LVC21-205: Firmware update service in TF-M

Session Abstract

Firmware update support is essential for IoT devices. However, the mechanism to update firmware on a device differs significantly across embedded platforms. TrustedFirmware-M(TF-M) proposes a set of Firmware Update(FWU) interfaces for updating firmware. By providing a consistent interface, the update clients and cloud connectors can be implemented in a more platform-independent manner. TF-M Firmware Update service implements the Firmware Update APIs in the secure side. TF-M also provides a shim layer between firmware update service and bootloader. A specific bootloader can easily co-work with TF-M firmware update service via the shim layer. We made a demo which integrated the TF-M Firmware Update service with the Amazon FreeRTOS OTA library. The OTA agent running in the non-secure side handles the image download from the AWS cloud. It calls the TF-M Firmware Update service via the Firmware Update APIs. It shows how the TF-M firmware update service cooperates with the OTA application to securely update the firmware.

Session Speakers

Sherry Zhang

Arm (Software Engineer, Arm China)

Joined Arm China Shanghai Open Source Software team since 2018. Have focused on Trusted Firmware M for two years.

Firmware update support is essential for IoT devices. However, the mechanism to update firmware on a device differs significantly across embedded platforms. TrustedFirmware-M(TF-M) proposes a set of Firmware Update(FWU) interfaces for updating firmware. By providing a consistent interface, the update clients and cloud connectors can be implemented in a more platform-independent manner.

TF-M Firmware Update service implements the Firmware Update APIs in the secure side. TF-M also provides a shim layer between firmware update service and bootloader. A specific bootloader can easily co-work with TF-M firmware update service via the shim layer.

We made a demo which integrated the TF-M Firmware Update service with the Amazon FreeRTOS OTA library. The OTA agent running in the non-secure side handles the image download from the AWS cloud. It calls the TF-M Firmware Update service via the Firmware Update APIs. It shows how the TF-M firmware update service cooperates with the OTA application to securely update the firmware.

comments powered by Disqus

Recent Posts

Other Posts

Sign up. Receive Updates. Stay informed.

Sign up to our mailing list to receive updates on the latest Linaro Connect news!