1 /*
2  * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <assert.h>
8 #include <errno.h>
9 #include <string.h>
10 
11 #include <platform_def.h>
12 
13 #include <arch_helpers.h>
14 #include <bl1/bl1.h>
15 #include <common/bl_common.h>
16 #include <common/debug.h>
17 #include <context.h>
18 #include <drivers/auth/auth_mod.h>
19 #include <lib/el3_runtime/context_mgmt.h>
20 #include <lib/utils.h>
21 #include <plat/common/platform.h>
22 #include <smccc_helpers.h>
23 
24 #include "bl1_private.h"
25 
26 /*
27  * Function declarations.
28  */
29 static int bl1_fwu_image_copy(unsigned int image_id,
30 			uintptr_t image_src,
31 			unsigned int block_size,
32 			unsigned int image_size,
33 			unsigned int flags);
34 static int bl1_fwu_image_auth(unsigned int image_id,
35 			uintptr_t image_src,
36 			unsigned int image_size,
37 			unsigned int flags);
38 static int bl1_fwu_image_execute(unsigned int image_id,
39 			void **handle,
40 			unsigned int flags);
41 static register_t bl1_fwu_image_resume(register_t image_param,
42 			void **handle,
43 			unsigned int flags);
44 static int bl1_fwu_sec_image_done(void **handle,
45 			unsigned int flags);
46 static int bl1_fwu_image_reset(unsigned int image_id,
47 			unsigned int flags);
48 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved);
49 
50 /*
51  * This keeps track of last executed secure image id.
52  */
53 static unsigned int sec_exec_image_id = INVALID_IMAGE_ID;
54 
55 /*******************************************************************************
56  * Top level handler for servicing FWU SMCs.
57  ******************************************************************************/
bl1_fwu_smc_handler(unsigned int smc_fid,u_register_t x1,u_register_t x2,u_register_t x3,u_register_t x4,void * cookie,void * handle,unsigned int flags)58 u_register_t bl1_fwu_smc_handler(unsigned int smc_fid,
59 			u_register_t x1,
60 			u_register_t x2,
61 			u_register_t x3,
62 			u_register_t x4,
63 			void *cookie,
64 			void *handle,
65 			unsigned int flags)
66 {
67 
68 	switch (smc_fid) {
69 	case FWU_SMC_IMAGE_COPY:
70 		SMC_RET1(handle, bl1_fwu_image_copy((uint32_t)x1, x2,
71 			(uint32_t)x3, (uint32_t)x4, flags));
72 
73 	case FWU_SMC_IMAGE_AUTH:
74 		SMC_RET1(handle, bl1_fwu_image_auth((uint32_t)x1, x2,
75 			(uint32_t)x3, flags));
76 
77 	case FWU_SMC_IMAGE_EXECUTE:
78 		SMC_RET1(handle, bl1_fwu_image_execute((uint32_t)x1, &handle,
79 			flags));
80 
81 	case FWU_SMC_IMAGE_RESUME:
82 		SMC_RET1(handle, bl1_fwu_image_resume((register_t)x1, &handle,
83 			flags));
84 
85 	case FWU_SMC_SEC_IMAGE_DONE:
86 		SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags));
87 
88 	case FWU_SMC_IMAGE_RESET:
89 		SMC_RET1(handle, bl1_fwu_image_reset((uint32_t)x1, flags));
90 
91 	case FWU_SMC_UPDATE_DONE:
92 		bl1_fwu_done((void *)x1, NULL);
93 
94 	default:
95 		assert(false); /* Unreachable */
96 		break;
97 	}
98 
99 	SMC_RET1(handle, SMC_UNK);
100 }
101 
102 /*******************************************************************************
103  * Utility functions to keep track of the images that are loaded at any time.
104  ******************************************************************************/
105 
106 #ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
107 #define FWU_MAX_SIMULTANEOUS_IMAGES	PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
108 #else
109 #define FWU_MAX_SIMULTANEOUS_IMAGES	10
110 #endif
111 
112 static unsigned int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = {
113 	[0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID
114 };
115 
116 /*
117  * Adds an image_id to the bl1_fwu_loaded_ids array.
118  * Returns 0 on success, 1 on error.
119  */
bl1_fwu_add_loaded_id(unsigned int image_id)120 static int bl1_fwu_add_loaded_id(unsigned int image_id)
121 {
122 	int i;
123 
124 	/* Check if the ID is already in the list */
125 	for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
126 		if (bl1_fwu_loaded_ids[i] == image_id)
127 			return 0;
128 	}
129 
130 	/* Find an empty slot */
131 	for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
132 		if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) {
133 			bl1_fwu_loaded_ids[i] = image_id;
134 			return 0;
135 		}
136 	}
137 
138 	return 1;
139 }
140 
141 /*
142  * Removes an image_id from the bl1_fwu_loaded_ids array.
143  * Returns 0 on success, 1 on error.
144  */
bl1_fwu_remove_loaded_id(unsigned int image_id)145 static int bl1_fwu_remove_loaded_id(unsigned int image_id)
146 {
147 	int i;
148 
149 	/* Find the ID */
150 	for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
151 		if (bl1_fwu_loaded_ids[i] == image_id) {
152 			bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID;
153 			return 0;
154 		}
155 	}
156 
157 	return 1;
158 }
159 
160 /*******************************************************************************
161  * This function checks if the specified image overlaps another image already
162  * loaded. It returns 0 if there is no overlap, a negative error code otherwise.
163  ******************************************************************************/
bl1_fwu_image_check_overlaps(unsigned int image_id)164 static int bl1_fwu_image_check_overlaps(unsigned int image_id)
165 {
166 	const image_desc_t *desc, *checked_desc;
167 	const image_info_t *info, *checked_info;
168 
169 	uintptr_t image_base, image_end;
170 	uintptr_t checked_image_base, checked_image_end;
171 
172 	checked_desc = bl1_plat_get_image_desc(image_id);
173 	checked_info = &checked_desc->image_info;
174 
175 	/* Image being checked mustn't be empty. */
176 	assert(checked_info->image_size != 0);
177 
178 	checked_image_base = checked_info->image_base;
179 	checked_image_end = checked_image_base + checked_info->image_size - 1;
180 	/* No need to check for overflows, it's done in bl1_fwu_image_copy(). */
181 
182 	for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
183 
184 		/* Skip INVALID_IMAGE_IDs and don't check image against itself */
185 		if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) ||
186 				(bl1_fwu_loaded_ids[i] == image_id))
187 			continue;
188 
189 		desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]);
190 
191 		/* Only check images that are loaded or being loaded. */
192 		assert ((desc != NULL) && (desc->state != IMAGE_STATE_RESET));
193 
194 		info = &desc->image_info;
195 
196 		/* There cannot be overlaps with an empty image. */
197 		if (info->image_size == 0)
198 			continue;
199 
200 		image_base = info->image_base;
201 		image_end = image_base + info->image_size - 1;
202 		/*
203 		 * Overflows cannot happen. It is checked in
204 		 * bl1_fwu_image_copy() when the image goes from RESET to
205 		 * COPYING or COPIED.
206 		 */
207 		assert (image_end > image_base);
208 
209 		/* Check if there are overlaps. */
210 		if (!((image_end < checked_image_base) ||
211 		    (checked_image_end < image_base))) {
212 			VERBOSE("Image with ID %d overlaps existing image with ID %d",
213 				checked_desc->image_id, desc->image_id);
214 			return -EPERM;
215 		}
216 	}
217 
218 	return 0;
219 }
220 
221 /*******************************************************************************
222  * This function is responsible for copying secure images in AP Secure RAM.
223  ******************************************************************************/
bl1_fwu_image_copy(unsigned int image_id,uintptr_t image_src,unsigned int block_size,unsigned int image_size,unsigned int flags)224 static int bl1_fwu_image_copy(unsigned int image_id,
225 			uintptr_t image_src,
226 			unsigned int block_size,
227 			unsigned int image_size,
228 			unsigned int flags)
229 {
230 	uintptr_t dest_addr;
231 	unsigned int remaining;
232 	image_desc_t *desc;
233 
234 	/* Get the image descriptor. */
235 	desc = bl1_plat_get_image_desc(image_id);
236 	if (desc == NULL) {
237 		WARN("BL1-FWU: Invalid image ID %u\n", image_id);
238 		return -EPERM;
239 	}
240 
241 	/*
242 	 * The request must originate from a non-secure caller and target a
243 	 * secure image. Any other scenario is invalid.
244 	 */
245 	if (GET_SECURITY_STATE(flags) == SECURE) {
246 		WARN("BL1-FWU: Copy not allowed from secure world.\n");
247 		return -EPERM;
248 	}
249 	if (GET_SECURITY_STATE(desc->ep_info.h.attr) == NON_SECURE) {
250 		WARN("BL1-FWU: Copy not allowed for non-secure images.\n");
251 		return -EPERM;
252 	}
253 
254 	/* Check whether the FWU state machine is in the correct state. */
255 	if ((desc->state != IMAGE_STATE_RESET) &&
256 	    (desc->state != IMAGE_STATE_COPYING)) {
257 		WARN("BL1-FWU: Copy not allowed at this point of the FWU"
258 			" process.\n");
259 		return -EPERM;
260 	}
261 
262 	if ((image_src == 0U) || (block_size == 0U) ||
263 	    check_uptr_overflow(image_src, block_size - 1)) {
264 		WARN("BL1-FWU: Copy not allowed due to invalid image source"
265 			" or block size\n");
266 		return -ENOMEM;
267 	}
268 
269 	if (desc->state == IMAGE_STATE_COPYING) {
270 		/*
271 		 * There must have been at least 1 copy operation for this image
272 		 * previously.
273 		 */
274 		assert(desc->copied_size != 0U);
275 		/*
276 		 * The image size must have been recorded in the 1st copy
277 		 * operation.
278 		 */
279 		image_size = desc->image_info.image_size;
280 		assert(image_size != 0);
281 		assert(desc->copied_size < image_size);
282 
283 		INFO("BL1-FWU: Continuing image copy in blocks\n");
284 	} else { /* desc->state == IMAGE_STATE_RESET */
285 		INFO("BL1-FWU: Initial call to copy an image\n");
286 
287 		/*
288 		 * image_size is relevant only for the 1st copy request, it is
289 		 * then ignored for subsequent calls for this image.
290 		 */
291 		if (image_size == 0) {
292 			WARN("BL1-FWU: Copy not allowed due to invalid image"
293 				" size\n");
294 			return -ENOMEM;
295 		}
296 
297 		/* Check that the image size to load is within limit */
298 		if (image_size > desc->image_info.image_max_size) {
299 			WARN("BL1-FWU: Image size out of bounds\n");
300 			return -ENOMEM;
301 		}
302 
303 		/* Save the given image size. */
304 		desc->image_info.image_size = image_size;
305 
306 		/* Make sure the image doesn't overlap other images. */
307 		if (bl1_fwu_image_check_overlaps(image_id) != 0) {
308 			desc->image_info.image_size = 0;
309 			WARN("BL1-FWU: This image overlaps another one\n");
310 			return -EPERM;
311 		}
312 
313 		/*
314 		 * copied_size must be explicitly initialized here because the
315 		 * FWU code doesn't necessarily do it when it resets the state
316 		 * machine.
317 		 */
318 		desc->copied_size = 0;
319 	}
320 
321 	/*
322 	 * If the given block size is more than the total image size
323 	 * then clip the former to the latter.
324 	 */
325 	remaining = image_size - desc->copied_size;
326 	if (block_size > remaining) {
327 		WARN("BL1-FWU: Block size is too big, clipping it.\n");
328 		block_size = remaining;
329 	}
330 
331 	/* Make sure the source image is mapped in memory. */
332 	if (bl1_plat_mem_check(image_src, block_size, flags) != 0) {
333 		WARN("BL1-FWU: Source image is not mapped.\n");
334 		return -ENOMEM;
335 	}
336 
337 	if (bl1_fwu_add_loaded_id(image_id) != 0) {
338 		WARN("BL1-FWU: Too many images loaded at the same time.\n");
339 		return -ENOMEM;
340 	}
341 
342 	/* Allow the platform to handle pre-image load before copying */
343 	if (desc->state == IMAGE_STATE_RESET) {
344 		if (bl1_plat_handle_pre_image_load(image_id) != 0) {
345 			ERROR("BL1-FWU: Failure in pre-image load of image id %d\n",
346 					image_id);
347 			return -EPERM;
348 		}
349 	}
350 
351 	/* Everything looks sane. Go ahead and copy the block of data. */
352 	dest_addr = desc->image_info.image_base + desc->copied_size;
353 	(void)memcpy((void *) dest_addr, (const void *) image_src, block_size);
354 	flush_dcache_range(dest_addr, block_size);
355 
356 	desc->copied_size += block_size;
357 	desc->state = (block_size == remaining) ?
358 		IMAGE_STATE_COPIED : IMAGE_STATE_COPYING;
359 
360 	INFO("BL1-FWU: Copy operation successful.\n");
361 	return 0;
362 }
363 
364 /*******************************************************************************
365  * This function is responsible for authenticating Normal/Secure images.
366  ******************************************************************************/
bl1_fwu_image_auth(unsigned int image_id,uintptr_t image_src,unsigned int image_size,unsigned int flags)367 static int bl1_fwu_image_auth(unsigned int image_id,
368 			uintptr_t image_src,
369 			unsigned int image_size,
370 			unsigned int flags)
371 {
372 	int result;
373 	uintptr_t base_addr;
374 	unsigned int total_size;
375 	image_desc_t *desc;
376 
377 	/* Get the image descriptor. */
378 	desc = bl1_plat_get_image_desc(image_id);
379 	if (desc ==  NULL)
380 		return -EPERM;
381 
382 	if (GET_SECURITY_STATE(flags) == SECURE) {
383 		if (desc->state != IMAGE_STATE_RESET) {
384 			WARN("BL1-FWU: Authentication from secure world "
385 				"while in invalid state\n");
386 			return -EPERM;
387 		}
388 	} else {
389 		if (GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE) {
390 			if (desc->state != IMAGE_STATE_COPIED) {
391 				WARN("BL1-FWU: Authentication of secure image "
392 					"from non-secure world while not in copied state\n");
393 				return -EPERM;
394 			}
395 		} else {
396 			if (desc->state != IMAGE_STATE_RESET) {
397 				WARN("BL1-FWU: Authentication of non-secure image "
398 					"from non-secure world while in invalid state\n");
399 				return -EPERM;
400 			}
401 		}
402 	}
403 
404 	if (desc->state == IMAGE_STATE_COPIED) {
405 		/*
406 		 * Image is in COPIED state.
407 		 * Use the stored address and size.
408 		 */
409 		base_addr = desc->image_info.image_base;
410 		total_size = desc->image_info.image_size;
411 	} else {
412 		if ((image_src == 0U) || (image_size == 0U) ||
413 		    check_uptr_overflow(image_src, image_size - 1)) {
414 			WARN("BL1-FWU: Auth not allowed due to invalid"
415 				" image source/size\n");
416 			return -ENOMEM;
417 		}
418 
419 		/*
420 		 * Image is in RESET state.
421 		 * Check the parameters and authenticate the source image in place.
422 		 */
423 		if (bl1_plat_mem_check(image_src, image_size,	\
424 					desc->ep_info.h.attr) != 0) {
425 			WARN("BL1-FWU: Authentication arguments source/size not mapped\n");
426 			return -ENOMEM;
427 		}
428 
429 		if (bl1_fwu_add_loaded_id(image_id) != 0) {
430 			WARN("BL1-FWU: Too many images loaded at the same time.\n");
431 			return -ENOMEM;
432 		}
433 
434 		base_addr = image_src;
435 		total_size = image_size;
436 
437 		/* Update the image size in the descriptor. */
438 		desc->image_info.image_size = total_size;
439 	}
440 
441 	/*
442 	 * Authenticate the image.
443 	 */
444 	INFO("BL1-FWU: Authenticating image_id:%d\n", image_id);
445 	result = auth_mod_verify_img(image_id, (void *)base_addr, total_size);
446 	if (result != 0) {
447 		WARN("BL1-FWU: Authentication Failed err=%d\n", result);
448 
449 		/*
450 		 * Authentication has failed.
451 		 * Clear the memory if the image was copied.
452 		 * This is to prevent an attack where this contains
453 		 * some malicious code that can somehow be executed later.
454 		 */
455 		if (desc->state == IMAGE_STATE_COPIED) {
456 			/* Clear the memory.*/
457 			zero_normalmem((void *)base_addr, total_size);
458 			flush_dcache_range(base_addr, total_size);
459 
460 			/* Indicate that image can be copied again*/
461 			desc->state = IMAGE_STATE_RESET;
462 		}
463 
464 		/*
465 		 * Even if this fails it's ok because the ID isn't in the array.
466 		 * The image cannot be in RESET state here, it is checked at the
467 		 * beginning of the function.
468 		 */
469 		(void)bl1_fwu_remove_loaded_id(image_id);
470 		return -EAUTH;
471 	}
472 
473 	/* Indicate that image is in authenticated state. */
474 	desc->state = IMAGE_STATE_AUTHENTICATED;
475 
476 	/* Allow the platform to handle post-image load */
477 	result = bl1_plat_handle_post_image_load(image_id);
478 	if (result != 0) {
479 		ERROR("BL1-FWU: Failure %d in post-image load of image id %d\n",
480 				result, image_id);
481 		/*
482 		 * Panic here as the platform handling of post-image load is
483 		 * not correct.
484 		 */
485 		plat_error_handler(result);
486 	}
487 
488 	/*
489 	 * Flush image_info to memory so that other
490 	 * secure world images can see changes.
491 	 */
492 	flush_dcache_range((uintptr_t)&desc->image_info,
493 		sizeof(image_info_t));
494 
495 	INFO("BL1-FWU: Authentication was successful\n");
496 
497 	return 0;
498 }
499 
500 /*******************************************************************************
501  * This function is responsible for executing Secure images.
502  ******************************************************************************/
bl1_fwu_image_execute(unsigned int image_id,void ** handle,unsigned int flags)503 static int bl1_fwu_image_execute(unsigned int image_id,
504 			void **handle,
505 			unsigned int flags)
506 {
507 	/* Get the image descriptor. */
508 	image_desc_t *desc = bl1_plat_get_image_desc(image_id);
509 
510 	/*
511 	 * Execution is NOT allowed if:
512 	 * image_id is invalid OR
513 	 * Caller is from Secure world OR
514 	 * Image is Non-Secure OR
515 	 * Image is Non-Executable OR
516 	 * Image is NOT in AUTHENTICATED state.
517 	 */
518 	if ((desc == NULL) ||
519 	    (GET_SECURITY_STATE(flags) == SECURE) ||
520 	    (GET_SECURITY_STATE(desc->ep_info.h.attr) == NON_SECURE) ||
521 	    (EP_GET_EXE(desc->ep_info.h.attr) == NON_EXECUTABLE) ||
522 	    (desc->state != IMAGE_STATE_AUTHENTICATED)) {
523 		WARN("BL1-FWU: Execution not allowed due to invalid state/args\n");
524 		return -EPERM;
525 	}
526 
527 	INFO("BL1-FWU: Executing Secure image\n");
528 
529 #ifdef __aarch64__
530 	/* Save NS-EL1 system registers. */
531 	cm_el1_sysregs_context_save(NON_SECURE);
532 #endif
533 
534 	/* Prepare the image for execution. */
535 	bl1_prepare_next_image(image_id);
536 
537 	/* Update the secure image id. */
538 	sec_exec_image_id = image_id;
539 
540 #ifdef __aarch64__
541 	*handle = cm_get_context(SECURE);
542 #else
543 	*handle = smc_get_ctx(SECURE);
544 #endif
545 	return 0;
546 }
547 
548 /*******************************************************************************
549  * This function is responsible for resuming execution in the other security
550  * world
551  ******************************************************************************/
bl1_fwu_image_resume(register_t image_param,void ** handle,unsigned int flags)552 static register_t bl1_fwu_image_resume(register_t image_param,
553 			void **handle,
554 			unsigned int flags)
555 {
556 	image_desc_t *desc;
557 	unsigned int resume_sec_state;
558 	unsigned int caller_sec_state = GET_SECURITY_STATE(flags);
559 
560 	/* Get the image descriptor for last executed secure image id. */
561 	desc = bl1_plat_get_image_desc(sec_exec_image_id);
562 	if (caller_sec_state == NON_SECURE) {
563 		if (desc == NULL) {
564 			WARN("BL1-FWU: Resume not allowed due to no available"
565 				"secure image\n");
566 			return -EPERM;
567 		}
568 	} else {
569 		/* desc must be valid for secure world callers */
570 		assert(desc != NULL);
571 	}
572 
573 	assert(GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE);
574 	assert(EP_GET_EXE(desc->ep_info.h.attr) == EXECUTABLE);
575 
576 	if (caller_sec_state == SECURE) {
577 		assert(desc->state == IMAGE_STATE_EXECUTED);
578 
579 		/* Update the flags. */
580 		desc->state = IMAGE_STATE_INTERRUPTED;
581 		resume_sec_state = NON_SECURE;
582 	} else {
583 		assert(desc->state == IMAGE_STATE_INTERRUPTED);
584 
585 		/* Update the flags. */
586 		desc->state = IMAGE_STATE_EXECUTED;
587 		resume_sec_state = SECURE;
588 	}
589 
590 	INFO("BL1-FWU: Resuming %s world context\n",
591 		(resume_sec_state == SECURE) ? "secure" : "normal");
592 
593 #ifdef __aarch64__
594 	/* Save the EL1 system registers of calling world. */
595 	cm_el1_sysregs_context_save(caller_sec_state);
596 
597 	/* Restore the EL1 system registers of resuming world. */
598 	cm_el1_sysregs_context_restore(resume_sec_state);
599 
600 	/* Update the next context. */
601 	cm_set_next_eret_context(resume_sec_state);
602 
603 	*handle = cm_get_context(resume_sec_state);
604 #else
605 	/* Update the next context. */
606 	cm_set_next_context(cm_get_context(resume_sec_state));
607 
608 	/* Prepare the smc context for the next BL image. */
609 	smc_set_next_ctx(resume_sec_state);
610 
611 	*handle = smc_get_ctx(resume_sec_state);
612 #endif
613 	return image_param;
614 }
615 
616 /*******************************************************************************
617  * This function is responsible for resuming normal world context.
618  ******************************************************************************/
bl1_fwu_sec_image_done(void ** handle,unsigned int flags)619 static int bl1_fwu_sec_image_done(void **handle, unsigned int flags)
620 {
621 	image_desc_t *desc;
622 
623 	/* Make sure caller is from the secure world */
624 	if (GET_SECURITY_STATE(flags) == NON_SECURE) {
625 		WARN("BL1-FWU: Image done not allowed from normal world\n");
626 		return -EPERM;
627 	}
628 
629 	/* Get the image descriptor for last executed secure image id */
630 	desc = bl1_plat_get_image_desc(sec_exec_image_id);
631 
632 	/* desc must correspond to a valid secure executing image */
633 	assert(desc != NULL);
634 	assert(GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE);
635 	assert(EP_GET_EXE(desc->ep_info.h.attr) == EXECUTABLE);
636 	assert(desc->state == IMAGE_STATE_EXECUTED);
637 
638 #if ENABLE_ASSERTIONS
639 	int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id);
640 	assert(rc == 0);
641 #else
642 	bl1_fwu_remove_loaded_id(sec_exec_image_id);
643 #endif
644 
645 	/* Update the flags. */
646 	desc->state = IMAGE_STATE_RESET;
647 	sec_exec_image_id = INVALID_IMAGE_ID;
648 
649 	INFO("BL1-FWU: Resuming Normal world context\n");
650 #ifdef __aarch64__
651 	/*
652 	 * Secure world is done so no need to save the context.
653 	 * Just restore the Non-Secure context.
654 	 */
655 	cm_el1_sysregs_context_restore(NON_SECURE);
656 
657 	/* Update the next context. */
658 	cm_set_next_eret_context(NON_SECURE);
659 
660 	*handle = cm_get_context(NON_SECURE);
661 #else
662 	/* Update the next context. */
663 	cm_set_next_context(cm_get_context(NON_SECURE));
664 
665 	/* Prepare the smc context for the next BL image. */
666 	smc_set_next_ctx(NON_SECURE);
667 
668 	*handle = smc_get_ctx(NON_SECURE);
669 #endif
670 	return 0;
671 }
672 
673 /*******************************************************************************
674  * This function provides the opportunity for users to perform any
675  * platform specific handling after the Firmware update is done.
676  ******************************************************************************/
bl1_fwu_done(void * client_cookie,void * reserved)677 __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved)
678 {
679 	NOTICE("BL1-FWU: *******FWU Process Completed*******\n");
680 
681 	/*
682 	 * Call platform done function.
683 	 */
684 	bl1_plat_fwu_done(client_cookie, reserved);
685 	assert(false);
686 }
687 
688 /*******************************************************************************
689  * This function resets an image to IMAGE_STATE_RESET. It fails if the image is
690  * being executed.
691  ******************************************************************************/
bl1_fwu_image_reset(unsigned int image_id,unsigned int flags)692 static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags)
693 {
694 	image_desc_t *desc = bl1_plat_get_image_desc(image_id);
695 
696 	if ((desc == NULL) || (GET_SECURITY_STATE(flags) == SECURE)) {
697 		WARN("BL1-FWU: Reset not allowed due to invalid args\n");
698 		return -EPERM;
699 	}
700 
701 	switch (desc->state) {
702 
703 	case IMAGE_STATE_RESET:
704 		/* Nothing to do. */
705 		break;
706 
707 	case IMAGE_STATE_INTERRUPTED:
708 	case IMAGE_STATE_AUTHENTICATED:
709 	case IMAGE_STATE_COPIED:
710 	case IMAGE_STATE_COPYING:
711 
712 		if (bl1_fwu_remove_loaded_id(image_id) != 0) {
713 			WARN("BL1-FWU: Image reset couldn't find the image ID\n");
714 			return -EPERM;
715 		}
716 
717 		if (desc->copied_size != 0U) {
718 			/* Clear the memory if the image is copied */
719 			assert(GET_SECURITY_STATE(desc->ep_info.h.attr)
720 				== SECURE);
721 
722 			zero_normalmem((void *)desc->image_info.image_base,
723 					desc->copied_size);
724 			flush_dcache_range(desc->image_info.image_base,
725 					desc->copied_size);
726 		}
727 
728 		/* Reset status variables */
729 		desc->copied_size = 0;
730 		desc->image_info.image_size = 0;
731 		desc->state = IMAGE_STATE_RESET;
732 
733 		/* Clear authentication state */
734 		auth_img_flags[image_id] = 0;
735 
736 		break;
737 
738 	case IMAGE_STATE_EXECUTED:
739 	default:
740 		assert(false); /* Unreachable */
741 		break;
742 	}
743 
744 	return 0;
745 }
746