On Fri, 26 Sept 2025 at 19:44, <[email protected]> wrote: > > From: Abdellatif El Khlifi <[email protected]> > > This patch series adds Firmware Update (FWU) support for Arm PSA > Certified platforms [1], enabling U-Boot to serve as > the FWU Client, with the Secure World acting as the Update Agent that > manages the firmware store and its metadata. > > This implementation adheres to the Platform Security Firmware Update > specification [3] for the A-profile Arm Architecture and leverages the > Trusted Services framework [4] to interact with the Secure World update > agent. By delegating update management to the Secure World, U-Boot > handles only the client-side coordination, invoking a well-defined set > of ABIs over the FF-A interface [5] to deliver update capsules. > > Key features include: > > - Generic, platform-agnostic design. > - FF-A-based ABI: All interactions between U-Boot and the update agent > occur over the FF-A interface, ensuring compatibility across > PSA-compliant systems. > - Multi-payload capsules: Support for capsules containing multiple > payloads, start/end markers, signed firmware images. > - ESRT support: Capsule payloads may be signed for authenticity, and > U-Boot can populate the EFI System Resource Table (ESRT) for > OS-level firmware management. > - On-disk and standard capsule handling. > > For implementation details, please refer to the documentation [6]. > For a real world example, please see the Arm PSA FWU logs [7] when used > for on-disk capsule update in Corstone-1000 [2]. > For trying the implementation on Corstone-1000 FVP, please follow these steps > [8].
As mentioned in our offline conversation, I am not sure why this code also compiling in the normal-world based FWU implementation in U-Boot. That portion of code should not be built on platforms which are going to have U-Boot working as a FWU update client. This includes the FWU metadata access driver code and the code under lib/fwu_updates/. Please check how this can be kept separate. Thanks. -sughosh > > Changes in v5: > > * As suggested by Ilias: > - Make PSA handling simpler for the payload acceptance logic > - Use efi_fill_image_desc_array() for PSA > instead of changing efi_firmware_get_image_info() > > * Add CONFIG_FWU_KEEP_FMP_HEADER to control whether > the user wants to keep the FMP header or strip it from the payload > > * Address kernel-doc warnings > > Cheers, > Abdellatif > > [1]: PSA: https://www.psacertified.org > [2]: Corstone-1000: https://developer.arm.com/Processors/Corstone-1000 > [3]: DEN0118 v1.0 A specification: > https://developer.arm.com/documentation/den0118/latest > [4]: Trusted Services documentation: > https://trusted-services.readthedocs.io/en/stable > [5]: FF-A interface: doc/arch/arm64.ffa.rst > [6]: Documentation of the FWU for Arm PSA support: > doc/develop/uefi/fwu_arm_psa.rst > [7]: Arm PSA FWU logs when used for on-disk capsule update in Corstone-1000 > [8]: Performing Capsule update on Corstone-1000 FVP and MPS3: > > https://git.yoctoproject.org/meta-arm/tree/meta-arm-bsp/documentation/corstone1000/user-guide.rst#n838 > > ``` > CapsuleApp: capsule block/size 0xDD741040/0x25ACE > Found EFI system partition on Boot0001: OnDiskFWU > FS2:;HD0b:;BLK4: > Succeed to write edk2-corstone1000-fvp-v6.uefi.capsule > resetting ... > NOTICE: BL2: v2.11.0(debug):v2.11.0-dirty > ... > U-Boot 2025.07-rc5 (Jul 10 2025 - 15:23:22 +0000) corstone1000 aarch64 > ... > FWU: System booting in Regular State > FWU: ABI version 1.0 detected > FWU: Updating 1 payload(s) > Applying capsule edk2-corstone1000-fvp-v6.uefi.capsule succeeded. > Reboot after firmware update. > NOTICE: BL2: v2.11.0(debug):v2.11.0-dirty > ... > U-Boot 2025.07-rc5 (Jul 10 2025 - 15:23:22 +0000) corstone1000 aarch64 > ... > FWU: System booting in Trial State > ... > Poky (Yocto Project Reference Distro) 5.2 corstone1000-fvp /dev/ttyAMA0 > ... > root@corstone1000-fvp:~# reboot > ... > U-Boot 2025.07-rc5 (Jul 10 2025 - 15:23:22 +0000) corstone1000 aarch64 > ... > FWU: System booting in Regular State > ... > Poky (Yocto Project Reference Distro) 5.2 corstone1000-fvp /dev/ttyAMA0 > > corstone1000-fvp login: > > root@corstone1000-fvp:~# cat /sys/firmware/efi/esrt/entries/entry*/* > 0x0 > f1d883f9-dfeb-5363-98d8-686ee3b69f4f > 0 > 6 > 0 > 6 > 0 > 0x0 > 7fad470e-5ec5-5c03-a2c1-4756b495de61 > 0 > 0 > 0 > 0 > 0 > 0x0 > f1933675-5a8c-5b6d-9ef4-846739e89bc8 > 0 > 0 > 0 > 0 > 0 > 0x0 > f771aff9-c7e9-5f99-9eda-2369dd694f61 > 0 > 0 > 0 > 0 > 0 > root@corstone1000-fvp:~# > ``` > > Cc: Tom Rini <[email protected]> > Cc: Simon Glass <[email protected]> > Cc: Sughosh Ganu <[email protected]> > Cc: Heinrich Schuchardt <[email protected]> > Cc: Ilias Apalodimas <[email protected]> > Cc: Jens Wiklander <[email protected]> > Cc: Michal Simek <[email protected]> > Cc: Marek Vasut <[email protected]> > Cc: Casey Connolly <[email protected]> > Cc: Adriano Cordova <[email protected]> > Cc: Mattijs Korpershoek <[email protected]> > Cc: Davidson kumaresan <[email protected]> > Cc: Adam Johnston <[email protected]> > Cc: Hugues Kamba Mpiana <[email protected]> > Cc: Srinivas Kalaga <[email protected]> > > Abdellatif El Khlifi (23): > arm_ffa: Add FFA_MEM_SHARE support > arm_ffa: Add FFA_MEM_RECLAIM support > arm_ffa: sandbox: Replace the emulator error log with debug log > arm_ffa: sandbox: Improve the readability of clearing the X registers > arm_ffa: sandbox: Add FFA_MEM_SHARE emulation > arm_ffa: sandbox: Add FFA_MEM_SHARE tests > arm_ffa: sandbox: Add FFA_MEM_RECLAIM emulation > arm_ffa: sandbox: Add FFA_MEM_RECLAIM tests > fwu_arm_psa: Initialize the update agent > fwu_arm_psa: Read the FWU directory through get_image_info() > fwu_arm_psa: Add staging ABIs > efi_loader: fwu_arm_psa: Add set_image() support > efi_loader: fwu_arm_psa: Allow keeping the FMP payload header > efi_loader: fwu: fwu_arm_psa: Skip accepting the payload after > set_image() > efi_loader: fwu: fwu_arm_psa: Disable trial state handling > fwu_arm_psa: Add FWU acceptance mechanism > fwu_arm_psa: Add ESRT support > fwu_arm_psa: Add ExitBootService() notification handler > fwu_arm_psa: corstone1000: Enable FWU support > fwu_arm_psa: corstone1000: Perform bank logic when reading boot index > fwu_arm_psa: corstone1000: Notify SE Proxy SP on ExitBootService() > fwu_arm_psa: corstone1000: Set Boot0001 for on-disk FWU > fwu_arm_psa: Document FWU support for Arm PSA > > Emekcan Aras (1): > efi_loader: capsule: Add runtime capsule flags checks > > MAINTAINERS | 8 + > .../include/asm/sandbox_arm_ffa_priv.h | 21 +- > board/armltd/corstone1000/corstone1000.c | 252 ++- > board/armltd/corstone1000/corstone1000.env | 8 + > configs/corstone1000_defconfig | 13 +- > doc/arch/arm64.ffa.rst | 4 + > doc/develop/uefi/fwu_arm_psa.rst | 154 ++ > doc/develop/uefi/index.rst | 1 + > drivers/firmware/arm-ffa/arm-ffa-uclass.c | 285 +++- > drivers/firmware/arm-ffa/arm-ffa.c | 4 +- > drivers/firmware/arm-ffa/ffa-emul-uclass.c | 108 +- > drivers/firmware/arm-ffa/sandbox_ffa.c | 4 +- > include/arm_ffa.h | 128 +- > include/arm_ffa_priv.h | 153 +- > include/efi_api.h | 8 + > include/efi_loader.h | 8 + > include/fwu_arm_psa.h | 403 +++++ > lib/efi_loader/efi_capsule.c | 46 +- > lib/efi_loader/efi_firmware.c | 32 +- > lib/fwu_updates/Kconfig | 34 + > lib/fwu_updates/Makefile | 2 + > lib/fwu_updates/fwu.c | 24 +- > lib/fwu_updates/fwu_arm_psa.c | 1467 +++++++++++++++++ > test/dm/ffa.c | 73 +- > 24 files changed, 3154 insertions(+), 86 deletions(-) > create mode 100644 doc/develop/uefi/fwu_arm_psa.rst > create mode 100644 include/fwu_arm_psa.h > create mode 100644 lib/fwu_updates/fwu_arm_psa.c > > > base-commit: 59e6462d7c08eeba744afa0f17846c398b8ef9e1 > -- > 2.43.0 >
