1 /*
2 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <arch_helpers.h>
8 #include <assert.h>
9 #include <auth_mod.h>
10 #include <bl1.h>
11 #include <bl_common.h>
12 #include <context.h>
13 #include <context_mgmt.h>
14 #include <debug.h>
15 #include <errno.h>
16 #include <platform.h>
17 #include <platform_def.h>
18 #include <smcc_helpers.h>
19 #include <string.h>
20 #include <utils.h>
21 #include "bl1_private.h"
22
23 /*
24 * Function declarations.
25 */
26 static int bl1_fwu_image_copy(unsigned int image_id,
27 uintptr_t image_addr,
28 unsigned int block_size,
29 unsigned int image_size,
30 unsigned int flags);
31 static int bl1_fwu_image_auth(unsigned int image_id,
32 uintptr_t image_addr,
33 unsigned int image_size,
34 unsigned int flags);
35 static int bl1_fwu_image_execute(unsigned int image_id,
36 void **handle,
37 unsigned int flags);
38 static register_t bl1_fwu_image_resume(register_t image_param,
39 void **handle,
40 unsigned int flags);
41 static int bl1_fwu_sec_image_done(void **handle,
42 unsigned int flags);
43 static int bl1_fwu_image_reset(unsigned int image_id,
44 unsigned int flags);
45 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved);
46
47 /*
48 * This keeps track of last executed secure image id.
49 */
50 static unsigned int sec_exec_image_id = INVALID_IMAGE_ID;
51
52 /* Authentication status of each image. */
53 extern unsigned int auth_img_flags[];
54
55 /*******************************************************************************
56 * Top level handler for servicing FWU SMCs.
57 ******************************************************************************/
bl1_fwu_smc_handler(unsigned int smc_fid,register_t x1,register_t x2,register_t x3,register_t x4,void * cookie,void * handle,unsigned int flags)58 register_t bl1_fwu_smc_handler(unsigned int smc_fid,
59 register_t x1,
60 register_t x2,
61 register_t x3,
62 register_t x4,
63 void *cookie,
64 void *handle,
65 unsigned int flags)
66 {
67
68 switch (smc_fid) {
69 case FWU_SMC_IMAGE_COPY:
70 SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags));
71
72 case FWU_SMC_IMAGE_AUTH:
73 SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags));
74
75 case FWU_SMC_IMAGE_EXECUTE:
76 SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags));
77
78 case FWU_SMC_IMAGE_RESUME:
79 SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags));
80
81 case FWU_SMC_SEC_IMAGE_DONE:
82 SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags));
83
84 case FWU_SMC_IMAGE_RESET:
85 SMC_RET1(handle, bl1_fwu_image_reset(x1, flags));
86
87 case FWU_SMC_UPDATE_DONE:
88 bl1_fwu_done((void *)x1, NULL);
89 /* We should never return from bl1_fwu_done() */
90
91 default:
92 assert(0);
93 break;
94 }
95
96 SMC_RET1(handle, SMC_UNK);
97 }
98
99 /*******************************************************************************
100 * Utility functions to keep track of the images that are loaded at any time.
101 ******************************************************************************/
102
103 #ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
104 #define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
105 #else
106 #define FWU_MAX_SIMULTANEOUS_IMAGES 10
107 #endif
108
109 static int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = {
110 [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID
111 };
112
113 /*
114 * Adds an image_id to the bl1_fwu_loaded_ids array.
115 * Returns 0 on success, 1 on error.
116 */
bl1_fwu_add_loaded_id(int image_id)117 static int bl1_fwu_add_loaded_id(int image_id)
118 {
119 int i;
120
121 /* Check if the ID is already in the list */
122 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
123 if (bl1_fwu_loaded_ids[i] == image_id)
124 return 0;
125 }
126
127 /* Find an empty slot */
128 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
129 if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) {
130 bl1_fwu_loaded_ids[i] = image_id;
131 return 0;
132 }
133 }
134
135 return 1;
136 }
137
138 /*
139 * Removes an image_id from the bl1_fwu_loaded_ids array.
140 * Returns 0 on success, 1 on error.
141 */
bl1_fwu_remove_loaded_id(int image_id)142 static int bl1_fwu_remove_loaded_id(int image_id)
143 {
144 int i;
145
146 /* Find the ID */
147 for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
148 if (bl1_fwu_loaded_ids[i] == image_id) {
149 bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID;
150 return 0;
151 }
152 }
153
154 return 1;
155 }
156
157 /*******************************************************************************
158 * This function checks if the specified image overlaps another image already
159 * loaded. It returns 0 if there is no overlap, a negative error code otherwise.
160 ******************************************************************************/
bl1_fwu_image_check_overlaps(int image_id)161 static int bl1_fwu_image_check_overlaps(int image_id)
162 {
163 const image_desc_t *image_desc, *checked_image_desc;
164 const image_info_t *info, *checked_info;
165
166 uintptr_t image_base, image_end;
167 uintptr_t checked_image_base, checked_image_end;
168
169 checked_image_desc = bl1_plat_get_image_desc(image_id);
170 checked_info = &checked_image_desc->image_info;
171
172 /* Image being checked mustn't be empty. */
173 assert(checked_info->image_size != 0);
174
175 checked_image_base = checked_info->image_base;
176 checked_image_end = checked_image_base + checked_info->image_size - 1;
177 /* No need to check for overflows, it's done in bl1_fwu_image_copy(). */
178
179 for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
180
181 /* Skip INVALID_IMAGE_IDs and don't check image against itself */
182 if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) ||
183 (bl1_fwu_loaded_ids[i] == image_id))
184 continue;
185
186 image_desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]);
187
188 /* Only check images that are loaded or being loaded. */
189 assert (image_desc && image_desc->state != IMAGE_STATE_RESET);
190
191 info = &image_desc->image_info;
192
193 /* There cannot be overlaps with an empty image. */
194 if (info->image_size == 0)
195 continue;
196
197 image_base = info->image_base;
198 image_end = image_base + info->image_size - 1;
199 /*
200 * Overflows cannot happen. It is checked in
201 * bl1_fwu_image_copy() when the image goes from RESET to
202 * COPYING or COPIED.
203 */
204 assert (image_end > image_base);
205
206 /* Check if there are overlaps. */
207 if (!(image_end < checked_image_base ||
208 checked_image_end < image_base)) {
209 VERBOSE("Image with ID %d overlaps existing image with ID %d",
210 checked_image_desc->image_id, image_desc->image_id);
211 return -EPERM;
212 }
213 }
214
215 return 0;
216 }
217
218 /*******************************************************************************
219 * This function is responsible for copying secure images in AP Secure RAM.
220 ******************************************************************************/
bl1_fwu_image_copy(unsigned int image_id,uintptr_t image_src,unsigned int block_size,unsigned int image_size,unsigned int flags)221 static int bl1_fwu_image_copy(unsigned int image_id,
222 uintptr_t image_src,
223 unsigned int block_size,
224 unsigned int image_size,
225 unsigned int flags)
226 {
227 uintptr_t dest_addr;
228 unsigned int remaining;
229
230 /* Get the image descriptor. */
231 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
232 if (!image_desc) {
233 WARN("BL1-FWU: Invalid image ID %u\n", image_id);
234 return -EPERM;
235 }
236
237 /*
238 * The request must originate from a non-secure caller and target a
239 * secure image. Any other scenario is invalid.
240 */
241 if (GET_SECURITY_STATE(flags) == SECURE) {
242 WARN("BL1-FWU: Copy not allowed from secure world.\n");
243 return -EPERM;
244 }
245 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) {
246 WARN("BL1-FWU: Copy not allowed for non-secure images.\n");
247 return -EPERM;
248 }
249
250 /* Check whether the FWU state machine is in the correct state. */
251 if ((image_desc->state != IMAGE_STATE_RESET) &&
252 (image_desc->state != IMAGE_STATE_COPYING)) {
253 WARN("BL1-FWU: Copy not allowed at this point of the FWU"
254 " process.\n");
255 return -EPERM;
256 }
257
258 if ((!image_src) || (!block_size) ||
259 check_uptr_overflow(image_src, block_size - 1)) {
260 WARN("BL1-FWU: Copy not allowed due to invalid image source"
261 " or block size\n");
262 return -ENOMEM;
263 }
264
265 if (image_desc->state == IMAGE_STATE_COPYING) {
266 /*
267 * There must have been at least 1 copy operation for this image
268 * previously.
269 */
270 assert(image_desc->copied_size != 0);
271 /*
272 * The image size must have been recorded in the 1st copy
273 * operation.
274 */
275 image_size = image_desc->image_info.image_size;
276 assert(image_size != 0);
277 assert(image_desc->copied_size < image_size);
278
279 INFO("BL1-FWU: Continuing image copy in blocks\n");
280 } else { /* image_desc->state == IMAGE_STATE_RESET */
281 INFO("BL1-FWU: Initial call to copy an image\n");
282
283 /*
284 * image_size is relevant only for the 1st copy request, it is
285 * then ignored for subsequent calls for this image.
286 */
287 if (!image_size) {
288 WARN("BL1-FWU: Copy not allowed due to invalid image"
289 " size\n");
290 return -ENOMEM;
291 }
292
293 #if LOAD_IMAGE_V2
294 /* Check that the image size to load is within limit */
295 if (image_size > image_desc->image_info.image_max_size) {
296 WARN("BL1-FWU: Image size out of bounds\n");
297 return -ENOMEM;
298 }
299 #else
300 /*
301 * Check the image will fit into the free trusted RAM after BL1
302 * load.
303 */
304 const meminfo_t *mem_layout = bl1_plat_sec_mem_layout();
305 if (!is_mem_free(mem_layout->free_base, mem_layout->free_size,
306 image_desc->image_info.image_base,
307 image_size)) {
308 WARN("BL1-FWU: Copy not allowed due to insufficient"
309 " resources.\n");
310 return -ENOMEM;
311 }
312 #endif
313
314 /* Save the given image size. */
315 image_desc->image_info.image_size = image_size;
316
317 /* Make sure the image doesn't overlap other images. */
318 if (bl1_fwu_image_check_overlaps(image_id)) {
319 image_desc->image_info.image_size = 0;
320 WARN("BL1-FWU: This image overlaps another one\n");
321 return -EPERM;
322 }
323
324 /*
325 * copied_size must be explicitly initialized here because the
326 * FWU code doesn't necessarily do it when it resets the state
327 * machine.
328 */
329 image_desc->copied_size = 0;
330 }
331
332 /*
333 * If the given block size is more than the total image size
334 * then clip the former to the latter.
335 */
336 remaining = image_size - image_desc->copied_size;
337 if (block_size > remaining) {
338 WARN("BL1-FWU: Block size is too big, clipping it.\n");
339 block_size = remaining;
340 }
341
342 /* Make sure the source image is mapped in memory. */
343 if (bl1_plat_mem_check(image_src, block_size, flags)) {
344 WARN("BL1-FWU: Source image is not mapped.\n");
345 return -ENOMEM;
346 }
347
348 if (bl1_fwu_add_loaded_id(image_id)) {
349 WARN("BL1-FWU: Too many images loaded at the same time.\n");
350 return -ENOMEM;
351 }
352
353 /* Everything looks sane. Go ahead and copy the block of data. */
354 dest_addr = image_desc->image_info.image_base + image_desc->copied_size;
355 memcpy((void *) dest_addr, (const void *) image_src, block_size);
356 flush_dcache_range(dest_addr, block_size);
357
358 image_desc->copied_size += block_size;
359 image_desc->state = (block_size == remaining) ?
360 IMAGE_STATE_COPIED : IMAGE_STATE_COPYING;
361
362 INFO("BL1-FWU: Copy operation successful.\n");
363 return 0;
364 }
365
366 /*******************************************************************************
367 * This function is responsible for authenticating Normal/Secure images.
368 ******************************************************************************/
bl1_fwu_image_auth(unsigned int image_id,uintptr_t image_src,unsigned int image_size,unsigned int flags)369 static int bl1_fwu_image_auth(unsigned int image_id,
370 uintptr_t image_src,
371 unsigned int image_size,
372 unsigned int flags)
373 {
374 int result;
375 uintptr_t base_addr;
376 unsigned int total_size;
377
378 /* Get the image descriptor. */
379 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
380 if (!image_desc)
381 return -EPERM;
382
383 if (GET_SECURITY_STATE(flags) == SECURE) {
384 if (image_desc->state != IMAGE_STATE_RESET) {
385 WARN("BL1-FWU: Authentication from secure world "
386 "while in invalid state\n");
387 return -EPERM;
388 }
389 } else {
390 if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) {
391 if (image_desc->state != IMAGE_STATE_COPIED) {
392 WARN("BL1-FWU: Authentication of secure image "
393 "from non-secure world while not in copied state\n");
394 return -EPERM;
395 }
396 } else {
397 if (image_desc->state != IMAGE_STATE_RESET) {
398 WARN("BL1-FWU: Authentication of non-secure image "
399 "from non-secure world while in invalid state\n");
400 return -EPERM;
401 }
402 }
403 }
404
405 if (image_desc->state == IMAGE_STATE_COPIED) {
406 /*
407 * Image is in COPIED state.
408 * Use the stored address and size.
409 */
410 base_addr = image_desc->image_info.image_base;
411 total_size = image_desc->image_info.image_size;
412 } else {
413 if ((!image_src) || (!image_size) ||
414 check_uptr_overflow(image_src, image_size - 1)) {
415 WARN("BL1-FWU: Auth not allowed due to invalid"
416 " image source/size\n");
417 return -ENOMEM;
418 }
419
420 /*
421 * Image is in RESET state.
422 * Check the parameters and authenticate the source image in place.
423 */
424 if (bl1_plat_mem_check(image_src, image_size, \
425 image_desc->ep_info.h.attr)) {
426 WARN("BL1-FWU: Authentication arguments source/size not mapped\n");
427 return -ENOMEM;
428 }
429
430 if (bl1_fwu_add_loaded_id(image_id)) {
431 WARN("BL1-FWU: Too many images loaded at the same time.\n");
432 return -ENOMEM;
433 }
434
435 base_addr = image_src;
436 total_size = image_size;
437
438 /* Update the image size in the descriptor. */
439 image_desc->image_info.image_size = total_size;
440 }
441
442 /*
443 * Authenticate the image.
444 */
445 INFO("BL1-FWU: Authenticating image_id:%d\n", image_id);
446 result = auth_mod_verify_img(image_id, (void *)base_addr, total_size);
447 if (result != 0) {
448 WARN("BL1-FWU: Authentication Failed err=%d\n", result);
449
450 /*
451 * Authentication has failed.
452 * Clear the memory if the image was copied.
453 * This is to prevent an attack where this contains
454 * some malicious code that can somehow be executed later.
455 */
456 if (image_desc->state == IMAGE_STATE_COPIED) {
457 /* Clear the memory.*/
458 zero_normalmem((void *)base_addr, total_size);
459 flush_dcache_range(base_addr, total_size);
460
461 /* Indicate that image can be copied again*/
462 image_desc->state = IMAGE_STATE_RESET;
463 }
464
465 /*
466 * Even if this fails it's ok because the ID isn't in the array.
467 * The image cannot be in RESET state here, it is checked at the
468 * beginning of the function.
469 */
470 bl1_fwu_remove_loaded_id(image_id);
471 return -EAUTH;
472 }
473
474 /* Indicate that image is in authenticated state. */
475 image_desc->state = IMAGE_STATE_AUTHENTICATED;
476
477 /*
478 * Flush image_info to memory so that other
479 * secure world images can see changes.
480 */
481 flush_dcache_range((unsigned long)&image_desc->image_info,
482 sizeof(image_info_t));
483
484 INFO("BL1-FWU: Authentication was successful\n");
485
486 return 0;
487 }
488
489 /*******************************************************************************
490 * This function is responsible for executing Secure images.
491 ******************************************************************************/
bl1_fwu_image_execute(unsigned int image_id,void ** handle,unsigned int flags)492 static int bl1_fwu_image_execute(unsigned int image_id,
493 void **handle,
494 unsigned int flags)
495 {
496 /* Get the image descriptor. */
497 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
498
499 /*
500 * Execution is NOT allowed if:
501 * image_id is invalid OR
502 * Caller is from Secure world OR
503 * Image is Non-Secure OR
504 * Image is Non-Executable OR
505 * Image is NOT in AUTHENTICATED state.
506 */
507 if ((!image_desc) ||
508 (GET_SECURITY_STATE(flags) == SECURE) ||
509 (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) ||
510 (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) ||
511 (image_desc->state != IMAGE_STATE_AUTHENTICATED)) {
512 WARN("BL1-FWU: Execution not allowed due to invalid state/args\n");
513 return -EPERM;
514 }
515
516 INFO("BL1-FWU: Executing Secure image\n");
517
518 #ifdef AARCH64
519 /* Save NS-EL1 system registers. */
520 cm_el1_sysregs_context_save(NON_SECURE);
521 #endif
522
523 /* Prepare the image for execution. */
524 bl1_prepare_next_image(image_id);
525
526 /* Update the secure image id. */
527 sec_exec_image_id = image_id;
528
529 #ifdef AARCH64
530 *handle = cm_get_context(SECURE);
531 #else
532 *handle = smc_get_ctx(SECURE);
533 #endif
534 return 0;
535 }
536
537 /*******************************************************************************
538 * This function is responsible for resuming execution in the other security
539 * world
540 ******************************************************************************/
bl1_fwu_image_resume(register_t image_param,void ** handle,unsigned int flags)541 static register_t bl1_fwu_image_resume(register_t image_param,
542 void **handle,
543 unsigned int flags)
544 {
545 image_desc_t *image_desc;
546 unsigned int resume_sec_state;
547 unsigned int caller_sec_state = GET_SECURITY_STATE(flags);
548
549 /* Get the image descriptor for last executed secure image id. */
550 image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
551 if (caller_sec_state == NON_SECURE) {
552 if (!image_desc) {
553 WARN("BL1-FWU: Resume not allowed due to no available"
554 "secure image\n");
555 return -EPERM;
556 }
557 } else {
558 /* image_desc must be valid for secure world callers */
559 assert(image_desc);
560 }
561
562 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
563 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
564
565 if (caller_sec_state == SECURE) {
566 assert(image_desc->state == IMAGE_STATE_EXECUTED);
567
568 /* Update the flags. */
569 image_desc->state = IMAGE_STATE_INTERRUPTED;
570 resume_sec_state = NON_SECURE;
571 } else {
572 assert(image_desc->state == IMAGE_STATE_INTERRUPTED);
573
574 /* Update the flags. */
575 image_desc->state = IMAGE_STATE_EXECUTED;
576 resume_sec_state = SECURE;
577 }
578
579 INFO("BL1-FWU: Resuming %s world context\n",
580 (resume_sec_state == SECURE) ? "secure" : "normal");
581
582 #ifdef AARCH64
583 /* Save the EL1 system registers of calling world. */
584 cm_el1_sysregs_context_save(caller_sec_state);
585
586 /* Restore the EL1 system registers of resuming world. */
587 cm_el1_sysregs_context_restore(resume_sec_state);
588
589 /* Update the next context. */
590 cm_set_next_eret_context(resume_sec_state);
591
592 *handle = cm_get_context(resume_sec_state);
593 #else
594 /* Update the next context. */
595 cm_set_next_context(cm_get_context(resume_sec_state));
596
597 /* Prepare the smc context for the next BL image. */
598 smc_set_next_ctx(resume_sec_state);
599
600 *handle = smc_get_ctx(resume_sec_state);
601 #endif
602 return image_param;
603 }
604
605 /*******************************************************************************
606 * This function is responsible for resuming normal world context.
607 ******************************************************************************/
bl1_fwu_sec_image_done(void ** handle,unsigned int flags)608 static int bl1_fwu_sec_image_done(void **handle, unsigned int flags)
609 {
610 image_desc_t *image_desc;
611
612 /* Make sure caller is from the secure world */
613 if (GET_SECURITY_STATE(flags) == NON_SECURE) {
614 WARN("BL1-FWU: Image done not allowed from normal world\n");
615 return -EPERM;
616 }
617
618 /* Get the image descriptor for last executed secure image id */
619 image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
620
621 /* image_desc must correspond to a valid secure executing image */
622 assert(image_desc);
623 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
624 assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE);
625 assert(image_desc->state == IMAGE_STATE_EXECUTED);
626
627 #if ENABLE_ASSERTIONS
628 int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id);
629 assert(rc == 0);
630 #else
631 bl1_fwu_remove_loaded_id(sec_exec_image_id);
632 #endif
633
634 /* Update the flags. */
635 image_desc->state = IMAGE_STATE_RESET;
636 sec_exec_image_id = INVALID_IMAGE_ID;
637
638 INFO("BL1-FWU: Resuming Normal world context\n");
639 #ifdef AARCH64
640 /*
641 * Secure world is done so no need to save the context.
642 * Just restore the Non-Secure context.
643 */
644 cm_el1_sysregs_context_restore(NON_SECURE);
645
646 /* Update the next context. */
647 cm_set_next_eret_context(NON_SECURE);
648
649 *handle = cm_get_context(NON_SECURE);
650 #else
651 /* Update the next context. */
652 cm_set_next_context(cm_get_context(NON_SECURE));
653
654 /* Prepare the smc context for the next BL image. */
655 smc_set_next_ctx(NON_SECURE);
656
657 *handle = smc_get_ctx(NON_SECURE);
658 #endif
659 return 0;
660 }
661
662 /*******************************************************************************
663 * This function provides the opportunity for users to perform any
664 * platform specific handling after the Firmware update is done.
665 ******************************************************************************/
bl1_fwu_done(void * client_cookie,void * reserved)666 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved)
667 {
668 NOTICE("BL1-FWU: *******FWU Process Completed*******\n");
669
670 /*
671 * Call platform done function.
672 */
673 bl1_plat_fwu_done(client_cookie, reserved);
674 assert(0);
675 }
676
677 /*******************************************************************************
678 * This function resets an image to IMAGE_STATE_RESET. It fails if the image is
679 * being executed.
680 ******************************************************************************/
bl1_fwu_image_reset(unsigned int image_id,unsigned int flags)681 static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags)
682 {
683 image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
684
685 if ((!image_desc) || (GET_SECURITY_STATE(flags) == SECURE)) {
686 WARN("BL1-FWU: Reset not allowed due to invalid args\n");
687 return -EPERM;
688 }
689
690 switch (image_desc->state) {
691
692 case IMAGE_STATE_RESET:
693 /* Nothing to do. */
694 break;
695
696 case IMAGE_STATE_INTERRUPTED:
697 case IMAGE_STATE_AUTHENTICATED:
698 case IMAGE_STATE_COPIED:
699 case IMAGE_STATE_COPYING:
700
701 if (bl1_fwu_remove_loaded_id(image_id)) {
702 WARN("BL1-FWU: Image reset couldn't find the image ID\n");
703 return -EPERM;
704 }
705
706 if (image_desc->copied_size) {
707 /* Clear the memory if the image is copied */
708 assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE);
709
710 zero_normalmem((void *)image_desc->image_info.image_base,
711 image_desc->copied_size);
712 flush_dcache_range(image_desc->image_info.image_base,
713 image_desc->copied_size);
714 }
715
716 /* Reset status variables */
717 image_desc->copied_size = 0;
718 image_desc->image_info.image_size = 0;
719 image_desc->state = IMAGE_STATE_RESET;
720
721 /* Clear authentication state */
722 auth_img_flags[image_id] = 0;
723
724 break;
725
726 case IMAGE_STATE_EXECUTED:
727 default:
728 assert(0);
729 }
730
731 return 0;
732 }
733