Merge pull request #383 from vikramkanigiri/vk/tf-issues-314-v1

Ensure BL2 security state is secure
diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c
index e322531..dad64e2 100644
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@@ -44,14 +44,16 @@
  ******************************************************************************/
 static void __dead2 bl1_run_bl2(entry_point_info_t *bl2_ep)
 {
+	/* Check bl2 security state is expected as secure */
+	assert(GET_SECURITY_STATE(bl2_ep->h.attr) == SECURE);
+	/* Check NS Bit is also set as secure */
+	assert(!(read_scr_el3() & SCR_NS_BIT));
+
 	bl1_arch_next_el_setup();
 
 	/* Tell next EL what we want done */
 	bl2_ep->args.arg0 = RUN_IMAGE;
 
-	if (GET_SECURITY_STATE(bl2_ep->h.attr) == NON_SECURE)
-		change_security_state(GET_SECURITY_STATE(bl2_ep->h.attr));
-
 	write_spsr_el3(bl2_ep->spsr);
 	write_elr_el3(bl2_ep->pc);
 
diff --git a/common/bl_common.c b/common/bl_common.c
index 3088cb0..73c615e 100644
--- a/common/bl_common.c
+++ b/common/bl_common.c
@@ -59,19 +59,6 @@
 	return (addr & (page_size - 1)) == 0;
 }
 
-void change_security_state(unsigned int target_security_state)
-{
-	unsigned long scr = read_scr();
-
-	assert(sec_state_is_valid(target_security_state));
-	if (target_security_state == SECURE)
-		scr &= ~SCR_NS_BIT;
-	else
-		scr |= SCR_NS_BIT;
-
-	write_scr(scr);
-}
-
 /******************************************************************************
  * Determine whether the memory region delimited by 'addr' and 'size' is free,
  * given the extents of free memory.
diff --git a/include/common/bl_common.h b/include/common/bl_common.h
index 66244ca..164377f 100644
--- a/include/common/bl_common.h
+++ b/include/common/bl_common.h
@@ -234,7 +234,6 @@
  * Function & variable prototypes
  ******************************************************************************/
 unsigned long page_align(unsigned long, unsigned);
-void change_security_state(unsigned int);
 unsigned long image_size(unsigned int image_id);
 int load_image(meminfo_t *mem_layout,
 	       unsigned int image_id,