blob: 0fbdf515e0da41b938cf17dcfde99b2fc22cecea [file] [log] [blame]
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01001/*
Soby Mathew2f38ce32018-02-08 17:45:12 +00002 * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01005 */
6
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01007#include <arch_helpers.h>
Isla Mitchell99305012017-07-11 14:54:08 +01008#include <assert.h>
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01009#include <auth_mod.h>
10#include <bl1.h>
11#include <bl_common.h>
12#include <context.h>
13#include <context_mgmt.h>
14#include <debug.h>
15#include <errno.h>
16#include <platform.h>
17#include <platform_def.h>
Antonio Nino Diaz3c817f42018-03-21 10:49:27 +000018#include <smccc_helpers.h>
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010019#include <string.h>
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +000020#include <utils.h>
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010021#include "bl1_private.h"
22
23/*
24 * Function declarations.
25 */
26static int bl1_fwu_image_copy(unsigned int image_id,
Roberto Vargasbe126ed2018-02-12 12:36:17 +000027 uintptr_t image_src,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010028 unsigned int block_size,
29 unsigned int image_size,
30 unsigned int flags);
31static int bl1_fwu_image_auth(unsigned int image_id,
Roberto Vargasbe126ed2018-02-12 12:36:17 +000032 uintptr_t image_src,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010033 unsigned int image_size,
34 unsigned int flags);
35static int bl1_fwu_image_execute(unsigned int image_id,
36 void **handle,
37 unsigned int flags);
Dan Handley8ec76522015-12-15 10:52:33 +000038static register_t bl1_fwu_image_resume(register_t image_param,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010039 void **handle,
40 unsigned int flags);
41static int bl1_fwu_sec_image_done(void **handle,
42 unsigned int flags);
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010043static int bl1_fwu_image_reset(unsigned int image_id,
44 unsigned int flags);
Dan Handley89f8f332015-12-15 14:28:24 +000045__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010046
47/*
48 * This keeps track of last executed secure image id.
49 */
50static unsigned int sec_exec_image_id = INVALID_IMAGE_ID;
51
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010052/* Authentication status of each image. */
Roberto Vargasbe126ed2018-02-12 12:36:17 +000053extern unsigned int auth_img_flags[MAX_NUMBER_IDS];
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010054
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010055/*******************************************************************************
56 * Top level handler for servicing FWU SMCs.
57 ******************************************************************************/
58register_t bl1_fwu_smc_handler(unsigned int smc_fid,
59 register_t x1,
60 register_t x2,
61 register_t x3,
62 register_t x4,
63 void *cookie,
64 void *handle,
65 unsigned int flags)
66{
67
68 switch (smc_fid) {
69 case FWU_SMC_IMAGE_COPY:
70 SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags));
71
72 case FWU_SMC_IMAGE_AUTH:
73 SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags));
74
75 case FWU_SMC_IMAGE_EXECUTE:
76 SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags));
77
78 case FWU_SMC_IMAGE_RESUME:
Dan Handley8ec76522015-12-15 10:52:33 +000079 SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags));
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010080
81 case FWU_SMC_SEC_IMAGE_DONE:
82 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags));
83
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010084 case FWU_SMC_IMAGE_RESET:
85 SMC_RET1(handle, bl1_fwu_image_reset(x1, flags));
86
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010087 case FWU_SMC_UPDATE_DONE:
Dan Handley89f8f332015-12-15 14:28:24 +000088 bl1_fwu_done((void *)x1, NULL);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010089
90 default:
Daniel Boulby8942a1b2018-06-22 14:16:03 +010091 assert(0); /* Unreachable */
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010092 break;
93 }
94
Antonio Nino Diazacb29142017-04-04 17:08:32 +010095 SMC_RET1(handle, SMC_UNK);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010096}
97
98/*******************************************************************************
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +010099 * Utility functions to keep track of the images that are loaded at any time.
100 ******************************************************************************/
101
102#ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
103#define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
104#else
105#define FWU_MAX_SIMULTANEOUS_IMAGES 10
106#endif
107
108static int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = {
109 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID
110};
111
112/*
113 * Adds an image_id to the bl1_fwu_loaded_ids array.
114 * Returns 0 on success, 1 on error.
115 */
116static int bl1_fwu_add_loaded_id(int image_id)
117{
118 int i;
119
120 /* Check if the ID is already in the list */
121 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
122 if (bl1_fwu_loaded_ids[i] == image_id)
123 return 0;
124 }
125
126 /* Find an empty slot */
127 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
128 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) {
129 bl1_fwu_loaded_ids[i] = image_id;
130 return 0;
131 }
132 }
133
134 return 1;
135}
136
137/*
138 * Removes an image_id from the bl1_fwu_loaded_ids array.
139 * Returns 0 on success, 1 on error.
140 */
141static int bl1_fwu_remove_loaded_id(int image_id)
142{
143 int i;
144
145 /* Find the ID */
146 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
147 if (bl1_fwu_loaded_ids[i] == image_id) {
148 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID;
149 return 0;
150 }
151 }
152
153 return 1;
154}
155
156/*******************************************************************************
157 * This function checks if the specified image overlaps another image already
158 * loaded. It returns 0 if there is no overlap, a negative error code otherwise.
159 ******************************************************************************/
160static int bl1_fwu_image_check_overlaps(int image_id)
161{
162 const image_desc_t *image_desc, *checked_image_desc;
163 const image_info_t *info, *checked_info;
164
165 uintptr_t image_base, image_end;
166 uintptr_t checked_image_base, checked_image_end;
167
168 checked_image_desc = bl1_plat_get_image_desc(image_id);
169 checked_info = &checked_image_desc->image_info;
170
171 /* Image being checked mustn't be empty. */
172 assert(checked_info->image_size != 0);
173
174 checked_image_base = checked_info->image_base;
175 checked_image_end = checked_image_base + checked_info->image_size - 1;
Soby Mathewf088b342017-06-15 16:11:48 +0100176 /* No need to check for overflows, it's done in bl1_fwu_image_copy(). */
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100177
178 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
179
Soby Mathewf088b342017-06-15 16:11:48 +0100180 /* Skip INVALID_IMAGE_IDs and don't check image against itself */
181 if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) ||
182 (bl1_fwu_loaded_ids[i] == image_id))
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100183 continue;
184
185 image_desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]);
186
187 /* Only check images that are loaded or being loaded. */
Soby Mathewf088b342017-06-15 16:11:48 +0100188 assert (image_desc && image_desc->state != IMAGE_STATE_RESET);
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100189
190 info = &image_desc->image_info;
191
192 /* There cannot be overlaps with an empty image. */
193 if (info->image_size == 0)
194 continue;
195
196 image_base = info->image_base;
197 image_end = image_base + info->image_size - 1;
198 /*
199 * Overflows cannot happen. It is checked in
200 * bl1_fwu_image_copy() when the image goes from RESET to
201 * COPYING or COPIED.
202 */
203 assert (image_end > image_base);
204
205 /* Check if there are overlaps. */
206 if (!(image_end < checked_image_base ||
207 checked_image_end < image_base)) {
208 VERBOSE("Image with ID %d overlaps existing image with ID %d",
209 checked_image_desc->image_id, image_desc->image_id);
210 return -EPERM;
211 }
212 }
213
214 return 0;
215}
216
217/*******************************************************************************
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100218 * This function is responsible for copying secure images in AP Secure RAM.
219 ******************************************************************************/
220static int bl1_fwu_image_copy(unsigned int image_id,
221 uintptr_t image_src,
222 unsigned int block_size,
223 unsigned int image_size,
224 unsigned int flags)
225{
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000226 uintptr_t dest_addr;
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000227 unsigned int remaining;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100228
229 /* Get the image descriptor. */
230 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000231 if (!image_desc) {
232 WARN("BL1-FWU: Invalid image ID %u\n", image_id);
233 return -EPERM;
234 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100235
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000236 /*
237 * The request must originate from a non-secure caller and target a
238 * secure image. Any other scenario is invalid.
239 */
240 if (GET_SECURITY_STATE(flags) == SECURE) {
241 WARN("BL1-FWU: Copy not allowed from secure world.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100242 return -EPERM;
243 }
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000244 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) {
245 WARN("BL1-FWU: Copy not allowed for non-secure images.\n");
246 return -EPERM;
247 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100248
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000249 /* Check whether the FWU state machine is in the correct state. */
250 if ((image_desc->state != IMAGE_STATE_RESET) &&
251 (image_desc->state != IMAGE_STATE_COPYING)) {
252 WARN("BL1-FWU: Copy not allowed at this point of the FWU"
253 " process.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100254 return -EPERM;
255 }
256
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000257 if ((!image_src) || (!block_size) ||
258 check_uptr_overflow(image_src, block_size - 1)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100259 WARN("BL1-FWU: Copy not allowed due to invalid image source"
260 " or block size\n");
261 return -ENOMEM;
262 }
263
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100264 if (image_desc->state == IMAGE_STATE_COPYING) {
Sandrine Bailleuxbbc08222016-11-14 14:58:05 +0000265 /*
266 * There must have been at least 1 copy operation for this image
267 * previously.
268 */
269 assert(image_desc->copied_size != 0);
270 /*
271 * The image size must have been recorded in the 1st copy
272 * operation.
273 */
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000274 image_size = image_desc->image_info.image_size;
Sandrine Bailleuxbbc08222016-11-14 14:58:05 +0000275 assert(image_size != 0);
276 assert(image_desc->copied_size < image_size);
277
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100278 INFO("BL1-FWU: Continuing image copy in blocks\n");
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000279 } else { /* image_desc->state == IMAGE_STATE_RESET */
280 INFO("BL1-FWU: Initial call to copy an image\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100281
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000282 /*
283 * image_size is relevant only for the 1st copy request, it is
284 * then ignored for subsequent calls for this image.
285 */
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100286 if (!image_size) {
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000287 WARN("BL1-FWU: Copy not allowed due to invalid image"
288 " size\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100289 return -ENOMEM;
290 }
291
Yatharth Kochar8c0177f2016-11-11 13:57:50 +0000292 /* Check that the image size to load is within limit */
293 if (image_size > image_desc->image_info.image_max_size) {
294 WARN("BL1-FWU: Image size out of bounds\n");
295 return -ENOMEM;
296 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100297
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000298 /* Save the given image size. */
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100299 image_desc->image_info.image_size = image_size;
300
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100301 /* Make sure the image doesn't overlap other images. */
302 if (bl1_fwu_image_check_overlaps(image_id)) {
303 image_desc->image_info.image_size = 0;
304 WARN("BL1-FWU: This image overlaps another one\n");
305 return -EPERM;
306 }
307
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000308 /*
309 * copied_size must be explicitly initialized here because the
310 * FWU code doesn't necessarily do it when it resets the state
311 * machine.
312 */
313 image_desc->copied_size = 0;
314 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100315
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000316 /*
317 * If the given block size is more than the total image size
318 * then clip the former to the latter.
319 */
320 remaining = image_size - image_desc->copied_size;
321 if (block_size > remaining) {
322 WARN("BL1-FWU: Block size is too big, clipping it.\n");
323 block_size = remaining;
324 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100325
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000326 /* Make sure the source image is mapped in memory. */
327 if (bl1_plat_mem_check(image_src, block_size, flags)) {
328 WARN("BL1-FWU: Source image is not mapped.\n");
329 return -ENOMEM;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100330 }
331
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100332 if (bl1_fwu_add_loaded_id(image_id)) {
333 WARN("BL1-FWU: Too many images loaded at the same time.\n");
334 return -ENOMEM;
335 }
336
Soby Mathew2f38ce32018-02-08 17:45:12 +0000337 /* Allow the platform to handle pre-image load before copying */
338 if (image_desc->state == IMAGE_STATE_RESET) {
339 if (bl1_plat_handle_pre_image_load(image_id) != 0) {
340 ERROR("BL1-FWU: Failure in pre-image load of image id %d\n",
341 image_id);
342 return -EPERM;
343 }
344 }
345
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000346 /* Everything looks sane. Go ahead and copy the block of data. */
347 dest_addr = image_desc->image_info.image_base + image_desc->copied_size;
348 memcpy((void *) dest_addr, (const void *) image_src, block_size);
349 flush_dcache_range(dest_addr, block_size);
350
351 image_desc->copied_size += block_size;
352 image_desc->state = (block_size == remaining) ?
353 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING;
354
355 INFO("BL1-FWU: Copy operation successful.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100356 return 0;
357}
358
359/*******************************************************************************
360 * This function is responsible for authenticating Normal/Secure images.
361 ******************************************************************************/
362static int bl1_fwu_image_auth(unsigned int image_id,
363 uintptr_t image_src,
364 unsigned int image_size,
365 unsigned int flags)
366{
367 int result;
368 uintptr_t base_addr;
369 unsigned int total_size;
370
371 /* Get the image descriptor. */
372 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
373 if (!image_desc)
374 return -EPERM;
375
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000376 if (GET_SECURITY_STATE(flags) == SECURE) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100377 if (image_desc->state != IMAGE_STATE_RESET) {
378 WARN("BL1-FWU: Authentication from secure world "
379 "while in invalid state\n");
380 return -EPERM;
381 }
382 } else {
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000383 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100384 if (image_desc->state != IMAGE_STATE_COPIED) {
385 WARN("BL1-FWU: Authentication of secure image "
386 "from non-secure world while not in copied state\n");
387 return -EPERM;
388 }
389 } else {
390 if (image_desc->state != IMAGE_STATE_RESET) {
391 WARN("BL1-FWU: Authentication of non-secure image "
392 "from non-secure world while in invalid state\n");
393 return -EPERM;
394 }
395 }
396 }
397
398 if (image_desc->state == IMAGE_STATE_COPIED) {
399 /*
400 * Image is in COPIED state.
401 * Use the stored address and size.
402 */
403 base_addr = image_desc->image_info.image_base;
404 total_size = image_desc->image_info.image_size;
405 } else {
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000406 if ((!image_src) || (!image_size) ||
407 check_uptr_overflow(image_src, image_size - 1)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100408 WARN("BL1-FWU: Auth not allowed due to invalid"
409 " image source/size\n");
410 return -ENOMEM;
411 }
412
413 /*
414 * Image is in RESET state.
415 * Check the parameters and authenticate the source image in place.
416 */
Dan Handley35e5f692015-12-14 16:26:43 +0000417 if (bl1_plat_mem_check(image_src, image_size, \
418 image_desc->ep_info.h.attr)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100419 WARN("BL1-FWU: Authentication arguments source/size not mapped\n");
420 return -ENOMEM;
421 }
422
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100423 if (bl1_fwu_add_loaded_id(image_id)) {
424 WARN("BL1-FWU: Too many images loaded at the same time.\n");
425 return -ENOMEM;
426 }
427
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100428 base_addr = image_src;
429 total_size = image_size;
430
431 /* Update the image size in the descriptor. */
432 image_desc->image_info.image_size = total_size;
433 }
434
435 /*
436 * Authenticate the image.
437 */
438 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id);
439 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size);
440 if (result != 0) {
441 WARN("BL1-FWU: Authentication Failed err=%d\n", result);
442
443 /*
444 * Authentication has failed.
445 * Clear the memory if the image was copied.
446 * This is to prevent an attack where this contains
447 * some malicious code that can somehow be executed later.
448 */
449 if (image_desc->state == IMAGE_STATE_COPIED) {
450 /* Clear the memory.*/
Douglas Raillard21362a92016-12-02 13:51:54 +0000451 zero_normalmem((void *)base_addr, total_size);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100452 flush_dcache_range(base_addr, total_size);
453
454 /* Indicate that image can be copied again*/
455 image_desc->state = IMAGE_STATE_RESET;
456 }
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100457
458 /*
459 * Even if this fails it's ok because the ID isn't in the array.
460 * The image cannot be in RESET state here, it is checked at the
461 * beginning of the function.
462 */
463 bl1_fwu_remove_loaded_id(image_id);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100464 return -EAUTH;
465 }
466
467 /* Indicate that image is in authenticated state. */
468 image_desc->state = IMAGE_STATE_AUTHENTICATED;
469
Soby Mathew2f38ce32018-02-08 17:45:12 +0000470 /* Allow the platform to handle post-image load */
471 result = bl1_plat_handle_post_image_load(image_id);
472 if (result != 0) {
473 ERROR("BL1-FWU: Failure %d in post-image load of image id %d\n",
474 result, image_id);
475 /*
476 * Panic here as the platform handling of post-image load is
477 * not correct.
478 */
479 plat_error_handler(result);
480 }
481
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100482 /*
483 * Flush image_info to memory so that other
484 * secure world images can see changes.
485 */
486 flush_dcache_range((unsigned long)&image_desc->image_info,
487 sizeof(image_info_t));
488
489 INFO("BL1-FWU: Authentication was successful\n");
490
491 return 0;
492}
493
494/*******************************************************************************
495 * This function is responsible for executing Secure images.
496 ******************************************************************************/
497static int bl1_fwu_image_execute(unsigned int image_id,
498 void **handle,
499 unsigned int flags)
500{
501 /* Get the image descriptor. */
502 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
503
504 /*
505 * Execution is NOT allowed if:
Dan Handley8ec76522015-12-15 10:52:33 +0000506 * image_id is invalid OR
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100507 * Caller is from Secure world OR
508 * Image is Non-Secure OR
509 * Image is Non-Executable OR
510 * Image is NOT in AUTHENTICATED state.
511 */
512 if ((!image_desc) ||
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000513 (GET_SECURITY_STATE(flags) == SECURE) ||
514 (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) ||
515 (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) ||
516 (image_desc->state != IMAGE_STATE_AUTHENTICATED)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100517 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n");
518 return -EPERM;
519 }
520
521 INFO("BL1-FWU: Executing Secure image\n");
522
dp-armcdd03cb2017-02-15 11:07:55 +0000523#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100524 /* Save NS-EL1 system registers. */
525 cm_el1_sysregs_context_save(NON_SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000526#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100527
528 /* Prepare the image for execution. */
529 bl1_prepare_next_image(image_id);
530
531 /* Update the secure image id. */
532 sec_exec_image_id = image_id;
533
dp-armcdd03cb2017-02-15 11:07:55 +0000534#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100535 *handle = cm_get_context(SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000536#else
537 *handle = smc_get_ctx(SECURE);
538#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100539 return 0;
540}
541
542/*******************************************************************************
Dan Handley8ec76522015-12-15 10:52:33 +0000543 * This function is responsible for resuming execution in the other security
544 * world
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100545 ******************************************************************************/
Dan Handley8ec76522015-12-15 10:52:33 +0000546static register_t bl1_fwu_image_resume(register_t image_param,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100547 void **handle,
548 unsigned int flags)
549{
550 image_desc_t *image_desc;
551 unsigned int resume_sec_state;
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000552 unsigned int caller_sec_state = GET_SECURITY_STATE(flags);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100553
Dan Handley8ec76522015-12-15 10:52:33 +0000554 /* Get the image descriptor for last executed secure image id. */
555 image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
556 if (caller_sec_state == NON_SECURE) {
557 if (!image_desc) {
558 WARN("BL1-FWU: Resume not allowed due to no available"
559 "secure image\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100560 return -EPERM;
561 }
Dan Handley8ec76522015-12-15 10:52:33 +0000562 } else {
563 /* image_desc must be valid for secure world callers */
564 assert(image_desc);
565 }
566
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000567 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
568 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
Dan Handley8ec76522015-12-15 10:52:33 +0000569
570 if (caller_sec_state == SECURE) {
571 assert(image_desc->state == IMAGE_STATE_EXECUTED);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100572
573 /* Update the flags. */
574 image_desc->state = IMAGE_STATE_INTERRUPTED;
575 resume_sec_state = NON_SECURE;
576 } else {
Dan Handley8ec76522015-12-15 10:52:33 +0000577 assert(image_desc->state == IMAGE_STATE_INTERRUPTED);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100578
579 /* Update the flags. */
580 image_desc->state = IMAGE_STATE_EXECUTED;
581 resume_sec_state = SECURE;
582 }
583
dp-armcdd03cb2017-02-15 11:07:55 +0000584 INFO("BL1-FWU: Resuming %s world context\n",
585 (resume_sec_state == SECURE) ? "secure" : "normal");
586
587#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100588 /* Save the EL1 system registers of calling world. */
Dan Handley8ec76522015-12-15 10:52:33 +0000589 cm_el1_sysregs_context_save(caller_sec_state);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100590
591 /* Restore the EL1 system registers of resuming world. */
592 cm_el1_sysregs_context_restore(resume_sec_state);
593
594 /* Update the next context. */
595 cm_set_next_eret_context(resume_sec_state);
596
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100597 *handle = cm_get_context(resume_sec_state);
dp-armcdd03cb2017-02-15 11:07:55 +0000598#else
599 /* Update the next context. */
600 cm_set_next_context(cm_get_context(resume_sec_state));
601
602 /* Prepare the smc context for the next BL image. */
603 smc_set_next_ctx(resume_sec_state);
604
605 *handle = smc_get_ctx(resume_sec_state);
606#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100607 return image_param;
608}
609
610/*******************************************************************************
611 * This function is responsible for resuming normal world context.
612 ******************************************************************************/
613static int bl1_fwu_sec_image_done(void **handle, unsigned int flags)
614{
Dan Handley8ec76522015-12-15 10:52:33 +0000615 image_desc_t *image_desc;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100616
Dan Handley8ec76522015-12-15 10:52:33 +0000617 /* Make sure caller is from the secure world */
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000618 if (GET_SECURITY_STATE(flags) == NON_SECURE) {
Dan Handley8ec76522015-12-15 10:52:33 +0000619 WARN("BL1-FWU: Image done not allowed from normal world\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100620 return -EPERM;
621 }
622
Dan Handley8ec76522015-12-15 10:52:33 +0000623 /* Get the image descriptor for last executed secure image id */
624 image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
625
626 /* image_desc must correspond to a valid secure executing image */
627 assert(image_desc);
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000628 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
629 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
Dan Handley8ec76522015-12-15 10:52:33 +0000630 assert(image_desc->state == IMAGE_STATE_EXECUTED);
631
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100632#if ENABLE_ASSERTIONS
633 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id);
634 assert(rc == 0);
635#else
636 bl1_fwu_remove_loaded_id(sec_exec_image_id);
637#endif
638
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100639 /* Update the flags. */
640 image_desc->state = IMAGE_STATE_RESET;
641 sec_exec_image_id = INVALID_IMAGE_ID;
642
dp-armcdd03cb2017-02-15 11:07:55 +0000643 INFO("BL1-FWU: Resuming Normal world context\n");
644#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100645 /*
646 * Secure world is done so no need to save the context.
647 * Just restore the Non-Secure context.
648 */
649 cm_el1_sysregs_context_restore(NON_SECURE);
650
651 /* Update the next context. */
652 cm_set_next_eret_context(NON_SECURE);
653
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100654 *handle = cm_get_context(NON_SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000655#else
656 /* Update the next context. */
657 cm_set_next_context(cm_get_context(NON_SECURE));
658
659 /* Prepare the smc context for the next BL image. */
660 smc_set_next_ctx(NON_SECURE);
661
662 *handle = smc_get_ctx(NON_SECURE);
663#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100664 return 0;
665}
666
667/*******************************************************************************
668 * This function provides the opportunity for users to perform any
669 * platform specific handling after the Firmware update is done.
670 ******************************************************************************/
Dan Handley89f8f332015-12-15 14:28:24 +0000671__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved)
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100672{
673 NOTICE("BL1-FWU: *******FWU Process Completed*******\n");
674
675 /*
676 * Call platform done function.
677 */
Dan Handley89f8f332015-12-15 14:28:24 +0000678 bl1_plat_fwu_done(client_cookie, reserved);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100679 assert(0);
680}
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100681
682/*******************************************************************************
683 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is
684 * being executed.
685 ******************************************************************************/
686static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags)
687{
688 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
689
690 if ((!image_desc) || (GET_SECURITY_STATE(flags) == SECURE)) {
691 WARN("BL1-FWU: Reset not allowed due to invalid args\n");
692 return -EPERM;
693 }
694
695 switch (image_desc->state) {
696
697 case IMAGE_STATE_RESET:
698 /* Nothing to do. */
699 break;
700
701 case IMAGE_STATE_INTERRUPTED:
702 case IMAGE_STATE_AUTHENTICATED:
703 case IMAGE_STATE_COPIED:
704 case IMAGE_STATE_COPYING:
705
706 if (bl1_fwu_remove_loaded_id(image_id)) {
707 WARN("BL1-FWU: Image reset couldn't find the image ID\n");
708 return -EPERM;
709 }
710
Soby Mathewf088b342017-06-15 16:11:48 +0100711 if (image_desc->copied_size) {
712 /* Clear the memory if the image is copied */
713 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
714
715 zero_normalmem((void *)image_desc->image_info.image_base,
716 image_desc->copied_size);
717 flush_dcache_range(image_desc->image_info.image_base,
718 image_desc->copied_size);
719 }
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100720
721 /* Reset status variables */
722 image_desc->copied_size = 0;
723 image_desc->image_info.image_size = 0;
724 image_desc->state = IMAGE_STATE_RESET;
725
726 /* Clear authentication state */
727 auth_img_flags[image_id] = 0;
728
729 break;
730
731 case IMAGE_STATE_EXECUTED:
732 default:
Daniel Boulby8942a1b2018-06-22 14:16:03 +0100733 assert(0); /* Unreachable */
Jonathan Wrightd5ff96c2018-03-13 13:54:03 +0000734 break;
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100735 }
736
737 return 0;
738}