blob: 205ea92238afc45b68a9a3870990d9a6b6ef4616 [file] [log] [blame]
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01001/*
Douglas Raillard21362a92016-12-02 13:51:54 +00002 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +01005 */
6
7#include <assert.h>
8#include <arch_helpers.h>
9#include <auth_mod.h>
10#include <bl1.h>
11#include <bl_common.h>
12#include <context.h>
13#include <context_mgmt.h>
14#include <debug.h>
15#include <errno.h>
16#include <platform.h>
17#include <platform_def.h>
18#include <smcc_helpers.h>
19#include <string.h>
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +000020#include <utils.h>
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010021#include "bl1_private.h"
22
23/*
24 * Function declarations.
25 */
26static int bl1_fwu_image_copy(unsigned int image_id,
27 uintptr_t image_addr,
28 unsigned int block_size,
29 unsigned int image_size,
30 unsigned int flags);
31static int bl1_fwu_image_auth(unsigned int image_id,
32 uintptr_t image_addr,
33 unsigned int image_size,
34 unsigned int flags);
35static int bl1_fwu_image_execute(unsigned int image_id,
36 void **handle,
37 unsigned int flags);
Dan Handley8ec76522015-12-15 10:52:33 +000038static register_t bl1_fwu_image_resume(register_t image_param,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010039 void **handle,
40 unsigned int flags);
41static int bl1_fwu_sec_image_done(void **handle,
42 unsigned int flags);
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010043static int bl1_fwu_image_reset(unsigned int image_id,
44 unsigned int flags);
Dan Handley89f8f332015-12-15 14:28:24 +000045__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010046
47/*
48 * This keeps track of last executed secure image id.
49 */
50static unsigned int sec_exec_image_id = INVALID_IMAGE_ID;
51
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010052/* Authentication status of each image. */
53extern unsigned int auth_img_flags[];
54
dp-armcdd03cb2017-02-15 11:07:55 +000055void cm_set_next_context(void *cpu_context);
56
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010057/*******************************************************************************
58 * Top level handler for servicing FWU SMCs.
59 ******************************************************************************/
60register_t bl1_fwu_smc_handler(unsigned int smc_fid,
61 register_t x1,
62 register_t x2,
63 register_t x3,
64 register_t x4,
65 void *cookie,
66 void *handle,
67 unsigned int flags)
68{
69
70 switch (smc_fid) {
71 case FWU_SMC_IMAGE_COPY:
72 SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags));
73
74 case FWU_SMC_IMAGE_AUTH:
75 SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags));
76
77 case FWU_SMC_IMAGE_EXECUTE:
78 SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags));
79
80 case FWU_SMC_IMAGE_RESUME:
Dan Handley8ec76522015-12-15 10:52:33 +000081 SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags));
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010082
83 case FWU_SMC_SEC_IMAGE_DONE:
84 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags));
85
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +010086 case FWU_SMC_IMAGE_RESET:
87 SMC_RET1(handle, bl1_fwu_image_reset(x1, flags));
88
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010089 case FWU_SMC_UPDATE_DONE:
Dan Handley89f8f332015-12-15 14:28:24 +000090 bl1_fwu_done((void *)x1, NULL);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010091 /* We should never return from bl1_fwu_done() */
92
93 default:
94 assert(0);
95 break;
96 }
97
Antonio Nino Diazacb29142017-04-04 17:08:32 +010098 SMC_RET1(handle, SMC_UNK);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010099}
100
101/*******************************************************************************
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100102 * Utility functions to keep track of the images that are loaded at any time.
103 ******************************************************************************/
104
105#ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
106#define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
107#else
108#define FWU_MAX_SIMULTANEOUS_IMAGES 10
109#endif
110
111static int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = {
112 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID
113};
114
115/*
116 * Adds an image_id to the bl1_fwu_loaded_ids array.
117 * Returns 0 on success, 1 on error.
118 */
119static int bl1_fwu_add_loaded_id(int image_id)
120{
121 int i;
122
123 /* Check if the ID is already in the list */
124 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
125 if (bl1_fwu_loaded_ids[i] == image_id)
126 return 0;
127 }
128
129 /* Find an empty slot */
130 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
131 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) {
132 bl1_fwu_loaded_ids[i] = image_id;
133 return 0;
134 }
135 }
136
137 return 1;
138}
139
140/*
141 * Removes an image_id from the bl1_fwu_loaded_ids array.
142 * Returns 0 on success, 1 on error.
143 */
144static int bl1_fwu_remove_loaded_id(int image_id)
145{
146 int i;
147
148 /* Find the ID */
149 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
150 if (bl1_fwu_loaded_ids[i] == image_id) {
151 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID;
152 return 0;
153 }
154 }
155
156 return 1;
157}
158
159/*******************************************************************************
160 * This function checks if the specified image overlaps another image already
161 * loaded. It returns 0 if there is no overlap, a negative error code otherwise.
162 ******************************************************************************/
163static int bl1_fwu_image_check_overlaps(int image_id)
164{
165 const image_desc_t *image_desc, *checked_image_desc;
166 const image_info_t *info, *checked_info;
167
168 uintptr_t image_base, image_end;
169 uintptr_t checked_image_base, checked_image_end;
170
171 checked_image_desc = bl1_plat_get_image_desc(image_id);
172 checked_info = &checked_image_desc->image_info;
173
174 /* Image being checked mustn't be empty. */
175 assert(checked_info->image_size != 0);
176
177 checked_image_base = checked_info->image_base;
178 checked_image_end = checked_image_base + checked_info->image_size - 1;
179 /* No need to check for overlaps, it's done in bl1_fwu_image_copy(). */
180
181 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
182
183 /* Don't check image against itself. */
184 if (bl1_fwu_loaded_ids[i] == image_id)
185 continue;
186
187 image_desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]);
188
189 /* Only check images that are loaded or being loaded. */
190 assert (image_desc->state != IMAGE_STATE_RESET);
191
192 info = &image_desc->image_info;
193
194 /* There cannot be overlaps with an empty image. */
195 if (info->image_size == 0)
196 continue;
197
198 image_base = info->image_base;
199 image_end = image_base + info->image_size - 1;
200 /*
201 * Overflows cannot happen. It is checked in
202 * bl1_fwu_image_copy() when the image goes from RESET to
203 * COPYING or COPIED.
204 */
205 assert (image_end > image_base);
206
207 /* Check if there are overlaps. */
208 if (!(image_end < checked_image_base ||
209 checked_image_end < image_base)) {
210 VERBOSE("Image with ID %d overlaps existing image with ID %d",
211 checked_image_desc->image_id, image_desc->image_id);
212 return -EPERM;
213 }
214 }
215
216 return 0;
217}
218
219/*******************************************************************************
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100220 * This function is responsible for copying secure images in AP Secure RAM.
221 ******************************************************************************/
222static int bl1_fwu_image_copy(unsigned int image_id,
223 uintptr_t image_src,
224 unsigned int block_size,
225 unsigned int image_size,
226 unsigned int flags)
227{
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000228 uintptr_t dest_addr;
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000229 unsigned int remaining;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100230
231 /* Get the image descriptor. */
232 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000233 if (!image_desc) {
234 WARN("BL1-FWU: Invalid image ID %u\n", image_id);
235 return -EPERM;
236 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100237
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000238 /*
239 * The request must originate from a non-secure caller and target a
240 * secure image. Any other scenario is invalid.
241 */
242 if (GET_SECURITY_STATE(flags) == SECURE) {
243 WARN("BL1-FWU: Copy not allowed from secure world.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100244 return -EPERM;
245 }
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000246 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) {
247 WARN("BL1-FWU: Copy not allowed for non-secure images.\n");
248 return -EPERM;
249 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100250
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000251 /* Check whether the FWU state machine is in the correct state. */
252 if ((image_desc->state != IMAGE_STATE_RESET) &&
253 (image_desc->state != IMAGE_STATE_COPYING)) {
254 WARN("BL1-FWU: Copy not allowed at this point of the FWU"
255 " process.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100256 return -EPERM;
257 }
258
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000259 if ((!image_src) || (!block_size) ||
260 check_uptr_overflow(image_src, block_size - 1)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100261 WARN("BL1-FWU: Copy not allowed due to invalid image source"
262 " or block size\n");
263 return -ENOMEM;
264 }
265
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100266 if (image_desc->state == IMAGE_STATE_COPYING) {
Sandrine Bailleuxbbc08222016-11-14 14:58:05 +0000267 /*
268 * There must have been at least 1 copy operation for this image
269 * previously.
270 */
271 assert(image_desc->copied_size != 0);
272 /*
273 * The image size must have been recorded in the 1st copy
274 * operation.
275 */
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000276 image_size = image_desc->image_info.image_size;
Sandrine Bailleuxbbc08222016-11-14 14:58:05 +0000277 assert(image_size != 0);
278 assert(image_desc->copied_size < image_size);
279
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100280 INFO("BL1-FWU: Continuing image copy in blocks\n");
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000281 } else { /* image_desc->state == IMAGE_STATE_RESET */
282 INFO("BL1-FWU: Initial call to copy an image\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100283
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000284 /*
285 * image_size is relevant only for the 1st copy request, it is
286 * then ignored for subsequent calls for this image.
287 */
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100288 if (!image_size) {
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000289 WARN("BL1-FWU: Copy not allowed due to invalid image"
290 " size\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100291 return -ENOMEM;
292 }
293
Yatharth Kochar8c0177f2016-11-11 13:57:50 +0000294#if LOAD_IMAGE_V2
295 /* Check that the image size to load is within limit */
296 if (image_size > image_desc->image_info.image_max_size) {
297 WARN("BL1-FWU: Image size out of bounds\n");
298 return -ENOMEM;
299 }
300#else
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000301 /*
302 * Check the image will fit into the free trusted RAM after BL1
303 * load.
304 */
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000305 const meminfo_t *mem_layout = bl1_plat_sec_mem_layout();
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000306 if (!is_mem_free(mem_layout->free_base, mem_layout->free_size,
307 image_desc->image_info.image_base,
308 image_size)) {
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000309 WARN("BL1-FWU: Copy not allowed due to insufficient"
310 " resources.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100311 return -ENOMEM;
312 }
Yatharth Kochar8c0177f2016-11-11 13:57:50 +0000313#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100314
Sandrine Bailleux5ebc21e2016-11-11 15:56:20 +0000315 /* Save the given image size. */
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100316 image_desc->image_info.image_size = image_size;
317
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100318 /* Make sure the image doesn't overlap other images. */
319 if (bl1_fwu_image_check_overlaps(image_id)) {
320 image_desc->image_info.image_size = 0;
321 WARN("BL1-FWU: This image overlaps another one\n");
322 return -EPERM;
323 }
324
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000325 /*
326 * copied_size must be explicitly initialized here because the
327 * FWU code doesn't necessarily do it when it resets the state
328 * machine.
329 */
330 image_desc->copied_size = 0;
331 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100332
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000333 /*
334 * If the given block size is more than the total image size
335 * then clip the former to the latter.
336 */
337 remaining = image_size - image_desc->copied_size;
338 if (block_size > remaining) {
339 WARN("BL1-FWU: Block size is too big, clipping it.\n");
340 block_size = remaining;
341 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100342
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000343 /* Make sure the source image is mapped in memory. */
344 if (bl1_plat_mem_check(image_src, block_size, flags)) {
345 WARN("BL1-FWU: Source image is not mapped.\n");
346 return -ENOMEM;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100347 }
348
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100349 if (bl1_fwu_add_loaded_id(image_id)) {
350 WARN("BL1-FWU: Too many images loaded at the same time.\n");
351 return -ENOMEM;
352 }
353
Sandrine Bailleux953488e2016-11-14 14:56:51 +0000354 /* Everything looks sane. Go ahead and copy the block of data. */
355 dest_addr = image_desc->image_info.image_base + image_desc->copied_size;
356 memcpy((void *) dest_addr, (const void *) image_src, block_size);
357 flush_dcache_range(dest_addr, block_size);
358
359 image_desc->copied_size += block_size;
360 image_desc->state = (block_size == remaining) ?
361 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING;
362
363 INFO("BL1-FWU: Copy operation successful.\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100364 return 0;
365}
366
367/*******************************************************************************
368 * This function is responsible for authenticating Normal/Secure images.
369 ******************************************************************************/
370static int bl1_fwu_image_auth(unsigned int image_id,
371 uintptr_t image_src,
372 unsigned int image_size,
373 unsigned int flags)
374{
375 int result;
376 uintptr_t base_addr;
377 unsigned int total_size;
378
379 /* Get the image descriptor. */
380 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
381 if (!image_desc)
382 return -EPERM;
383
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000384 if (GET_SECURITY_STATE(flags) == SECURE) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100385 if (image_desc->state != IMAGE_STATE_RESET) {
386 WARN("BL1-FWU: Authentication from secure world "
387 "while in invalid state\n");
388 return -EPERM;
389 }
390 } else {
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000391 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100392 if (image_desc->state != IMAGE_STATE_COPIED) {
393 WARN("BL1-FWU: Authentication of secure image "
394 "from non-secure world while not in copied state\n");
395 return -EPERM;
396 }
397 } else {
398 if (image_desc->state != IMAGE_STATE_RESET) {
399 WARN("BL1-FWU: Authentication of non-secure image "
400 "from non-secure world while in invalid state\n");
401 return -EPERM;
402 }
403 }
404 }
405
406 if (image_desc->state == IMAGE_STATE_COPIED) {
407 /*
408 * Image is in COPIED state.
409 * Use the stored address and size.
410 */
411 base_addr = image_desc->image_info.image_base;
412 total_size = image_desc->image_info.image_size;
413 } else {
Sandrine Bailleuxb39d75f2016-11-11 16:44:37 +0000414 if ((!image_src) || (!image_size) ||
415 check_uptr_overflow(image_src, image_size - 1)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100416 WARN("BL1-FWU: Auth not allowed due to invalid"
417 " image source/size\n");
418 return -ENOMEM;
419 }
420
421 /*
422 * Image is in RESET state.
423 * Check the parameters and authenticate the source image in place.
424 */
Dan Handley35e5f692015-12-14 16:26:43 +0000425 if (bl1_plat_mem_check(image_src, image_size, \
426 image_desc->ep_info.h.attr)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100427 WARN("BL1-FWU: Authentication arguments source/size not mapped\n");
428 return -ENOMEM;
429 }
430
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100431 if (bl1_fwu_add_loaded_id(image_id)) {
432 WARN("BL1-FWU: Too many images loaded at the same time.\n");
433 return -ENOMEM;
434 }
435
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100436 base_addr = image_src;
437 total_size = image_size;
438
439 /* Update the image size in the descriptor. */
440 image_desc->image_info.image_size = total_size;
441 }
442
443 /*
444 * Authenticate the image.
445 */
446 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id);
447 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size);
448 if (result != 0) {
449 WARN("BL1-FWU: Authentication Failed err=%d\n", result);
450
451 /*
452 * Authentication has failed.
453 * Clear the memory if the image was copied.
454 * This is to prevent an attack where this contains
455 * some malicious code that can somehow be executed later.
456 */
457 if (image_desc->state == IMAGE_STATE_COPIED) {
458 /* Clear the memory.*/
Douglas Raillard21362a92016-12-02 13:51:54 +0000459 zero_normalmem((void *)base_addr, total_size);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100460 flush_dcache_range(base_addr, total_size);
461
462 /* Indicate that image can be copied again*/
463 image_desc->state = IMAGE_STATE_RESET;
464 }
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100465
466 /*
467 * Even if this fails it's ok because the ID isn't in the array.
468 * The image cannot be in RESET state here, it is checked at the
469 * beginning of the function.
470 */
471 bl1_fwu_remove_loaded_id(image_id);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100472 return -EAUTH;
473 }
474
475 /* Indicate that image is in authenticated state. */
476 image_desc->state = IMAGE_STATE_AUTHENTICATED;
477
478 /*
479 * Flush image_info to memory so that other
480 * secure world images can see changes.
481 */
482 flush_dcache_range((unsigned long)&image_desc->image_info,
483 sizeof(image_info_t));
484
485 INFO("BL1-FWU: Authentication was successful\n");
486
487 return 0;
488}
489
490/*******************************************************************************
491 * This function is responsible for executing Secure images.
492 ******************************************************************************/
493static int bl1_fwu_image_execute(unsigned int image_id,
494 void **handle,
495 unsigned int flags)
496{
497 /* Get the image descriptor. */
498 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
499
500 /*
501 * Execution is NOT allowed if:
Dan Handley8ec76522015-12-15 10:52:33 +0000502 * image_id is invalid OR
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100503 * Caller is from Secure world OR
504 * Image is Non-Secure OR
505 * Image is Non-Executable OR
506 * Image is NOT in AUTHENTICATED state.
507 */
508 if ((!image_desc) ||
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000509 (GET_SECURITY_STATE(flags) == SECURE) ||
510 (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) ||
511 (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) ||
512 (image_desc->state != IMAGE_STATE_AUTHENTICATED)) {
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100513 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n");
514 return -EPERM;
515 }
516
517 INFO("BL1-FWU: Executing Secure image\n");
518
dp-armcdd03cb2017-02-15 11:07:55 +0000519#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100520 /* Save NS-EL1 system registers. */
521 cm_el1_sysregs_context_save(NON_SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000522#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100523
524 /* Prepare the image for execution. */
525 bl1_prepare_next_image(image_id);
526
527 /* Update the secure image id. */
528 sec_exec_image_id = image_id;
529
dp-armcdd03cb2017-02-15 11:07:55 +0000530#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100531 *handle = cm_get_context(SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000532#else
533 *handle = smc_get_ctx(SECURE);
534#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100535 return 0;
536}
537
538/*******************************************************************************
Dan Handley8ec76522015-12-15 10:52:33 +0000539 * This function is responsible for resuming execution in the other security
540 * world
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100541 ******************************************************************************/
Dan Handley8ec76522015-12-15 10:52:33 +0000542static register_t bl1_fwu_image_resume(register_t image_param,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100543 void **handle,
544 unsigned int flags)
545{
546 image_desc_t *image_desc;
547 unsigned int resume_sec_state;
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000548 unsigned int caller_sec_state = GET_SECURITY_STATE(flags);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100549
Dan Handley8ec76522015-12-15 10:52:33 +0000550 /* Get the image descriptor for last executed secure image id. */
551 image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
552 if (caller_sec_state == NON_SECURE) {
553 if (!image_desc) {
554 WARN("BL1-FWU: Resume not allowed due to no available"
555 "secure image\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100556 return -EPERM;
557 }
Dan Handley8ec76522015-12-15 10:52:33 +0000558 } else {
559 /* image_desc must be valid for secure world callers */
560 assert(image_desc);
561 }
562
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000563 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
564 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
Dan Handley8ec76522015-12-15 10:52:33 +0000565
566 if (caller_sec_state == SECURE) {
567 assert(image_desc->state == IMAGE_STATE_EXECUTED);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100568
569 /* Update the flags. */
570 image_desc->state = IMAGE_STATE_INTERRUPTED;
571 resume_sec_state = NON_SECURE;
572 } else {
Dan Handley8ec76522015-12-15 10:52:33 +0000573 assert(image_desc->state == IMAGE_STATE_INTERRUPTED);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100574
575 /* Update the flags. */
576 image_desc->state = IMAGE_STATE_EXECUTED;
577 resume_sec_state = SECURE;
578 }
579
dp-armcdd03cb2017-02-15 11:07:55 +0000580 INFO("BL1-FWU: Resuming %s world context\n",
581 (resume_sec_state == SECURE) ? "secure" : "normal");
582
583#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100584 /* Save the EL1 system registers of calling world. */
Dan Handley8ec76522015-12-15 10:52:33 +0000585 cm_el1_sysregs_context_save(caller_sec_state);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100586
587 /* Restore the EL1 system registers of resuming world. */
588 cm_el1_sysregs_context_restore(resume_sec_state);
589
590 /* Update the next context. */
591 cm_set_next_eret_context(resume_sec_state);
592
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100593 *handle = cm_get_context(resume_sec_state);
dp-armcdd03cb2017-02-15 11:07:55 +0000594#else
595 /* Update the next context. */
596 cm_set_next_context(cm_get_context(resume_sec_state));
597
598 /* Prepare the smc context for the next BL image. */
599 smc_set_next_ctx(resume_sec_state);
600
601 *handle = smc_get_ctx(resume_sec_state);
602#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100603 return image_param;
604}
605
606/*******************************************************************************
607 * This function is responsible for resuming normal world context.
608 ******************************************************************************/
609static int bl1_fwu_sec_image_done(void **handle, unsigned int flags)
610{
Dan Handley8ec76522015-12-15 10:52:33 +0000611 image_desc_t *image_desc;
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100612
Dan Handley8ec76522015-12-15 10:52:33 +0000613 /* Make sure caller is from the secure world */
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000614 if (GET_SECURITY_STATE(flags) == NON_SECURE) {
Dan Handley8ec76522015-12-15 10:52:33 +0000615 WARN("BL1-FWU: Image done not allowed from normal world\n");
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100616 return -EPERM;
617 }
618
Dan Handley8ec76522015-12-15 10:52:33 +0000619 /* Get the image descriptor for last executed secure image id */
620 image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
621
622 /* image_desc must correspond to a valid secure executing image */
623 assert(image_desc);
Yatharth Kocharf11b29a2016-02-01 11:04:46 +0000624 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
625 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
Dan Handley8ec76522015-12-15 10:52:33 +0000626 assert(image_desc->state == IMAGE_STATE_EXECUTED);
627
Antonio Nino Diazd6a277f2017-06-01 13:40:17 +0100628#if ENABLE_ASSERTIONS
629 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id);
630 assert(rc == 0);
631#else
632 bl1_fwu_remove_loaded_id(sec_exec_image_id);
633#endif
634
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100635 /* Update the flags. */
636 image_desc->state = IMAGE_STATE_RESET;
637 sec_exec_image_id = INVALID_IMAGE_ID;
638
dp-armcdd03cb2017-02-15 11:07:55 +0000639 INFO("BL1-FWU: Resuming Normal world context\n");
640#ifdef AARCH64
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100641 /*
642 * Secure world is done so no need to save the context.
643 * Just restore the Non-Secure context.
644 */
645 cm_el1_sysregs_context_restore(NON_SECURE);
646
647 /* Update the next context. */
648 cm_set_next_eret_context(NON_SECURE);
649
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100650 *handle = cm_get_context(NON_SECURE);
dp-armcdd03cb2017-02-15 11:07:55 +0000651#else
652 /* Update the next context. */
653 cm_set_next_context(cm_get_context(NON_SECURE));
654
655 /* Prepare the smc context for the next BL image. */
656 smc_set_next_ctx(NON_SECURE);
657
658 *handle = smc_get_ctx(NON_SECURE);
659#endif
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100660 return 0;
661}
662
663/*******************************************************************************
664 * This function provides the opportunity for users to perform any
665 * platform specific handling after the Firmware update is done.
666 ******************************************************************************/
Dan Handley89f8f332015-12-15 14:28:24 +0000667__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved)
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100668{
669 NOTICE("BL1-FWU: *******FWU Process Completed*******\n");
670
671 /*
672 * Call platform done function.
673 */
Dan Handley89f8f332015-12-15 14:28:24 +0000674 bl1_plat_fwu_done(client_cookie, reserved);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100675 assert(0);
676}
Antonio Nino Diaz0e8e7202017-05-12 16:51:59 +0100677
678/*******************************************************************************
679 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is
680 * being executed.
681 ******************************************************************************/
682static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags)
683{
684 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
685
686 if ((!image_desc) || (GET_SECURITY_STATE(flags) == SECURE)) {
687 WARN("BL1-FWU: Reset not allowed due to invalid args\n");
688 return -EPERM;
689 }
690
691 switch (image_desc->state) {
692
693 case IMAGE_STATE_RESET:
694 /* Nothing to do. */
695 break;
696
697 case IMAGE_STATE_INTERRUPTED:
698 case IMAGE_STATE_AUTHENTICATED:
699 case IMAGE_STATE_COPIED:
700 case IMAGE_STATE_COPYING:
701
702 if (bl1_fwu_remove_loaded_id(image_id)) {
703 WARN("BL1-FWU: Image reset couldn't find the image ID\n");
704 return -EPERM;
705 }
706
707 /* Clear the memory.*/
708 zero_normalmem((void *)image_desc->image_info.image_base,
709 image_desc->copied_size);
710 flush_dcache_range(image_desc->image_info.image_base,
711 image_desc->copied_size);
712
713 /* Reset status variables */
714 image_desc->copied_size = 0;
715 image_desc->image_info.image_size = 0;
716 image_desc->state = IMAGE_STATE_RESET;
717
718 /* Clear authentication state */
719 auth_img_flags[image_id] = 0;
720
721 break;
722
723 case IMAGE_STATE_EXECUTED:
724 default:
725 assert(0);
726 }
727
728 return 0;
729}