blob: ed027abc71404815965968673b5dad0d0c1133b6 [file] [log] [blame]
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01001/*
Soby Mathew2f38ce32018-02-08 17:45:12 +00002 * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01005 */
6
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01007#include <arch_helpers.h>
Isla Mitchell99305012017-07-11 14:54:08 +01008#include <assert.h>
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01009#include <auth_mod.h>
10#include <bl1.h>
11#include <bl_common.h>
12#include <context.h>
13#include <context_mgmt.h>
14#include <debug.h>
15#include <errno.h>
16#include <platform.h>
17#include <platform_def.h>
Antonio Nino Diaz3c817f42018-03-21 10:49:27 +000018#include <smccc_helpers.h>
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010019#include <string.h>
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +000020#include <utils.h>
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010021#include "bl1_private.h"
22
23/*
24 * Function declarations.
25 */
26static int bl1_fwu_image_copy(unsigned int image_id,
27 uintptr_t image_addr,
28 unsigned int block_size,
29 unsigned int image_size,
30 unsigned int flags);
31static int bl1_fwu_image_auth(unsigned int image_id,
32 uintptr_t image_addr,
33 unsigned int image_size,
34 unsigned int flags);
35static int bl1_fwu_image_execute(unsigned int image_id,
36 void **handle,
37 unsigned int flags);
Dan Handley8ec76522015-12-15 10:52:33 +000038static register_t bl1_fwu_image_resume(register_t image_param,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010039 void **handle,
40 unsigned int flags);
41static int bl1_fwu_sec_image_done(void **handle,
42 unsigned int flags);
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010043static int bl1_fwu_image_reset(unsigned int image_id,
44 unsigned int flags);
Dan Handley89f8f332015-12-15 14:28:24 +000045__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010046
47/*
48 * This keeps track of last executed secure image id.
49 */
50static unsigned int sec_exec_image_id = INVALID_IMAGE_ID;
51
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010052/* Authentication status of each image. */
53extern unsigned int auth_img_flags[];
54
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010055/*******************************************************************************
56 * Top level handler for servicing FWU SMCs.
57 ******************************************************************************/
58register_t bl1_fwu_smc_handler(unsigned int smc_fid,
59 register_t x1,
60 register_t x2,
61 register_t x3,
62 register_t x4,
63 void *cookie,
64 void *handle,
65 unsigned int flags)
66{
67
68 switch (smc_fid) {
69 case FWU_SMC_IMAGE_COPY:
70 SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags));
71
72 case FWU_SMC_IMAGE_AUTH:
73 SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags));
74
75 case FWU_SMC_IMAGE_EXECUTE:
76 SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags));
77
78 case FWU_SMC_IMAGE_RESUME:
Dan Handley8ec76522015-12-15 10:52:33 +000079 SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags));
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010080
81 case FWU_SMC_SEC_IMAGE_DONE:
82 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags));
83
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010084 case FWU_SMC_IMAGE_RESET:
85 SMC_RET1(handle, bl1_fwu_image_reset(x1, flags));
86
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010087 case FWU_SMC_UPDATE_DONE:
Dan Handley89f8f332015-12-15 14:28:24 +000088 bl1_fwu_done((void *)x1, NULL);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010089 /* We should never return from bl1_fwu_done() */
90
91 default:
92 assert(0);
93 break;
94 }
95
Antonio Nino Diazacb29142017-04-04 17:08:32 +010096 SMC_RET1(handle, SMC_UNK);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010097}
98
99/*******************************************************************************
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100100 * Utility functions to keep track of the images that are loaded at any time.
101 ******************************************************************************/
102
103#ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
104#define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
105#else
106#define FWU_MAX_SIMULTANEOUS_IMAGES 10
107#endif
108
109static int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = {
110 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID
111};
112
113/*
114 * Adds an image_id to the bl1_fwu_loaded_ids array.
115 * Returns 0 on success, 1 on error.
116 */
117static int bl1_fwu_add_loaded_id(int image_id)
118{
119 int i;
120
121 /* Check if the ID is already in the list */
122 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
123 if (bl1_fwu_loaded_ids[i] == image_id)
124 return 0;
125 }
126
127 /* Find an empty slot */
128 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
129 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) {
130 bl1_fwu_loaded_ids[i] = image_id;
131 return 0;
132 }
133 }
134
135 return 1;
136}
137
138/*
139 * Removes an image_id from the bl1_fwu_loaded_ids array.
140 * Returns 0 on success, 1 on error.
141 */
142static int bl1_fwu_remove_loaded_id(int image_id)
143{
144 int i;
145
146 /* Find the ID */
147 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
148 if (bl1_fwu_loaded_ids[i] == image_id) {
149 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID;
150 return 0;
151 }
152 }
153
154 return 1;
155}
156
157/*******************************************************************************
158 * This function checks if the specified image overlaps another image already
159 * loaded. It returns 0 if there is no overlap, a negative error code otherwise.
160 ******************************************************************************/
161static int bl1_fwu_image_check_overlaps(int image_id)
162{
163 const image_desc_t *image_desc, *checked_image_desc;
164 const image_info_t *info, *checked_info;
165
166 uintptr_t image_base, image_end;
167 uintptr_t checked_image_base, checked_image_end;
168
169 checked_image_desc = bl1_plat_get_image_desc(image_id);
170 checked_info = &checked_image_desc->image_info;
171
172 /* Image being checked mustn't be empty. */
173 assert(checked_info->image_size != 0);
174
175 checked_image_base = checked_info->image_base;
176 checked_image_end = checked_image_base + checked_info->image_size - 1;
Soby Mathewf088b342017-06-15 16:11:48 +0100177 /* No need to check for overflows, it's done in bl1_fwu_image_copy(). */
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100178
179 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
180
Soby Mathewf088b342017-06-15 16:11:48 +0100181 /* Skip INVALID_IMAGE_IDs and don't check image against itself */
182 if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) ||
183 (bl1_fwu_loaded_ids[i] == image_id))
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100184 continue;
185
186 image_desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]);
187
188 /* Only check images that are loaded or being loaded. */
Soby Mathewf088b342017-06-15 16:11:48 +0100189 assert (image_desc && image_desc->state != IMAGE_STATE_RESET);
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100190
191 info = &image_desc->image_info;
192
193 /* There cannot be overlaps with an empty image. */
194 if (info->image_size == 0)
195 continue;
196
197 image_base = info->image_base;
198 image_end = image_base + info->image_size - 1;
199 /*
200 * Overflows cannot happen. It is checked in
201 * bl1_fwu_image_copy() when the image goes from RESET to
202 * COPYING or COPIED.
203 */
204 assert (image_end > image_base);
205
206 /* Check if there are overlaps. */
207 if (!(image_end < checked_image_base ||
208 checked_image_end < image_base)) {
209 VERBOSE("Image with ID %d overlaps existing image with ID %d",
210 checked_image_desc->image_id, image_desc->image_id);
211 return -EPERM;
212 }
213 }
214
215 return 0;
216}
217
218/*******************************************************************************
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100219 * This function is responsible for copying secure images in AP Secure RAM.
220 ******************************************************************************/
221static int bl1_fwu_image_copy(unsigned int image_id,
222 uintptr_t image_src,
223 unsigned int block_size,
224 unsigned int image_size,
225 unsigned int flags)
226{
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000227 uintptr_t dest_addr;
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000228 unsigned int remaining;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100229
230 /* Get the image descriptor. */
231 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000232 if (!image_desc) {
233 WARN("BL1-FWU: Invalid image ID %u\n", image_id);
234 return -EPERM;
235 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100236
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000237 /*
238 * The request must originate from a non-secure caller and target a
239 * secure image. Any other scenario is invalid.
240 */
241 if (GET_SECURITY_STATE(flags) == SECURE) {
242 WARN("BL1-FWU: Copy not allowed from secure world.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100243 return -EPERM;
244 }
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000245 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) {
246 WARN("BL1-FWU: Copy not allowed for non-secure images.\n");
247 return -EPERM;
248 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100249
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000250 /* Check whether the FWU state machine is in the correct state. */
251 if ((image_desc->state != IMAGE_STATE_RESET) &&
252 (image_desc->state != IMAGE_STATE_COPYING)) {
253 WARN("BL1-FWU: Copy not allowed at this point of the FWU"
254 " process.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100255 return -EPERM;
256 }
257
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000258 if ((!image_src) || (!block_size) ||
259 check_uptr_overflow(image_src, block_size - 1)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100260 WARN("BL1-FWU: Copy not allowed due to invalid image source"
261 " or block size\n");
262 return -ENOMEM;
263 }
264
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100265 if (image_desc->state == IMAGE_STATE_COPYING) {
Sandrine Bailleuxbbc08222016-11-14 14:58:05 +0000266 /*
267 * There must have been at least 1 copy operation for this image
268 * previously.
269 */
270 assert(image_desc->copied_size != 0);
271 /*
272 * The image size must have been recorded in the 1st copy
273 * operation.
274 */
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000275 image_size = image_desc->image_info.image_size;
Sandrine Bailleuxbbc08222016-11-14 14:58:05 +0000276 assert(image_size != 0);
277 assert(image_desc->copied_size < image_size);
278
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100279 INFO("BL1-FWU: Continuing image copy in blocks\n");
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000280 } else { /* image_desc->state == IMAGE_STATE_RESET */
281 INFO("BL1-FWU: Initial call to copy an image\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100282
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000283 /*
284 * image_size is relevant only for the 1st copy request, it is
285 * then ignored for subsequent calls for this image.
286 */
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100287 if (!image_size) {
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000288 WARN("BL1-FWU: Copy not allowed due to invalid image"
289 " size\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100290 return -ENOMEM;
291 }
292
Yatharth Kochar8c0177f2016-11-11 13:57:50 +0000293#if LOAD_IMAGE_V2
294 /* Check that the image size to load is within limit */
295 if (image_size > image_desc->image_info.image_max_size) {
296 WARN("BL1-FWU: Image size out of bounds\n");
297 return -ENOMEM;
298 }
299#else
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000300 /*
301 * Check the image will fit into the free trusted RAM after BL1
302 * load.
303 */
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000304 const meminfo_t *mem_layout = bl1_plat_sec_mem_layout();
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000305 if (!is_mem_free(mem_layout->free_base, mem_layout->free_size,
306 image_desc->image_info.image_base,
307 image_size)) {
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000308 WARN("BL1-FWU: Copy not allowed due to insufficient"
309 " resources.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100310 return -ENOMEM;
311 }
Yatharth Kochar8c0177f2016-11-11 13:57:50 +0000312#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100313
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000314 /* Save the given image size. */
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100315 image_desc->image_info.image_size = image_size;
316
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100317 /* Make sure the image doesn't overlap other images. */
318 if (bl1_fwu_image_check_overlaps(image_id)) {
319 image_desc->image_info.image_size = 0;
320 WARN("BL1-FWU: This image overlaps another one\n");
321 return -EPERM;
322 }
323
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000324 /*
325 * copied_size must be explicitly initialized here because the
326 * FWU code doesn't necessarily do it when it resets the state
327 * machine.
328 */
329 image_desc->copied_size = 0;
330 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100331
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000332 /*
333 * If the given block size is more than the total image size
334 * then clip the former to the latter.
335 */
336 remaining = image_size - image_desc->copied_size;
337 if (block_size > remaining) {
338 WARN("BL1-FWU: Block size is too big, clipping it.\n");
339 block_size = remaining;
340 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100341
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000342 /* Make sure the source image is mapped in memory. */
343 if (bl1_plat_mem_check(image_src, block_size, flags)) {
344 WARN("BL1-FWU: Source image is not mapped.\n");
345 return -ENOMEM;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100346 }
347
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100348 if (bl1_fwu_add_loaded_id(image_id)) {
349 WARN("BL1-FWU: Too many images loaded at the same time.\n");
350 return -ENOMEM;
351 }
352
Soby Mathew2f38ce32018-02-08 17:45:12 +0000353 /* Allow the platform to handle pre-image load before copying */
354 if (image_desc->state == IMAGE_STATE_RESET) {
355 if (bl1_plat_handle_pre_image_load(image_id) != 0) {
356 ERROR("BL1-FWU: Failure in pre-image load of image id %d\n",
357 image_id);
358 return -EPERM;
359 }
360 }
361
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000362 /* Everything looks sane. Go ahead and copy the block of data. */
363 dest_addr = image_desc->image_info.image_base + image_desc->copied_size;
364 memcpy((void *) dest_addr, (const void *) image_src, block_size);
365 flush_dcache_range(dest_addr, block_size);
366
367 image_desc->copied_size += block_size;
368 image_desc->state = (block_size == remaining) ?
369 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING;
370
371 INFO("BL1-FWU: Copy operation successful.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100372 return 0;
373}
374
375/*******************************************************************************
376 * This function is responsible for authenticating Normal/Secure images.
377 ******************************************************************************/
378static int bl1_fwu_image_auth(unsigned int image_id,
379 uintptr_t image_src,
380 unsigned int image_size,
381 unsigned int flags)
382{
383 int result;
384 uintptr_t base_addr;
385 unsigned int total_size;
386
387 /* Get the image descriptor. */
388 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
389 if (!image_desc)
390 return -EPERM;
391
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000392 if (GET_SECURITY_STATE(flags) == SECURE) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100393 if (image_desc->state != IMAGE_STATE_RESET) {
394 WARN("BL1-FWU: Authentication from secure world "
395 "while in invalid state\n");
396 return -EPERM;
397 }
398 } else {
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000399 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100400 if (image_desc->state != IMAGE_STATE_COPIED) {
401 WARN("BL1-FWU: Authentication of secure image "
402 "from non-secure world while not in copied state\n");
403 return -EPERM;
404 }
405 } else {
406 if (image_desc->state != IMAGE_STATE_RESET) {
407 WARN("BL1-FWU: Authentication of non-secure image "
408 "from non-secure world while in invalid state\n");
409 return -EPERM;
410 }
411 }
412 }
413
414 if (image_desc->state == IMAGE_STATE_COPIED) {
415 /*
416 * Image is in COPIED state.
417 * Use the stored address and size.
418 */
419 base_addr = image_desc->image_info.image_base;
420 total_size = image_desc->image_info.image_size;
421 } else {
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000422 if ((!image_src) || (!image_size) ||
423 check_uptr_overflow(image_src, image_size - 1)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100424 WARN("BL1-FWU: Auth not allowed due to invalid"
425 " image source/size\n");
426 return -ENOMEM;
427 }
428
429 /*
430 * Image is in RESET state.
431 * Check the parameters and authenticate the source image in place.
432 */
Dan Handley35e5f692015-12-14 16:26:43 +0000433 if (bl1_plat_mem_check(image_src, image_size, \
434 image_desc->ep_info.h.attr)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100435 WARN("BL1-FWU: Authentication arguments source/size not mapped\n");
436 return -ENOMEM;
437 }
438
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100439 if (bl1_fwu_add_loaded_id(image_id)) {
440 WARN("BL1-FWU: Too many images loaded at the same time.\n");
441 return -ENOMEM;
442 }
443
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100444 base_addr = image_src;
445 total_size = image_size;
446
447 /* Update the image size in the descriptor. */
448 image_desc->image_info.image_size = total_size;
449 }
450
451 /*
452 * Authenticate the image.
453 */
454 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id);
455 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size);
456 if (result != 0) {
457 WARN("BL1-FWU: Authentication Failed err=%d\n", result);
458
459 /*
460 * Authentication has failed.
461 * Clear the memory if the image was copied.
462 * This is to prevent an attack where this contains
463 * some malicious code that can somehow be executed later.
464 */
465 if (image_desc->state == IMAGE_STATE_COPIED) {
466 /* Clear the memory.*/
Douglas Raillard21362a92016-12-02 13:51:54 +0000467 zero_normalmem((void *)base_addr, total_size);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100468 flush_dcache_range(base_addr, total_size);
469
470 /* Indicate that image can be copied again*/
471 image_desc->state = IMAGE_STATE_RESET;
472 }
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100473
474 /*
475 * Even if this fails it's ok because the ID isn't in the array.
476 * The image cannot be in RESET state here, it is checked at the
477 * beginning of the function.
478 */
479 bl1_fwu_remove_loaded_id(image_id);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100480 return -EAUTH;
481 }
482
483 /* Indicate that image is in authenticated state. */
484 image_desc->state = IMAGE_STATE_AUTHENTICATED;
485
Soby Mathew2f38ce32018-02-08 17:45:12 +0000486 /* Allow the platform to handle post-image load */
487 result = bl1_plat_handle_post_image_load(image_id);
488 if (result != 0) {
489 ERROR("BL1-FWU: Failure %d in post-image load of image id %d\n",
490 result, image_id);
491 /*
492 * Panic here as the platform handling of post-image load is
493 * not correct.
494 */
495 plat_error_handler(result);
496 }
497
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100498 /*
499 * Flush image_info to memory so that other
500 * secure world images can see changes.
501 */
502 flush_dcache_range((unsigned long)&image_desc->image_info,
503 sizeof(image_info_t));
504
505 INFO("BL1-FWU: Authentication was successful\n");
506
507 return 0;
508}
509
510/*******************************************************************************
511 * This function is responsible for executing Secure images.
512 ******************************************************************************/
513static int bl1_fwu_image_execute(unsigned int image_id,
514 void **handle,
515 unsigned int flags)
516{
517 /* Get the image descriptor. */
518 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
519
520 /*
521 * Execution is NOT allowed if:
Dan Handley8ec76522015-12-15 10:52:33 +0000522 * image_id is invalid OR
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100523 * Caller is from Secure world OR
524 * Image is Non-Secure OR
525 * Image is Non-Executable OR
526 * Image is NOT in AUTHENTICATED state.
527 */
528 if ((!image_desc) ||
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000529 (GET_SECURITY_STATE(flags) == SECURE) ||
530 (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) ||
531 (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) ||
532 (image_desc->state != IMAGE_STATE_AUTHENTICATED)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100533 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n");
534 return -EPERM;
535 }
536
537 INFO("BL1-FWU: Executing Secure image\n");
538
dp-armcdd03cb2017-02-15 11:07:55 +0000539#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100540 /* Save NS-EL1 system registers. */
541 cm_el1_sysregs_context_save(NON_SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000542#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100543
544 /* Prepare the image for execution. */
545 bl1_prepare_next_image(image_id);
546
547 /* Update the secure image id. */
548 sec_exec_image_id = image_id;
549
dp-armcdd03cb2017-02-15 11:07:55 +0000550#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100551 *handle = cm_get_context(SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000552#else
553 *handle = smc_get_ctx(SECURE);
554#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100555 return 0;
556}
557
558/*******************************************************************************
Dan Handley8ec76522015-12-15 10:52:33 +0000559 * This function is responsible for resuming execution in the other security
560 * world
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100561 ******************************************************************************/
Dan Handley8ec76522015-12-15 10:52:33 +0000562static register_t bl1_fwu_image_resume(register_t image_param,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100563 void **handle,
564 unsigned int flags)
565{
566 image_desc_t *image_desc;
567 unsigned int resume_sec_state;
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000568 unsigned int caller_sec_state = GET_SECURITY_STATE(flags);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100569
Dan Handley8ec76522015-12-15 10:52:33 +0000570 /* Get the image descriptor for last executed secure image id. */
571 image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
572 if (caller_sec_state == NON_SECURE) {
573 if (!image_desc) {
574 WARN("BL1-FWU: Resume not allowed due to no available"
575 "secure image\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100576 return -EPERM;
577 }
Dan Handley8ec76522015-12-15 10:52:33 +0000578 } else {
579 /* image_desc must be valid for secure world callers */
580 assert(image_desc);
581 }
582
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000583 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
584 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
Dan Handley8ec76522015-12-15 10:52:33 +0000585
586 if (caller_sec_state == SECURE) {
587 assert(image_desc->state == IMAGE_STATE_EXECUTED);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100588
589 /* Update the flags. */
590 image_desc->state = IMAGE_STATE_INTERRUPTED;
591 resume_sec_state = NON_SECURE;
592 } else {
Dan Handley8ec76522015-12-15 10:52:33 +0000593 assert(image_desc->state == IMAGE_STATE_INTERRUPTED);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100594
595 /* Update the flags. */
596 image_desc->state = IMAGE_STATE_EXECUTED;
597 resume_sec_state = SECURE;
598 }
599
dp-armcdd03cb2017-02-15 11:07:55 +0000600 INFO("BL1-FWU: Resuming %s world context\n",
601 (resume_sec_state == SECURE) ? "secure" : "normal");
602
603#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100604 /* Save the EL1 system registers of calling world. */
Dan Handley8ec76522015-12-15 10:52:33 +0000605 cm_el1_sysregs_context_save(caller_sec_state);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100606
607 /* Restore the EL1 system registers of resuming world. */
608 cm_el1_sysregs_context_restore(resume_sec_state);
609
610 /* Update the next context. */
611 cm_set_next_eret_context(resume_sec_state);
612
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100613 *handle = cm_get_context(resume_sec_state);
dp-armcdd03cb2017-02-15 11:07:55 +0000614#else
615 /* Update the next context. */
616 cm_set_next_context(cm_get_context(resume_sec_state));
617
618 /* Prepare the smc context for the next BL image. */
619 smc_set_next_ctx(resume_sec_state);
620
621 *handle = smc_get_ctx(resume_sec_state);
622#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100623 return image_param;
624}
625
626/*******************************************************************************
627 * This function is responsible for resuming normal world context.
628 ******************************************************************************/
629static int bl1_fwu_sec_image_done(void **handle, unsigned int flags)
630{
Dan Handley8ec76522015-12-15 10:52:33 +0000631 image_desc_t *image_desc;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100632
Dan Handley8ec76522015-12-15 10:52:33 +0000633 /* Make sure caller is from the secure world */
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000634 if (GET_SECURITY_STATE(flags) == NON_SECURE) {
Dan Handley8ec76522015-12-15 10:52:33 +0000635 WARN("BL1-FWU: Image done not allowed from normal world\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100636 return -EPERM;
637 }
638
Dan Handley8ec76522015-12-15 10:52:33 +0000639 /* Get the image descriptor for last executed secure image id */
640 image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
641
642 /* image_desc must correspond to a valid secure executing image */
643 assert(image_desc);
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000644 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
645 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
Dan Handley8ec76522015-12-15 10:52:33 +0000646 assert(image_desc->state == IMAGE_STATE_EXECUTED);
647
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100648#if ENABLE_ASSERTIONS
649 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id);
650 assert(rc == 0);
651#else
652 bl1_fwu_remove_loaded_id(sec_exec_image_id);
653#endif
654
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100655 /* Update the flags. */
656 image_desc->state = IMAGE_STATE_RESET;
657 sec_exec_image_id = INVALID_IMAGE_ID;
658
dp-armcdd03cb2017-02-15 11:07:55 +0000659 INFO("BL1-FWU: Resuming Normal world context\n");
660#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100661 /*
662 * Secure world is done so no need to save the context.
663 * Just restore the Non-Secure context.
664 */
665 cm_el1_sysregs_context_restore(NON_SECURE);
666
667 /* Update the next context. */
668 cm_set_next_eret_context(NON_SECURE);
669
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100670 *handle = cm_get_context(NON_SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000671#else
672 /* Update the next context. */
673 cm_set_next_context(cm_get_context(NON_SECURE));
674
675 /* Prepare the smc context for the next BL image. */
676 smc_set_next_ctx(NON_SECURE);
677
678 *handle = smc_get_ctx(NON_SECURE);
679#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100680 return 0;
681}
682
683/*******************************************************************************
684 * This function provides the opportunity for users to perform any
685 * platform specific handling after the Firmware update is done.
686 ******************************************************************************/
Dan Handley89f8f332015-12-15 14:28:24 +0000687__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved)
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100688{
689 NOTICE("BL1-FWU: *******FWU Process Completed*******\n");
690
691 /*
692 * Call platform done function.
693 */
Dan Handley89f8f332015-12-15 14:28:24 +0000694 bl1_plat_fwu_done(client_cookie, reserved);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100695 assert(0);
696}
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100697
698/*******************************************************************************
699 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is
700 * being executed.
701 ******************************************************************************/
702static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags)
703{
704 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
705
706 if ((!image_desc) || (GET_SECURITY_STATE(flags) == SECURE)) {
707 WARN("BL1-FWU: Reset not allowed due to invalid args\n");
708 return -EPERM;
709 }
710
711 switch (image_desc->state) {
712
713 case IMAGE_STATE_RESET:
714 /* Nothing to do. */
715 break;
716
717 case IMAGE_STATE_INTERRUPTED:
718 case IMAGE_STATE_AUTHENTICATED:
719 case IMAGE_STATE_COPIED:
720 case IMAGE_STATE_COPYING:
721
722 if (bl1_fwu_remove_loaded_id(image_id)) {
723 WARN("BL1-FWU: Image reset couldn't find the image ID\n");
724 return -EPERM;
725 }
726
Soby Mathewf088b342017-06-15 16:11:48 +0100727 if (image_desc->copied_size) {
728 /* Clear the memory if the image is copied */
729 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
730
731 zero_normalmem((void *)image_desc->image_info.image_base,
732 image_desc->copied_size);
733 flush_dcache_range(image_desc->image_info.image_base,
734 image_desc->copied_size);
735 }
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100736
737 /* Reset status variables */
738 image_desc->copied_size = 0;
739 image_desc->image_info.image_size = 0;
740 image_desc->state = IMAGE_STATE_RESET;
741
742 /* Clear authentication state */
743 auth_img_flags[image_id] = 0;
744
745 break;
746
747 case IMAGE_STATE_EXECUTED:
748 default:
749 assert(0);
750 }
751
752 return 0;
753}