LVC21-207: Standard Firmware Updates on Arm

Session Abstract

Devices require up-to-date FW to be secure. A standardized way to update FW is lacking in the Arm ecosystem. Having a standard method to perform FW updates benefits the Arm ecosystem -- SoC vendors and OEMs do not need to re-invent basic update functionality, OS vendors have a well understood and device agnostic manner of deploying FW updates. This contributes to more secure and functional Arm-based products. We aim to standardize the way an OS orchestrates a FW update. To that end we leverage the exiting UEFI UpdateCapsule abstraction, extending it to enable: - FW images to be stored-at-rest on TrustZone controlled Flash; - Reliable A/B update procedure. The standardization has the additional aim of not overly constraining devices, allowing vendors to differentiate, as needed, on FW update aspects that are not visible to the OS. This talk will cover the FW update flow in detail and provide an overview of the prototype we have created as an initial investigation into this topic.

Session Speakers

Jose Marinho

Arm (Engineer)

Jose contributes to the system SW/FW standardization effort within the Arm ecosystem.

Devices require up-to-date FW to be secure. A standardized way to update FW is lacking in the Arm ecosystem. Having a standard method to perform FW updates benefits the Arm ecosystem – SoC vendors and OEMs do not need to re-invent basic update functionality, OS vendors have a well understood and device agnostic manner of deploying FW updates. This contributes to more secure and functional Arm-based products.

We aim to standardize the way an OS orchestrates a FW update. To that end we leverage the exiting UEFI UpdateCapsule abstraction, extending it to enable:

  • FW images to be stored-at-rest on TrustZone controlled Flash;
  • Reliable A/B update procedure. The standardization has the additional aim of not overly constraining devices, allowing vendors to differentiate, as needed, on FW update aspects that are not visible to the OS.

This talk will cover the FW update flow in detail and provide an overview of the prototype we have created as an initial investigation into this topic.

comments powered by Disqus

Recent Posts

Other Posts

Sign up. Receive Updates. Stay informed.

Sign up to our mailing list to receive updates on the latest Linaro Connect news!