blob: b70bffd914ae1f77fd6747dc64a73d797ab7ce11 [file] [log] [blame]
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01001/*
Zelalem91d80612020-02-12 10:37:03 -06002 * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01005 */
6
Isla Mitchell99305012017-07-11 14:54:08 +01007#include <assert.h>
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01008#include <errno.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +00009#include <string.h>
10
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010011#include <platform_def.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +000012
13#include <arch_helpers.h>
14#include <bl1/bl1.h>
15#include <common/bl_common.h>
16#include <common/debug.h>
17#include <context.h>
18#include <drivers/auth/auth_mod.h>
19#include <lib/el3_runtime/context_mgmt.h>
20#include <lib/utils.h>
21#include <plat/common/platform.h>
Antonio Nino Diaz3c817f42018-03-21 10:49:27 +000022#include <smccc_helpers.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +000023
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010024#include "bl1_private.h"
25
26/*
27 * Function declarations.
28 */
29static int bl1_fwu_image_copy(unsigned int image_id,
Roberto Vargasbe126ed2018-02-12 12:36:17 +000030 uintptr_t image_src,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010031 unsigned int block_size,
32 unsigned int image_size,
33 unsigned int flags);
34static int bl1_fwu_image_auth(unsigned int image_id,
Roberto Vargasbe126ed2018-02-12 12:36:17 +000035 uintptr_t image_src,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010036 unsigned int image_size,
37 unsigned int flags);
38static int bl1_fwu_image_execute(unsigned int image_id,
39 void **handle,
40 unsigned int flags);
Dan Handley8ec76522015-12-15 10:52:33 +000041static register_t bl1_fwu_image_resume(register_t image_param,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010042 void **handle,
43 unsigned int flags);
44static int bl1_fwu_sec_image_done(void **handle,
45 unsigned int flags);
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010046static int bl1_fwu_image_reset(unsigned int image_id,
47 unsigned int flags);
Dan Handley89f8f332015-12-15 14:28:24 +000048__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010049
50/*
51 * This keeps track of last executed secure image id.
52 */
53static unsigned int sec_exec_image_id = INVALID_IMAGE_ID;
54
55/*******************************************************************************
56 * Top level handler for servicing FWU SMCs.
57 ******************************************************************************/
Zelalem91d80612020-02-12 10:37:03 -060058u_register_t bl1_fwu_smc_handler(unsigned int smc_fid,
59 u_register_t x1,
60 u_register_t x2,
61 u_register_t x3,
62 u_register_t x4,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010063 void *cookie,
64 void *handle,
65 unsigned int flags)
66{
67
68 switch (smc_fid) {
69 case FWU_SMC_IMAGE_COPY:
John Powella5c66362020-03-20 14:21:05 -050070 SMC_RET1(handle, bl1_fwu_image_copy((uint32_t)x1, x2,
71 (uint32_t)x3, (uint32_t)x4, flags));
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010072
73 case FWU_SMC_IMAGE_AUTH:
John Powella5c66362020-03-20 14:21:05 -050074 SMC_RET1(handle, bl1_fwu_image_auth((uint32_t)x1, x2,
75 (uint32_t)x3, flags));
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010076
77 case FWU_SMC_IMAGE_EXECUTE:
John Powella5c66362020-03-20 14:21:05 -050078 SMC_RET1(handle, bl1_fwu_image_execute((uint32_t)x1, &handle,
79 flags));
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010080
81 case FWU_SMC_IMAGE_RESUME:
John Powella5c66362020-03-20 14:21:05 -050082 SMC_RET1(handle, bl1_fwu_image_resume((register_t)x1, &handle,
83 flags));
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010084
85 case FWU_SMC_SEC_IMAGE_DONE:
86 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags));
87
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010088 case FWU_SMC_IMAGE_RESET:
John Powella5c66362020-03-20 14:21:05 -050089 SMC_RET1(handle, bl1_fwu_image_reset((uint32_t)x1, flags));
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010090
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010091 case FWU_SMC_UPDATE_DONE:
Dan Handley89f8f332015-12-15 14:28:24 +000092 bl1_fwu_done((void *)x1, NULL);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010093
94 default:
John Powella5c66362020-03-20 14:21:05 -050095 assert(false); /* Unreachable */
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010096 break;
97 }
98
Antonio Nino Diazacb29142017-04-04 17:08:32 +010099 SMC_RET1(handle, SMC_UNK);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100100}
101
102/*******************************************************************************
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100103 * Utility functions to keep track of the images that are loaded at any time.
104 ******************************************************************************/
105
106#ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
107#define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
108#else
109#define FWU_MAX_SIMULTANEOUS_IMAGES 10
110#endif
111
Ambroise Vincentfe630092019-02-27 16:50:10 +0000112static unsigned int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = {
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100113 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID
114};
115
116/*
117 * Adds an image_id to the bl1_fwu_loaded_ids array.
118 * Returns 0 on success, 1 on error.
119 */
Ambroise Vincentfe630092019-02-27 16:50:10 +0000120static int bl1_fwu_add_loaded_id(unsigned int image_id)
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100121{
122 int i;
123
124 /* Check if the ID is already in the list */
125 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
126 if (bl1_fwu_loaded_ids[i] == image_id)
127 return 0;
128 }
129
130 /* Find an empty slot */
131 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
132 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) {
133 bl1_fwu_loaded_ids[i] = image_id;
134 return 0;
135 }
136 }
137
138 return 1;
139}
140
141/*
142 * Removes an image_id from the bl1_fwu_loaded_ids array.
143 * Returns 0 on success, 1 on error.
144 */
Ambroise Vincentfe630092019-02-27 16:50:10 +0000145static int bl1_fwu_remove_loaded_id(unsigned int image_id)
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100146{
147 int i;
148
149 /* Find the ID */
150 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
151 if (bl1_fwu_loaded_ids[i] == image_id) {
152 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID;
153 return 0;
154 }
155 }
156
157 return 1;
158}
159
160/*******************************************************************************
161 * This function checks if the specified image overlaps another image already
162 * loaded. It returns 0 if there is no overlap, a negative error code otherwise.
163 ******************************************************************************/
Ambroise Vincentfe630092019-02-27 16:50:10 +0000164static int bl1_fwu_image_check_overlaps(unsigned int image_id)
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100165{
John Powella5c66362020-03-20 14:21:05 -0500166 const image_desc_t *desc, *checked_desc;
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100167 const image_info_t *info, *checked_info;
168
169 uintptr_t image_base, image_end;
170 uintptr_t checked_image_base, checked_image_end;
171
John Powella5c66362020-03-20 14:21:05 -0500172 checked_desc = bl1_plat_get_image_desc(image_id);
173 checked_info = &checked_desc->image_info;
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100174
175 /* Image being checked mustn't be empty. */
176 assert(checked_info->image_size != 0);
177
178 checked_image_base = checked_info->image_base;
179 checked_image_end = checked_image_base + checked_info->image_size - 1;
Soby Mathewf088b342017-06-15 16:11:48 +0100180 /* No need to check for overflows, it's done in bl1_fwu_image_copy(). */
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100181
182 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
183
Soby Mathewf088b342017-06-15 16:11:48 +0100184 /* Skip INVALID_IMAGE_IDs and don't check image against itself */
185 if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) ||
186 (bl1_fwu_loaded_ids[i] == image_id))
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100187 continue;
188
John Powella5c66362020-03-20 14:21:05 -0500189 desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]);
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100190
191 /* Only check images that are loaded or being loaded. */
John Powella5c66362020-03-20 14:21:05 -0500192 assert ((desc != NULL) && (desc->state != IMAGE_STATE_RESET));
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100193
John Powella5c66362020-03-20 14:21:05 -0500194 info = &desc->image_info;
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100195
196 /* There cannot be overlaps with an empty image. */
197 if (info->image_size == 0)
198 continue;
199
200 image_base = info->image_base;
201 image_end = image_base + info->image_size - 1;
202 /*
203 * Overflows cannot happen. It is checked in
204 * bl1_fwu_image_copy() when the image goes from RESET to
205 * COPYING or COPIED.
206 */
207 assert (image_end > image_base);
208
209 /* Check if there are overlaps. */
John Powella5c66362020-03-20 14:21:05 -0500210 if (!((image_end < checked_image_base) ||
211 (checked_image_end < image_base))) {
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100212 VERBOSE("Image with ID %d overlaps existing image with ID %d",
John Powella5c66362020-03-20 14:21:05 -0500213 checked_desc->image_id, desc->image_id);
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100214 return -EPERM;
215 }
216 }
217
218 return 0;
219}
220
221/*******************************************************************************
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100222 * This function is responsible for copying secure images in AP Secure RAM.
223 ******************************************************************************/
224static int bl1_fwu_image_copy(unsigned int image_id,
225 uintptr_t image_src,
226 unsigned int block_size,
227 unsigned int image_size,
228 unsigned int flags)
229{
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000230 uintptr_t dest_addr;
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000231 unsigned int remaining;
John Powella5c66362020-03-20 14:21:05 -0500232 image_desc_t *desc;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100233
234 /* Get the image descriptor. */
John Powella5c66362020-03-20 14:21:05 -0500235 desc = bl1_plat_get_image_desc(image_id);
236 if (desc == NULL) {
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000237 WARN("BL1-FWU: Invalid image ID %u\n", image_id);
238 return -EPERM;
239 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100240
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000241 /*
242 * The request must originate from a non-secure caller and target a
243 * secure image. Any other scenario is invalid.
244 */
245 if (GET_SECURITY_STATE(flags) == SECURE) {
246 WARN("BL1-FWU: Copy not allowed from secure world.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100247 return -EPERM;
248 }
John Powella5c66362020-03-20 14:21:05 -0500249 if (GET_SECURITY_STATE(desc->ep_info.h.attr) == NON_SECURE) {
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000250 WARN("BL1-FWU: Copy not allowed for non-secure images.\n");
251 return -EPERM;
252 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100253
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000254 /* Check whether the FWU state machine is in the correct state. */
John Powella5c66362020-03-20 14:21:05 -0500255 if ((desc->state != IMAGE_STATE_RESET) &&
256 (desc->state != IMAGE_STATE_COPYING)) {
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000257 WARN("BL1-FWU: Copy not allowed at this point of the FWU"
258 " process.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100259 return -EPERM;
260 }
261
John Powella5c66362020-03-20 14:21:05 -0500262 if ((image_src == 0U) || (block_size == 0U) ||
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000263 check_uptr_overflow(image_src, block_size - 1)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100264 WARN("BL1-FWU: Copy not allowed due to invalid image source"
265 " or block size\n");
266 return -ENOMEM;
267 }
268
John Powella5c66362020-03-20 14:21:05 -0500269 if (desc->state == IMAGE_STATE_COPYING) {
Sandrine Bailleuxbbc08222016-11-14 14:58:05 +0000270 /*
271 * There must have been at least 1 copy operation for this image
272 * previously.
273 */
John Powella5c66362020-03-20 14:21:05 -0500274 assert(desc->copied_size != 0U);
Sandrine Bailleuxbbc08222016-11-14 14:58:05 +0000275 /*
276 * The image size must have been recorded in the 1st copy
277 * operation.
278 */
John Powella5c66362020-03-20 14:21:05 -0500279 image_size = desc->image_info.image_size;
Sandrine Bailleuxbbc08222016-11-14 14:58:05 +0000280 assert(image_size != 0);
John Powella5c66362020-03-20 14:21:05 -0500281 assert(desc->copied_size < image_size);
Sandrine Bailleuxbbc08222016-11-14 14:58:05 +0000282
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100283 INFO("BL1-FWU: Continuing image copy in blocks\n");
John Powella5c66362020-03-20 14:21:05 -0500284 } else { /* desc->state == IMAGE_STATE_RESET */
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000285 INFO("BL1-FWU: Initial call to copy an image\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100286
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000287 /*
288 * image_size is relevant only for the 1st copy request, it is
289 * then ignored for subsequent calls for this image.
290 */
John Powella5c66362020-03-20 14:21:05 -0500291 if (image_size == 0) {
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000292 WARN("BL1-FWU: Copy not allowed due to invalid image"
293 " size\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100294 return -ENOMEM;
295 }
296
Yatharth Kochar8c0177f2016-11-11 13:57:50 +0000297 /* Check that the image size to load is within limit */
John Powella5c66362020-03-20 14:21:05 -0500298 if (image_size > desc->image_info.image_max_size) {
Yatharth Kochar8c0177f2016-11-11 13:57:50 +0000299 WARN("BL1-FWU: Image size out of bounds\n");
300 return -ENOMEM;
301 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100302
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000303 /* Save the given image size. */
John Powella5c66362020-03-20 14:21:05 -0500304 desc->image_info.image_size = image_size;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100305
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100306 /* Make sure the image doesn't overlap other images. */
John Powella5c66362020-03-20 14:21:05 -0500307 if (bl1_fwu_image_check_overlaps(image_id) != 0) {
308 desc->image_info.image_size = 0;
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100309 WARN("BL1-FWU: This image overlaps another one\n");
310 return -EPERM;
311 }
312
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000313 /*
314 * copied_size must be explicitly initialized here because the
315 * FWU code doesn't necessarily do it when it resets the state
316 * machine.
317 */
John Powella5c66362020-03-20 14:21:05 -0500318 desc->copied_size = 0;
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000319 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100320
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000321 /*
322 * If the given block size is more than the total image size
323 * then clip the former to the latter.
324 */
John Powella5c66362020-03-20 14:21:05 -0500325 remaining = image_size - desc->copied_size;
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000326 if (block_size > remaining) {
327 WARN("BL1-FWU: Block size is too big, clipping it.\n");
328 block_size = remaining;
329 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100330
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000331 /* Make sure the source image is mapped in memory. */
John Powella5c66362020-03-20 14:21:05 -0500332 if (bl1_plat_mem_check(image_src, block_size, flags) != 0) {
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000333 WARN("BL1-FWU: Source image is not mapped.\n");
334 return -ENOMEM;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100335 }
336
John Powella5c66362020-03-20 14:21:05 -0500337 if (bl1_fwu_add_loaded_id(image_id) != 0) {
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100338 WARN("BL1-FWU: Too many images loaded at the same time.\n");
339 return -ENOMEM;
340 }
341
Soby Mathew2f38ce32018-02-08 17:45:12 +0000342 /* Allow the platform to handle pre-image load before copying */
John Powella5c66362020-03-20 14:21:05 -0500343 if (desc->state == IMAGE_STATE_RESET) {
Soby Mathew2f38ce32018-02-08 17:45:12 +0000344 if (bl1_plat_handle_pre_image_load(image_id) != 0) {
345 ERROR("BL1-FWU: Failure in pre-image load of image id %d\n",
346 image_id);
347 return -EPERM;
348 }
349 }
350
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000351 /* Everything looks sane. Go ahead and copy the block of data. */
John Powella5c66362020-03-20 14:21:05 -0500352 dest_addr = desc->image_info.image_base + desc->copied_size;
353 (void)memcpy((void *) dest_addr, (const void *) image_src, block_size);
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000354 flush_dcache_range(dest_addr, block_size);
355
John Powella5c66362020-03-20 14:21:05 -0500356 desc->copied_size += block_size;
357 desc->state = (block_size == remaining) ?
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000358 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING;
359
360 INFO("BL1-FWU: Copy operation successful.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100361 return 0;
362}
363
364/*******************************************************************************
365 * This function is responsible for authenticating Normal/Secure images.
366 ******************************************************************************/
367static int bl1_fwu_image_auth(unsigned int image_id,
368 uintptr_t image_src,
369 unsigned int image_size,
370 unsigned int flags)
371{
372 int result;
373 uintptr_t base_addr;
374 unsigned int total_size;
John Powella5c66362020-03-20 14:21:05 -0500375 image_desc_t *desc;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100376
377 /* Get the image descriptor. */
John Powella5c66362020-03-20 14:21:05 -0500378 desc = bl1_plat_get_image_desc(image_id);
379 if (desc == NULL)
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100380 return -EPERM;
381
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000382 if (GET_SECURITY_STATE(flags) == SECURE) {
John Powella5c66362020-03-20 14:21:05 -0500383 if (desc->state != IMAGE_STATE_RESET) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100384 WARN("BL1-FWU: Authentication from secure world "
385 "while in invalid state\n");
386 return -EPERM;
387 }
388 } else {
John Powella5c66362020-03-20 14:21:05 -0500389 if (GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE) {
390 if (desc->state != IMAGE_STATE_COPIED) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100391 WARN("BL1-FWU: Authentication of secure image "
392 "from non-secure world while not in copied state\n");
393 return -EPERM;
394 }
395 } else {
John Powella5c66362020-03-20 14:21:05 -0500396 if (desc->state != IMAGE_STATE_RESET) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100397 WARN("BL1-FWU: Authentication of non-secure image "
398 "from non-secure world while in invalid state\n");
399 return -EPERM;
400 }
401 }
402 }
403
John Powella5c66362020-03-20 14:21:05 -0500404 if (desc->state == IMAGE_STATE_COPIED) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100405 /*
406 * Image is in COPIED state.
407 * Use the stored address and size.
408 */
John Powella5c66362020-03-20 14:21:05 -0500409 base_addr = desc->image_info.image_base;
410 total_size = desc->image_info.image_size;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100411 } else {
John Powella5c66362020-03-20 14:21:05 -0500412 if ((image_src == 0U) || (image_size == 0U) ||
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000413 check_uptr_overflow(image_src, image_size - 1)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100414 WARN("BL1-FWU: Auth not allowed due to invalid"
415 " image source/size\n");
416 return -ENOMEM;
417 }
418
419 /*
420 * Image is in RESET state.
421 * Check the parameters and authenticate the source image in place.
422 */
Dan Handley35e5f692015-12-14 16:26:43 +0000423 if (bl1_plat_mem_check(image_src, image_size, \
John Powella5c66362020-03-20 14:21:05 -0500424 desc->ep_info.h.attr) != 0) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100425 WARN("BL1-FWU: Authentication arguments source/size not mapped\n");
426 return -ENOMEM;
427 }
428
John Powella5c66362020-03-20 14:21:05 -0500429 if (bl1_fwu_add_loaded_id(image_id) != 0) {
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100430 WARN("BL1-FWU: Too many images loaded at the same time.\n");
431 return -ENOMEM;
432 }
433
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100434 base_addr = image_src;
435 total_size = image_size;
436
437 /* Update the image size in the descriptor. */
John Powella5c66362020-03-20 14:21:05 -0500438 desc->image_info.image_size = total_size;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100439 }
440
441 /*
442 * Authenticate the image.
443 */
444 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id);
445 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size);
446 if (result != 0) {
447 WARN("BL1-FWU: Authentication Failed err=%d\n", result);
448
449 /*
450 * Authentication has failed.
451 * Clear the memory if the image was copied.
452 * This is to prevent an attack where this contains
453 * some malicious code that can somehow be executed later.
454 */
John Powella5c66362020-03-20 14:21:05 -0500455 if (desc->state == IMAGE_STATE_COPIED) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100456 /* Clear the memory.*/
Douglas Raillard21362a92016-12-02 13:51:54 +0000457 zero_normalmem((void *)base_addr, total_size);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100458 flush_dcache_range(base_addr, total_size);
459
460 /* Indicate that image can be copied again*/
John Powella5c66362020-03-20 14:21:05 -0500461 desc->state = IMAGE_STATE_RESET;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100462 }
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100463
464 /*
465 * Even if this fails it's ok because the ID isn't in the array.
466 * The image cannot be in RESET state here, it is checked at the
467 * beginning of the function.
468 */
John Powella5c66362020-03-20 14:21:05 -0500469 (void)bl1_fwu_remove_loaded_id(image_id);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100470 return -EAUTH;
471 }
472
473 /* Indicate that image is in authenticated state. */
John Powella5c66362020-03-20 14:21:05 -0500474 desc->state = IMAGE_STATE_AUTHENTICATED;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100475
Soby Mathew2f38ce32018-02-08 17:45:12 +0000476 /* Allow the platform to handle post-image load */
477 result = bl1_plat_handle_post_image_load(image_id);
478 if (result != 0) {
479 ERROR("BL1-FWU: Failure %d in post-image load of image id %d\n",
480 result, image_id);
481 /*
482 * Panic here as the platform handling of post-image load is
483 * not correct.
484 */
485 plat_error_handler(result);
486 }
487
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100488 /*
489 * Flush image_info to memory so that other
490 * secure world images can see changes.
491 */
John Powella5c66362020-03-20 14:21:05 -0500492 flush_dcache_range((uintptr_t)&desc->image_info,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100493 sizeof(image_info_t));
494
495 INFO("BL1-FWU: Authentication was successful\n");
496
497 return 0;
498}
499
500/*******************************************************************************
501 * This function is responsible for executing Secure images.
502 ******************************************************************************/
503static int bl1_fwu_image_execute(unsigned int image_id,
504 void **handle,
505 unsigned int flags)
506{
507 /* Get the image descriptor. */
John Powella5c66362020-03-20 14:21:05 -0500508 image_desc_t *desc = bl1_plat_get_image_desc(image_id);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100509
510 /*
511 * Execution is NOT allowed if:
Dan Handley8ec76522015-12-15 10:52:33 +0000512 * image_id is invalid OR
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100513 * Caller is from Secure world OR
514 * Image is Non-Secure OR
515 * Image is Non-Executable OR
516 * Image is NOT in AUTHENTICATED state.
517 */
John Powella5c66362020-03-20 14:21:05 -0500518 if ((desc == NULL) ||
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000519 (GET_SECURITY_STATE(flags) == SECURE) ||
John Powella5c66362020-03-20 14:21:05 -0500520 (GET_SECURITY_STATE(desc->ep_info.h.attr) == NON_SECURE) ||
521 (EP_GET_EXE(desc->ep_info.h.attr) == NON_EXECUTABLE) ||
522 (desc->state != IMAGE_STATE_AUTHENTICATED)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100523 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n");
524 return -EPERM;
525 }
526
527 INFO("BL1-FWU: Executing Secure image\n");
528
Julius Werner8e0ef0f2019-07-09 14:02:43 -0700529#ifdef __aarch64__
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100530 /* Save NS-EL1 system registers. */
531 cm_el1_sysregs_context_save(NON_SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000532#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100533
534 /* Prepare the image for execution. */
535 bl1_prepare_next_image(image_id);
536
537 /* Update the secure image id. */
538 sec_exec_image_id = image_id;
539
Julius Werner8e0ef0f2019-07-09 14:02:43 -0700540#ifdef __aarch64__
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100541 *handle = cm_get_context(SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000542#else
543 *handle = smc_get_ctx(SECURE);
544#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100545 return 0;
546}
547
548/*******************************************************************************
Dan Handley8ec76522015-12-15 10:52:33 +0000549 * This function is responsible for resuming execution in the other security
550 * world
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100551 ******************************************************************************/
Dan Handley8ec76522015-12-15 10:52:33 +0000552static register_t bl1_fwu_image_resume(register_t image_param,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100553 void **handle,
554 unsigned int flags)
555{
John Powella5c66362020-03-20 14:21:05 -0500556 image_desc_t *desc;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100557 unsigned int resume_sec_state;
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000558 unsigned int caller_sec_state = GET_SECURITY_STATE(flags);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100559
Dan Handley8ec76522015-12-15 10:52:33 +0000560 /* Get the image descriptor for last executed secure image id. */
John Powella5c66362020-03-20 14:21:05 -0500561 desc = bl1_plat_get_image_desc(sec_exec_image_id);
Dan Handley8ec76522015-12-15 10:52:33 +0000562 if (caller_sec_state == NON_SECURE) {
John Powella5c66362020-03-20 14:21:05 -0500563 if (desc == NULL) {
Dan Handley8ec76522015-12-15 10:52:33 +0000564 WARN("BL1-FWU: Resume not allowed due to no available"
565 "secure image\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100566 return -EPERM;
567 }
Dan Handley8ec76522015-12-15 10:52:33 +0000568 } else {
John Powella5c66362020-03-20 14:21:05 -0500569 /* desc must be valid for secure world callers */
570 assert(desc != NULL);
Dan Handley8ec76522015-12-15 10:52:33 +0000571 }
572
John Powella5c66362020-03-20 14:21:05 -0500573 assert(GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE);
574 assert(EP_GET_EXE(desc->ep_info.h.attr) == EXECUTABLE);
Dan Handley8ec76522015-12-15 10:52:33 +0000575
576 if (caller_sec_state == SECURE) {
John Powella5c66362020-03-20 14:21:05 -0500577 assert(desc->state == IMAGE_STATE_EXECUTED);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100578
579 /* Update the flags. */
John Powella5c66362020-03-20 14:21:05 -0500580 desc->state = IMAGE_STATE_INTERRUPTED;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100581 resume_sec_state = NON_SECURE;
582 } else {
John Powella5c66362020-03-20 14:21:05 -0500583 assert(desc->state == IMAGE_STATE_INTERRUPTED);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100584
585 /* Update the flags. */
John Powella5c66362020-03-20 14:21:05 -0500586 desc->state = IMAGE_STATE_EXECUTED;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100587 resume_sec_state = SECURE;
588 }
589
dp-armcdd03cb2017-02-15 11:07:55 +0000590 INFO("BL1-FWU: Resuming %s world context\n",
591 (resume_sec_state == SECURE) ? "secure" : "normal");
592
Julius Werner8e0ef0f2019-07-09 14:02:43 -0700593#ifdef __aarch64__
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100594 /* Save the EL1 system registers of calling world. */
Dan Handley8ec76522015-12-15 10:52:33 +0000595 cm_el1_sysregs_context_save(caller_sec_state);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100596
597 /* Restore the EL1 system registers of resuming world. */
598 cm_el1_sysregs_context_restore(resume_sec_state);
599
600 /* Update the next context. */
601 cm_set_next_eret_context(resume_sec_state);
602
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100603 *handle = cm_get_context(resume_sec_state);
dp-armcdd03cb2017-02-15 11:07:55 +0000604#else
605 /* Update the next context. */
606 cm_set_next_context(cm_get_context(resume_sec_state));
607
608 /* Prepare the smc context for the next BL image. */
609 smc_set_next_ctx(resume_sec_state);
610
611 *handle = smc_get_ctx(resume_sec_state);
612#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100613 return image_param;
614}
615
616/*******************************************************************************
617 * This function is responsible for resuming normal world context.
618 ******************************************************************************/
619static int bl1_fwu_sec_image_done(void **handle, unsigned int flags)
620{
John Powella5c66362020-03-20 14:21:05 -0500621 image_desc_t *desc;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100622
Dan Handley8ec76522015-12-15 10:52:33 +0000623 /* Make sure caller is from the secure world */
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000624 if (GET_SECURITY_STATE(flags) == NON_SECURE) {
Dan Handley8ec76522015-12-15 10:52:33 +0000625 WARN("BL1-FWU: Image done not allowed from normal world\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100626 return -EPERM;
627 }
628
Dan Handley8ec76522015-12-15 10:52:33 +0000629 /* Get the image descriptor for last executed secure image id */
John Powella5c66362020-03-20 14:21:05 -0500630 desc = bl1_plat_get_image_desc(sec_exec_image_id);
Dan Handley8ec76522015-12-15 10:52:33 +0000631
John Powella5c66362020-03-20 14:21:05 -0500632 /* desc must correspond to a valid secure executing image */
633 assert(desc != NULL);
634 assert(GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE);
635 assert(EP_GET_EXE(desc->ep_info.h.attr) == EXECUTABLE);
636 assert(desc->state == IMAGE_STATE_EXECUTED);
Dan Handley8ec76522015-12-15 10:52:33 +0000637
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100638#if ENABLE_ASSERTIONS
639 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id);
640 assert(rc == 0);
641#else
642 bl1_fwu_remove_loaded_id(sec_exec_image_id);
643#endif
644
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100645 /* Update the flags. */
John Powella5c66362020-03-20 14:21:05 -0500646 desc->state = IMAGE_STATE_RESET;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100647 sec_exec_image_id = INVALID_IMAGE_ID;
648
dp-armcdd03cb2017-02-15 11:07:55 +0000649 INFO("BL1-FWU: Resuming Normal world context\n");
Julius Werner8e0ef0f2019-07-09 14:02:43 -0700650#ifdef __aarch64__
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100651 /*
652 * Secure world is done so no need to save the context.
653 * Just restore the Non-Secure context.
654 */
655 cm_el1_sysregs_context_restore(NON_SECURE);
656
657 /* Update the next context. */
658 cm_set_next_eret_context(NON_SECURE);
659
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100660 *handle = cm_get_context(NON_SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000661#else
662 /* Update the next context. */
663 cm_set_next_context(cm_get_context(NON_SECURE));
664
665 /* Prepare the smc context for the next BL image. */
666 smc_set_next_ctx(NON_SECURE);
667
668 *handle = smc_get_ctx(NON_SECURE);
669#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100670 return 0;
671}
672
673/*******************************************************************************
674 * This function provides the opportunity for users to perform any
675 * platform specific handling after the Firmware update is done.
676 ******************************************************************************/
Dan Handley89f8f332015-12-15 14:28:24 +0000677__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved)
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100678{
679 NOTICE("BL1-FWU: *******FWU Process Completed*******\n");
680
681 /*
682 * Call platform done function.
683 */
Dan Handley89f8f332015-12-15 14:28:24 +0000684 bl1_plat_fwu_done(client_cookie, reserved);
John Powella5c66362020-03-20 14:21:05 -0500685 assert(false);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100686}
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100687
688/*******************************************************************************
689 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is
690 * being executed.
691 ******************************************************************************/
692static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags)
693{
John Powella5c66362020-03-20 14:21:05 -0500694 image_desc_t *desc = bl1_plat_get_image_desc(image_id);
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100695
John Powella5c66362020-03-20 14:21:05 -0500696 if ((desc == NULL) || (GET_SECURITY_STATE(flags) == SECURE)) {
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100697 WARN("BL1-FWU: Reset not allowed due to invalid args\n");
698 return -EPERM;
699 }
700
John Powella5c66362020-03-20 14:21:05 -0500701 switch (desc->state) {
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100702
703 case IMAGE_STATE_RESET:
704 /* Nothing to do. */
705 break;
706
707 case IMAGE_STATE_INTERRUPTED:
708 case IMAGE_STATE_AUTHENTICATED:
709 case IMAGE_STATE_COPIED:
710 case IMAGE_STATE_COPYING:
711
John Powella5c66362020-03-20 14:21:05 -0500712 if (bl1_fwu_remove_loaded_id(image_id) != 0) {
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100713 WARN("BL1-FWU: Image reset couldn't find the image ID\n");
714 return -EPERM;
715 }
716
John Powella5c66362020-03-20 14:21:05 -0500717 if (desc->copied_size != 0U) {
Soby Mathewf088b342017-06-15 16:11:48 +0100718 /* Clear the memory if the image is copied */
John Powella5c66362020-03-20 14:21:05 -0500719 assert(GET_SECURITY_STATE(desc->ep_info.h.attr)
720 == SECURE);
Soby Mathewf088b342017-06-15 16:11:48 +0100721
John Powella5c66362020-03-20 14:21:05 -0500722 zero_normalmem((void *)desc->image_info.image_base,
723 desc->copied_size);
724 flush_dcache_range(desc->image_info.image_base,
725 desc->copied_size);
Soby Mathewf088b342017-06-15 16:11:48 +0100726 }
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100727
728 /* Reset status variables */
John Powella5c66362020-03-20 14:21:05 -0500729 desc->copied_size = 0;
730 desc->image_info.image_size = 0;
731 desc->state = IMAGE_STATE_RESET;
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100732
733 /* Clear authentication state */
734 auth_img_flags[image_id] = 0;
735
736 break;
737
738 case IMAGE_STATE_EXECUTED:
739 default:
John Powella5c66362020-03-20 14:21:05 -0500740 assert(false); /* Unreachable */
Jonathan Wrightd5ff96c2018-03-13 13:54:03 +0000741 break;
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100742 }
743
744 return 0;
745}