10ec3ac60SManish V Badarkhe /* 20ec3ac60SManish V Badarkhe * Copyright (c) 2021, Arm Limited. All rights reserved. 30ec3ac60SManish V Badarkhe * 40ec3ac60SManish V Badarkhe * SPDX-License-Identifier: BSD-3-Clause 50ec3ac60SManish V Badarkhe */ 60ec3ac60SManish V Badarkhe 70ec3ac60SManish V Badarkhe #include <assert.h> 80ec3ac60SManish V Badarkhe 90ec3ac60SManish V Badarkhe #include <common/debug.h> 10c885d5c8SManish V Badarkhe #include <common/tf_crc32.h> 110ec3ac60SManish V Badarkhe #include <common/tbbr/tbbr_img_def.h> 120ec3ac60SManish V Badarkhe #include <drivers/fwu/fwu.h> 130ec3ac60SManish V Badarkhe #include <drivers/fwu/fwu_metadata.h> 140ec3ac60SManish V Badarkhe #include <drivers/io/io_storage.h> 150ec3ac60SManish V Badarkhe 160ec3ac60SManish V Badarkhe #include <plat/common/platform.h> 170ec3ac60SManish V Badarkhe 180ec3ac60SManish V Badarkhe /* 190ec3ac60SManish V Badarkhe * Assert that crc_32 is the first member of fwu_metadata structure. 200ec3ac60SManish V Badarkhe * It avoids accessing data outside of the metadata structure during 210ec3ac60SManish V Badarkhe * CRC32 computation if the crc_32 field gets moved due the structure 220ec3ac60SManish V Badarkhe * member(s) addition in the future. 230ec3ac60SManish V Badarkhe */ 240ec3ac60SManish V Badarkhe CASSERT((offsetof(struct fwu_metadata, crc_32) == 0), 250ec3ac60SManish V Badarkhe crc_32_must_be_first_member_of_structure); 260ec3ac60SManish V Badarkhe 270ec3ac60SManish V Badarkhe static struct fwu_metadata metadata; 280ec3ac60SManish V Badarkhe static bool is_fwu_initialized; 290ec3ac60SManish V Badarkhe 300ec3ac60SManish V Badarkhe /******************************************************************************* 310ec3ac60SManish V Badarkhe * Compute CRC32 of the FWU metadata, and check it against the CRC32 value 320ec3ac60SManish V Badarkhe * present in the FWU metadata. 330ec3ac60SManish V Badarkhe * 340ec3ac60SManish V Badarkhe * return -1 on error, otherwise 0 350ec3ac60SManish V Badarkhe ******************************************************************************/ 360ec3ac60SManish V Badarkhe static int fwu_metadata_crc_check(void) 370ec3ac60SManish V Badarkhe { 380ec3ac60SManish V Badarkhe unsigned char *data = (unsigned char *)&metadata; 390ec3ac60SManish V Badarkhe 40c885d5c8SManish V Badarkhe uint32_t calc_crc = tf_crc32(0U, data + sizeof(metadata.crc_32), 410ec3ac60SManish V Badarkhe (sizeof(metadata) - 420ec3ac60SManish V Badarkhe sizeof(metadata.crc_32))); 430ec3ac60SManish V Badarkhe 440ec3ac60SManish V Badarkhe if (metadata.crc_32 != calc_crc) { 450ec3ac60SManish V Badarkhe return -1; 460ec3ac60SManish V Badarkhe } 470ec3ac60SManish V Badarkhe 480ec3ac60SManish V Badarkhe return 0; 490ec3ac60SManish V Badarkhe } 500ec3ac60SManish V Badarkhe 510ec3ac60SManish V Badarkhe /******************************************************************************* 520ec3ac60SManish V Badarkhe * Check the sanity of FWU metadata. 530ec3ac60SManish V Badarkhe * 540ec3ac60SManish V Badarkhe * return -1 on error, otherwise 0 550ec3ac60SManish V Badarkhe ******************************************************************************/ 560ec3ac60SManish V Badarkhe static int fwu_metadata_sanity_check(void) 570ec3ac60SManish V Badarkhe { 580ec3ac60SManish V Badarkhe /* ToDo: add more conditions for sanity check */ 590ec3ac60SManish V Badarkhe if ((metadata.active_index >= NR_OF_FW_BANKS) || 600ec3ac60SManish V Badarkhe (metadata.previous_active_index >= NR_OF_FW_BANKS)) { 610ec3ac60SManish V Badarkhe return -1; 620ec3ac60SManish V Badarkhe } 630ec3ac60SManish V Badarkhe 640ec3ac60SManish V Badarkhe return 0; 650ec3ac60SManish V Badarkhe } 660ec3ac60SManish V Badarkhe 670ec3ac60SManish V Badarkhe /******************************************************************************* 680ec3ac60SManish V Badarkhe * Verify and load specified FWU metadata image to local FWU metadata structure. 690ec3ac60SManish V Badarkhe * 700ec3ac60SManish V Badarkhe * @image_id: FWU metadata image id (either FWU_METADATA_IMAGE_ID or 710ec3ac60SManish V Badarkhe * BKUP_FWU_METADATA_IMAGE_ID) 720ec3ac60SManish V Badarkhe * 730ec3ac60SManish V Badarkhe * return a negative value on error, otherwise 0 740ec3ac60SManish V Badarkhe ******************************************************************************/ 750ec3ac60SManish V Badarkhe static int fwu_metadata_load(unsigned int image_id) 760ec3ac60SManish V Badarkhe { 770ec3ac60SManish V Badarkhe int result; 780ec3ac60SManish V Badarkhe uintptr_t dev_handle, image_handle, image_spec; 790ec3ac60SManish V Badarkhe size_t bytes_read; 800ec3ac60SManish V Badarkhe 810ec3ac60SManish V Badarkhe assert((image_id == FWU_METADATA_IMAGE_ID) || 820ec3ac60SManish V Badarkhe (image_id == BKUP_FWU_METADATA_IMAGE_ID)); 830ec3ac60SManish V Badarkhe 840ec3ac60SManish V Badarkhe result = plat_fwu_set_metadata_image_source(image_id, 850ec3ac60SManish V Badarkhe &dev_handle, 860ec3ac60SManish V Badarkhe &image_spec); 870ec3ac60SManish V Badarkhe if (result != 0) { 880ec3ac60SManish V Badarkhe WARN("Failed to set reference to image id=%u (%i)\n", 890ec3ac60SManish V Badarkhe image_id, result); 900ec3ac60SManish V Badarkhe return result; 910ec3ac60SManish V Badarkhe } 920ec3ac60SManish V Badarkhe 930ec3ac60SManish V Badarkhe result = io_open(dev_handle, image_spec, &image_handle); 940ec3ac60SManish V Badarkhe if (result != 0) { 950ec3ac60SManish V Badarkhe WARN("Failed to load image id id=%u (%i)\n", 960ec3ac60SManish V Badarkhe image_id, result); 970ec3ac60SManish V Badarkhe return result; 980ec3ac60SManish V Badarkhe } 990ec3ac60SManish V Badarkhe 1000ec3ac60SManish V Badarkhe result = io_read(image_handle, (uintptr_t)&metadata, 1010ec3ac60SManish V Badarkhe sizeof(struct fwu_metadata), &bytes_read); 1020ec3ac60SManish V Badarkhe 1030ec3ac60SManish V Badarkhe if (result != 0) { 1040ec3ac60SManish V Badarkhe WARN("Failed to read image id=%u (%i)\n", image_id, result); 1050ec3ac60SManish V Badarkhe goto exit; 1060ec3ac60SManish V Badarkhe } 1070ec3ac60SManish V Badarkhe 1080ec3ac60SManish V Badarkhe if (sizeof(struct fwu_metadata) != bytes_read) { 1090ec3ac60SManish V Badarkhe /* return -1 in case of partial/no read */ 1100ec3ac60SManish V Badarkhe result = -1; 1110ec3ac60SManish V Badarkhe WARN("Read bytes (%zu) instead of expected (%zu) bytes\n", 1120ec3ac60SManish V Badarkhe bytes_read, sizeof(struct fwu_metadata)); 1130ec3ac60SManish V Badarkhe goto exit; 1140ec3ac60SManish V Badarkhe } 1150ec3ac60SManish V Badarkhe 1160ec3ac60SManish V Badarkhe /* sanity check on loaded parameters */ 1170ec3ac60SManish V Badarkhe result = fwu_metadata_sanity_check(); 1180ec3ac60SManish V Badarkhe if (result != 0) { 1190ec3ac60SManish V Badarkhe WARN("Sanity %s\n", "check failed on FWU metadata"); 1200ec3ac60SManish V Badarkhe goto exit; 1210ec3ac60SManish V Badarkhe } 1220ec3ac60SManish V Badarkhe 1230ec3ac60SManish V Badarkhe /* CRC check on loaded parameters */ 1240ec3ac60SManish V Badarkhe result = fwu_metadata_crc_check(); 1250ec3ac60SManish V Badarkhe if (result != 0) { 1260ec3ac60SManish V Badarkhe WARN("CRC %s\n", "check failed on FWU metadata"); 1270ec3ac60SManish V Badarkhe } 1280ec3ac60SManish V Badarkhe 1290ec3ac60SManish V Badarkhe exit: 1300ec3ac60SManish V Badarkhe (void)io_close(image_handle); 1310ec3ac60SManish V Badarkhe 1320ec3ac60SManish V Badarkhe return result; 1330ec3ac60SManish V Badarkhe } 1340ec3ac60SManish V Badarkhe 1350ec3ac60SManish V Badarkhe /******************************************************************************* 1360ec3ac60SManish V Badarkhe * The system runs in the trial run state if any of the images in the active 1370ec3ac60SManish V Badarkhe * firmware bank has not been accepted yet. 1380ec3ac60SManish V Badarkhe * 1390ec3ac60SManish V Badarkhe * Returns true if the system is running in the trial state. 1400ec3ac60SManish V Badarkhe ******************************************************************************/ 1410ec3ac60SManish V Badarkhe bool fwu_is_trial_run_state(void) 1420ec3ac60SManish V Badarkhe { 1430ec3ac60SManish V Badarkhe bool trial_run = false; 1440ec3ac60SManish V Badarkhe 1450ec3ac60SManish V Badarkhe assert(is_fwu_initialized == true); 1460ec3ac60SManish V Badarkhe 1470ec3ac60SManish V Badarkhe for (unsigned int i = 0U; i < NR_OF_IMAGES_IN_FW_BANK; i++) { 1480ec3ac60SManish V Badarkhe struct fwu_image_entry *entry = &metadata.img_entry[i]; 1490ec3ac60SManish V Badarkhe struct fwu_image_properties *img_props = 1500ec3ac60SManish V Badarkhe &entry->img_props[metadata.active_index]; 1510ec3ac60SManish V Badarkhe if (img_props->accepted == 0) { 1520ec3ac60SManish V Badarkhe trial_run = true; 1530ec3ac60SManish V Badarkhe break; 1540ec3ac60SManish V Badarkhe } 1550ec3ac60SManish V Badarkhe } 1560ec3ac60SManish V Badarkhe 1570ec3ac60SManish V Badarkhe return trial_run; 1580ec3ac60SManish V Badarkhe } 1590ec3ac60SManish V Badarkhe 160*9adce87eSSughosh Ganu const struct fwu_metadata *fwu_get_metadata(void) 161*9adce87eSSughosh Ganu { 162*9adce87eSSughosh Ganu assert(is_fwu_initialized); 163*9adce87eSSughosh Ganu 164*9adce87eSSughosh Ganu return &metadata; 165*9adce87eSSughosh Ganu } 166*9adce87eSSughosh Ganu 1670ec3ac60SManish V Badarkhe /******************************************************************************* 1680ec3ac60SManish V Badarkhe * Load verified copy of FWU metadata image kept in the platform NV storage 1690ec3ac60SManish V Badarkhe * into local FWU metadata structure. 1700ec3ac60SManish V Badarkhe * Also, update platform I/O policies with the offset address and length of 1710ec3ac60SManish V Badarkhe * firmware-updated images kept in the platform NV storage. 1720ec3ac60SManish V Badarkhe ******************************************************************************/ 1730ec3ac60SManish V Badarkhe void fwu_init(void) 1740ec3ac60SManish V Badarkhe { 1750ec3ac60SManish V Badarkhe /* Load FWU metadata which will be used to load the images in the 1760ec3ac60SManish V Badarkhe * active bank as per PSA FWU specification 1770ec3ac60SManish V Badarkhe */ 1780ec3ac60SManish V Badarkhe int result = fwu_metadata_load(FWU_METADATA_IMAGE_ID); 1790ec3ac60SManish V Badarkhe 1800ec3ac60SManish V Badarkhe if (result != 0) { 1810ec3ac60SManish V Badarkhe WARN("loading of FWU-Metadata failed, " 1820ec3ac60SManish V Badarkhe "using Bkup-FWU-Metadata\n"); 1830ec3ac60SManish V Badarkhe 1840ec3ac60SManish V Badarkhe result = fwu_metadata_load(BKUP_FWU_METADATA_IMAGE_ID); 1850ec3ac60SManish V Badarkhe if (result != 0) { 1860ec3ac60SManish V Badarkhe ERROR("loading of Bkup-FWU-Metadata failed\n"); 1870ec3ac60SManish V Badarkhe panic(); 1880ec3ac60SManish V Badarkhe } 1890ec3ac60SManish V Badarkhe } 1900ec3ac60SManish V Badarkhe 1910ec3ac60SManish V Badarkhe plat_fwu_set_images_source(&metadata); 1920ec3ac60SManish V Badarkhe 1930ec3ac60SManish V Badarkhe is_fwu_initialized = true; 1940ec3ac60SManish V Badarkhe } 195