[PATCH v5 00/24] Introduce Firmware Update Support for Arm PSA
Sughosh Ganu
sughosh.ganu at linaro.org
Wed Oct 22 09:02:03 CEST 2025
On Fri, 26 Sept 2025 at 19:44, <abdellatif.elkhlifi at arm.com> wrote:
>
> From: Abdellatif El Khlifi <abdellatif.elkhlifi at arm.com>
>
> This patch series adds Firmware Update (FWU) support for Arm PSA
> Certified platforms [1], enabling U-Boot to serve as
> the FWU Client, with the Secure World acting as the Update Agent that
> manages the firmware store and its metadata.
>
> This implementation adheres to the Platform Security Firmware Update
> specification [3] for the A-profile Arm Architecture and leverages the
> Trusted Services framework [4] to interact with the Secure World update
> agent. By delegating update management to the Secure World, U-Boot
> handles only the client-side coordination, invoking a well-defined set
> of ABIs over the FF-A interface [5] to deliver update capsules.
Firstly, apologies for the delayed review. As discussed offline, the
series does not apply to the top of master. Can you please rebase and
send it. Thanks.
-sughosh
>
> Key features include:
>
> - Generic, platform-agnostic design.
> - FF-A-based ABI: All interactions between U-Boot and the update agent
> occur over the FF-A interface, ensuring compatibility across
> PSA-compliant systems.
> - Multi-payload capsules: Support for capsules containing multiple
> payloads, start/end markers, signed firmware images.
> - ESRT support: Capsule payloads may be signed for authenticity, and
> U-Boot can populate the EFI System Resource Table (ESRT) for
> OS-level firmware management.
> - On-disk and standard capsule handling.
>
> For implementation details, please refer to the documentation [6].
> For a real world example, please see the Arm PSA FWU logs [7] when used
> for on-disk capsule update in Corstone-1000 [2].
> For trying the implementation on Corstone-1000 FVP, please follow these steps [8].
>
> Changes in v5:
>
> * As suggested by Ilias:
> - Make PSA handling simpler for the payload acceptance logic
> - Use efi_fill_image_desc_array() for PSA
> instead of changing efi_firmware_get_image_info()
>
> * Add CONFIG_FWU_KEEP_FMP_HEADER to control whether
> the user wants to keep the FMP header or strip it from the payload
>
> * Address kernel-doc warnings
>
> Cheers,
> Abdellatif
>
> [1]: PSA: https://www.psacertified.org
> [2]: Corstone-1000: https://developer.arm.com/Processors/Corstone-1000
> [3]: DEN0118 v1.0 A specification: https://developer.arm.com/documentation/den0118/latest
> [4]: Trusted Services documentation: https://trusted-services.readthedocs.io/en/stable
> [5]: FF-A interface: doc/arch/arm64.ffa.rst
> [6]: Documentation of the FWU for Arm PSA support: doc/develop/uefi/fwu_arm_psa.rst
> [7]: Arm PSA FWU logs when used for on-disk capsule update in Corstone-1000
> [8]: Performing Capsule update on Corstone-1000 FVP and MPS3:
> https://git.yoctoproject.org/meta-arm/tree/meta-arm-bsp/documentation/corstone1000/user-guide.rst#n838
>
> ```
> CapsuleApp: capsule block/size 0xDD741040/0x25ACE
> Found EFI system partition on Boot0001: OnDiskFWU
> FS2:;HD0b:;BLK4:
> Succeed to write edk2-corstone1000-fvp-v6.uefi.capsule
> resetting ...
> NOTICE: BL2: v2.11.0(debug):v2.11.0-dirty
> ...
> U-Boot 2025.07-rc5 (Jul 10 2025 - 15:23:22 +0000) corstone1000 aarch64
> ...
> FWU: System booting in Regular State
> FWU: ABI version 1.0 detected
> FWU: Updating 1 payload(s)
> Applying capsule edk2-corstone1000-fvp-v6.uefi.capsule succeeded.
> Reboot after firmware update.
> NOTICE: BL2: v2.11.0(debug):v2.11.0-dirty
> ...
> U-Boot 2025.07-rc5 (Jul 10 2025 - 15:23:22 +0000) corstone1000 aarch64
> ...
> FWU: System booting in Trial State
> ...
> Poky (Yocto Project Reference Distro) 5.2 corstone1000-fvp /dev/ttyAMA0
> ...
> root at corstone1000-fvp:~# reboot
> ...
> U-Boot 2025.07-rc5 (Jul 10 2025 - 15:23:22 +0000) corstone1000 aarch64
> ...
> FWU: System booting in Regular State
> ...
> Poky (Yocto Project Reference Distro) 5.2 corstone1000-fvp /dev/ttyAMA0
>
> corstone1000-fvp login:
>
> root at corstone1000-fvp:~# cat /sys/firmware/efi/esrt/entries/entry*/*
> 0x0
> f1d883f9-dfeb-5363-98d8-686ee3b69f4f
> 0
> 6
> 0
> 6
> 0
> 0x0
> 7fad470e-5ec5-5c03-a2c1-4756b495de61
> 0
> 0
> 0
> 0
> 0
> 0x0
> f1933675-5a8c-5b6d-9ef4-846739e89bc8
> 0
> 0
> 0
> 0
> 0
> 0x0
> f771aff9-c7e9-5f99-9eda-2369dd694f61
> 0
> 0
> 0
> 0
> 0
> root at corstone1000-fvp:~#
> ```
>
> Cc: Tom Rini <trini at konsulko.com>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Sughosh Ganu <sughosh.ganu at linaro.org>
> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Cc: Jens Wiklander <jens.wiklander at linaro.org>
> Cc: Michal Simek <michal.simek at amd.com>
> Cc: Marek Vasut <marek.vasut+renesas at mailbox.org>
> Cc: Casey Connolly <casey.connolly at linaro.org>
> Cc: Adriano Cordova <adrianox at gmail.com>
> Cc: Mattijs Korpershoek <mkorpershoek at kernel.org>
> Cc: Davidson kumaresan <davidson.kumaresan at arm.com>
> Cc: Adam Johnston <Adam.Johnston at arm.com>
> Cc: Hugues Kamba Mpiana <hugues.kambampiana at arm.com>
> Cc: Srinivas Kalaga <Srinivas.Kalaga2 at arm.com>
>
> Abdellatif El Khlifi (23):
> arm_ffa: Add FFA_MEM_SHARE support
> arm_ffa: Add FFA_MEM_RECLAIM support
> arm_ffa: sandbox: Replace the emulator error log with debug log
> arm_ffa: sandbox: Improve the readability of clearing the X registers
> arm_ffa: sandbox: Add FFA_MEM_SHARE emulation
> arm_ffa: sandbox: Add FFA_MEM_SHARE tests
> arm_ffa: sandbox: Add FFA_MEM_RECLAIM emulation
> arm_ffa: sandbox: Add FFA_MEM_RECLAIM tests
> fwu_arm_psa: Initialize the update agent
> fwu_arm_psa: Read the FWU directory through get_image_info()
> fwu_arm_psa: Add staging ABIs
> efi_loader: fwu_arm_psa: Add set_image() support
> efi_loader: fwu_arm_psa: Allow keeping the FMP payload header
> efi_loader: fwu: fwu_arm_psa: Skip accepting the payload after
> set_image()
> efi_loader: fwu: fwu_arm_psa: Disable trial state handling
> fwu_arm_psa: Add FWU acceptance mechanism
> fwu_arm_psa: Add ESRT support
> fwu_arm_psa: Add ExitBootService() notification handler
> fwu_arm_psa: corstone1000: Enable FWU support
> fwu_arm_psa: corstone1000: Perform bank logic when reading boot index
> fwu_arm_psa: corstone1000: Notify SE Proxy SP on ExitBootService()
> fwu_arm_psa: corstone1000: Set Boot0001 for on-disk FWU
> fwu_arm_psa: Document FWU support for Arm PSA
>
> Emekcan Aras (1):
> efi_loader: capsule: Add runtime capsule flags checks
>
> MAINTAINERS | 8 +
> .../include/asm/sandbox_arm_ffa_priv.h | 21 +-
> board/armltd/corstone1000/corstone1000.c | 252 ++-
> board/armltd/corstone1000/corstone1000.env | 8 +
> configs/corstone1000_defconfig | 13 +-
> doc/arch/arm64.ffa.rst | 4 +
> doc/develop/uefi/fwu_arm_psa.rst | 154 ++
> doc/develop/uefi/index.rst | 1 +
> drivers/firmware/arm-ffa/arm-ffa-uclass.c | 285 +++-
> drivers/firmware/arm-ffa/arm-ffa.c | 4 +-
> drivers/firmware/arm-ffa/ffa-emul-uclass.c | 108 +-
> drivers/firmware/arm-ffa/sandbox_ffa.c | 4 +-
> include/arm_ffa.h | 128 +-
> include/arm_ffa_priv.h | 153 +-
> include/efi_api.h | 8 +
> include/efi_loader.h | 8 +
> include/fwu_arm_psa.h | 403 +++++
> lib/efi_loader/efi_capsule.c | 46 +-
> lib/efi_loader/efi_firmware.c | 32 +-
> lib/fwu_updates/Kconfig | 34 +
> lib/fwu_updates/Makefile | 2 +
> lib/fwu_updates/fwu.c | 24 +-
> lib/fwu_updates/fwu_arm_psa.c | 1467 +++++++++++++++++
> test/dm/ffa.c | 73 +-
> 24 files changed, 3154 insertions(+), 86 deletions(-)
> create mode 100644 doc/develop/uefi/fwu_arm_psa.rst
> create mode 100644 include/fwu_arm_psa.h
> create mode 100644 lib/fwu_updates/fwu_arm_psa.c
>
>
> base-commit: 59e6462d7c08eeba744afa0f17846c398b8ef9e1
> --
> 2.43.0
>
More information about the U-Boot
mailing list