diff options
Diffstat (limited to 'bl1')
| -rw-r--r-- | bl1/aarch32/bl1_context_mgmt.c | 20 | ||||
| -rw-r--r-- | bl1/aarch32/bl1_exceptions.S | 2 | ||||
| -rw-r--r-- | bl1/aarch64/bl1_context_mgmt.c | 31 | ||||
| -rw-r--r-- | bl1/bl1.ld.S | 101 | ||||
| -rw-r--r-- | bl1/bl1.mk | 6 | ||||
| -rw-r--r-- | bl1/bl1_fwu.c | 213 | ||||
| -rw-r--r-- | bl1/bl1_main.c | 61 | ||||
| -rw-r--r-- | bl1/bl1_private.h | 12 | ||||
| -rw-r--r-- | bl1/tbbr/tbbr_img_desc.c | 3 |
9 files changed, 207 insertions, 242 deletions
diff --git a/bl1/aarch32/bl1_context_mgmt.c b/bl1/aarch32/bl1_context_mgmt.c index b5a6a3417..85d35a72b 100644 --- a/bl1/aarch32/bl1_context_mgmt.c +++ b/bl1/aarch32/bl1_context_mgmt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -53,10 +53,10 @@ void *cm_get_context(uint32_t security_state) return &bl1_cpu_context[security_state]; } -void cm_set_next_context(void *cpu_context) +void cm_set_next_context(void *context) { - assert(cpu_context); - bl1_next_cpu_context_ptr = cpu_context; + assert(context != NULL); + bl1_next_cpu_context_ptr = context; } void *cm_get_next_context(void) @@ -103,21 +103,21 @@ static void flush_smc_and_cpu_ctx(void) void bl1_prepare_next_image(unsigned int image_id) { unsigned int security_state, mode = MODE32_svc; - image_desc_t *image_desc; + image_desc_t *desc; entry_point_info_t *next_bl_ep; /* Get the image descriptor. */ - image_desc = bl1_plat_get_image_desc(image_id); - assert(image_desc); + desc = bl1_plat_get_image_desc(image_id); + assert(desc != NULL); /* Get the entry point info. */ - next_bl_ep = &image_desc->ep_info; + next_bl_ep = &desc->ep_info; /* Get the image security state. */ security_state = GET_SECURITY_STATE(next_bl_ep->h.attr); /* Prepare the SPSR for the next BL image. */ - if ((security_state != SECURE) && (GET_VIRT_EXT(read_id_pfr1()))) { + if ((security_state != SECURE) && (GET_VIRT_EXT(read_id_pfr1()) != 0U)) { mode = MODE32_hyp; } @@ -166,7 +166,7 @@ void bl1_prepare_next_image(unsigned int image_id) flush_smc_and_cpu_ctx(); /* Indicate that image is in execution state. */ - image_desc->state = IMAGE_STATE_EXECUTED; + desc->state = IMAGE_STATE_EXECUTED; print_entry_point_info(next_bl_ep); } diff --git a/bl1/aarch32/bl1_exceptions.S b/bl1/aarch32/bl1_exceptions.S index f2af9ab5b..493d2ca4e 100644 --- a/bl1/aarch32/bl1_exceptions.S +++ b/bl1/aarch32/bl1_exceptions.S @@ -80,7 +80,7 @@ debug_loop: add r8, r8, #ENTRY_POINT_INFO_ARGS_OFFSET ldm r8, {r0, r1, r2, r3} - eret + exception_return endfunc bl1_aarch32_smc_handler /* ----------------------------------------------------- diff --git a/bl1/aarch64/bl1_context_mgmt.c b/bl1/aarch64/bl1_context_mgmt.c index 8be8830a3..2a8d58efd 100644 --- a/bl1/aarch64/bl1_context_mgmt.c +++ b/bl1/aarch64/bl1_context_mgmt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -14,12 +14,6 @@ #include "../bl1_private.h" -/* - * Following array will be used for context management. - * There are 2 instances, for the Secure and Non-Secure contexts. - */ -static cpu_context_t bl1_cpu_context[2]; - /* Following contains the cpu context pointers. */ static void *bl1_cpu_context_ptr[2]; @@ -42,8 +36,15 @@ void cm_set_context(void *context, uint32_t security_state) ******************************************************************************/ void bl1_prepare_next_image(unsigned int image_id) { + + /* + * Following array will be used for context management. + * There are 2 instances, for the Secure and Non-Secure contexts. + */ + static cpu_context_t bl1_cpu_context[2]; + unsigned int security_state, mode = MODE_EL1; - image_desc_t *image_desc; + image_desc_t *desc; entry_point_info_t *next_bl_ep; #if CTX_INCLUDE_AARCH32_REGS @@ -59,17 +60,17 @@ void bl1_prepare_next_image(unsigned int image_id) #endif /* Get the image descriptor. */ - image_desc = bl1_plat_get_image_desc(image_id); - assert(image_desc); + desc = bl1_plat_get_image_desc(image_id); + assert(desc != NULL); /* Get the entry point info. */ - next_bl_ep = &image_desc->ep_info; + next_bl_ep = &desc->ep_info; /* Get the image security state. */ security_state = GET_SECURITY_STATE(next_bl_ep->h.attr); /* Setup the Secure/Non-Secure context if not done already. */ - if (!cm_get_context(security_state)) + if (cm_get_context(security_state) == NULL) cm_set_context(&bl1_cpu_context[security_state], security_state); /* Prepare the SPSR for the next BL image. */ @@ -77,8 +78,8 @@ void bl1_prepare_next_image(unsigned int image_id) mode = MODE_EL2; } - next_bl_ep->spsr = SPSR_64(mode, MODE_SP_ELX, - DISABLE_ALL_EXCEPTIONS); + next_bl_ep->spsr = (uint32_t)SPSR_64((uint64_t) mode, + (uint64_t)MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS); /* Allow platform to make change */ bl1_plat_set_ep_info(image_id, next_bl_ep); @@ -88,7 +89,7 @@ void bl1_prepare_next_image(unsigned int image_id) cm_prepare_el3_exit(security_state); /* Indicate that image is in execution state. */ - image_desc->state = IMAGE_STATE_EXECUTED; + desc->state = IMAGE_STATE_EXECUTED; print_entry_point_info(next_bl_ep); } diff --git a/bl1/bl1.ld.S b/bl1/bl1.ld.S index 877af8e01..bc23828e4 100644 --- a/bl1/bl1.ld.S +++ b/bl1/bl1.ld.S @@ -1,11 +1,18 @@ /* - * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ -#include <platform_def.h> +/* + * The .data section gets copied from ROM to RAM at runtime. + * Its LMA should be 16-byte aligned to allow efficient copying of 16-bytes + * aligned regions in it. + * Its VMA must be page-aligned as it marks the first read/write page. + */ +#define DATA_ALIGN 16 +#include <common/bl_common.ld.h> #include <lib/xlat_tables/xlat_tables_defs.h> OUTPUT_FORMAT(PLATFORM_LINKER_FORMAT) @@ -46,27 +53,19 @@ SECTIONS __RODATA_START__ = .; *(SORT_BY_ALIGNMENT(.rodata*)) - /* Ensure 8-byte alignment for descriptors and ensure inclusion */ - . = ALIGN(8); - __PARSER_LIB_DESCS_START__ = .; - KEEP(*(.img_parser_lib_descs)) - __PARSER_LIB_DESCS_END__ = .; - - /* - * Ensure 8-byte alignment for cpu_ops so that its fields are also - * aligned. Also ensure cpu_ops inclusion. - */ - . = ALIGN(8); - __CPU_OPS_START__ = .; - KEEP(*(cpu_ops)) - __CPU_OPS_END__ = .; + RODATA_COMMON /* * No need to pad out the .rodata section to a page boundary. Next is * the .data section, which can mapped in ROM with the same memory * attributes as the .rodata section. + * + * Pad out to 16 bytes though as .data section needs to be 16 byte + * aligned and lld does not align the LMA to the aligment specified + * on the .data section. */ __RODATA_END__ = .; + . = ALIGN(16); } >ROM #else ro . : { @@ -75,23 +74,17 @@ SECTIONS *(SORT_BY_ALIGNMENT(.text*)) *(SORT_BY_ALIGNMENT(.rodata*)) - /* Ensure 8-byte alignment for descriptors and ensure inclusion */ - . = ALIGN(8); - __PARSER_LIB_DESCS_START__ = .; - KEEP(*(.img_parser_lib_descs)) - __PARSER_LIB_DESCS_END__ = .; - - /* - * Ensure 8-byte alignment for cpu_ops so that its fields are also - * aligned. Also ensure cpu_ops inclusion. - */ - . = ALIGN(8); - __CPU_OPS_START__ = .; - KEEP(*(cpu_ops)) - __CPU_OPS_END__ = .; + RODATA_COMMON *(.vectors) __RO_END__ = .; + + /* + * Pad out to 16 bytes as .data section needs to be 16 byte aligned and + * lld does not align the LMA to the aligment specified on the .data + * section. + */ + . = ALIGN(16); } >ROM #endif @@ -102,49 +95,13 @@ SECTIONS ASSERT(BL1_RW_BASE == ALIGN(PAGE_SIZE), "BL1_RW_BASE address is not aligned on a page boundary.") - /* - * The .data section gets copied from ROM to RAM at runtime. - * Its LMA should be 16-byte aligned to allow efficient copying of 16-bytes - * aligned regions in it. - * Its VMA must be page-aligned as it marks the first read/write page. - * - * It must be placed at a lower address than the stacks if the stack - * protector is enabled. Alternatively, the .data.stack_protector_canary - * section can be placed independently of the main .data section. - */ - .data . : ALIGN(16) { - __DATA_RAM_START__ = .; - *(SORT_BY_ALIGNMENT(.data*)) - __DATA_RAM_END__ = .; - } >RAM AT>ROM - - stacks . (NOLOAD) : { - __STACKS_START__ = .; - *(tzfw_normal_stacks) - __STACKS_END__ = .; - } >RAM - - /* - * The .bss section gets initialised to 0 at runtime. - * Its base address should be 16-byte aligned for better performance of the - * zero-initialization code. - */ - .bss : ALIGN(16) { - __BSS_START__ = .; - *(SORT_BY_ALIGNMENT(.bss*)) - *(COMMON) - __BSS_END__ = .; - } >RAM + DATA_SECTION >RAM AT>ROM + __DATA_RAM_START__ = __DATA_START__; + __DATA_RAM_END__ = __DATA_END__; - /* - * The xlat_table section is for full, aligned page tables (4K). - * Removing them from .bss avoids forcing 4K alignment on - * the .bss section. The tables are initialized to zero by the translation - * tables library. - */ - xlat_table (NOLOAD) : { - *(xlat_table) - } >RAM + STACK_SECTION >RAM + BSS_SECTION >RAM + XLAT_TABLE_SECTION >RAM #if USE_COHERENT_MEM /* diff --git a/bl1/bl1.mk b/bl1/bl1.mk index b83999075..d11b4ab0e 100644 --- a/bl1/bl1.mk +++ b/bl1/bl1.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -16,6 +16,10 @@ BL1_SOURCES += bl1/bl1_main.c \ plat/common/${ARCH}/platform_up_stack.S \ ${MBEDTLS_SOURCES} +ifeq (${DISABLE_MTPMU},1) +BL1_SOURCES += lib/extensions/mtpmu/${ARCH}/mtpmu.S +endif + ifeq (${ARCH},aarch64) BL1_SOURCES += lib/cpus/aarch64/dsu_helpers.S \ lib/el3_runtime/aarch64/context.S diff --git a/bl1/bl1_fwu.c b/bl1/bl1_fwu.c index 48f08d2ca..b70bffd91 100644 --- a/bl1/bl1_fwu.c +++ b/bl1/bl1_fwu.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -55,11 +55,11 @@ static unsigned int sec_exec_image_id = INVALID_IMAGE_ID; /******************************************************************************* * Top level handler for servicing FWU SMCs. ******************************************************************************/ -register_t bl1_fwu_smc_handler(unsigned int smc_fid, - register_t x1, - register_t x2, - register_t x3, - register_t x4, +u_register_t bl1_fwu_smc_handler(unsigned int smc_fid, + u_register_t x1, + u_register_t x2, + u_register_t x3, + u_register_t x4, void *cookie, void *handle, unsigned int flags) @@ -67,28 +67,32 @@ register_t bl1_fwu_smc_handler(unsigned int smc_fid, switch (smc_fid) { case FWU_SMC_IMAGE_COPY: - SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags)); + SMC_RET1(handle, bl1_fwu_image_copy((uint32_t)x1, x2, + (uint32_t)x3, (uint32_t)x4, flags)); case FWU_SMC_IMAGE_AUTH: - SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags)); + SMC_RET1(handle, bl1_fwu_image_auth((uint32_t)x1, x2, + (uint32_t)x3, flags)); case FWU_SMC_IMAGE_EXECUTE: - SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags)); + SMC_RET1(handle, bl1_fwu_image_execute((uint32_t)x1, &handle, + flags)); case FWU_SMC_IMAGE_RESUME: - SMC_RET1(handle, bl1_fwu_image_resume(x1, &handle, flags)); + SMC_RET1(handle, bl1_fwu_image_resume((register_t)x1, &handle, + flags)); case FWU_SMC_SEC_IMAGE_DONE: SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags)); case FWU_SMC_IMAGE_RESET: - SMC_RET1(handle, bl1_fwu_image_reset(x1, flags)); + SMC_RET1(handle, bl1_fwu_image_reset((uint32_t)x1, flags)); case FWU_SMC_UPDATE_DONE: bl1_fwu_done((void *)x1, NULL); default: - assert(0); /* Unreachable */ + assert(false); /* Unreachable */ break; } @@ -159,14 +163,14 @@ static int bl1_fwu_remove_loaded_id(unsigned int image_id) ******************************************************************************/ static int bl1_fwu_image_check_overlaps(unsigned int image_id) { - const image_desc_t *image_desc, *checked_image_desc; + const image_desc_t *desc, *checked_desc; const image_info_t *info, *checked_info; uintptr_t image_base, image_end; uintptr_t checked_image_base, checked_image_end; - checked_image_desc = bl1_plat_get_image_desc(image_id); - checked_info = &checked_image_desc->image_info; + checked_desc = bl1_plat_get_image_desc(image_id); + checked_info = &checked_desc->image_info; /* Image being checked mustn't be empty. */ assert(checked_info->image_size != 0); @@ -182,12 +186,12 @@ static int bl1_fwu_image_check_overlaps(unsigned int image_id) (bl1_fwu_loaded_ids[i] == image_id)) continue; - image_desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]); + desc = bl1_plat_get_image_desc(bl1_fwu_loaded_ids[i]); /* Only check images that are loaded or being loaded. */ - assert (image_desc && image_desc->state != IMAGE_STATE_RESET); + assert ((desc != NULL) && (desc->state != IMAGE_STATE_RESET)); - info = &image_desc->image_info; + info = &desc->image_info; /* There cannot be overlaps with an empty image. */ if (info->image_size == 0) @@ -203,10 +207,10 @@ static int bl1_fwu_image_check_overlaps(unsigned int image_id) assert (image_end > image_base); /* Check if there are overlaps. */ - if (!(image_end < checked_image_base || - checked_image_end < image_base)) { + if (!((image_end < checked_image_base) || + (checked_image_end < image_base))) { VERBOSE("Image with ID %d overlaps existing image with ID %d", - checked_image_desc->image_id, image_desc->image_id); + checked_desc->image_id, desc->image_id); return -EPERM; } } @@ -225,10 +229,11 @@ static int bl1_fwu_image_copy(unsigned int image_id, { uintptr_t dest_addr; unsigned int remaining; + image_desc_t *desc; /* Get the image descriptor. */ - image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); - if (!image_desc) { + desc = bl1_plat_get_image_desc(image_id); + if (desc == NULL) { WARN("BL1-FWU: Invalid image ID %u\n", image_id); return -EPERM; } @@ -241,66 +246,66 @@ static int bl1_fwu_image_copy(unsigned int image_id, WARN("BL1-FWU: Copy not allowed from secure world.\n"); return -EPERM; } - if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) { + if (GET_SECURITY_STATE(desc->ep_info.h.attr) == NON_SECURE) { WARN("BL1-FWU: Copy not allowed for non-secure images.\n"); return -EPERM; } /* Check whether the FWU state machine is in the correct state. */ - if ((image_desc->state != IMAGE_STATE_RESET) && - (image_desc->state != IMAGE_STATE_COPYING)) { + if ((desc->state != IMAGE_STATE_RESET) && + (desc->state != IMAGE_STATE_COPYING)) { WARN("BL1-FWU: Copy not allowed at this point of the FWU" " process.\n"); return -EPERM; } - if ((!image_src) || (!block_size) || + if ((image_src == 0U) || (block_size == 0U) || check_uptr_overflow(image_src, block_size - 1)) { WARN("BL1-FWU: Copy not allowed due to invalid image source" " or block size\n"); return -ENOMEM; } - if (image_desc->state == IMAGE_STATE_COPYING) { + if (desc->state == IMAGE_STATE_COPYING) { /* * There must have been at least 1 copy operation for this image * previously. */ - assert(image_desc->copied_size != 0); + assert(desc->copied_size != 0U); /* * The image size must have been recorded in the 1st copy * operation. */ - image_size = image_desc->image_info.image_size; + image_size = desc->image_info.image_size; assert(image_size != 0); - assert(image_desc->copied_size < image_size); + assert(desc->copied_size < image_size); INFO("BL1-FWU: Continuing image copy in blocks\n"); - } else { /* image_desc->state == IMAGE_STATE_RESET */ + } else { /* desc->state == IMAGE_STATE_RESET */ INFO("BL1-FWU: Initial call to copy an image\n"); /* * image_size is relevant only for the 1st copy request, it is * then ignored for subsequent calls for this image. */ - if (!image_size) { + if (image_size == 0) { WARN("BL1-FWU: Copy not allowed due to invalid image" " size\n"); return -ENOMEM; } /* Check that the image size to load is within limit */ - if (image_size > image_desc->image_info.image_max_size) { + if (image_size > desc->image_info.image_max_size) { WARN("BL1-FWU: Image size out of bounds\n"); return -ENOMEM; } /* Save the given image size. */ - image_desc->image_info.image_size = image_size; + desc->image_info.image_size = image_size; /* Make sure the image doesn't overlap other images. */ - if (bl1_fwu_image_check_overlaps(image_id)) { - image_desc->image_info.image_size = 0; + if (bl1_fwu_image_check_overlaps(image_id) != 0) { + desc->image_info.image_size = 0; WARN("BL1-FWU: This image overlaps another one\n"); return -EPERM; } @@ -310,32 +315,32 @@ static int bl1_fwu_image_copy(unsigned int image_id, * FWU code doesn't necessarily do it when it resets the state * machine. */ - image_desc->copied_size = 0; + desc->copied_size = 0; } /* * If the given block size is more than the total image size * then clip the former to the latter. */ - remaining = image_size - image_desc->copied_size; + remaining = image_size - desc->copied_size; if (block_size > remaining) { WARN("BL1-FWU: Block size is too big, clipping it.\n"); block_size = remaining; } /* Make sure the source image is mapped in memory. */ - if (bl1_plat_mem_check(image_src, block_size, flags)) { + if (bl1_plat_mem_check(image_src, block_size, flags) != 0) { WARN("BL1-FWU: Source image is not mapped.\n"); return -ENOMEM; } - if (bl1_fwu_add_loaded_id(image_id)) { + if (bl1_fwu_add_loaded_id(image_id) != 0) { WARN("BL1-FWU: Too many images loaded at the same time.\n"); return -ENOMEM; } /* Allow the platform to handle pre-image load before copying */ - if (image_desc->state == IMAGE_STATE_RESET) { + if (desc->state == IMAGE_STATE_RESET) { if (bl1_plat_handle_pre_image_load(image_id) != 0) { ERROR("BL1-FWU: Failure in pre-image load of image id %d\n", image_id); @@ -344,12 +349,12 @@ static int bl1_fwu_image_copy(unsigned int image_id, } /* Everything looks sane. Go ahead and copy the block of data. */ - dest_addr = image_desc->image_info.image_base + image_desc->copied_size; - memcpy((void *) dest_addr, (const void *) image_src, block_size); + dest_addr = desc->image_info.image_base + desc->copied_size; + (void)memcpy((void *) dest_addr, (const void *) image_src, block_size); flush_dcache_range(dest_addr, block_size); - image_desc->copied_size += block_size; - image_desc->state = (block_size == remaining) ? + desc->copied_size += block_size; + desc->state = (block_size == remaining) ? IMAGE_STATE_COPIED : IMAGE_STATE_COPYING; INFO("BL1-FWU: Copy operation successful.\n"); @@ -367,27 +372,28 @@ static int bl1_fwu_image_auth(unsigned int image_id, int result; uintptr_t base_addr; unsigned int total_size; + image_desc_t *desc; /* Get the image descriptor. */ - image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); - if (!image_desc) + desc = bl1_plat_get_image_desc(image_id); + if (desc == NULL) return -EPERM; if (GET_SECURITY_STATE(flags) == SECURE) { - if (image_desc->state != IMAGE_STATE_RESET) { + if (desc->state != IMAGE_STATE_RESET) { WARN("BL1-FWU: Authentication from secure world " "while in invalid state\n"); return -EPERM; } } else { - if (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE) { - if (image_desc->state != IMAGE_STATE_COPIED) { + if (GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE) { + if (desc->state != IMAGE_STATE_COPIED) { WARN("BL1-FWU: Authentication of secure image " "from non-secure world while not in copied state\n"); return -EPERM; } } else { - if (image_desc->state != IMAGE_STATE_RESET) { + if (desc->state != IMAGE_STATE_RESET) { WARN("BL1-FWU: Authentication of non-secure image " "from non-secure world while in invalid state\n"); return -EPERM; @@ -395,15 +401,15 @@ static int bl1_fwu_image_auth(unsigned int image_id, } } - if (image_desc->state == IMAGE_STATE_COPIED) { + if (desc->state == IMAGE_STATE_COPIED) { /* * Image is in COPIED state. * Use the stored address and size. */ - base_addr = image_desc->image_info.image_base; - total_size = image_desc->image_info.image_size; + base_addr = desc->image_info.image_base; + total_size = desc->image_info.image_size; } else { - if ((!image_src) || (!image_size) || + if ((image_src == 0U) || (image_size == 0U) || check_uptr_overflow(image_src, image_size - 1)) { WARN("BL1-FWU: Auth not allowed due to invalid" " image source/size\n"); @@ -415,12 +421,12 @@ static int bl1_fwu_image_auth(unsigned int image_id, * Check the parameters and authenticate the source image in place. */ if (bl1_plat_mem_check(image_src, image_size, \ - image_desc->ep_info.h.attr)) { + desc->ep_info.h.attr) != 0) { WARN("BL1-FWU: Authentication arguments source/size not mapped\n"); return -ENOMEM; } - if (bl1_fwu_add_loaded_id(image_id)) { + if (bl1_fwu_add_loaded_id(image_id) != 0) { WARN("BL1-FWU: Too many images loaded at the same time.\n"); return -ENOMEM; } @@ -429,7 +435,7 @@ static int bl1_fwu_image_auth(unsigned int image_id, total_size = image_size; /* Update the image size in the descriptor. */ - image_desc->image_info.image_size = total_size; + desc->image_info.image_size = total_size; } /* @@ -446,13 +452,13 @@ static int bl1_fwu_image_auth(unsigned int image_id, * This is to prevent an attack where this contains * some malicious code that can somehow be executed later. */ - if (image_desc->state == IMAGE_STATE_COPIED) { + if (desc->state == IMAGE_STATE_COPIED) { /* Clear the memory.*/ zero_normalmem((void *)base_addr, total_size); flush_dcache_range(base_addr, total_size); /* Indicate that image can be copied again*/ - image_desc->state = IMAGE_STATE_RESET; + desc->state = IMAGE_STATE_RESET; } /* @@ -460,12 +466,12 @@ static int bl1_fwu_image_auth(unsigned int image_id, * The image cannot be in RESET state here, it is checked at the * beginning of the function. */ - bl1_fwu_remove_loaded_id(image_id); + (void)bl1_fwu_remove_loaded_id(image_id); return -EAUTH; } /* Indicate that image is in authenticated state. */ - image_desc->state = IMAGE_STATE_AUTHENTICATED; + desc->state = IMAGE_STATE_AUTHENTICATED; /* Allow the platform to handle post-image load */ result = bl1_plat_handle_post_image_load(image_id); @@ -483,7 +489,7 @@ static int bl1_fwu_image_auth(unsigned int image_id, * Flush image_info to memory so that other * secure world images can see changes. */ - flush_dcache_range((uintptr_t)&image_desc->image_info, + flush_dcache_range((uintptr_t)&desc->image_info, sizeof(image_info_t)); INFO("BL1-FWU: Authentication was successful\n"); @@ -499,7 +505,7 @@ static int bl1_fwu_image_execute(unsigned int image_id, unsigned int flags) { /* Get the image descriptor. */ - image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); + image_desc_t *desc = bl1_plat_get_image_desc(image_id); /* * Execution is NOT allowed if: @@ -509,11 +515,11 @@ static int bl1_fwu_image_execute(unsigned int image_id, * Image is Non-Executable OR * Image is NOT in AUTHENTICATED state. */ - if ((!image_desc) || + if ((desc == NULL) || (GET_SECURITY_STATE(flags) == SECURE) || - (GET_SECURITY_STATE(image_desc->ep_info.h.attr) == NON_SECURE) || - (EP_GET_EXE(image_desc->ep_info.h.attr) == NON_EXECUTABLE) || - (image_desc->state != IMAGE_STATE_AUTHENTICATED)) { + (GET_SECURITY_STATE(desc->ep_info.h.attr) == NON_SECURE) || + (EP_GET_EXE(desc->ep_info.h.attr) == NON_EXECUTABLE) || + (desc->state != IMAGE_STATE_AUTHENTICATED)) { WARN("BL1-FWU: Execution not allowed due to invalid state/args\n"); return -EPERM; } @@ -547,37 +553,37 @@ static register_t bl1_fwu_image_resume(register_t image_param, void **handle, unsigned int flags) { - image_desc_t *image_desc; + image_desc_t *desc; unsigned int resume_sec_state; unsigned int caller_sec_state = GET_SECURITY_STATE(flags); /* Get the image descriptor for last executed secure image id. */ - image_desc = bl1_plat_get_image_desc(sec_exec_image_id); + desc = bl1_plat_get_image_desc(sec_exec_image_id); if (caller_sec_state == NON_SECURE) { - if (!image_desc) { + if (desc == NULL) { WARN("BL1-FWU: Resume not allowed due to no available" "secure image\n"); return -EPERM; } } else { - /* image_desc must be valid for secure world callers */ - assert(image_desc); + /* desc must be valid for secure world callers */ + assert(desc != NULL); } - assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); - assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); + assert(GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE); + assert(EP_GET_EXE(desc->ep_info.h.attr) == EXECUTABLE); if (caller_sec_state == SECURE) { - assert(image_desc->state == IMAGE_STATE_EXECUTED); + assert(desc->state == IMAGE_STATE_EXECUTED); /* Update the flags. */ - image_desc->state = IMAGE_STATE_INTERRUPTED; + desc->state = IMAGE_STATE_INTERRUPTED; resume_sec_state = NON_SECURE; } else { - assert(image_desc->state == IMAGE_STATE_INTERRUPTED); + assert(desc->state == IMAGE_STATE_INTERRUPTED); /* Update the flags. */ - image_desc->state = IMAGE_STATE_EXECUTED; + desc->state = IMAGE_STATE_EXECUTED; resume_sec_state = SECURE; } @@ -612,7 +618,7 @@ static register_t bl1_fwu_image_resume(register_t image_param, ******************************************************************************/ static int bl1_fwu_sec_image_done(void **handle, unsigned int flags) { - image_desc_t *image_desc; + image_desc_t *desc; /* Make sure caller is from the secure world */ if (GET_SECURITY_STATE(flags) == NON_SECURE) { @@ -621,13 +627,13 @@ static int bl1_fwu_sec_image_done(void **handle, unsigned int flags) } /* Get the image descriptor for last executed secure image id */ - image_desc = bl1_plat_get_image_desc(sec_exec_image_id); + desc = bl1_plat_get_image_desc(sec_exec_image_id); - /* image_desc must correspond to a valid secure executing image */ - assert(image_desc); - assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); - assert(EP_GET_EXE(image_desc->ep_info.h.attr) == EXECUTABLE); - assert(image_desc->state == IMAGE_STATE_EXECUTED); + /* desc must correspond to a valid secure executing image */ + assert(desc != NULL); + assert(GET_SECURITY_STATE(desc->ep_info.h.attr) == SECURE); + assert(EP_GET_EXE(desc->ep_info.h.attr) == EXECUTABLE); + assert(desc->state == IMAGE_STATE_EXECUTED); #if ENABLE_ASSERTIONS int rc = bl1_fwu_remove_loaded_id(sec_exec_image_id); @@ -637,7 +643,7 @@ static int bl1_fwu_sec_image_done(void **handle, unsigned int flags) #endif /* Update the flags. */ - image_desc->state = IMAGE_STATE_RESET; + desc->state = IMAGE_STATE_RESET; sec_exec_image_id = INVALID_IMAGE_ID; INFO("BL1-FWU: Resuming Normal world context\n"); @@ -676,7 +682,7 @@ __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved) * Call platform done function. */ bl1_plat_fwu_done(client_cookie, reserved); - assert(0); + assert(false); } /******************************************************************************* @@ -685,14 +691,14 @@ __dead2 static void bl1_fwu_done(void *client_cookie, void *reserved) ******************************************************************************/ static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags) { - image_desc_t *image_desc = bl1_plat_get_image_desc(image_id); + image_desc_t *desc = bl1_plat_get_image_desc(image_id); - if ((!image_desc) || (GET_SECURITY_STATE(flags) == SECURE)) { + if ((desc == NULL) || (GET_SECURITY_STATE(flags) == SECURE)) { WARN("BL1-FWU: Reset not allowed due to invalid args\n"); return -EPERM; } - switch (image_desc->state) { + switch (desc->state) { case IMAGE_STATE_RESET: /* Nothing to do. */ @@ -703,25 +709,26 @@ static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags) case IMAGE_STATE_COPIED: case IMAGE_STATE_COPYING: - if (bl1_fwu_remove_loaded_id(image_id)) { + if (bl1_fwu_remove_loaded_id(image_id) != 0) { WARN("BL1-FWU: Image reset couldn't find the image ID\n"); return -EPERM; } - if (image_desc->copied_size) { + if (desc->copied_size != 0U) { /* Clear the memory if the image is copied */ - assert(GET_SECURITY_STATE(image_desc->ep_info.h.attr) == SECURE); + assert(GET_SECURITY_STATE(desc->ep_info.h.attr) + == SECURE); - zero_normalmem((void *)image_desc->image_info.image_base, - image_desc->copied_size); - flush_dcache_range(image_desc->image_info.image_base, - image_desc->copied_size); + zero_normalmem((void *)desc->image_info.image_base, + desc->copied_size); + flush_dcache_range(desc->image_info.image_base, + desc->copied_size); } /* Reset status variables */ - image_desc->copied_size = 0; - image_desc->image_info.image_size = 0; - image_desc->state = IMAGE_STATE_RESET; + desc->copied_size = 0; + desc->image_info.image_size = 0; + desc->state = IMAGE_STATE_RESET; /* Clear authentication state */ auth_img_flags[image_id] = 0; @@ -730,7 +737,7 @@ static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags) case IMAGE_STATE_EXECUTED: default: - assert(0); /* Unreachable */ + assert(false); /* Unreachable */ break; } diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c index cd6fe7d5e..fd602324f 100644 --- a/bl1/bl1_main.c +++ b/bl1/bl1_main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -24,11 +24,6 @@ #include "bl1_private.h" -/* BL1 Service UUID */ -DEFINE_SVC_UUID2(bl1_svc_uid, - 0xd46739fd, 0xcb72, 0x9a4d, 0xb5, 0x75, - 0x67, 0x15, 0xd6, 0xf4, 0xbb, 0x4a); - static void bl1_load_bl2(void); #if ENABLE_PAUTH @@ -90,8 +85,7 @@ void bl1_main(void) NOTICE("BL1: %s\n", version_string); NOTICE("BL1: %s\n", build_message); - INFO("BL1: RAM %p - %p\n", (void *)BL1_RAM_BASE, - (void *)BL1_RAM_LIMIT); + INFO("BL1: RAM %p - %p\n", (void *)BL1_RAM_BASE, (void *)BL1_RAM_LIMIT); print_errata_status(); @@ -105,9 +99,9 @@ void bl1_main(void) #else val = read_sctlr(); #endif - assert(val & SCTLR_M_BIT); - assert(val & SCTLR_C_BIT); - assert(val & SCTLR_I_BIT); + assert((val & SCTLR_M_BIT) != 0); + assert((val & SCTLR_C_BIT) != 0); + assert((val & SCTLR_I_BIT) != 0); /* * Check that Cache Writeback Granule (CWG) in CTR_EL0 matches the * provided platform value @@ -166,33 +160,33 @@ void bl1_main(void) ******************************************************************************/ static void bl1_load_bl2(void) { - image_desc_t *image_desc; - image_info_t *image_info; + image_desc_t *desc; + image_info_t *info; int err; /* Get the image descriptor */ - image_desc = bl1_plat_get_image_desc(BL2_IMAGE_ID); - assert(image_desc); + desc = bl1_plat_get_image_desc(BL2_IMAGE_ID); + assert(desc != NULL); /* Get the image info */ - image_info = &image_desc->image_info; + info = &desc->image_info; INFO("BL1: Loading BL2\n"); err = bl1_plat_handle_pre_image_load(BL2_IMAGE_ID); - if (err) { + if (err != 0) { ERROR("Failure in pre image load handling of BL2 (%d)\n", err); plat_error_handler(err); } - err = load_auth_image(BL2_IMAGE_ID, image_info); - if (err) { + err = load_auth_image(BL2_IMAGE_ID, info); + if (err != 0) { ERROR("Failed to load BL2 firmware.\n"); plat_error_handler(err); } /* Allow platform to handle image information. */ err = bl1_plat_handle_post_image_load(BL2_IMAGE_ID); - if (err) { + if (err != 0) { ERROR("Failure in post image load handling of BL2 (%d)\n", err); plat_error_handler(err); } @@ -226,15 +220,20 @@ void print_debug_loop_message(void) /******************************************************************************* * Top level handler for servicing BL1 SMCs. ******************************************************************************/ -register_t bl1_smc_handler(unsigned int smc_fid, - register_t x1, - register_t x2, - register_t x3, - register_t x4, +u_register_t bl1_smc_handler(unsigned int smc_fid, + u_register_t x1, + u_register_t x2, + u_register_t x3, + u_register_t x4, void *cookie, void *handle, unsigned int flags) { + /* BL1 Service UUID */ + DEFINE_SVC_UUID2(bl1_svc_uid, + U(0xd46739fd), 0xcb72, 0x9a4d, 0xb5, 0x75, + 0x67, 0x15, 0xd6, 0xf4, 0xbb, 0x4a); + #if TRUSTED_BOARD_BOOT /* @@ -258,25 +257,23 @@ register_t bl1_smc_handler(unsigned int smc_fid, SMC_RET1(handle, BL1_SMC_MAJOR_VER | BL1_SMC_MINOR_VER); default: - break; + WARN("Unimplemented BL1 SMC Call: 0x%x\n", smc_fid); + SMC_RET1(handle, SMC_UNK); } - - WARN("Unimplemented BL1 SMC Call: 0x%x \n", smc_fid); - SMC_RET1(handle, SMC_UNK); } /******************************************************************************* * BL1 SMC wrapper. This function is only used in AArch32 mode to ensure ABI * compliance when invoking bl1_smc_handler. ******************************************************************************/ -register_t bl1_smc_wrapper(uint32_t smc_fid, +u_register_t bl1_smc_wrapper(uint32_t smc_fid, void *cookie, void *handle, unsigned int flags) { - register_t x1, x2, x3, x4; + u_register_t x1, x2, x3, x4; - assert(handle); + assert(handle != NULL); get_smc_params_from_ctx(handle, x1, x2, x3, x4); return bl1_smc_handler(smc_fid, x1, x2, x3, x4, cookie, handle, flags); diff --git a/bl1/bl1_private.h b/bl1/bl1_private.h index 927c7b8a2..2cfeeea28 100644 --- a/bl1/bl1_private.h +++ b/bl1/bl1_private.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -19,11 +19,11 @@ void bl1_arch_next_el_setup(void); void bl1_prepare_next_image(unsigned int image_id); -register_t bl1_fwu_smc_handler(unsigned int smc_fid, - register_t x1, - register_t x2, - register_t x3, - register_t x4, +u_register_t bl1_fwu_smc_handler(unsigned int smc_fid, + u_register_t x1, + u_register_t x2, + u_register_t x3, + u_register_t x4, void *cookie, void *handle, unsigned int flags); diff --git a/bl1/tbbr/tbbr_img_desc.c b/bl1/tbbr/tbbr_img_desc.c index e8df73d47..48367126c 100644 --- a/bl1/tbbr/tbbr_img_desc.c +++ b/bl1/tbbr/tbbr_img_desc.c @@ -1,12 +1,11 @@ /* - * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ #include <platform_def.h> -#include <bl1/bl1.h> #include <bl1/tbbr/tbbr_img_desc.h> #include <common/bl_common.h> |