 /* 453 * Authentication has failed. 454 * Clear the memory if the image was copied. 455 * This is to prevent an attack where this contains 456 * some malicious code that can somehow be executed later. 457 */ 458 if (image_desc->state == IMAGE_STATE_COPIED) { 459 /* Clear the memory.*/ 460 zero_normalmem((void *)base_addr, total_size); 461 flush_dcache_range(base_addr, total_size); 462 463 /* Indicate that image can be copied again*/ 464 image_desc->state = IMAGE_STATE_RESET; 465 } 466 467 /* 468 * Even if this fails it's ok because the ID isn't in the array. 469 * The image cannot be in RESET state here, it is checked at the 470 * beginning of the function. 471 */ 472 bl1_fwu_remove_loaded_id(image_id); 473 return -EAUTH; 474 } 475 476 /* Indicate that image is in authenticated state. */ 477 image_desc->state = IMAGE_STATE_AUTHENTICATED; 478 479 /* 480 * Flush image_info to memory so that other 481 * secure world images can see changes. 482 */ 483 flush_dcache_range((unsigned long)&image_desc->image_info, 484 sizeof(image_info_t)); 485 486 INFO("BL1-FWU: Authentication was successful\n"); 487 488 return 0; 489 } 490 491 /******************************************************************************* 492 * This function is responsible for executing Secure images. 493 ******************************************************************************/ 494 static int bl1_fwu_image_execute(unsigned int image_id, 495 void **handle, 496 unsigned int flags) 497 { 498 /* Get the image descriptor. */ 499 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 500 501 /* 502 * Execution is NOT allowed if: 503 * image_id is invalid OR 504 * Caller is from Secure world OR 505 * Image is Non-Secure OR 506 * Image is Non-Executable OR 507 * Image is NOT in AUTHENTICATED state. 508 */ 509 if ((!image_desc) || 510 (GET_SECURITY_STATE(flags) == SECURE) || 511 (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) || 512 (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) || 513 (image_desc->state != IMAGE_STATE_AUTHENTICATED)) { 514 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n"); 515 return -EPERM; 516 } 517 518 INFO("BL1-FWU: Executing Secure image\n"); 519 520 #ifdef AARCH64 521 /* Save NS-EL1 system registers. */ 522 cm_el1_sysregs_context_save(NON_SECURE); 523 #endif 524 525 /* Prepare the image for execution. */ 526 bl1_prepare_next_image(image_id); 527 528 /* Update the secure image id. */ 529 sec_exec_image_id = image_id; 530 531 #ifdef AARCH64 532 *handle = cm_get_context(SECURE); 533 #else 534 *handle = smc_get_ctx(SECURE); 535 #endif 536 return 0; 537 } 538 539 /******************************************************************************* 540 * This function is responsible for resuming execution in the other security 541 * world 542 ******************************************************************************/ 543 static register_t bl1_fwu_image_resume(register_t image_param, 544 void **handle, 545 unsigned int flags) 546 { 547 image_desc_t *image_desc; 548 unsigned int resume_sec_state; 549 unsigned int caller_sec_state = GET_SECURITY_STATE(flags); 550 551 /* Get the image descriptor for last executed secure image id. */ 552 image_desc = bl1_plat_get_image_desc(sec_exec_image_id); 553 if (caller_sec_state == NON_SECURE) { 554 if (!image_desc) { 555 WARN("BL1-FWU: Resume not allowed due to no available" 556 "secure image\n"); 557 return -EPERM; 558 } 559 } else { 560 /* image_desc must be valid for secure world callers */ 561 assert(image_desc); 562 } 563 564 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 565 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); 566 567 if (caller_sec_state == SECURE) { 568 assert(image_desc->state == IMAGE_STATE_EXECUTED); 569 570 /* Update the flags. */ 571 image_desc->state = IMAGE_STATE_INTERRUPTED; 572 resume_sec_state = NON_SECURE; 573 } else { 574 assert(image_desc->state == IMAGE_STATE_INTERRUPTED); 575 576 /* Update the flags. */ 577 image_desc->state = IMAGE_STATE_EXECUTED; 578 resume_sec_state = SECURE; 579 } 580 581 INFO("BL1-FWU: Resuming %s world context\n", 582 (resume_sec_state == SECURE) ? "secure" : "normal"); 583 584 #ifdef AARCH64 585 /* Save the EL1 system registers of calling world. */ 586 cm_el1_sysregs_context_save(caller_sec_state); 587 588 /* Restore the EL1 system registers of resuming world. */ 589 cm_el1_sysregs_context_restore(resume_sec_state); 590 591 /* Update the next context. */ 592 cm_set_next_eret_context(resume_sec_state); 593 594 *handle = cm_get_context(resume_sec_state); 595 #else 596 /* Update the next context. */ 597 cm_set_next_context(cm_get_context(resume_sec_state)); 598 599 /* Prepare the smc context for the next BL image. */ 600 smc_set_next_ctx(resume_sec_state); 601 602 *handle = smc_get_ctx(resume_sec_state); 603 #endif 604 return image_param; 605 } 606 607 /******************************************************************************* 608 * This function is responsible for resuming normal world context. 609 ******************************************************************************/ 610 static int bl1_fwu_sec_image_done(void **handle, unsigned int flags) 611 { 612 image_desc_t *image_desc; 613 614 /* Make sure caller is from the secure world */ 615 if (GET_SECURITY_STATE(flags) == NON_SECURE) { 616 WARN("BL1-FWU: Image done not allowed from normal world\n"); 617 return -EPERM; 618 } 619 620 /* Get the image descriptor for last executed secure image id */ 621 image_desc = bl1_plat_get_image_desc(sec_exec_image_id); 622 623 /* image_desc must correspond to a valid secure executing image */ 624 assert(image_desc); 625 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 626 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); 627 assert(image_desc->state == IMAGE_STATE_EXECUTED); 628 629 #if ENABLE_ASSERTIONS 630 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id); 631 assert(rc == 0); 632 #else 633 bl1_fwu_remove_loaded_id(sec_exec_image_id); 634 #endif 635 636 /* Update the flags. */ 637 image_desc->state = IMAGE_STATE_RESET; 638 sec_exec_image_id = INVALID_IMAGE_ID; 639 640 INFO("BL1-FWU: Resuming Normal world context\n"); 641 #ifdef AARCH64 642 /* 643 * Secure world is done so no need to save the context. 644 * Just restore the Non-Secure context. 645 */ 646 cm_el1_sysregs_context_restore(NON_SECURE); 647 648 /* Update the next context. */ 649 cm_set_next_eret_context(NON_SECURE); 650 651 *handle = cm_get_context(NON_SECURE); 652 #else 653 /* Update the next context. */ 654 cm_set_next_context(cm_get_context(NON_SECURE)); 655 656 /* Prepare the smc context for the next BL image. */ 657 smc_set_next_ctx(NON_SECURE); 658 659 *handle = smc_get_ctx(NON_SECURE); 660 #endif 661 return 0; 662 } 663 664 /******************************************************************************* 665 * This function provides the opportunity for users to perform any 666 * platform specific handling after the Firmware update is done. 667 ******************************************************************************/ 668 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved) 669 { 670 NOTICE("BL1-FWU: *******FWU Process Completed*******\n"); 671 672 /* 673 * Call platform done function. 674 */ 675 bl1_plat_fwu_done(client_cookie, reserved); 676 assert(0); 677 } 678 679 /******************************************************************************* 680 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is 681 * being executed. 682 ******************************************************************************/ 683 static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags) 684 { 685 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); 686 687 if ((!image_desc) || (GET_SECURITY_STATE(flags) == SECURE)) { 688 WARN("BL1-FWU: Reset not allowed due to invalid args\n"); 689 return -EPERM; 690 } 691 692 switch (image_desc->state) { 693 694 case IMAGE_STATE_RESET: 695 /* Nothing to do. */ 696 break; 697 698 case IMAGE_STATE_INTERRUPTED: 699 case IMAGE_STATE_AUTHENTICATED: 700 case IMAGE_STATE_COPIED: 701 case IMAGE_STATE_COPYING: 702 703 if (bl1_fwu_remove_loaded_id(image_id)) { 704 WARN("BL1-FWU: Image reset couldn't find the image ID\n"); 705 return -EPERM; 706 } 707 708 if (image_desc->copied_size) { 709 /* Clear the memory if the image is copied */ 710 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); 711 712 zero_normalmem((void *)image_desc->image_info.image_base, 713 image_desc->copied_size); 714 flush_dcache_range(image_desc->image_info.image_base, 715 image_desc->copied_size); 716 } 717 718 /* Reset status variables */ 719 image_desc->copied_size = 0; 720 image_desc->image_info.image_size = 0; 721 image_desc->state = IMAGE_STATE_RESET; 722 723 /* Clear authentication state */ 724 auth_img_flags[image_id] = 0; 725 726 break; 727 728 case IMAGE_STATE_EXECUTED: 729 default: 730 assert(0); 731 } 732 733 return 0; 734 } 735