aboutsummaryrefslogtreecommitdiff
path: root/drivers/fwu/fwu.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/fwu/fwu.c')
-rw-r--r--drivers/fwu/fwu.c295
1 files changed, 295 insertions, 0 deletions
diff --git a/drivers/fwu/fwu.c b/drivers/fwu/fwu.c
new file mode 100644
index 0000000000..b6f06e0a7b
--- /dev/null
+++ b/drivers/fwu/fwu.c
@@ -0,0 +1,295 @@
+/*
+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+
+#include <common/debug.h>
+#include <common/tf_crc32.h>
+#include <common/tbbr/tbbr_img_def.h>
+#include <drivers/fwu/fwu.h>
+#include <drivers/fwu/fwu_metadata.h>
+#include <drivers/io/io_storage.h>
+
+#include <plat/common/platform.h>
+
+/*
+ * Assert that crc_32 is the first member of fwu_metadata structure.
+ * It avoids accessing data outside of the metadata structure during
+ * CRC32 computation if the crc_32 field gets moved due the structure
+ * member(s) addition in the future.
+ */
+CASSERT((offsetof(struct fwu_metadata, crc_32) == 0),
+ crc_32_must_be_first_member_of_structure);
+
+/*
+ * Ensure that the NR_OF_FW_BANKS selected by the platform is not
+ * zero and not greater than the maximum number of banks allowed
+ * by the specification.
+ */
+CASSERT((NR_OF_FW_BANKS > 0) && (NR_OF_FW_BANKS <= NR_OF_MAX_FW_BANKS),
+ assert_fwu_num_banks_invalid_value);
+
+#define FWU_METADATA_VERSION 2U
+#define FWU_FW_STORE_DESC_OFFSET 0x20U
+
+static struct fwu_metadata metadata;
+static bool is_metadata_initialized __unused;
+
+/*******************************************************************************
+ * Compute CRC32 of the FWU metadata, and check it against the CRC32 value
+ * present in the FWU metadata.
+ *
+ * return -1 on error, otherwise 0
+ ******************************************************************************/
+static int fwu_metadata_crc_check(void)
+{
+ unsigned char *data = (unsigned char *)&metadata;
+
+ uint32_t calc_crc = tf_crc32(0U, data + sizeof(metadata.crc_32),
+ (sizeof(metadata) -
+ sizeof(metadata.crc_32)));
+
+ if (metadata.crc_32 != calc_crc) {
+ return -1;
+ }
+
+ return 0;
+}
+
+/*******************************************************************************
+ * Check the sanity of FWU metadata.
+ *
+ * return -EINVAL on error, otherwise 0
+ ******************************************************************************/
+static int fwu_metadata_sanity_check(void)
+{
+ if (metadata.version != FWU_METADATA_VERSION) {
+ WARN("Incorrect FWU Metadata version of %u\n",
+ metadata.version);
+ return -EINVAL;
+ }
+
+ if (metadata.active_index >= NR_OF_FW_BANKS) {
+ WARN("Active Index value(%u) greater than the configured value(%d)",
+ metadata.active_index, NR_OF_FW_BANKS);
+ return -EINVAL;
+ }
+
+ if (metadata.previous_active_index >= NR_OF_FW_BANKS) {
+ WARN("Previous Active Index value(%u) greater than the configured value(%d)",
+ metadata.previous_active_index, NR_OF_FW_BANKS);
+ return -EINVAL;
+ }
+
+#if PSA_FWU_METADATA_FW_STORE_DESC
+ if (metadata.fw_desc.num_banks != NR_OF_FW_BANKS) {
+ WARN("Number of Banks(%u) in FWU Metadata different from the configured value(%d)",
+ metadata.fw_desc.num_banks, NR_OF_FW_BANKS);
+ return -EINVAL;
+ }
+
+ if (metadata.fw_desc.num_images != NR_OF_IMAGES_IN_FW_BANK) {
+ WARN("Number of Images(%u) in FWU Metadata different from the configured value(%d)",
+ metadata.fw_desc.num_images, NR_OF_IMAGES_IN_FW_BANK);
+ return -EINVAL;
+ }
+
+ if (metadata.desc_offset != FWU_FW_STORE_DESC_OFFSET) {
+ WARN("Descriptor Offset(0x%x) in the FWU Metadata not equal to 0x20\n",
+ metadata.desc_offset);
+ return -EINVAL;
+ }
+#else
+ if (metadata.desc_offset != 0U) {
+ WARN("Descriptor offset has non zero value of 0x%x\n",
+ metadata.desc_offset);
+ return -EINVAL;
+ }
+#endif
+
+ return 0;
+}
+
+/*******************************************************************************
+ * Verify and load specified FWU metadata image to local FWU metadata structure.
+ *
+ * @image_id: FWU metadata image id (either FWU_METADATA_IMAGE_ID or
+ * BKUP_FWU_METADATA_IMAGE_ID)
+ *
+ * return a negative value on error, otherwise 0
+ ******************************************************************************/
+static int fwu_metadata_load(unsigned int image_id)
+{
+ int result;
+ uintptr_t dev_handle, image_handle, image_spec;
+ size_t bytes_read;
+
+ assert((image_id == FWU_METADATA_IMAGE_ID) ||
+ (image_id == BKUP_FWU_METADATA_IMAGE_ID));
+
+ result = plat_fwu_set_metadata_image_source(image_id,
+ &dev_handle,
+ &image_spec);
+ if (result != 0) {
+ WARN("Failed to set reference to image id=%u (%i)\n",
+ image_id, result);
+ return result;
+ }
+
+ result = io_open(dev_handle, image_spec, &image_handle);
+ if (result != 0) {
+ WARN("Failed to load image id id=%u (%i)\n",
+ image_id, result);
+ return result;
+ }
+
+ result = io_read(image_handle, (uintptr_t)&metadata,
+ sizeof(struct fwu_metadata), &bytes_read);
+
+ if (result != 0) {
+ WARN("Failed to read image id=%u (%i)\n", image_id, result);
+ goto exit;
+ }
+
+ if (sizeof(struct fwu_metadata) != bytes_read) {
+ /* return -1 in case of partial/no read */
+ result = -1;
+ WARN("Read bytes (%zu) instead of expected (%zu) bytes\n",
+ bytes_read, sizeof(struct fwu_metadata));
+ goto exit;
+ }
+
+ /* sanity check on loaded parameters */
+ result = fwu_metadata_sanity_check();
+ if (result != 0) {
+ WARN("Sanity %s\n", "check failed on FWU metadata");
+ goto exit;
+ }
+
+ /* CRC check on loaded parameters */
+ result = fwu_metadata_crc_check();
+ if (result != 0) {
+ WARN("CRC %s\n", "check failed on FWU metadata");
+ }
+
+exit:
+ (void)io_close(image_handle);
+
+ return result;
+}
+
+/*******************************************************************************
+ * Check for an alternate bank for the platform to boot from. This function will
+ * mostly be called whenever the count of the number of times a platform boots
+ * in the Trial State exceeds a pre-set limit.
+ * The function first checks if the platform can boot from the previously active
+ * bank. If not, it tries to find another bank in the accepted state.
+ * And finally, if both the checks fail, as a last resort, it tries to find
+ * a valid bank.
+ *
+ * Returns the index of a bank to boot, else returns invalid index
+ * INVALID_BOOT_IDX.
+ ******************************************************************************/
+uint32_t fwu_get_alternate_boot_bank(void)
+{
+ uint32_t i;
+
+ /* First check if the previously active bank can be used */
+ if (metadata.bank_state[metadata.previous_active_index] ==
+ FWU_BANK_STATE_ACCEPTED) {
+ return metadata.previous_active_index;
+ }
+
+ /* Now check for any other bank in the accepted state */
+ for (i = 0U; i < NR_OF_FW_BANKS; i++) {
+ if (i == metadata.active_index ||
+ i == metadata.previous_active_index) {
+ continue;
+ }
+
+ if (metadata.bank_state[i] == FWU_BANK_STATE_ACCEPTED) {
+ return i;
+ }
+ }
+
+ /*
+ * No accepted bank found. Now try booting from a valid bank.
+ * Give priority to the previous active bank.
+ */
+ if (metadata.bank_state[metadata.previous_active_index] ==
+ FWU_BANK_STATE_VALID) {
+ return metadata.previous_active_index;
+ }
+
+ for (i = 0U; i < NR_OF_FW_BANKS; i++) {
+ if (i == metadata.active_index ||
+ i == metadata.previous_active_index) {
+ continue;
+ }
+
+ if (metadata.bank_state[i] == FWU_BANK_STATE_VALID) {
+ return i;
+ }
+ }
+
+ return INVALID_BOOT_IDX;
+}
+
+/*******************************************************************************
+ * The platform can be in one of Valid, Invalid or Accepted states.
+ *
+ * Invalid - One or more images in the bank are corrupted, or partially
+ * overwritten. The bank is not to be used for booting.
+ *
+ * Valid - All images of the bank are valid but at least one image has not
+ * been accepted. This implies that the platform is in Trial State.
+ *
+ * Accepted - All images of the bank are valid and accepted.
+ *
+ * Returns the state of the current active bank
+ ******************************************************************************/
+uint32_t fwu_get_active_bank_state(void)
+{
+ assert(is_metadata_initialized);
+
+ return metadata.bank_state[metadata.active_index];
+}
+
+const struct fwu_metadata *fwu_get_metadata(void)
+{
+ assert(is_metadata_initialized);
+
+ return &metadata;
+}
+
+/*******************************************************************************
+ * Load verified copy of FWU metadata image kept in the platform NV storage
+ * into local FWU metadata structure.
+ * Also, update platform I/O policies with the offset address and length of
+ * firmware-updated images kept in the platform NV storage.
+ ******************************************************************************/
+void fwu_init(void)
+{
+ /* Load FWU metadata which will be used to load the images in the
+ * active bank as per PSA FWU specification
+ */
+ int result = fwu_metadata_load(FWU_METADATA_IMAGE_ID);
+
+ if (result != 0) {
+ WARN("loading of FWU-Metadata failed, "
+ "using Bkup-FWU-Metadata\n");
+
+ result = fwu_metadata_load(BKUP_FWU_METADATA_IMAGE_ID);
+ if (result != 0) {
+ ERROR("loading of Bkup-FWU-Metadata failed\n");
+ panic();
+ }
+ }
+
+ is_metadata_initialized = true;
+
+ plat_fwu_set_images_source(&metadata);
+}