Fix the inconsistencies in bl1_tbbr_image_descs[]
This patch fixes inconsistencies in bl1_tbbr_image_descs[]
and miscellaneous fixes in Firmware Update code.
Following are the changes:
* As part of the original FWU changes, a `copied_size`
field was added to `image_info_t`. This was a subtle binary
compatibility break because it changed the size of the
`bl31_params_t` struct, which could cause problems if
somebody used different versions of BL2 or BL31, one with
the old `image_info_t` and one with the new version.
This patch put the `copied_size` within the `image_desc_t`.
* EXECUTABLE flag is now stored in `ep_info.h.attr` in place
of `image_info.h.attr`, associating it to an entrypoint.
* The `image_info.image_base` is only relevant for secure
images that are copied from non-secure memory into secure
memory. This patch removes initializing `image_base` for
non secure images in the bl1_tbbr_image_descs[].
* A new macro `SET_STATIC_PARAM_HEAD` is added for populating
bl1_tbbr_image_descs[].ep_info/image_info.h members statically.
The version, image_type and image attributes are now
populated using this new macro.
* Added PLAT_ARM_NVM_BASE and PLAT_ARM_NVM_SIZE to avoid direct
usage of V2M_FLASH0_XXX in plat/arm/common/arm_bl1_fwu.c.
* Refactoring of code/macros related to SECURE and EXECUTABLE flags.
NOTE: PLATFORM PORTS THAT RELY ON THE SIZE OF `image_info_t`
OR USE the "EXECUTABLE" BIT WITHIN `image_info_t.h.attr`
OR USE THEIR OWN `image_desc_t` ARRAY IN BL1, MAY BE
BROKEN BY THIS CHANGE. THIS IS CONSIDERED UNLIKELY.
Change-Id: Id4e5989af7bf0ed263d19d3751939da1169b561d
diff --git a/bl1/bl1_context_mgmt.c b/bl1/bl1_context_mgmt.c
index 6355190..bd40608 100644
--- a/bl1/bl1_context_mgmt.c
+++ b/bl1/bl1_context_mgmt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -74,7 +74,7 @@
next_bl_ep = &image_desc->ep_info;
/* Get the image security state. */
- security_state = GET_SEC_STATE(next_bl_ep->h.attr);
+ security_state = GET_SECURITY_STATE(next_bl_ep->h.attr);
/* Setup the Secure/Non-Secure context if not done already. */
if (!cm_get_context(security_state))
diff --git a/bl1/bl1_fwu.c b/bl1/bl1_fwu.c
index 80ce831..f333805 100644
--- a/bl1/bl1_fwu.c
+++ b/bl1/bl1_fwu.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -135,8 +135,8 @@
}
/* Only Normal world is allowed to copy a Secure image. */
- if ((GET_SEC_STATE(flags) == SECURE) ||
- (GET_SEC_STATE(image_desc->ep_info.h.attr) == NON_SECURE)) {
+ if ((GET_SECURITY_STATE(flags) == SECURE) ||
+ (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE)) {
WARN("BL1-FWU: Copy not allowed for Non-Secure "
"image from Secure-world\n");
return -EPERM;
@@ -156,10 +156,10 @@
* If last block is more than expected then
* clip the block to the required image size.
*/
- if (image_desc->image_info.copied_size + block_size >
+ if (image_desc->copied_size + block_size >
image_desc->image_info.image_size) {
block_size = image_desc->image_info.image_size -
- image_desc->image_info.copied_size;
+ image_desc->copied_size;
WARN("BL1-FWU: Copy argument block_size > remaining image size."
" Clipping block_size\n");
}
@@ -173,13 +173,13 @@
INFO("BL1-FWU: Continuing image copy in blocks\n");
/* Copy image for given block size. */
- base_addr += image_desc->image_info.copied_size;
- image_desc->image_info.copied_size += block_size;
+ base_addr += image_desc->copied_size;
+ image_desc->copied_size += block_size;
memcpy((void *)base_addr, (const void *)image_src, block_size);
flush_dcache_range(base_addr, block_size);
/* Update the state if last block. */
- if (image_desc->image_info.copied_size ==
+ if (image_desc->copied_size ==
image_desc->image_info.image_size) {
image_desc->state = IMAGE_STATE_COPIED;
INFO("BL1-FWU: Image copy in blocks completed\n");
@@ -234,7 +234,7 @@
INFO("BL1-FWU: Started image copy in blocks\n");
}
- image_desc->image_info.copied_size = block_size;
+ image_desc->copied_size = block_size;
}
return 0;
@@ -257,14 +257,14 @@
if (!image_desc)
return -EPERM;
- if (GET_SEC_STATE(flags) == SECURE) {
+ if (GET_SECURITY_STATE(flags) == SECURE) {
if (image_desc->state != IMAGE_STATE_RESET) {
WARN("BL1-FWU: Authentication from secure world "
"while in invalid state\n");
return -EPERM;
}
} else {
- if (GET_SEC_STATE(image_desc->ep_info.h.attr) == SECURE) {
+ if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) {
if (image_desc->state != IMAGE_STATE_COPIED) {
WARN("BL1-FWU: Authentication of secure image "
"from non-secure world while not in copied state\n");
@@ -369,10 +369,10 @@
* Image is NOT in AUTHENTICATED state.
*/
if ((!image_desc) ||
- (GET_SEC_STATE(flags) == SECURE) ||
- (GET_SEC_STATE(image_desc->ep_info.h.attr) == NON_SECURE) ||
- (GET_EXEC_STATE(image_desc->image_info.h.attr) == NON_EXECUTABLE) ||
- (image_desc->state != IMAGE_STATE_AUTHENTICATED)) {
+ (GET_SECURITY_STATE(flags) == SECURE) ||
+ (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) ||
+ (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) ||
+ (image_desc->state != IMAGE_STATE_AUTHENTICATED)) {
WARN("BL1-FWU: Execution not allowed due to invalid state/args\n");
return -EPERM;
}
@@ -402,7 +402,7 @@
{
image_desc_t *image_desc;
unsigned int resume_sec_state;
- unsigned int caller_sec_state = GET_SEC_STATE(flags);
+ unsigned int caller_sec_state = GET_SECURITY_STATE(flags);
/* Get the image descriptor for last executed secure image id. */
image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
@@ -417,8 +417,8 @@
assert(image_desc);
}
- assert(GET_SEC_STATE(image_desc->ep_info.h.attr) == SECURE);
- assert(GET_EXEC_STATE(image_desc->image_info.h.attr) == EXECUTABLE);
+ assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
+ assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
if (caller_sec_state == SECURE) {
assert(image_desc->state == IMAGE_STATE_EXECUTED);
@@ -458,7 +458,7 @@
image_desc_t *image_desc;
/* Make sure caller is from the secure world */
- if (GET_SEC_STATE(flags) == NON_SECURE) {
+ if (GET_SECURITY_STATE(flags) == NON_SECURE) {
WARN("BL1-FWU: Image done not allowed from normal world\n");
return -EPERM;
}
@@ -468,8 +468,8 @@
/* image_desc must correspond to a valid secure executing image */
assert(image_desc);
- assert(GET_SEC_STATE(image_desc->ep_info.h.attr) == SECURE);
- assert(GET_EXEC_STATE(image_desc->image_info.h.attr) == EXECUTABLE);
+ assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
+ assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
assert(image_desc->state == IMAGE_STATE_EXECUTED);
/* Update the flags. */
diff --git a/bl1/tbbr/tbbr_img_desc.c b/bl1/tbbr/tbbr_img_desc.c
index 42de851..7651f1c 100644
--- a/bl1/tbbr/tbbr_img_desc.c
+++ b/bl1/tbbr/tbbr_img_desc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -35,42 +35,46 @@
image_desc_t bl1_tbbr_image_descs[] = {
{
.image_id = FWU_CERT_ID,
- .image_info.h.attr = SET_EXEC_STATE(NON_EXECUTABLE),
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
+ VERSION_1, image_info_t, 0),
.image_info.image_base = BL2_BASE,
- .ep_info.h.attr = SET_SEC_STATE(SECURE),
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
+ VERSION_1, entry_point_info_t, SECURE),
},
#if NS_BL1U_BASE
{
.image_id = NS_BL1U_IMAGE_ID,
- .image_info.h.attr = SET_EXEC_STATE(EXECUTABLE),
- .image_info.image_base = NS_BL1U_BASE,
- .ep_info.h.attr = SET_SEC_STATE(NON_SECURE),
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_1, entry_point_info_t, NON_SECURE | EXECUTABLE),
.ep_info.pc = NS_BL1U_BASE,
},
#endif
#if SCP_BL2U_BASE
{
.image_id = SCP_BL2U_IMAGE_ID,
- .image_info.h.attr = SET_EXEC_STATE(NON_EXECUTABLE),
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
+ VERSION_1, image_info_t, 0),
.image_info.image_base = SCP_BL2U_BASE,
- .ep_info.h.attr = SET_SEC_STATE(SECURE),
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
+ VERSION_1, entry_point_info_t, SECURE),
},
#endif
#if BL2U_BASE
{
.image_id = BL2U_IMAGE_ID,
- .image_info.h.attr = SET_EXEC_STATE(EXECUTABLE),
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_1, image_info_t, 0),
.image_info.image_base = BL2U_BASE,
- .ep_info.h.attr = SET_SEC_STATE(SECURE),
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_1, entry_point_info_t, SECURE | EXECUTABLE),
.ep_info.pc = BL2U_BASE,
},
#endif
#if NS_BL2U_BASE
{
.image_id = NS_BL2U_IMAGE_ID,
- .image_info.h.attr = SET_EXEC_STATE(NON_EXECUTABLE),
- .image_info.image_base = NS_BL2U_BASE,
- .ep_info.h.attr = SET_SEC_STATE(NON_SECURE),
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_1, entry_point_info_t, NON_SECURE),
},
#endif
BL2_IMAGE_DESC,