[PATCH v2 00/25] Introduce Firmware Update Support for Arm PSA

abdellatif.elkhlifi at arm.com abdellatif.elkhlifi at arm.com
Fri Jul 11 16:48:52 CEST 2025 

From: Abdellatif El Khlifi <abdellatif.elkhlifi at arm.com>

This patch series adds Firmware Update (FWU) support for Arm PSA
Certified platforms [1], enabling U-Boot to serve as
the FWU Client, with the Secure World acting as the Update Agent that
manages the firmware store and its metadata.

This implementation adheres to the Platform Security Firmware Update
specification [3] for the A-profile Arm Architecture and leverages the
Trusted Services framework [4] to interact with the Secure World update
agent. By delegating update management to the Secure World, U-Boot
handles only the client-side coordination, invoking a well-defined set
of ABIs over the FF-A interface [5] to deliver update capsules.

Key features include:

- Generic, platform-agnostic design.
- FF-A-based ABI: All interactions between U-Boot and the update agent
    occur over the FF-A interface, ensuring compatibility across
    PSA-compliant systems.
- Multi-payload capsules: Support for capsules containing multiple
    payloads, start/end markers, signed firmware images.
- ESRT support: Capsule payloads may be signed for authenticity, and
    U-Boot can populate the EFI System Resource Table (ESRT) for
     OS-level firmware management.
- On-disk and standard capsule handling.

For implementation details, please refer to the documentation [6].
For a real world example, please see the Arm PSA FWU logs [7] when used
for on-disk capsule update in Corstone-1000 [2].

Changes in v2:

- Remove the NULL check on FF-A ops as per Heinrich's suggestion
- Simplify efi_firmware_raw_set_image() logic (no more "else" branch)
- Clean up CAPSULE_FLAGS_* checks
- Add /** markers for kernel-doc formatting
  (Michal Simek recommendation)
- Address nits in the documentation

Cheers,
Abdellatif

[1]: PSA: https://www.psacertified.org
[2]: Corstone-1000: https://developer.arm.com/Processors/Corstone-1000
[3]: DEN0118 v1.0 A specification: https://developer.arm.com/documentation/den0118/latest 
[4]: Trusted Services documentation: https://trusted-services.readthedocs.io/en/stable
[5]: FF-A interface: doc/arch/arm64.ffa.rst
[6]: Documentation of the FWU for Arm PSA support: doc/develop/uefi/fwu_arm_psa.rst
[7]: Arm PSA FWU logs when used for on-disk capsule update in Corstone-1000

```
CapsuleApp: capsule block/size              0xDD741040/0x25ACE
Found EFI system partition on Boot0001: OnDiskFWU
FS2:;HD0b:;BLK4: 
Succeed to write edk2-corstone1000-fvp-v6.uefi.capsule
resetting ...
NOTICE:  BL2: v2.11.0(debug):v2.11.0-dirty
...
U-Boot 2025.07-rc5 (Jul 10 2025 - 15:23:22 +0000) corstone1000 aarch64 
...
FWU: System booting in Regular State
FWU: ABI version 1.0 detected
FWU: Updating 1 payload(s)
Applying capsule edk2-corstone1000-fvp-v6.uefi.capsule succeeded.
Reboot after firmware update.
NOTICE:  BL2: v2.11.0(debug):v2.11.0-dirty
...
U-Boot 2025.07-rc5 (Jul 10 2025 - 15:23:22 +0000) corstone1000 aarch64 
...
FWU: System booting in Trial State
...
Poky (Yocto Project Reference Distro) 5.2 corstone1000-fvp /dev/ttyAMA0
...
root at corstone1000-fvp:~# reboot
...
U-Boot 2025.07-rc5 (Jul 10 2025 - 15:23:22 +0000) corstone1000 aarch64 
...
FWU: System booting in Regular State
...
Poky (Yocto Project Reference Distro) 5.2 corstone1000-fvp /dev/ttyAMA0

corstone1000-fvp login:

root at corstone1000-fvp:~# cat /sys/firmware/efi/esrt/entries/entry*/*
0x0
f1d883f9-dfeb-5363-98d8-686ee3b69f4f
0
6
0
6
0
0x0
7fad470e-5ec5-5c03-a2c1-4756b495de61
0
0
0
0
0
0x0
f1933675-5a8c-5b6d-9ef4-846739e89bc8
0
0
0
0
0
0x0
f771aff9-c7e9-5f99-9eda-2369dd694f61
0
0
0
0
0
root at corstone1000-fvp:~# 
```

Cc: Tom Rini <trini at konsulko.com>
Cc: Simon Glass <sjg at chromium.org>
Cc: Sughosh Ganu <sughosh.ganu at linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
Cc: Jens Wiklander <jens.wiklander at linaro.org>
Cc: Michal Simek <michal.simek at amd.com>
Cc: Marek Vasut <marek.vasut+renesas at mailbox.org>
Cc: Casey Connolly <casey.connolly at linaro.org>
Cc: Adriano Cordova <adrianox at gmail.com>
Cc: Mattijs Korpershoek <mkorpershoek at kernel.org>
Cc: Davidson kumaresan <davidson.kumaresan at arm.com>
Cc: Hugues Kamba Mpiana <hugues.kambampiana at arm.com>
Cc: Adam Johnston <Adam.Johnston at arm.com>

Abdellatif El Khlifi (24):
  arm_ffa: Remove NULL pointer check for ops
  arm_ffa: Add FFA_MEM_SHARE support
  arm_ffa: Add FFA_MEM_RECLAIM support
  arm_ffa: sandbox: Replace the emulator error log with debug log
  arm_ffa: sandbox: Improve the readability of clearing the X registers
  arm_ffa: sandbox: Add FFA_MEM_SHARE emulation
  arm_ffa: sandbox: Add FFA_MEM_SHARE tests
  arm_ffa: sandbox: Add FFA_MEM_RECLAIM emulation
  arm_ffa: sandbox: Add FFA_MEM_RECLAIM tests
  fwu_arm_psa: Initialize the update agent
  fwu_arm_psa: Read the FWU directory through get_image_info()
  fwu_arm_psa: Add staging ABIs
  efi_loader: fwu_arm_psa: Add set_image and get_image_info support
  efi_loader: fwu_arm_psa: Keep the FMP payload header
  efi_loader: fwu: fwu_arm_psa: Skip accepting the payload after
    set_image()
  efi_loader: fwu: fwu_arm_psa: Disable trial state handling
  fwu_arm_psa: Add FWU acceptance mechanism
  fwu_arm_psa: Add ESRT support
  fwu_arm_psa: Add ExitBootService() notification handler
  fwu_arm_psa: corstone1000: Enable FWU support
  fwu_arm_psa: corstone1000: Perform bank logic when reading boot index
  fwu_arm_psa: corstone1000: Notify SE Proxy SP on ExitBootService()
  fwu_arm_psa: corstone1000: Set Boot0001 for on-disk FWU
  fwu_arm_psa: Document FWU support for Arm PSA

Emekcan Aras (1):
  efi_loader: capsule: Add runtime capsule flags checks

 MAINTAINERS                                   |    8 +
 .../include/asm/sandbox_arm_ffa_priv.h        |   21 +-
 board/armltd/corstone1000/corstone1000.c      |  255 ++-
 board/armltd/corstone1000/corstone1000.env    |    8 +
 configs/corstone1000_defconfig                |   13 +-
 doc/arch/arm64.ffa.rst                        |    4 +
 doc/develop/uefi/fwu_arm_psa.rst              |  154 ++
 doc/develop/uefi/index.rst                    |    1 +
 drivers/firmware/arm-ffa/arm-ffa-uclass.c     |  285 +++-
 drivers/firmware/arm-ffa/arm-ffa.c            |    4 +-
 drivers/firmware/arm-ffa/ffa-emul-uclass.c    |  108 +-
 drivers/firmware/arm-ffa/sandbox_ffa.c        |    4 +-
 include/arm_ffa.h                             |  111 +-
 include/arm_ffa_priv.h                        |  143 +-
 include/efi_api.h                             |    8 +
 include/efi_loader.h                          |    8 +
 include/fwu_arm_psa.h                         |  427 +++++
 lib/efi_loader/efi_capsule.c                  |   64 +-
 lib/efi_loader/efi_firmware.c                 |   42 +-
 lib/fwu_updates/Kconfig                       |   26 +
 lib/fwu_updates/Makefile                      |    2 +
 lib/fwu_updates/fwu.c                         |   29 +-
 lib/fwu_updates/fwu_arm_psa.c                 | 1508 +++++++++++++++++
 test/dm/ffa.c                                 |   73 +-
 24 files changed, 3216 insertions(+), 90 deletions(-)
 create mode 100644 doc/develop/uefi/fwu_arm_psa.rst
 create mode 100644 include/fwu_arm_psa.h
 create mode 100644 lib/fwu_updates/fwu_arm_psa.c


base-commit: 59e6462d7c08eeba744afa0f17846c398b8ef9e1
-- 
2.25.1

More information about the U-Boot mailing list