Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 1 | /* |
Yatharth Kochar | f11b29a | 2016-02-01 11:04:46 +0000 | [diff] [blame] | 2 | * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved. |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 3 | * |
| 4 | * Redistribution and use in source and binary forms, with or without |
| 5 | * modification, are permitted provided that the following conditions are met: |
| 6 | * |
| 7 | * Redistributions of source code must retain the above copyright notice, this |
| 8 | * list of conditions and the following disclaimer. |
| 9 | * |
| 10 | * Redistributions in binary form must reproduce the above copyright notice, |
| 11 | * this list of conditions and the following disclaimer in the documentation |
| 12 | * and/or other materials provided with the distribution. |
| 13 | * |
| 14 | * Neither the name of ARM nor the names of its contributors may be used |
| 15 | * to endorse or promote products derived from this software without specific |
| 16 | * prior written permission. |
| 17 | * |
| 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
| 19 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 20 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 21 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
| 22 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 23 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 24 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
| 25 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
| 26 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 27 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| 28 | * POSSIBILITY OF SUCH DAMAGE. |
| 29 | */ |
| 30 | |
| 31 | #include <assert.h> |
| 32 | #include <arch_helpers.h> |
| 33 | #include <auth_mod.h> |
| 34 | #include <bl1.h> |
| 35 | #include <bl_common.h> |
| 36 | #include <context.h> |
| 37 | #include <context_mgmt.h> |
| 38 | #include <debug.h> |
| 39 | #include <errno.h> |
| 40 | #include <platform.h> |
| 41 | #include <platform_def.h> |
| 42 | #include <smcc_helpers.h> |
| 43 | #include <string.h> |
| 44 | #include "bl1_private.h" |
| 45 | |
| 46 | /* |
| 47 | * Function declarations. |
| 48 | */ |
| 49 | static int bl1_fwu_image_copy(unsigned int image_id, |
| 50 | uintptr_t image_addr, |
| 51 | unsigned int block_size, |
| 52 | unsigned int image_size, |
| 53 | unsigned int flags); |
| 54 | static int bl1_fwu_image_auth(unsigned int image_id, |
| 55 | uintptr_t image_addr, |
| 56 | unsigned int image_size, |
| 57 | unsigned int flags); |
| 58 | static int bl1_fwu_image_execute(unsigned int image_id, |
| 59 | void **handle, |
| 60 | unsigned int flags); |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 61 | static register_t bl1_fwu_image_resume(register_t image_param, |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 62 | void **handle, |
| 63 | unsigned int flags); |
| 64 | static int bl1_fwu_sec_image_done(void **handle, |
| 65 | unsigned int flags); |
Dan Handley | 89f8f33 | 2015-12-15 14:28:24 +0000 | [diff] [blame] | 66 | __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 67 | |
| 68 | /* |
| 69 | * This keeps track of last executed secure image id. |
| 70 | */ |
| 71 | static unsigned int sec_exec_image_id = INVALID_IMAGE_ID; |
| 72 | |
| 73 | /******************************************************************************* |
| 74 | * Top level handler for servicing FWU SMCs. |
| 75 | ******************************************************************************/ |
| 76 | register_t bl1_fwu_smc_handler(unsigned int smc_fid, |
| 77 | register_t x1, |
| 78 | register_t x2, |
| 79 | register_t x3, |
| 80 | register_t x4, |
| 81 | void *cookie, |
| 82 | void *handle, |
| 83 | unsigned int flags) |
| 84 | { |
| 85 | |
| 86 | switch (smc_fid) { |
| 87 | case FWU_SMC_IMAGE_COPY: |
| 88 | SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags)); |
| 89 | |
| 90 | case FWU_SMC_IMAGE_AUTH: |
| 91 | SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags)); |
| 92 | |
| 93 | case FWU_SMC_IMAGE_EXECUTE: |
| 94 | SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags)); |
| 95 | |
| 96 | case FWU_SMC_IMAGE_RESUME: |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 97 | SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags)); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 98 | |
| 99 | case FWU_SMC_SEC_IMAGE_DONE: |
| 100 | SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags)); |
| 101 | |
| 102 | case FWU_SMC_UPDATE_DONE: |
Dan Handley | 89f8f33 | 2015-12-15 14:28:24 +0000 | [diff] [blame] | 103 | bl1_fwu_done((void *)x1, NULL); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 104 | /* We should never return from bl1_fwu_done() */ |
| 105 | |
| 106 | default: |
| 107 | assert(0); |
| 108 | break; |
| 109 | } |
| 110 | |
| 111 | SMC_RET0(handle); |
| 112 | } |
| 113 | |
| 114 | /******************************************************************************* |
| 115 | * This function is responsible for copying secure images in AP Secure RAM. |
| 116 | ******************************************************************************/ |
| 117 | static int bl1_fwu_image_copy(unsigned int image_id, |
| 118 | uintptr_t image_src, |
| 119 | unsigned int block_size, |
| 120 | unsigned int image_size, |
| 121 | unsigned int flags) |
| 122 | { |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 123 | uintptr_t dest_addr; |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 124 | |
| 125 | /* Get the image descriptor. */ |
| 126 | image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 127 | if (!image_desc) { |
| 128 | WARN("BL1-FWU: Invalid image ID %u\n", image_id); |
| 129 | return -EPERM; |
| 130 | } |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 131 | |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 132 | /* |
| 133 | * The request must originate from a non-secure caller and target a |
| 134 | * secure image. Any other scenario is invalid. |
| 135 | */ |
| 136 | if (GET_SECURITY_STATE(flags) == SECURE) { |
| 137 | WARN("BL1-FWU: Copy not allowed from secure world.\n"); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 138 | return -EPERM; |
| 139 | } |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 140 | if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) { |
| 141 | WARN("BL1-FWU: Copy not allowed for non-secure images.\n"); |
| 142 | return -EPERM; |
| 143 | } |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 144 | |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 145 | /* Check whether the FWU state machine is in the correct state. */ |
| 146 | if ((image_desc->state != IMAGE_STATE_RESET) && |
| 147 | (image_desc->state != IMAGE_STATE_COPYING)) { |
| 148 | WARN("BL1-FWU: Copy not allowed at this point of the FWU" |
| 149 | " process.\n"); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 150 | return -EPERM; |
| 151 | } |
| 152 | |
| 153 | if ((!image_src) || (!block_size)) { |
| 154 | WARN("BL1-FWU: Copy not allowed due to invalid image source" |
| 155 | " or block size\n"); |
| 156 | return -ENOMEM; |
| 157 | } |
| 158 | |
| 159 | /* Get the image base address. */ |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 160 | dest_addr = image_desc->image_info.image_base; |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 161 | |
| 162 | if (image_desc->state == IMAGE_STATE_COPYING) { |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 163 | image_size = image_desc->image_info.image_size; |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 164 | /* |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 165 | * If the given block size is more than the total image size |
| 166 | * then clip the former to the latter. |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 167 | */ |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 168 | if (image_desc->copied_size + block_size > image_size) { |
| 169 | WARN("BL1-FWU: Block size is too big, clipping it.\n"); |
| 170 | block_size = image_size - image_desc->copied_size; |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 171 | } |
| 172 | |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 173 | /* Make sure the source image is mapped in memory. */ |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 174 | if (bl1_plat_mem_check(image_src, block_size, flags)) { |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 175 | WARN("BL1-FWU: Source image to copy is not mapped.\n"); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 176 | return -ENOMEM; |
| 177 | } |
| 178 | |
| 179 | INFO("BL1-FWU: Continuing image copy in blocks\n"); |
| 180 | |
| 181 | /* Copy image for given block size. */ |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 182 | dest_addr += image_desc->copied_size; |
Yatharth Kochar | f11b29a | 2016-02-01 11:04:46 +0000 | [diff] [blame] | 183 | image_desc->copied_size += block_size; |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 184 | memcpy((void *)dest_addr, (const void *)image_src, block_size); |
| 185 | flush_dcache_range(dest_addr, block_size); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 186 | |
| 187 | /* Update the state if last block. */ |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 188 | if (image_desc->copied_size == image_size) { |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 189 | image_desc->state = IMAGE_STATE_COPIED; |
| 190 | INFO("BL1-FWU: Image copy in blocks completed\n"); |
| 191 | } |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 192 | } else { /* image_desc->state == IMAGE_STATE_RESET */ |
| 193 | INFO("BL1-FWU: Initial call to copy an image\n"); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 194 | |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 195 | /* |
| 196 | * image_size is relevant only for the 1st copy request, it is |
| 197 | * then ignored for subsequent calls for this image. |
| 198 | */ |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 199 | if (!image_size) { |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 200 | WARN("BL1-FWU: Copy not allowed due to invalid image" |
| 201 | " size\n"); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 202 | return -ENOMEM; |
| 203 | } |
| 204 | |
| 205 | /* |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 206 | * If the given block size is more than the total image size |
| 207 | * then clip the former to the latter. |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 208 | */ |
| 209 | if (block_size > image_size) { |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 210 | WARN("BL1-FWU: Block size is too big, clipping it.\n"); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 211 | block_size = image_size; |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 212 | } |
| 213 | |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 214 | /* Make sure the source image is mapped in memory. */ |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 215 | if (bl1_plat_mem_check(image_src, block_size, flags)) { |
| 216 | WARN("BL1-FWU: Copy arguments source/size not mapped\n"); |
| 217 | return -ENOMEM; |
| 218 | } |
Yatharth Kochar | 8c0177f | 2016-11-11 13:57:50 +0000 | [diff] [blame] | 219 | #if LOAD_IMAGE_V2 |
| 220 | /* Check that the image size to load is within limit */ |
| 221 | if (image_size > image_desc->image_info.image_max_size) { |
| 222 | WARN("BL1-FWU: Image size out of bounds\n"); |
| 223 | return -ENOMEM; |
| 224 | } |
| 225 | #else |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 226 | /* Find out how much free trusted ram remains after BL1 load */ |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 227 | const meminfo_t *mem_layout = bl1_plat_sec_mem_layout(); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 228 | if ((image_desc->image_info.image_base < mem_layout->free_base) || |
| 229 | (image_desc->image_info.image_base + image_size > |
| 230 | mem_layout->free_base + mem_layout->free_size)) { |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 231 | WARN("BL1-FWU: Copy not allowed due to insufficient" |
| 232 | " resources.\n"); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 233 | return -ENOMEM; |
| 234 | } |
Yatharth Kochar | 8c0177f | 2016-11-11 13:57:50 +0000 | [diff] [blame] | 235 | #endif |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 236 | |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 237 | /* Save the given image size. */ |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 238 | image_desc->image_info.image_size = image_size; |
| 239 | |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 240 | /* Copy the block of data. */ |
| 241 | memcpy((void *)dest_addr, (const void *)image_src, block_size); |
| 242 | flush_dcache_range(dest_addr, block_size); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 243 | |
Sandrine Bailleux | 5ebc21e | 2016-11-11 15:56:20 +0000 | [diff] [blame^] | 244 | /* Update the state of the FWU state machine. */ |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 245 | if (block_size == image_size) { |
| 246 | image_desc->state = IMAGE_STATE_COPIED; |
| 247 | INFO("BL1-FWU: Image is copied successfully\n"); |
| 248 | } else { |
| 249 | image_desc->state = IMAGE_STATE_COPYING; |
| 250 | INFO("BL1-FWU: Started image copy in blocks\n"); |
| 251 | } |
| 252 | |
Yatharth Kochar | f11b29a | 2016-02-01 11:04:46 +0000 | [diff] [blame] | 253 | image_desc->copied_size = block_size; |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 254 | } |
| 255 | |
| 256 | return 0; |
| 257 | } |
| 258 | |
| 259 | /******************************************************************************* |
| 260 | * This function is responsible for authenticating Normal/Secure images. |
| 261 | ******************************************************************************/ |
| 262 | static int bl1_fwu_image_auth(unsigned int image_id, |
| 263 | uintptr_t image_src, |
| 264 | unsigned int image_size, |
| 265 | unsigned int flags) |
| 266 | { |
| 267 | int result; |
| 268 | uintptr_t base_addr; |
| 269 | unsigned int total_size; |
| 270 | |
| 271 | /* Get the image descriptor. */ |
| 272 | image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); |
| 273 | if (!image_desc) |
| 274 | return -EPERM; |
| 275 | |
Yatharth Kochar | f11b29a | 2016-02-01 11:04:46 +0000 | [diff] [blame] | 276 | if (GET_SECURITY_STATE(flags) == SECURE) { |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 277 | if (image_desc->state != IMAGE_STATE_RESET) { |
| 278 | WARN("BL1-FWU: Authentication from secure world " |
| 279 | "while in invalid state\n"); |
| 280 | return -EPERM; |
| 281 | } |
| 282 | } else { |
Yatharth Kochar | f11b29a | 2016-02-01 11:04:46 +0000 | [diff] [blame] | 283 | if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) { |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 284 | if (image_desc->state != IMAGE_STATE_COPIED) { |
| 285 | WARN("BL1-FWU: Authentication of secure image " |
| 286 | "from non-secure world while not in copied state\n"); |
| 287 | return -EPERM; |
| 288 | } |
| 289 | } else { |
| 290 | if (image_desc->state != IMAGE_STATE_RESET) { |
| 291 | WARN("BL1-FWU: Authentication of non-secure image " |
| 292 | "from non-secure world while in invalid state\n"); |
| 293 | return -EPERM; |
| 294 | } |
| 295 | } |
| 296 | } |
| 297 | |
| 298 | if (image_desc->state == IMAGE_STATE_COPIED) { |
| 299 | /* |
| 300 | * Image is in COPIED state. |
| 301 | * Use the stored address and size. |
| 302 | */ |
| 303 | base_addr = image_desc->image_info.image_base; |
| 304 | total_size = image_desc->image_info.image_size; |
| 305 | } else { |
| 306 | if ((!image_src) || (!image_size)) { |
| 307 | WARN("BL1-FWU: Auth not allowed due to invalid" |
| 308 | " image source/size\n"); |
| 309 | return -ENOMEM; |
| 310 | } |
| 311 | |
| 312 | /* |
| 313 | * Image is in RESET state. |
| 314 | * Check the parameters and authenticate the source image in place. |
| 315 | */ |
Dan Handley | 35e5f69 | 2015-12-14 16:26:43 +0000 | [diff] [blame] | 316 | if (bl1_plat_mem_check(image_src, image_size, \ |
| 317 | image_desc->ep_info.h.attr)) { |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 318 | WARN("BL1-FWU: Authentication arguments source/size not mapped\n"); |
| 319 | return -ENOMEM; |
| 320 | } |
| 321 | |
| 322 | base_addr = image_src; |
| 323 | total_size = image_size; |
| 324 | |
| 325 | /* Update the image size in the descriptor. */ |
| 326 | image_desc->image_info.image_size = total_size; |
| 327 | } |
| 328 | |
| 329 | /* |
| 330 | * Authenticate the image. |
| 331 | */ |
| 332 | INFO("BL1-FWU: Authenticating image_id:%d\n", image_id); |
| 333 | result = auth_mod_verify_img(image_id, (void *)base_addr, total_size); |
| 334 | if (result != 0) { |
| 335 | WARN("BL1-FWU: Authentication Failed err=%d\n", result); |
| 336 | |
| 337 | /* |
| 338 | * Authentication has failed. |
| 339 | * Clear the memory if the image was copied. |
| 340 | * This is to prevent an attack where this contains |
| 341 | * some malicious code that can somehow be executed later. |
| 342 | */ |
| 343 | if (image_desc->state == IMAGE_STATE_COPIED) { |
| 344 | /* Clear the memory.*/ |
| 345 | memset((void *)base_addr, 0, total_size); |
| 346 | flush_dcache_range(base_addr, total_size); |
| 347 | |
| 348 | /* Indicate that image can be copied again*/ |
| 349 | image_desc->state = IMAGE_STATE_RESET; |
| 350 | } |
| 351 | return -EAUTH; |
| 352 | } |
| 353 | |
| 354 | /* Indicate that image is in authenticated state. */ |
| 355 | image_desc->state = IMAGE_STATE_AUTHENTICATED; |
| 356 | |
| 357 | /* |
| 358 | * Flush image_info to memory so that other |
| 359 | * secure world images can see changes. |
| 360 | */ |
| 361 | flush_dcache_range((unsigned long)&image_desc->image_info, |
| 362 | sizeof(image_info_t)); |
| 363 | |
| 364 | INFO("BL1-FWU: Authentication was successful\n"); |
| 365 | |
| 366 | return 0; |
| 367 | } |
| 368 | |
| 369 | /******************************************************************************* |
| 370 | * This function is responsible for executing Secure images. |
| 371 | ******************************************************************************/ |
| 372 | static int bl1_fwu_image_execute(unsigned int image_id, |
| 373 | void **handle, |
| 374 | unsigned int flags) |
| 375 | { |
| 376 | /* Get the image descriptor. */ |
| 377 | image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); |
| 378 | |
| 379 | /* |
| 380 | * Execution is NOT allowed if: |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 381 | * image_id is invalid OR |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 382 | * Caller is from Secure world OR |
| 383 | * Image is Non-Secure OR |
| 384 | * Image is Non-Executable OR |
| 385 | * Image is NOT in AUTHENTICATED state. |
| 386 | */ |
| 387 | if ((!image_desc) || |
Yatharth Kochar | f11b29a | 2016-02-01 11:04:46 +0000 | [diff] [blame] | 388 | (GET_SECURITY_STATE(flags) == SECURE) || |
| 389 | (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) || |
| 390 | (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) || |
| 391 | (image_desc->state != IMAGE_STATE_AUTHENTICATED)) { |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 392 | WARN("BL1-FWU: Execution not allowed due to invalid state/args\n"); |
| 393 | return -EPERM; |
| 394 | } |
| 395 | |
| 396 | INFO("BL1-FWU: Executing Secure image\n"); |
| 397 | |
| 398 | /* Save NS-EL1 system registers. */ |
| 399 | cm_el1_sysregs_context_save(NON_SECURE); |
| 400 | |
| 401 | /* Prepare the image for execution. */ |
| 402 | bl1_prepare_next_image(image_id); |
| 403 | |
| 404 | /* Update the secure image id. */ |
| 405 | sec_exec_image_id = image_id; |
| 406 | |
| 407 | *handle = cm_get_context(SECURE); |
| 408 | return 0; |
| 409 | } |
| 410 | |
| 411 | /******************************************************************************* |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 412 | * This function is responsible for resuming execution in the other security |
| 413 | * world |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 414 | ******************************************************************************/ |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 415 | static register_t bl1_fwu_image_resume(register_t image_param, |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 416 | void **handle, |
| 417 | unsigned int flags) |
| 418 | { |
| 419 | image_desc_t *image_desc; |
| 420 | unsigned int resume_sec_state; |
Yatharth Kochar | f11b29a | 2016-02-01 11:04:46 +0000 | [diff] [blame] | 421 | unsigned int caller_sec_state = GET_SECURITY_STATE(flags); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 422 | |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 423 | /* Get the image descriptor for last executed secure image id. */ |
| 424 | image_desc = bl1_plat_get_image_desc(sec_exec_image_id); |
| 425 | if (caller_sec_state == NON_SECURE) { |
| 426 | if (!image_desc) { |
| 427 | WARN("BL1-FWU: Resume not allowed due to no available" |
| 428 | "secure image\n"); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 429 | return -EPERM; |
| 430 | } |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 431 | } else { |
| 432 | /* image_desc must be valid for secure world callers */ |
| 433 | assert(image_desc); |
| 434 | } |
| 435 | |
Yatharth Kochar | f11b29a | 2016-02-01 11:04:46 +0000 | [diff] [blame] | 436 | assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); |
| 437 | assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 438 | |
| 439 | if (caller_sec_state == SECURE) { |
| 440 | assert(image_desc->state == IMAGE_STATE_EXECUTED); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 441 | |
| 442 | /* Update the flags. */ |
| 443 | image_desc->state = IMAGE_STATE_INTERRUPTED; |
| 444 | resume_sec_state = NON_SECURE; |
| 445 | } else { |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 446 | assert(image_desc->state == IMAGE_STATE_INTERRUPTED); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 447 | |
| 448 | /* Update the flags. */ |
| 449 | image_desc->state = IMAGE_STATE_EXECUTED; |
| 450 | resume_sec_state = SECURE; |
| 451 | } |
| 452 | |
| 453 | /* Save the EL1 system registers of calling world. */ |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 454 | cm_el1_sysregs_context_save(caller_sec_state); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 455 | |
| 456 | /* Restore the EL1 system registers of resuming world. */ |
| 457 | cm_el1_sysregs_context_restore(resume_sec_state); |
| 458 | |
| 459 | /* Update the next context. */ |
| 460 | cm_set_next_eret_context(resume_sec_state); |
| 461 | |
| 462 | INFO("BL1-FWU: Resuming %s world context\n", |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 463 | (resume_sec_state == SECURE) ? "secure" : "normal"); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 464 | |
| 465 | *handle = cm_get_context(resume_sec_state); |
| 466 | return image_param; |
| 467 | } |
| 468 | |
| 469 | /******************************************************************************* |
| 470 | * This function is responsible for resuming normal world context. |
| 471 | ******************************************************************************/ |
| 472 | static int bl1_fwu_sec_image_done(void **handle, unsigned int flags) |
| 473 | { |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 474 | image_desc_t *image_desc; |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 475 | |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 476 | /* Make sure caller is from the secure world */ |
Yatharth Kochar | f11b29a | 2016-02-01 11:04:46 +0000 | [diff] [blame] | 477 | if (GET_SECURITY_STATE(flags) == NON_SECURE) { |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 478 | WARN("BL1-FWU: Image done not allowed from normal world\n"); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 479 | return -EPERM; |
| 480 | } |
| 481 | |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 482 | /* Get the image descriptor for last executed secure image id */ |
| 483 | image_desc = bl1_plat_get_image_desc(sec_exec_image_id); |
| 484 | |
| 485 | /* image_desc must correspond to a valid secure executing image */ |
| 486 | assert(image_desc); |
Yatharth Kochar | f11b29a | 2016-02-01 11:04:46 +0000 | [diff] [blame] | 487 | assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); |
| 488 | assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); |
Dan Handley | 8ec7652 | 2015-12-15 10:52:33 +0000 | [diff] [blame] | 489 | assert(image_desc->state == IMAGE_STATE_EXECUTED); |
| 490 | |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 491 | /* Update the flags. */ |
| 492 | image_desc->state = IMAGE_STATE_RESET; |
| 493 | sec_exec_image_id = INVALID_IMAGE_ID; |
| 494 | |
| 495 | /* |
| 496 | * Secure world is done so no need to save the context. |
| 497 | * Just restore the Non-Secure context. |
| 498 | */ |
| 499 | cm_el1_sysregs_context_restore(NON_SECURE); |
| 500 | |
| 501 | /* Update the next context. */ |
| 502 | cm_set_next_eret_context(NON_SECURE); |
| 503 | |
| 504 | INFO("BL1-FWU: Resuming Normal world context\n"); |
| 505 | |
| 506 | *handle = cm_get_context(NON_SECURE); |
| 507 | return 0; |
| 508 | } |
| 509 | |
| 510 | /******************************************************************************* |
| 511 | * This function provides the opportunity for users to perform any |
| 512 | * platform specific handling after the Firmware update is done. |
| 513 | ******************************************************************************/ |
Dan Handley | 89f8f33 | 2015-12-15 14:28:24 +0000 | [diff] [blame] | 514 | __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved) |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 515 | { |
| 516 | NOTICE("BL1-FWU: *******FWU Process Completed*******\n"); |
| 517 | |
| 518 | /* |
| 519 | * Call platform done function. |
| 520 | */ |
Dan Handley | 89f8f33 | 2015-12-15 14:28:24 +0000 | [diff] [blame] | 521 | bl1_plat_fwu_done(client_cookie, reserved); |
Yatharth Kochar | 71c9a5e | 2015-10-10 19:06:53 +0100 | [diff] [blame] | 522 | assert(0); |
| 523 | } |