firmware-update.rst - OpenGrok cross reference for /arm-trusted-firmware-2.8.0/docs/components/firmware-update.rst

Lines Matching refs:secure
119 This document describes the secure world FWU design. It is beyond its scope to
129 some parts of FWU to be implemented in other secure and normal world images.
136    -  Copying images from non-secure to secure memory
138    -  Context switching between the normal and secure world during the FWU
141 -  Other secure world FWU images handle platform initialization required by
144    interfaces to non-secure memory.
176    is permitted to request execution of a secure world FWU image (after
179 -  Secure or non-secure image. This indicates whether the image is
180    authenticated/executed in secure or non-secure memory.
197 transitions are shown in the diagram below. Note that secure images have a more
198 complex state machine than non-secure images.
205    Authentication failure also leads to this state. A secure
209 -  COPYING: This is the state of a secure image while BL1 is copying it
210    in blocks from non-secure to secure memory.
212 -  COPIED: This is the state of a secure image when BL1 has completed
213    copying it to secure memory.
218 -  EXECUTED: This is the state of a secure, executable image when BL1 has
221 -  INTERRUPTED: This is the state of a secure, executable image after it has
307         if (image_id is non-secure image) return -EPERM
309         if (secure world caller) return -EPERM
312         if (source block is in secure memory) return -ENOMEM
314         if (image_size > free secure memory) return -ENOMEM
317 This SMC copies the secure image indicated by ``image_id`` from non-secure memory
318 to secure memory for later authentication. The image may be copied in a single
356         if (secure world caller)
360             if (image_id is secure image)
362             else // image_id is non-secure image
364                 if (image_addr/image_size is in secure memory) return -ENOMEM
369 ``image_addr`` and ``image_size``. If the image is a secure image in the COPIED
370 state, BL1 authenticates the image from the secure memory that BL1 previously
392         if (secure world caller) return -EPERM
393         if (image_id is non-secure image) return -EPERM
400 secure world image.
402 BL1 saves the normal world caller's context, sets the secure image state to
403 EXECUTED, and returns from exception to the secure image.
419         if (normal world caller and no INTERRUPTED secure image) return -EPERM
421 This SMC resumes execution in the other security world while there is a secure
424 For normal world callers, BL1 sets the previously interrupted secure image state
425 to EXECUTED. For secure world callers, BL1 sets the previously executing secure
447 This SMC indicates completion of a previously executing secure image.
449 BL1 sets the previously executing secure image state to the RESET state,
483         if (secure world caller) return -EPERM