From c1d732d0db2463998036c678619007da79a25b3f Mon Sep 17 00:00:00 2001
From: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Date: Mon, 18 Nov 2019 17:15:22 +0100
Subject: [PATCH 1/3] fix(io_stm32image): uninitialized variable warning
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes implementation against build warning reported by GCC:

drivers/st/io/io_stm32image.c: In function ‘stm32image_partition_read’:
drivers/st/io/io_stm32image.c:249:6: error: ‘result’ may be used
uninitialized in this function [-Werror=maybe-uninitialized]
  int result;
      ^~~~~~

Actually, by construction the current implementation of function
stm32image_partition_read() does not mandate result to be initialized
since it always reaches the exit point with a valid value in 'result'.
Yet, this change prevents compiler from complaining and is more robust
against future changes in the implementation.

Change-Id: I383575edb605b7535398952a5fdfc266c0068c71
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
---
 drivers/st/io/io_stm32image.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/st/io/io_stm32image.c b/drivers/st/io/io_stm32image.c
index 3e377cd48..48bb4d357 100644
--- a/drivers/st/io/io_stm32image.c
+++ b/drivers/st/io/io_stm32image.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2021, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -246,7 +246,7 @@ static int stm32image_partition_size(io_entity_t *entity, size_t *length)
 static int stm32image_partition_read(io_entity_t *entity, uintptr_t buffer,
 				     size_t length, size_t *length_read)
 {
-	int result;
+	int result = -EINVAL;
 	uint8_t *local_buffer;
 	boot_api_image_header_t *header =
 		(boot_api_image_header_t *)first_lba_buffer;

From b6561c1217f5b9be9cc2b66d0c5309ed0b7698cf Mon Sep 17 00:00:00 2001
From: Yann Gautier <yann.gautier@st.com>
Date: Fri, 19 Jun 2020 11:38:24 +0200
Subject: [PATCH 2/3] refactor(io_stm32image): add header size variable

A variable hdr_sz is created in stm32image_partition_read() function.
It just represents the size of the stm32 image header but it really
improves the readability of the function.

Change-Id: I95ec62a78a4b6c6a75b0d8c8aa0faef8bee424da
Signed-off-by: Yann Gautier <yann.gautier@st.com>
---
 drivers/st/io/io_stm32image.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/drivers/st/io/io_stm32image.c b/drivers/st/io/io_stm32image.c
index 48bb4d357..70e4be30f 100644
--- a/drivers/st/io/io_stm32image.c
+++ b/drivers/st/io/io_stm32image.c
@@ -250,6 +250,7 @@ static int stm32image_partition_read(io_entity_t *entity, uintptr_t buffer,
 	uint8_t *local_buffer;
 	boot_api_image_header_t *header =
 		(boot_api_image_header_t *)first_lba_buffer;
+	size_t hdr_sz = sizeof(boot_api_image_header_t);
 
 	assert(entity != NULL);
 	assert(buffer != 0U);
@@ -286,16 +287,13 @@ static int stm32image_partition_read(io_entity_t *entity, uintptr_t buffer,
 		}
 
 		/* Part of image already loaded with the header */
-		memcpy(local_buffer, (uint8_t *)first_lba_buffer +
-		       sizeof(boot_api_image_header_t),
-		       MAX_LBA_SIZE - sizeof(boot_api_image_header_t));
-		local_buffer += MAX_LBA_SIZE - sizeof(boot_api_image_header_t);
+		memcpy(local_buffer, (uint8_t *)first_lba_buffer + hdr_sz,
+		       MAX_LBA_SIZE - hdr_sz);
+		local_buffer += MAX_LBA_SIZE - hdr_sz;
 		offset = MAX_LBA_SIZE;
 
 		/* New image length to be read */
-		local_length = round_up(length -
-					((MAX_LBA_SIZE) -
-					 sizeof(boot_api_image_header_t)),
+		local_length = round_up(length - ((MAX_LBA_SIZE) - hdr_sz),
 					stm32image_dev.lba_size);
 
 		if ((header->load_address != 0U) &&
@@ -326,7 +324,7 @@ static int stm32image_partition_read(io_entity_t *entity, uintptr_t buffer,
 				 local_length, length_read);
 
 		/* Adding part of size already read from header */
-		*length_read += MAX_LBA_SIZE - sizeof(boot_api_image_header_t);
+		*length_read += MAX_LBA_SIZE - hdr_sz;
 
 		if (result != 0) {
 			ERROR("%s: io_read (%i)\n", __func__, result);

From a5bcf82402ff415326b4dba42aae95c499821e94 Mon Sep 17 00:00:00 2001
From: Yann Gautier <yann.gautier@st.com>
Date: Mon, 9 Nov 2020 13:28:47 +0100
Subject: [PATCH 3/3] fix(io_stm32image): invalidate cache on local buf

When retrieving data from stm32 image file, the header is removed with
a memcpy that shifts the data to overwrite the useless header for next
binary.

STM32 binary from boot device:
|-------------------------------------|
| header | payload                    |
|-------------------------------------|

After the memcpy:
|-------------------------------------|
| payload                    | remain |
|-------------------------------------|

But the remaining data after the shifted payload is still in
the cache. As it is of no use for anyone, just invalidate the cache
at this address.
This is required if the DDR is mapped secure in BL2, and the secure
access is forbidden in BL33, or else TZC-400 issues an error.

Change-Id: Ice2af3b1ca49eccb79bfc62db60437e259d344ca
Signed-off-by: Yann Gautier <yann.gautier@st.com>
---
 drivers/st/io/io_stm32image.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/st/io/io_stm32image.c b/drivers/st/io/io_stm32image.c
index 70e4be30f..9fa0c50fd 100644
--- a/drivers/st/io/io_stm32image.c
+++ b/drivers/st/io/io_stm32image.c
@@ -346,6 +346,9 @@ static int stm32image_partition_read(io_entity_t *entity, uintptr_t buffer,
 			return result;
 		}
 
+		inv_dcache_range(round_up((uintptr_t)(local_buffer + length - hdr_sz),
+					  CACHE_WRITEBACK_GRANULE), *length_read - length + hdr_sz);
+
 		io_close(backend_handle);
 	}