blob: d762d07685b7008d5373b34a5e95acea2d0223b0 [file] [log] [blame]
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01001/*
Soby Mathew2f38ce32018-02-08 17:45:12 +00002 * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01005 */
6
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01007#include <arch_helpers.h>
Isla Mitchell99305012017-07-11 14:54:08 +01008#include <assert.h>
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01009#include <auth_mod.h>
10#include <bl1.h>
11#include <bl_common.h>
12#include <context.h>
13#include <context_mgmt.h>
14#include <debug.h>
15#include <errno.h>
16#include <platform.h>
17#include <platform_def.h>
Antonio Nino Diaz3c817f42018-03-21 10:49:27 +000018#include <smccc_helpers.h>
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010019#include <string.h>
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +000020#include <utils.h>
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010021#include "bl1_private.h"
22
23/*
24 * Function declarations.
25 */
26static int bl1_fwu_image_copy(unsigned int image_id,
Roberto Vargasbe126ed2018-02-12 12:36:17 +000027 uintptr_t image_src,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010028 unsigned int block_size,
29 unsigned int image_size,
30 unsigned int flags);
31static int bl1_fwu_image_auth(unsigned int image_id,
Roberto Vargasbe126ed2018-02-12 12:36:17 +000032 uintptr_t image_src,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010033 unsigned int image_size,
34 unsigned int flags);
35static int bl1_fwu_image_execute(unsigned int image_id,
36 void **handle,
37 unsigned int flags);
Dan Handley8ec76522015-12-15 10:52:33 +000038static register_t bl1_fwu_image_resume(register_t image_param,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010039 void **handle,
40 unsigned int flags);
41static int bl1_fwu_sec_image_done(void **handle,
42 unsigned int flags);
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010043static int bl1_fwu_image_reset(unsigned int image_id,
44 unsigned int flags);
Dan Handley89f8f332015-12-15 14:28:24 +000045__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010046
47/*
48 * This keeps track of last executed secure image id.
49 */
50static unsigned int sec_exec_image_id = INVALID_IMAGE_ID;
51
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010052/* Authentication status of each image. */
Roberto Vargasbe126ed2018-02-12 12:36:17 +000053extern unsigned int auth_img_flags[MAX_NUMBER_IDS];
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010054
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010055/*******************************************************************************
56 * Top level handler for servicing FWU SMCs.
57 ******************************************************************************/
58register_t bl1_fwu_smc_handler(unsigned int smc_fid,
59 register_t x1,
60 register_t x2,
61 register_t x3,
62 register_t x4,
63 void *cookie,
64 void *handle,
65 unsigned int flags)
66{
67
68 switch (smc_fid) {
69 case FWU_SMC_IMAGE_COPY:
70 SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags));
71
72 case FWU_SMC_IMAGE_AUTH:
73 SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags));
74
75 case FWU_SMC_IMAGE_EXECUTE:
76 SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags));
77
78 case FWU_SMC_IMAGE_RESUME:
Dan Handley8ec76522015-12-15 10:52:33 +000079 SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags));
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010080
81 case FWU_SMC_SEC_IMAGE_DONE:
82 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags));
83
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010084 case FWU_SMC_IMAGE_RESET:
85 SMC_RET1(handle, bl1_fwu_image_reset(x1, flags));
86
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010087 case FWU_SMC_UPDATE_DONE:
Dan Handley89f8f332015-12-15 14:28:24 +000088 bl1_fwu_done((void *)x1, NULL);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010089 /* We should never return from bl1_fwu_done() */
Jonathan Wrightd5ff96c2018-03-13 13:54:03 +000090 break;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010091
92 default:
93 assert(0);
94 break;
95 }
96
Antonio Nino Diazacb29142017-04-04 17:08:32 +010097 SMC_RET1(handle, SMC_UNK);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010098}
99
100/*******************************************************************************
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100101 * Utility functions to keep track of the images that are loaded at any time.
102 ******************************************************************************/
103
104#ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
105#define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
106#else
107#define FWU_MAX_SIMULTANEOUS_IMAGES 10
108#endif
109
110static int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = {
111 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID
112};
113
114/*
115 * Adds an image_id to the bl1_fwu_loaded_ids array.
116 * Returns 0 on success, 1 on error.
117 */
118static int bl1_fwu_add_loaded_id(int image_id)
119{
120 int i;
121
122 /* Check if the ID is already in the list */
123 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
124 if (bl1_fwu_loaded_ids[i] == image_id)
125 return 0;
126 }
127
128 /* Find an empty slot */
129 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
130 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) {
131 bl1_fwu_loaded_ids[i] = image_id;
132 return 0;
133 }
134 }
135
136 return 1;
137}
138
139/*
140 * Removes an image_id from the bl1_fwu_loaded_ids array.
141 * Returns 0 on success, 1 on error.
142 */
143static int bl1_fwu_remove_loaded_id(int image_id)
144{
145 int i;
146
147 /* Find the ID */
148 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
149 if (bl1_fwu_loaded_ids[i] == image_id) {
150 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID;
151 return 0;
152 }
153 }
154
155 return 1;
156}
157
158/*******************************************************************************
159 * This function checks if the specified image overlaps another image already
160 * loaded. It returns 0 if there is no overlap, a negative error code otherwise.
161 ******************************************************************************/
162static int bl1_fwu_image_check_overlaps(int image_id)
163{
164 const image_desc_t *image_desc, *checked_image_desc;
165 const image_info_t *info, *checked_info;
166
167 uintptr_t image_base, image_end;
168 uintptr_t checked_image_base, checked_image_end;
169
170 checked_image_desc = bl1_plat_get_image_desc(image_id);
171 checked_info = &checked_image_desc->image_info;
172
173 /* Image being checked mustn't be empty. */
174 assert(checked_info->image_size != 0);
175
176 checked_image_base = checked_info->image_base;
177 checked_image_end = checked_image_base + checked_info->image_size - 1;
Soby Mathewf088b342017-06-15 16:11:48 +0100178 /* No need to check for overflows, it's done in bl1_fwu_image_copy(). */
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100179
180 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
181
Soby Mathewf088b342017-06-15 16:11:48 +0100182 /* Skip INVALID_IMAGE_IDs and don't check image against itself */
183 if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) ||
184 (bl1_fwu_loaded_ids[i] == image_id))
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100185 continue;
186
187 image_desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]);
188
189 /* Only check images that are loaded or being loaded. */
Soby Mathewf088b342017-06-15 16:11:48 +0100190 assert (image_desc && image_desc->state != IMAGE_STATE_RESET);
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100191
192 info = &image_desc->image_info;
193
194 /* There cannot be overlaps with an empty image. */
195 if (info->image_size == 0)
196 continue;
197
198 image_base = info->image_base;
199 image_end = image_base + info->image_size - 1;
200 /*
201 * Overflows cannot happen. It is checked in
202 * bl1_fwu_image_copy() when the image goes from RESET to
203 * COPYING or COPIED.
204 */
205 assert (image_end > image_base);
206
207 /* Check if there are overlaps. */
208 if (!(image_end < checked_image_base ||
209 checked_image_end < image_base)) {
210 VERBOSE("Image with ID %d overlaps existing image with ID %d",
211 checked_image_desc->image_id, image_desc->image_id);
212 return -EPERM;
213 }
214 }
215
216 return 0;
217}
218
219/*******************************************************************************
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100220 * This function is responsible for copying secure images in AP Secure RAM.
221 ******************************************************************************/
222static int bl1_fwu_image_copy(unsigned int image_id,
223 uintptr_t image_src,
224 unsigned int block_size,
225 unsigned int image_size,
226 unsigned int flags)
227{
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000228 uintptr_t dest_addr;
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000229 unsigned int remaining;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100230
231 /* Get the image descriptor. */
232 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000233 if (!image_desc) {
234 WARN("BL1-FWU: Invalid image ID %u\n", image_id);
235 return -EPERM;
236 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100237
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000238 /*
239 * The request must originate from a non-secure caller and target a
240 * secure image. Any other scenario is invalid.
241 */
242 if (GET_SECURITY_STATE(flags) == SECURE) {
243 WARN("BL1-FWU: Copy not allowed from secure world.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100244 return -EPERM;
245 }
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000246 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) {
247 WARN("BL1-FWU: Copy not allowed for non-secure images.\n");
248 return -EPERM;
249 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100250
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000251 /* Check whether the FWU state machine is in the correct state. */
252 if ((image_desc->state != IMAGE_STATE_RESET) &&
253 (image_desc->state != IMAGE_STATE_COPYING)) {
254 WARN("BL1-FWU: Copy not allowed at this point of the FWU"
255 " process.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100256 return -EPERM;
257 }
258
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000259 if ((!image_src) || (!block_size) ||
260 check_uptr_overflow(image_src, block_size - 1)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100261 WARN("BL1-FWU: Copy not allowed due to invalid image source"
262 " or block size\n");
263 return -ENOMEM;
264 }
265
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100266 if (image_desc->state == IMAGE_STATE_COPYING) {
Sandrine Bailleuxbbc08222016-11-14 14:58:05 +0000267 /*
268 * There must have been at least 1 copy operation for this image
269 * previously.
270 */
271 assert(image_desc->copied_size != 0);
272 /*
273 * The image size must have been recorded in the 1st copy
274 * operation.
275 */
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000276 image_size = image_desc->image_info.image_size;
Sandrine Bailleuxbbc08222016-11-14 14:58:05 +0000277 assert(image_size != 0);
278 assert(image_desc->copied_size < image_size);
279
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100280 INFO("BL1-FWU: Continuing image copy in blocks\n");
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000281 } else { /* image_desc->state == IMAGE_STATE_RESET */
282 INFO("BL1-FWU: Initial call to copy an image\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100283
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000284 /*
285 * image_size is relevant only for the 1st copy request, it is
286 * then ignored for subsequent calls for this image.
287 */
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100288 if (!image_size) {
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000289 WARN("BL1-FWU: Copy not allowed due to invalid image"
290 " size\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100291 return -ENOMEM;
292 }
293
Yatharth Kochar8c0177f2016-11-11 13:57:50 +0000294 /* Check that the image size to load is within limit */
295 if (image_size > image_desc->image_info.image_max_size) {
296 WARN("BL1-FWU: Image size out of bounds\n");
297 return -ENOMEM;
298 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100299
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000300 /* Save the given image size. */
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100301 image_desc->image_info.image_size = image_size;
302
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100303 /* Make sure the image doesn't overlap other images. */
304 if (bl1_fwu_image_check_overlaps(image_id)) {
305 image_desc->image_info.image_size = 0;
306 WARN("BL1-FWU: This image overlaps another one\n");
307 return -EPERM;
308 }
309
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000310 /*
311 * copied_size must be explicitly initialized here because the
312 * FWU code doesn't necessarily do it when it resets the state
313 * machine.
314 */
315 image_desc->copied_size = 0;
316 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100317
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000318 /*
319 * If the given block size is more than the total image size
320 * then clip the former to the latter.
321 */
322 remaining = image_size - image_desc->copied_size;
323 if (block_size > remaining) {
324 WARN("BL1-FWU: Block size is too big, clipping it.\n");
325 block_size = remaining;
326 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100327
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000328 /* Make sure the source image is mapped in memory. */
329 if (bl1_plat_mem_check(image_src, block_size, flags)) {
330 WARN("BL1-FWU: Source image is not mapped.\n");
331 return -ENOMEM;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100332 }
333
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100334 if (bl1_fwu_add_loaded_id(image_id)) {
335 WARN("BL1-FWU: Too many images loaded at the same time.\n");
336 return -ENOMEM;
337 }
338
Soby Mathew2f38ce32018-02-08 17:45:12 +0000339 /* Allow the platform to handle pre-image load before copying */
340 if (image_desc->state == IMAGE_STATE_RESET) {
341 if (bl1_plat_handle_pre_image_load(image_id) != 0) {
342 ERROR("BL1-FWU: Failure in pre-image load of image id %d\n",
343 image_id);
344 return -EPERM;
345 }
346 }
347
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000348 /* Everything looks sane. Go ahead and copy the block of data. */
349 dest_addr = image_desc->image_info.image_base + image_desc->copied_size;
350 memcpy((void *) dest_addr, (const void *) image_src, block_size);
351 flush_dcache_range(dest_addr, block_size);
352
353 image_desc->copied_size += block_size;
354 image_desc->state = (block_size == remaining) ?
355 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING;
356
357 INFO("BL1-FWU: Copy operation successful.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100358 return 0;
359}
360
361/*******************************************************************************
362 * This function is responsible for authenticating Normal/Secure images.
363 ******************************************************************************/
364static int bl1_fwu_image_auth(unsigned int image_id,
365 uintptr_t image_src,
366 unsigned int image_size,
367 unsigned int flags)
368{
369 int result;
370 uintptr_t base_addr;
371 unsigned int total_size;
372
373 /* Get the image descriptor. */
374 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
375 if (!image_desc)
376 return -EPERM;
377
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000378 if (GET_SECURITY_STATE(flags) == SECURE) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100379 if (image_desc->state != IMAGE_STATE_RESET) {
380 WARN("BL1-FWU: Authentication from secure world "
381 "while in invalid state\n");
382 return -EPERM;
383 }
384 } else {
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000385 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100386 if (image_desc->state != IMAGE_STATE_COPIED) {
387 WARN("BL1-FWU: Authentication of secure image "
388 "from non-secure world while not in copied state\n");
389 return -EPERM;
390 }
391 } else {
392 if (image_desc->state != IMAGE_STATE_RESET) {
393 WARN("BL1-FWU: Authentication of non-secure image "
394 "from non-secure world while in invalid state\n");
395 return -EPERM;
396 }
397 }
398 }
399
400 if (image_desc->state == IMAGE_STATE_COPIED) {
401 /*
402 * Image is in COPIED state.
403 * Use the stored address and size.
404 */
405 base_addr = image_desc->image_info.image_base;
406 total_size = image_desc->image_info.image_size;
407 } else {
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000408 if ((!image_src) || (!image_size) ||
409 check_uptr_overflow(image_src, image_size - 1)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100410 WARN("BL1-FWU: Auth not allowed due to invalid"
411 " image source/size\n");
412 return -ENOMEM;
413 }
414
415 /*
416 * Image is in RESET state.
417 * Check the parameters and authenticate the source image in place.
418 */
Dan Handley35e5f692015-12-14 16:26:43 +0000419 if (bl1_plat_mem_check(image_src, image_size, \
420 image_desc->ep_info.h.attr)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100421 WARN("BL1-FWU: Authentication arguments source/size not mapped\n");
422 return -ENOMEM;
423 }
424
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100425 if (bl1_fwu_add_loaded_id(image_id)) {
426 WARN("BL1-FWU: Too many images loaded at the same time.\n");
427 return -ENOMEM;
428 }
429
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100430 base_addr = image_src;
431 total_size = image_size;
432
433 /* Update the image size in the descriptor. */
434 image_desc->image_info.image_size = total_size;
435 }
436
437 /*
438 * Authenticate the image.
439 */
440 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id);
441 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size);
442 if (result != 0) {
443 WARN("BL1-FWU: Authentication Failed err=%d\n", result);
444
445 /*
446 * Authentication has failed.
447 * Clear the memory if the image was copied.
448 * This is to prevent an attack where this contains
449 * some malicious code that can somehow be executed later.
450 */
451 if (image_desc->state == IMAGE_STATE_COPIED) {
452 /* Clear the memory.*/
Douglas Raillard21362a92016-12-02 13:51:54 +0000453 zero_normalmem((void *)base_addr, total_size);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100454 flush_dcache_range(base_addr, total_size);
455
456 /* Indicate that image can be copied again*/
457 image_desc->state = IMAGE_STATE_RESET;
458 }
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100459
460 /*
461 * Even if this fails it's ok because the ID isn't in the array.
462 * The image cannot be in RESET state here, it is checked at the
463 * beginning of the function.
464 */
465 bl1_fwu_remove_loaded_id(image_id);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100466 return -EAUTH;
467 }
468
469 /* Indicate that image is in authenticated state. */
470 image_desc->state = IMAGE_STATE_AUTHENTICATED;
471
Soby Mathew2f38ce32018-02-08 17:45:12 +0000472 /* Allow the platform to handle post-image load */
473 result = bl1_plat_handle_post_image_load(image_id);
474 if (result != 0) {
475 ERROR("BL1-FWU: Failure %d in post-image load of image id %d\n",
476 result, image_id);
477 /*
478 * Panic here as the platform handling of post-image load is
479 * not correct.
480 */
481 plat_error_handler(result);
482 }
483
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100484 /*
485 * Flush image_info to memory so that other
486 * secure world images can see changes.
487 */
488 flush_dcache_range((unsigned long)&image_desc->image_info,
489 sizeof(image_info_t));
490
491 INFO("BL1-FWU: Authentication was successful\n");
492
493 return 0;
494}
495
496/*******************************************************************************
497 * This function is responsible for executing Secure images.
498 ******************************************************************************/
499static int bl1_fwu_image_execute(unsigned int image_id,
500 void **handle,
501 unsigned int flags)
502{
503 /* Get the image descriptor. */
504 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
505
506 /*
507 * Execution is NOT allowed if:
Dan Handley8ec76522015-12-15 10:52:33 +0000508 * image_id is invalid OR
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100509 * Caller is from Secure world OR
510 * Image is Non-Secure OR
511 * Image is Non-Executable OR
512 * Image is NOT in AUTHENTICATED state.
513 */
514 if ((!image_desc) ||
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000515 (GET_SECURITY_STATE(flags) == SECURE) ||
516 (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) ||
517 (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) ||
518 (image_desc->state != IMAGE_STATE_AUTHENTICATED)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100519 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n");
520 return -EPERM;
521 }
522
523 INFO("BL1-FWU: Executing Secure image\n");
524
dp-armcdd03cb2017-02-15 11:07:55 +0000525#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100526 /* Save NS-EL1 system registers. */
527 cm_el1_sysregs_context_save(NON_SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000528#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100529
530 /* Prepare the image for execution. */
531 bl1_prepare_next_image(image_id);
532
533 /* Update the secure image id. */
534 sec_exec_image_id = image_id;
535
dp-armcdd03cb2017-02-15 11:07:55 +0000536#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100537 *handle = cm_get_context(SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000538#else
539 *handle = smc_get_ctx(SECURE);
540#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100541 return 0;
542}
543
544/*******************************************************************************
Dan Handley8ec76522015-12-15 10:52:33 +0000545 * This function is responsible for resuming execution in the other security
546 * world
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100547 ******************************************************************************/
Dan Handley8ec76522015-12-15 10:52:33 +0000548static register_t bl1_fwu_image_resume(register_t image_param,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100549 void **handle,
550 unsigned int flags)
551{
552 image_desc_t *image_desc;
553 unsigned int resume_sec_state;
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000554 unsigned int caller_sec_state = GET_SECURITY_STATE(flags);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100555
Dan Handley8ec76522015-12-15 10:52:33 +0000556 /* Get the image descriptor for last executed secure image id. */
557 image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
558 if (caller_sec_state == NON_SECURE) {
559 if (!image_desc) {
560 WARN("BL1-FWU: Resume not allowed due to no available"
561 "secure image\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100562 return -EPERM;
563 }
Dan Handley8ec76522015-12-15 10:52:33 +0000564 } else {
565 /* image_desc must be valid for secure world callers */
566 assert(image_desc);
567 }
568
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000569 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
570 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
Dan Handley8ec76522015-12-15 10:52:33 +0000571
572 if (caller_sec_state == SECURE) {
573 assert(image_desc->state == IMAGE_STATE_EXECUTED);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100574
575 /* Update the flags. */
576 image_desc->state = IMAGE_STATE_INTERRUPTED;
577 resume_sec_state = NON_SECURE;
578 } else {
Dan Handley8ec76522015-12-15 10:52:33 +0000579 assert(image_desc->state == IMAGE_STATE_INTERRUPTED);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100580
581 /* Update the flags. */
582 image_desc->state = IMAGE_STATE_EXECUTED;
583 resume_sec_state = SECURE;
584 }
585
dp-armcdd03cb2017-02-15 11:07:55 +0000586 INFO("BL1-FWU: Resuming %s world context\n",
587 (resume_sec_state == SECURE) ? "secure" : "normal");
588
589#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100590 /* Save the EL1 system registers of calling world. */
Dan Handley8ec76522015-12-15 10:52:33 +0000591 cm_el1_sysregs_context_save(caller_sec_state);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100592
593 /* Restore the EL1 system registers of resuming world. */
594 cm_el1_sysregs_context_restore(resume_sec_state);
595
596 /* Update the next context. */
597 cm_set_next_eret_context(resume_sec_state);
598
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100599 *handle = cm_get_context(resume_sec_state);
dp-armcdd03cb2017-02-15 11:07:55 +0000600#else
601 /* Update the next context. */
602 cm_set_next_context(cm_get_context(resume_sec_state));
603
604 /* Prepare the smc context for the next BL image. */
605 smc_set_next_ctx(resume_sec_state);
606
607 *handle = smc_get_ctx(resume_sec_state);
608#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100609 return image_param;
610}
611
612/*******************************************************************************
613 * This function is responsible for resuming normal world context.
614 ******************************************************************************/
615static int bl1_fwu_sec_image_done(void **handle, unsigned int flags)
616{
Dan Handley8ec76522015-12-15 10:52:33 +0000617 image_desc_t *image_desc;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100618
Dan Handley8ec76522015-12-15 10:52:33 +0000619 /* Make sure caller is from the secure world */
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000620 if (GET_SECURITY_STATE(flags) == NON_SECURE) {
Dan Handley8ec76522015-12-15 10:52:33 +0000621 WARN("BL1-FWU: Image done not allowed from normal world\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100622 return -EPERM;
623 }
624
Dan Handley8ec76522015-12-15 10:52:33 +0000625 /* Get the image descriptor for last executed secure image id */
626 image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
627
628 /* image_desc must correspond to a valid secure executing image */
629 assert(image_desc);
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000630 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
631 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
Dan Handley8ec76522015-12-15 10:52:33 +0000632 assert(image_desc->state == IMAGE_STATE_EXECUTED);
633
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100634#if ENABLE_ASSERTIONS
635 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id);
636 assert(rc == 0);
637#else
638 bl1_fwu_remove_loaded_id(sec_exec_image_id);
639#endif
640
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100641 /* Update the flags. */
642 image_desc->state = IMAGE_STATE_RESET;
643 sec_exec_image_id = INVALID_IMAGE_ID;
644
dp-armcdd03cb2017-02-15 11:07:55 +0000645 INFO("BL1-FWU: Resuming Normal world context\n");
646#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100647 /*
648 * Secure world is done so no need to save the context.
649 * Just restore the Non-Secure context.
650 */
651 cm_el1_sysregs_context_restore(NON_SECURE);
652
653 /* Update the next context. */
654 cm_set_next_eret_context(NON_SECURE);
655
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100656 *handle = cm_get_context(NON_SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000657#else
658 /* Update the next context. */
659 cm_set_next_context(cm_get_context(NON_SECURE));
660
661 /* Prepare the smc context for the next BL image. */
662 smc_set_next_ctx(NON_SECURE);
663
664 *handle = smc_get_ctx(NON_SECURE);
665#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100666 return 0;
667}
668
669/*******************************************************************************
670 * This function provides the opportunity for users to perform any
671 * platform specific handling after the Firmware update is done.
672 ******************************************************************************/
Dan Handley89f8f332015-12-15 14:28:24 +0000673__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved)
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100674{
675 NOTICE("BL1-FWU: *******FWU Process Completed*******\n");
676
677 /*
678 * Call platform done function.
679 */
Dan Handley89f8f332015-12-15 14:28:24 +0000680 bl1_plat_fwu_done(client_cookie, reserved);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100681 assert(0);
682}
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100683
684/*******************************************************************************
685 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is
686 * being executed.
687 ******************************************************************************/
688static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags)
689{
690 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
691
692 if ((!image_desc) || (GET_SECURITY_STATE(flags) == SECURE)) {
693 WARN("BL1-FWU: Reset not allowed due to invalid args\n");
694 return -EPERM;
695 }
696
697 switch (image_desc->state) {
698
699 case IMAGE_STATE_RESET:
700 /* Nothing to do. */
701 break;
702
703 case IMAGE_STATE_INTERRUPTED:
704 case IMAGE_STATE_AUTHENTICATED:
705 case IMAGE_STATE_COPIED:
706 case IMAGE_STATE_COPYING:
707
708 if (bl1_fwu_remove_loaded_id(image_id)) {
709 WARN("BL1-FWU: Image reset couldn't find the image ID\n");
710 return -EPERM;
711 }
712
Soby Mathewf088b342017-06-15 16:11:48 +0100713 if (image_desc->copied_size) {
714 /* Clear the memory if the image is copied */
715 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
716
717 zero_normalmem((void *)image_desc->image_info.image_base,
718 image_desc->copied_size);
719 flush_dcache_range(image_desc->image_info.image_base,
720 image_desc->copied_size);
721 }
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100722
723 /* Reset status variables */
724 image_desc->copied_size = 0;
725 image_desc->image_info.image_size = 0;
726 image_desc->state = IMAGE_STATE_RESET;
727
728 /* Clear authentication state */
729 auth_img_flags[image_id] = 0;
730
731 break;
732
733 case IMAGE_STATE_EXECUTED:
734 default:
735 assert(0);
Jonathan Wrightd5ff96c2018-03-13 13:54:03 +0000736 break;
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100737 }
738
739 return 0;
740}