Secure Firmware Update
Introduction
The Reference Software Stack implements Secure Firmware Update (Secure FWU) following the Platform Security Firmware Update for the A-profile Arm Architecture, UEFI Specification and PSA Certified Firmware Update API 1.0. Secure Firmware Update provides two configurations with the following firmware images included in them:
RD-Aspen CFG1:
RSE BL2 image
RSE Runtime image
SCP-Firmware image
TF-A Firmware Image Package (FIP) image
RD-Aspen CFG2:
RSE BL2 image
RSE Runtime image
SCP-Firmware image
TF-A FIP image
Safety Island Cluster 1 (SI CL1) image
The new images are packaged within a UEFI capsule. RD-Aspen enables UEFI capsule generation, UEFI capsule update and the capsule authentication features.
Architecture
As standardized in the Platform Security Firmware Update for the A-profile Arm Architecture and
PSA Certified Firmware Update API 1.0, each one of the RSE flash and AP secure
flash is divided into two banks, where one bank has the currently running
images and the other bank is used for storing new images. See the
ap-flash-image and rse-flash-image in the Images layout
section for details about how A/B firmware image banks are arranged.
RD-Aspen Secure FWU maintains 2 types of metadata in the Secure Flash to track the firmware update states.
FWU metadata: Defined in Platform Security Firmware Update for the A-profile Arm Architecture. RSE updates FWU metadata to share firmware update states with AP bootloader.
FWU Private metadata: Used by RSE to track and manage the firmware update, including the image bank selection.
The following diagram illustrates the components and data flow that implement the Secure Firmware Update:
Fig. 31 Secure Firmware Update Architecture
A typical Secure Firmware Update process can be described in the following steps:
The capsule image is generated by the EDK2
GenerateCapsuletool. Extra arguments for capsule generation can be defined usingCAPSULE_EXTRA_ARGSand path to the private key for signing the capsule can be set usingCAPSULE_PRIV_KEY_FILEas described in Available build environment variables.The capsule file is stored in VirtIO block 1. After the capsule file is copied to the
EFI/UpdateCapsuledirectory on VirtIO block 0, U-Boot will detect this capsule file in the next reboot.For each image payload in the capsule, U-Boot verifies the image using the public key certificate which is built-in into U-boot and is provided by
CONFIG_EFI_CAPSULE_CRT_FILEand transfers the image data to the Trusted Services SE-Proxy Firmware Update proxy using the Platform Security Firmware Update for the A-profile Arm Architecture ABI.Trusted Services FWU Proxy forwards the request to RSE, using the API defined in PSA Certified Firmware Update API 1.0.
The RSE Firmware Update Secure Partition receives the firmware image data and writes it to the update bank in the Secure Flash. Once the complete image data is received, RSE validates the version and updates the metadata. The system will attempt to boot with the new firmware images in the next reboot.
If the system boots up successfully with the new firmware images, U-Boot will accept the new images resulting in a successful capsule update.