xref: /rk3399_ARM-atf/drivers/fwu/fwu.c (revision 06f3c7058c42a9f1a9f7df75ea2de71a000855e8) 
1 /*
2  * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <assert.h>
8 
9 #include <common/debug.h>
10 #include <common/tf_crc32.h>
11 #include <common/tbbr/tbbr_img_def.h>
12 #include <drivers/fwu/fwu.h>
13 #include <drivers/fwu/fwu_metadata.h>
14 #include <drivers/io/io_storage.h>
15 
16 #include <plat/common/platform.h>
17 
18 /*
19  * Assert that crc_32 is the first member of fwu_metadata structure.
20  * It avoids accessing data outside of the metadata structure during
21  * CRC32 computation if the crc_32 field gets moved due the structure
22  * member(s) addition in the future.
23  */
24 CASSERT((offsetof(struct fwu_metadata, crc_32) == 0),
25 	crc_32_must_be_first_member_of_structure);
26 
27 /*
28  * Ensure that the NR_OF_FW_BANKS selected by the platform is not
29  * zero and not greater than the maximum number of banks allowed
30  * by the specification.
31  */
32 CASSERT((NR_OF_FW_BANKS > 0) && (NR_OF_FW_BANKS <= NR_OF_MAX_FW_BANKS),
33 	assert_fwu_num_banks_invalid_value);
34 
35 #define FWU_METADATA_VERSION		2U
36 #define FWU_FW_STORE_DESC_OFFSET	0x20U
37 
38 static struct fwu_metadata metadata;
39 static bool is_metadata_initialized __unused;
40 
41 /*******************************************************************************
42  * Compute CRC32 of the FWU metadata, and check it against the CRC32 value
43  * present in the FWU metadata.
44  *
45  * return -1 on error, otherwise 0
46  ******************************************************************************/
47 static int fwu_metadata_crc_check(void)
48 {
49 	unsigned char *data = (unsigned char *)&metadata;
50 
51 	uint32_t calc_crc = tf_crc32(0U, data + sizeof(metadata.crc_32),
52 				     (sizeof(metadata) -
53 				      sizeof(metadata.crc_32)));
54 
55 	if (metadata.crc_32 != calc_crc) {
56 		return -1;
57 	}
58 
59 	return 0;
60 }
61 
62 /*******************************************************************************
63  * Check the sanity of FWU metadata.
64  *
65  * return -EINVAL on error, otherwise 0
66  ******************************************************************************/
67 static int fwu_metadata_sanity_check(void)
68 {
69 	if (metadata.version != FWU_METADATA_VERSION) {
70 		WARN("Incorrect FWU Metadata version of %u\n",
71 		     metadata.version);
72 		return -EINVAL;
73 	}
74 
75 	if (metadata.active_index >= NR_OF_FW_BANKS) {
76 		WARN("Active Index value(%u) greater than the configured value(%d)",
77 		     metadata.active_index, NR_OF_FW_BANKS);
78 		return -EINVAL;
79 	}
80 
81 	if (metadata.previous_active_index >= NR_OF_FW_BANKS) {
82 		WARN("Previous Active Index value(%u) greater than the configured value(%d)",
83 		     metadata.previous_active_index, NR_OF_FW_BANKS);
84 		return -EINVAL;
85 	}
86 
87 #if PSA_FWU_METADATA_FW_STORE_DESC
88 	if (metadata.fw_desc.num_banks != NR_OF_FW_BANKS) {
89 		WARN("Number of Banks(%u) in FWU Metadata different from the configured value(%d)",
90 		     metadata.fw_desc.num_banks, NR_OF_FW_BANKS);
91 		return -EINVAL;
92 	}
93 
94 	if (metadata.fw_desc.num_images != NR_OF_IMAGES_IN_FW_BANK) {
95 		WARN("Number of Images(%u) in FWU Metadata different from the configured value(%d)",
96 		     metadata.fw_desc.num_images, NR_OF_IMAGES_IN_FW_BANK);
97 		return -EINVAL;
98 	}
99 
100 	if (metadata.desc_offset != FWU_FW_STORE_DESC_OFFSET) {
101 		WARN("Descriptor Offset(0x%x) in the FWU Metadata not equal to 0x20\n",
102 		     metadata.desc_offset);
103 		return -EINVAL;
104 	}
105 #else
106 	if (metadata.desc_offset != 0U) {
107 		WARN("Descriptor offset has non zero value of 0x%x\n",
108 		     metadata.desc_offset);
109 		return -EINVAL;
110 	}
111 #endif
112 
113 	return 0;
114 }
115 
116 /*******************************************************************************
117  * Verify and load specified FWU metadata image to local FWU metadata structure.
118  *
119  * @image_id: FWU metadata image id (either FWU_METADATA_IMAGE_ID or
120  *				     BKUP_FWU_METADATA_IMAGE_ID)
121  *
122  * return a negative value on error, otherwise 0
123  ******************************************************************************/
124 static int fwu_metadata_load(unsigned int image_id)
125 {
126 	int result;
127 	uintptr_t dev_handle, image_handle, image_spec;
128 	size_t bytes_read;
129 
130 	assert((image_id == FWU_METADATA_IMAGE_ID) ||
131 	       (image_id == BKUP_FWU_METADATA_IMAGE_ID));
132 
133 	result = plat_fwu_set_metadata_image_source(image_id,
134 						    &dev_handle,
135 						    &image_spec);
136 	if (result != 0) {
137 		WARN("Failed to set reference to image id=%u (%i)\n",
138 		     image_id, result);
139 		return result;
140 	}
141 
142 	result = io_open(dev_handle, image_spec, &image_handle);
143 	if (result != 0) {
144 		WARN("Failed to load image id id=%u (%i)\n",
145 		     image_id, result);
146 		return result;
147 	}
148 
149 	result = io_read(image_handle, (uintptr_t)&metadata,
150 			 sizeof(struct fwu_metadata), &bytes_read);
151 
152 	if (result != 0) {
153 		WARN("Failed to read image id=%u (%i)\n", image_id, result);
154 		goto exit;
155 	}
156 
157 	if (sizeof(struct fwu_metadata) != bytes_read) {
158 		/* return -1 in case of partial/no read */
159 		result = -1;
160 		WARN("Read bytes (%zu) instead of expected (%zu) bytes\n",
161 		     bytes_read, sizeof(struct fwu_metadata));
162 		goto exit;
163 	}
164 
165 	/* sanity check on loaded parameters */
166 	result = fwu_metadata_sanity_check();
167 	if (result != 0) {
168 		WARN("Sanity %s\n", "check failed on FWU metadata");
169 		goto exit;
170 	}
171 
172 	/* CRC check on loaded parameters */
173 	result = fwu_metadata_crc_check();
174 	if (result != 0) {
175 		WARN("CRC %s\n", "check failed on FWU metadata");
176 	}
177 
178 exit:
179 	(void)io_close(image_handle);
180 
181 	return result;
182 }
183 
184 /*******************************************************************************
185  * Check for an alternate bank for the platform to boot from. This function will
186  * mostly be called whenever the count of the number of times a platform boots
187  * in the Trial State exceeds a pre-set limit.
188  * The function first checks if the platform can boot from the previously active
189  * bank. If not, it tries to find another bank in the accepted state.
190  * And finally, if both the checks fail, as a last resort, it tries to find
191  * a valid bank.
192  *
193  * Returns the index of a bank to boot, else returns invalid index
194  * INVALID_BOOT_IDX.
195  ******************************************************************************/
196 uint32_t fwu_get_alternate_boot_bank(void)
197 {
198 	uint32_t i;
199 
200 	/* First check if the previously active bank can be used */
201 	if (metadata.bank_state[metadata.previous_active_index] ==
202 	    FWU_BANK_STATE_ACCEPTED) {
203 		return metadata.previous_active_index;
204 	}
205 
206 	/* Now check for any other bank in the accepted state */
207 	for (i = 0U; i < NR_OF_FW_BANKS; i++) {
208 		if (i == metadata.active_index ||
209 		    i == metadata.previous_active_index) {
210 			continue;
211 		}
212 
213 		if (metadata.bank_state[i] == FWU_BANK_STATE_ACCEPTED) {
214 			return i;
215 		}
216 	}
217 
218 	/*
219 	 * No accepted bank found. Now try booting from a valid bank.
220 	 * Give priority to the previous active bank.
221 	 */
222 	if (metadata.bank_state[metadata.previous_active_index] ==
223 	    FWU_BANK_STATE_VALID) {
224 		return metadata.previous_active_index;
225 	}
226 
227 	for (i = 0U; i < NR_OF_FW_BANKS; i++) {
228 		if (i == metadata.active_index ||
229 		    i == metadata.previous_active_index) {
230 			continue;
231 		}
232 
233 		if (metadata.bank_state[i] == FWU_BANK_STATE_VALID) {
234 			return i;
235 		}
236 	}
237 
238 	return INVALID_BOOT_IDX;
239 }
240 
241 /*******************************************************************************
242  * The platform can be in one of Valid, Invalid or Accepted states.
243  *
244  * Invalid - One or more images in the bank are corrupted, or partially
245  *           overwritten. The bank is not to be used for booting.
246  *
247  * Valid - All images of the bank are valid but at least one image has not
248  *         been accepted. This implies that the platform is in Trial State.
249  *
250  * Accepted - All images of the bank are valid and accepted.
251  *
252  * Returns the state of the current active bank
253  ******************************************************************************/
254 uint32_t fwu_get_active_bank_state(void)
255 {
256 	assert(is_metadata_initialized);
257 
258 	return metadata.bank_state[metadata.active_index];
259 }
260 
261 const struct fwu_metadata *fwu_get_metadata(void)
262 {
263 	assert(is_metadata_initialized);
264 
265 	return &metadata;
266 }
267 
268 /*******************************************************************************
269  * Load verified copy of FWU metadata image kept in the platform NV storage
270  * into local FWU metadata structure.
271  * Also, update platform I/O policies with the offset address and length of
272  * firmware-updated images kept in the platform NV storage.
273  ******************************************************************************/
274 void fwu_init(void)
275 {
276 	/* Load FWU metadata which will be used to load the images in the
277 	 * active bank as per PSA FWU specification
278 	 */
279 	int result = fwu_metadata_load(FWU_METADATA_IMAGE_ID);
280 
281 	if (result != 0) {
282 		WARN("loading of FWU-Metadata failed, "
283 		     "using Bkup-FWU-Metadata\n");
284 
285 		result = fwu_metadata_load(BKUP_FWU_METADATA_IMAGE_ID);
286 		if (result != 0) {
287 			ERROR("loading of Bkup-FWU-Metadata failed\n");
288 			panic();
289 		}
290 	}
291 
292 	is_metadata_initialized = true;
293 
294 	plat_fwu_set_images_source(&metadata);
295 }
296