summaryrefslogtreecommitdiffstats
path: root/bl1/bl1_fwu.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 17:43:51 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 17:43:51 +0000
commitbe58c81aff4cd4c0ccf43dbd7998da4a6a08c03b (patch)
tree779c248fb61c83f65d1f0dc867f2053d76b4e03a /bl1/bl1_fwu.c
parentInitial commit. (diff)
downloadarm-trusted-firmware-be58c81aff4cd4c0ccf43dbd7998da4a6a08c03b.tar.xz
arm-trusted-firmware-be58c81aff4cd4c0ccf43dbd7998da4a6a08c03b.zip
Adding upstream version 2.10.0+dfsg.upstream/2.10.0+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--bl1/bl1_fwu.c745
1 files changed, 745 insertions, 0 deletions
diff --git a/bl1/bl1_fwu.c b/bl1/bl1_fwu.c
new file mode 100644
index 0000000..6d4dc7e
--- /dev/null
+++ b/bl1/bl1_fwu.c
@@ -0,0 +1,745 @@
+/*
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+
+#include <platform_def.h>
+
+#include <arch_helpers.h>
+#include <bl1/bl1.h>
+#include <common/bl_common.h>
+#include <common/debug.h>
+#include <context.h>
+#include <drivers/auth/auth_mod.h>
+#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/utils.h>
+#include <plat/common/platform.h>
+#include <smccc_helpers.h>
+
+#include "bl1_private.h"
+
+/*
+ * Function declarations.
+ */
+static int bl1_fwu_image_copy(unsigned int image_id,
+ uintptr_t image_src,
+ unsigned int block_size,
+ unsigned int image_size,
+ unsigned int flags);
+static int bl1_fwu_image_auth(unsigned int image_id,
+ uintptr_t image_src,
+ unsigned int image_size,
+ unsigned int flags);
+static int bl1_fwu_image_execute(unsigned int image_id,
+ void **handle,
+ unsigned int flags);
+static register_t bl1_fwu_image_resume(register_t image_param,
+ void **handle,
+ unsigned int flags);
+static int bl1_fwu_sec_image_done(void **handle,
+ unsigned int flags);
+static int bl1_fwu_image_reset(unsigned int image_id,
+ unsigned int flags);
+__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved);
+
+/*
+ * This keeps track of last executed secure image id.
+ */
+static unsigned int sec_exec_image_id = INVALID_IMAGE_ID;
+
+/*******************************************************************************
+ * Top level handler for servicing FWU SMCs.
+ ******************************************************************************/
+u_register_t bl1_fwu_smc_handler(unsigned int smc_fid,
+ u_register_t x1,
+ u_register_t x2,
+ u_register_t x3,
+ u_register_t x4,
+ void *cookie,
+ void *handle,
+ unsigned int flags)
+{
+
+ switch (smc_fid) {
+ case FWU_SMC_IMAGE_COPY:
+ SMC_RET1(handle, bl1_fwu_image_copy((uint32_t)x1, x2,
+ (uint32_t)x3, (uint32_t)x4, flags));
+
+ case FWU_SMC_IMAGE_AUTH:
+ SMC_RET1(handle, bl1_fwu_image_auth((uint32_t)x1, x2,
+ (uint32_t)x3, flags));
+
+ case FWU_SMC_IMAGE_EXECUTE:
+ SMC_RET1(handle, bl1_fwu_image_execute((uint32_t)x1, &handle,
+ flags));
+
+ case FWU_SMC_IMAGE_RESUME:
+ SMC_RET1(handle, bl1_fwu_image_resume((register_t)x1, &handle,
+ flags));
+
+ case FWU_SMC_SEC_IMAGE_DONE:
+ SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags));
+
+ case FWU_SMC_IMAGE_RESET:
+ SMC_RET1(handle, bl1_fwu_image_reset((uint32_t)x1, flags));
+
+ case FWU_SMC_UPDATE_DONE:
+ bl1_fwu_done((void *)x1, NULL);
+
+ default:
+ assert(false); /* Unreachable */
+ break;
+ }
+
+ SMC_RET1(handle, SMC_UNK);
+}
+
+/*******************************************************************************
+ * Utility functions to keep track of the images that are loaded at any time.
+ ******************************************************************************/
+
+#ifdef PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
+#define FWU_MAX_SIMULTANEOUS_IMAGES PLAT_FWU_MAX_SIMULTANEOUS_IMAGES
+#else
+#define FWU_MAX_SIMULTANEOUS_IMAGES 10
+#endif
+
+static unsigned int bl1_fwu_loaded_ids[FWU_MAX_SIMULTANEOUS_IMAGES] = {
+ [0 ... FWU_MAX_SIMULTANEOUS_IMAGES-1] = INVALID_IMAGE_ID
+};
+
+/*
+ * Adds an image_id to the bl1_fwu_loaded_ids array.
+ * Returns 0 on success, 1 on error.
+ */
+static int bl1_fwu_add_loaded_id(unsigned int image_id)
+{
+ int i;
+
+ /* Check if the ID is already in the list */
+ for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
+ if (bl1_fwu_loaded_ids[i] == image_id)
+ return 0;
+ }
+
+ /* Find an empty slot */
+ for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
+ if (bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) {
+ bl1_fwu_loaded_ids[i] = image_id;
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+/*
+ * Removes an image_id from the bl1_fwu_loaded_ids array.
+ * Returns 0 on success, 1 on error.
+ */
+static int bl1_fwu_remove_loaded_id(unsigned int image_id)
+{
+ int i;
+
+ /* Find the ID */
+ for (i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
+ if (bl1_fwu_loaded_ids[i] == image_id) {
+ bl1_fwu_loaded_ids[i] = INVALID_IMAGE_ID;
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+/*******************************************************************************
+ * This function checks if the specified image overlaps another image already
+ * loaded. It returns 0 if there is no overlap, a negative error code otherwise.
+ ******************************************************************************/
+static int bl1_fwu_image_check_overlaps(unsigned int image_id)
+{
+ const image_desc_t *desc, *checked_desc;
+ const image_info_t *info, *checked_info;
+
+ uintptr_t image_base, image_end;
+ uintptr_t checked_image_base, checked_image_end;
+
+ checked_desc = bl1_plat_get_image_desc(image_id);
+ checked_info = &checked_desc->image_info;
+
+ /* Image being checked mustn't be empty. */
+ assert(checked_info->image_size != 0);
+
+ checked_image_base = checked_info->image_base;
+ checked_image_end = checked_image_base + checked_info->image_size - 1;
+ /* No need to check for overflows, it's done in bl1_fwu_image_copy(). */
+
+ for (int i = 0; i < FWU_MAX_SIMULTANEOUS_IMAGES; i++) {
+
+ /* Skip INVALID_IMAGE_IDs and don't check image against itself */
+ if ((bl1_fwu_loaded_ids[i] == INVALID_IMAGE_ID) ||
+ (bl1_fwu_loaded_ids[i] == image_id))
+ continue;
+
+ desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]);
+
+ /* Only check images that are loaded or being loaded. */
+ assert ((desc != NULL) && (desc->state != IMAGE_STATE_RESET));
+
+ info = &desc->image_info;
+
+ /* There cannot be overlaps with an empty image. */
+ if (info->image_size == 0)
+ continue;
+
+ image_base = info->image_base;
+ image_end = image_base + info->image_size - 1;
+ /*
+ * Overflows cannot happen. It is checked in
+ * bl1_fwu_image_copy() when the image goes from RESET to
+ * COPYING or COPIED.
+ */
+ assert (image_end > image_base);
+
+ /* Check if there are overlaps. */
+ if (!((image_end < checked_image_base) ||
+ (checked_image_end < image_base))) {
+ VERBOSE("Image with ID %d overlaps existing image with ID %d",
+ checked_desc->image_id, desc->image_id);
+ return -EPERM;
+ }
+ }
+
+ return 0;
+}
+
+/*******************************************************************************
+ * This function is responsible for copying secure images in AP Secure RAM.
+ ******************************************************************************/
+static int bl1_fwu_image_copy(unsigned int image_id,
+ uintptr_t image_src,
+ unsigned int block_size,
+ unsigned int image_size,
+ unsigned int flags)
+{
+ uintptr_t dest_addr;
+ unsigned int remaining;
+ image_desc_t *desc;
+
+ /* Get the image descriptor. */
+ desc = bl1_plat_get_image_desc(image_id);
+ if (desc == NULL) {
+ WARN("BL1-FWU: Invalid image ID %u\n", image_id);
+ return -EPERM;
+ }
+
+ /*
+ * The request must originate from a non-secure caller and target a
+ * secure image. Any other scenario is invalid.
+ */
+ if (GET_SECURITY_STATE(flags) == SECURE) {
+ WARN("BL1-FWU: Copy not allowed from secure world.\n");
+ return -EPERM;
+ }
+ if (GET_SECURITY_STATE(desc->ep_info.h.attr) == NON_SECURE) {
+ WARN("BL1-FWU: Copy not allowed for non-secure images.\n");
+ return -EPERM;
+ }
+
+ /* Check whether the FWU state machine is in the correct state. */
+ if ((desc->state != IMAGE_STATE_RESET) &&
+ (desc->state != IMAGE_STATE_COPYING)) {
+ WARN("BL1-FWU: Copy not allowed at this point of the FWU"
+ " process.\n");
+ return -EPERM;
+ }
+
+ if ((image_src == 0U) || (block_size == 0U) ||
+ check_uptr_overflow(image_src, block_size - 1)) {
+ WARN("BL1-FWU: Copy not allowed due to invalid image source"
+ " or block size\n");
+ return -ENOMEM;
+ }
+
+ if (desc->state == IMAGE_STATE_COPYING) {
+ /*
+ * There must have been at least 1 copy operation for this image
+ * previously.
+ */
+ assert(desc->copied_size != 0U);
+ /*
+ * The image size must have been recorded in the 1st copy
+ * operation.
+ */
+ image_size = desc->image_info.image_size;
+ assert(image_size != 0);
+ assert(desc->copied_size < image_size);
+
+ INFO("BL1-FWU: Continuing image copy in blocks\n");
+ } else { /* desc->state == IMAGE_STATE_RESET */
+ INFO("BL1-FWU: Initial call to copy an image\n");
+
+ /*
+ * image_size is relevant only for the 1st copy request, it is
+ * then ignored for subsequent calls for this image.
+ */
+ if (image_size == 0) {
+ WARN("BL1-FWU: Copy not allowed due to invalid image"
+ " size\n");
+ return -ENOMEM;
+ }
+
+ /* Check that the image size to load is within limit */
+ if (image_size > desc->image_info.image_max_size) {
+ WARN("BL1-FWU: Image size out of bounds\n");
+ return -ENOMEM;
+ }
+
+ /* Save the given image size. */
+ desc->image_info.image_size = image_size;
+
+ /* Make sure the image doesn't overlap other images. */
+ if (bl1_fwu_image_check_overlaps(image_id) != 0) {
+ desc->image_info.image_size = 0;
+ WARN("BL1-FWU: This image overlaps another one\n");
+ return -EPERM;
+ }
+
+ /*
+ * copied_size must be explicitly initialized here because the
+ * FWU code doesn't necessarily do it when it resets the state
+ * machine.
+ */
+ desc->copied_size = 0;
+ }
+
+ /*
+ * If the given block size is more than the total image size
+ * then clip the former to the latter.
+ */
+ remaining = image_size - desc->copied_size;
+ if (block_size > remaining) {
+ WARN("BL1-FWU: Block size is too big, clipping it.\n");
+ block_size = remaining;
+ }
+
+ /* Make sure the source image is mapped in memory. */
+ if (bl1_plat_mem_check(image_src, block_size, flags) != 0) {
+ WARN("BL1-FWU: Source image is not mapped.\n");
+ return -ENOMEM;
+ }
+
+ if (bl1_fwu_add_loaded_id(image_id) != 0) {
+ WARN("BL1-FWU: Too many images loaded at the same time.\n");
+ return -ENOMEM;
+ }
+
+ /* Allow the platform to handle pre-image load before copying */
+ if (desc->state == IMAGE_STATE_RESET) {
+ if (bl1_plat_handle_pre_image_load(image_id) != 0) {
+ ERROR("BL1-FWU: Failure in pre-image load of image id %d\n",
+ image_id);
+ return -EPERM;
+ }
+ }
+
+ /* Everything looks sane. Go ahead and copy the block of data. */
+ dest_addr = desc->image_info.image_base + desc->copied_size;
+ (void)memcpy((void *) dest_addr, (const void *) image_src, block_size);
+ flush_dcache_range(dest_addr, block_size);
+
+ desc->copied_size += block_size;
+ desc->state = (block_size == remaining) ?
+ IMAGE_STATE_COPIED : IMAGE_STATE_COPYING;
+
+ INFO("BL1-FWU: Copy operation successful.\n");
+ return 0;
+}
+
+/*******************************************************************************
+ * This function is responsible for authenticating Normal/Secure images.
+ ******************************************************************************/
+static int bl1_fwu_image_auth(unsigned int image_id,
+ uintptr_t image_src,
+ unsigned int image_size,
+ unsigned int flags)
+{
+ int result;
+ uintptr_t base_addr;
+ unsigned int total_size;
+ image_desc_t *desc;
+
+ /* Get the image descriptor. */
+ desc = bl1_plat_get_image_desc(image_id);
+ if (desc == NULL)
+ return -EPERM;
+
+ if (GET_SECURITY_STATE(flags) == SECURE) {
+ if (desc->state != IMAGE_STATE_RESET) {
+ WARN("BL1-FWU: Authentication from secure world "
+ "while in invalid state\n");
+ return -EPERM;
+ }
+ } else {
+ if (GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE) {
+ if (desc->state != IMAGE_STATE_COPIED) {
+ WARN("BL1-FWU: Authentication of secure image "
+ "from non-secure world while not in copied state\n");
+ return -EPERM;
+ }
+ } else {
+ if (desc->state != IMAGE_STATE_RESET) {
+ WARN("BL1-FWU: Authentication of non-secure image "
+ "from non-secure world while in invalid state\n");
+ return -EPERM;
+ }
+ }
+ }
+
+ if (desc->state == IMAGE_STATE_COPIED) {
+ /*
+ * Image is in COPIED state.
+ * Use the stored address and size.
+ */
+ base_addr = desc->image_info.image_base;
+ total_size = desc->image_info.image_size;
+ } else {
+ if ((image_src == 0U) || (image_size == 0U) ||
+ check_uptr_overflow(image_src, image_size - 1)) {
+ WARN("BL1-FWU: Auth not allowed due to invalid"
+ " image source/size\n");
+ return -ENOMEM;
+ }
+
+ /*
+ * Image is in RESET state.
+ * Check the parameters and authenticate the source image in place.
+ */
+ if (bl1_plat_mem_check(image_src, image_size,
+ desc->ep_info.h.attr) != 0) {
+ WARN("BL1-FWU: Authentication arguments source/size not mapped\n");
+ return -ENOMEM;
+ }
+
+ if (bl1_fwu_add_loaded_id(image_id) != 0) {
+ WARN("BL1-FWU: Too many images loaded at the same time.\n");
+ return -ENOMEM;
+ }
+
+ base_addr = image_src;
+ total_size = image_size;
+
+ /* Update the image size in the descriptor. */
+ desc->image_info.image_size = total_size;
+ }
+
+ /*
+ * Authenticate the image.
+ */
+ INFO("BL1-FWU: Authenticating image_id:%d\n", image_id);
+ result = auth_mod_verify_img(image_id, (void *)base_addr, total_size);
+ if (result != 0) {
+ WARN("BL1-FWU: Authentication Failed err=%d\n", result);
+
+ /*
+ * Authentication has failed.
+ * Clear the memory if the image was copied.
+ * This is to prevent an attack where this contains
+ * some malicious code that can somehow be executed later.
+ */
+ if (desc->state == IMAGE_STATE_COPIED) {
+ /* Clear the memory.*/
+ zero_normalmem((void *)base_addr, total_size);
+ flush_dcache_range(base_addr, total_size);
+
+ /* Indicate that image can be copied again*/
+ desc->state = IMAGE_STATE_RESET;
+ }
+
+ /*
+ * Even if this fails it's ok because the ID isn't in the array.
+ * The image cannot be in RESET state here, it is checked at the
+ * beginning of the function.
+ */
+ (void)bl1_fwu_remove_loaded_id(image_id);
+ return -EAUTH;
+ }
+
+ /* Indicate that image is in authenticated state. */
+ desc->state = IMAGE_STATE_AUTHENTICATED;
+
+ /* Allow the platform to handle post-image load */
+ result = bl1_plat_handle_post_image_load(image_id);
+ if (result != 0) {
+ ERROR("BL1-FWU: Failure %d in post-image load of image id %d\n",
+ result, image_id);
+ /*
+ * Panic here as the platform handling of post-image load is
+ * not correct.
+ */
+ plat_error_handler(result);
+ }
+
+ /*
+ * Flush image_info to memory so that other
+ * secure world images can see changes.
+ */
+ flush_dcache_range((uintptr_t)&desc->image_info,
+ sizeof(image_info_t));
+
+ INFO("BL1-FWU: Authentication was successful\n");
+
+ return 0;
+}
+
+/*******************************************************************************
+ * This function is responsible for executing Secure images.
+ ******************************************************************************/
+static int bl1_fwu_image_execute(unsigned int image_id,
+ void **handle,
+ unsigned int flags)
+{
+ /* Get the image descriptor. */
+ image_desc_t *desc = bl1_plat_get_image_desc(image_id);
+
+ /*
+ * Execution is NOT allowed if:
+ * image_id is invalid OR
+ * Caller is from Secure world OR
+ * Image is Non-Secure OR
+ * Image is Non-Executable OR
+ * Image is NOT in AUTHENTICATED state.
+ */
+ if ((desc == NULL) ||
+ (GET_SECURITY_STATE(flags) == SECURE) ||
+ (GET_SECURITY_STATE(desc->ep_info.h.attr) == NON_SECURE) ||
+ (EP_GET_EXE(desc->ep_info.h.attr) == NON_EXECUTABLE) ||
+ (desc->state != IMAGE_STATE_AUTHENTICATED)) {
+ WARN("BL1-FWU: Execution not allowed due to invalid state/args\n");
+ return -EPERM;
+ }
+
+ INFO("BL1-FWU: Executing Secure image\n");
+
+#ifdef __aarch64__
+ /* Save NS-EL1 system registers. */
+ cm_el1_sysregs_context_save(NON_SECURE);
+#endif
+
+ /* Prepare the image for execution. */
+ bl1_prepare_next_image(image_id);
+
+ /* Update the secure image id. */
+ sec_exec_image_id = image_id;
+
+#ifdef __aarch64__
+ *handle = cm_get_context(SECURE);
+#else
+ *handle = smc_get_ctx(SECURE);
+#endif
+ return 0;
+}
+
+/*******************************************************************************
+ * This function is responsible for resuming execution in the other security
+ * world
+ ******************************************************************************/
+static register_t bl1_fwu_image_resume(register_t image_param,
+ void **handle,
+ unsigned int flags)
+{
+ image_desc_t *desc;
+ unsigned int resume_sec_state;
+ unsigned int caller_sec_state = GET_SECURITY_STATE(flags);
+
+ /* Get the image descriptor for last executed secure image id. */
+ desc = bl1_plat_get_image_desc(sec_exec_image_id);
+ if (caller_sec_state == NON_SECURE) {
+ if (desc == NULL) {
+ WARN("BL1-FWU: Resume not allowed due to no available"
+ "secure image\n");
+ return -EPERM;
+ }
+ } else {
+ /* desc must be valid for secure world callers */
+ assert(desc != NULL);
+ }
+
+ assert(GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE);
+ assert(EP_GET_EXE(desc->ep_info.h.attr) == EXECUTABLE);
+
+ if (caller_sec_state == SECURE) {
+ assert(desc->state == IMAGE_STATE_EXECUTED);
+
+ /* Update the flags. */
+ desc->state = IMAGE_STATE_INTERRUPTED;
+ resume_sec_state = NON_SECURE;
+ } else {
+ assert(desc->state == IMAGE_STATE_INTERRUPTED);
+
+ /* Update the flags. */
+ desc->state = IMAGE_STATE_EXECUTED;
+ resume_sec_state = SECURE;
+ }
+
+ INFO("BL1-FWU: Resuming %s world context\n",
+ (resume_sec_state == SECURE) ? "secure" : "normal");
+
+#ifdef __aarch64__
+ /* Save the EL1 system registers of calling world. */
+ cm_el1_sysregs_context_save(caller_sec_state);
+
+ /* Restore the EL1 system registers of resuming world. */
+ cm_el1_sysregs_context_restore(resume_sec_state);
+
+ /* Update the next context. */
+ cm_set_next_eret_context(resume_sec_state);
+
+ *handle = cm_get_context(resume_sec_state);
+#else
+ /* Update the next context. */
+ cm_set_next_context(cm_get_context(resume_sec_state));
+
+ /* Prepare the smc context for the next BL image. */
+ smc_set_next_ctx(resume_sec_state);
+
+ *handle = smc_get_ctx(resume_sec_state);
+#endif
+ return image_param;
+}
+
+/*******************************************************************************
+ * This function is responsible for resuming normal world context.
+ ******************************************************************************/
+static int bl1_fwu_sec_image_done(void **handle, unsigned int flags)
+{
+ image_desc_t *desc;
+
+ /* Make sure caller is from the secure world */
+ if (GET_SECURITY_STATE(flags) == NON_SECURE) {
+ WARN("BL1-FWU: Image done not allowed from normal world\n");
+ return -EPERM;
+ }
+
+ /* Get the image descriptor for last executed secure image id */
+ desc = bl1_plat_get_image_desc(sec_exec_image_id);
+
+ /* desc must correspond to a valid secure executing image */
+ assert(desc != NULL);
+ assert(GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE);
+ assert(EP_GET_EXE(desc->ep_info.h.attr) == EXECUTABLE);
+ assert(desc->state == IMAGE_STATE_EXECUTED);
+
+#if ENABLE_ASSERTIONS
+ int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id);
+ assert(rc == 0);
+#else
+ bl1_fwu_remove_loaded_id(sec_exec_image_id);
+#endif
+
+ /* Update the flags. */
+ desc->state = IMAGE_STATE_RESET;
+ sec_exec_image_id = INVALID_IMAGE_ID;
+
+ INFO("BL1-FWU: Resuming Normal world context\n");
+#ifdef __aarch64__
+ /*
+ * Secure world is done so no need to save the context.
+ * Just restore the Non-Secure context.
+ */
+ cm_el1_sysregs_context_restore(NON_SECURE);
+
+ /* Update the next context. */
+ cm_set_next_eret_context(NON_SECURE);
+
+ *handle = cm_get_context(NON_SECURE);
+#else
+ /* Update the next context. */
+ cm_set_next_context(cm_get_context(NON_SECURE));
+
+ /* Prepare the smc context for the next BL image. */
+ smc_set_next_ctx(NON_SECURE);
+
+ *handle = smc_get_ctx(NON_SECURE);
+#endif
+ return 0;
+}
+
+/*******************************************************************************
+ * This function provides the opportunity for users to perform any
+ * platform specific handling after the Firmware update is done.
+ ******************************************************************************/
+__dead2 static void bl1_fwu_done(void *client_cookie, void *reserved)
+{
+ NOTICE("BL1-FWU: *******FWU Process Completed*******\n");
+
+ /*
+ * Call platform done function.
+ */
+ bl1_plat_fwu_done(client_cookie, reserved);
+ assert(false);
+}
+
+/*******************************************************************************
+ * This function resets an image to IMAGE_STATE_RESET. It fails if the image is
+ * being executed.
+ ******************************************************************************/
+static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags)
+{
+ image_desc_t *desc = bl1_plat_get_image_desc(image_id);
+
+ if ((desc == NULL) || (GET_SECURITY_STATE(flags) == SECURE)) {
+ WARN("BL1-FWU: Reset not allowed due to invalid args\n");
+ return -EPERM;
+ }
+
+ switch (desc->state) {
+
+ case IMAGE_STATE_RESET:
+ /* Nothing to do. */
+ break;
+
+ case IMAGE_STATE_INTERRUPTED:
+ case IMAGE_STATE_AUTHENTICATED:
+ case IMAGE_STATE_COPIED:
+ case IMAGE_STATE_COPYING:
+
+ if (bl1_fwu_remove_loaded_id(image_id) != 0) {
+ WARN("BL1-FWU: Image reset couldn't find the image ID\n");
+ return -EPERM;
+ }
+
+ if (desc->copied_size != 0U) {
+ /* Clear the memory if the image is copied */
+ assert(GET_SECURITY_STATE(desc->ep_info.h.attr)
+ == SECURE);
+
+ zero_normalmem((void *)desc->image_info.image_base,
+ desc->copied_size);
+ flush_dcache_range(desc->image_info.image_base,
+ desc->copied_size);
+ }
+
+ /* Reset status variables */
+ desc->copied_size = 0;
+ desc->image_info.image_size = 0;
+ desc->state = IMAGE_STATE_RESET;
+
+ /* Clear authentication state */
+ auth_img_flags[image_id] = 0;
+
+ break;
+
+ case IMAGE_STATE_EXECUTED:
+ default:
+ assert(false); /* Unreachable */
+ break;
+ }
+
+ return 0;
+}