Hi Manish Badarkhe, Thanks for your reply. I have read the TBBR document and understand the role of current BL2U and NS-BL2U. But I don’t understand why is that (switch to the Non-Trusted world for flashing) be “must”,
If I can verify the chain of trust from BL1(ROM) -> Secure BL2 -> Secure BL31 and I can verify the image signature + rollback counter in BL31 (with embedded secure IC) Can I do the flashing Job in BL31 (secure world)? Is there any security issue ?
Thanks Best regards, Jun Chen
From: Manish Badarkhe Manish.Badarkhe@arm.com Sent: Thursday, February 16, 2023 8:20 PM To: Jun.Chen(陳奕昕) jun.chen@vatics.com; tf-a@lists.trustedfirmware.org Subject: Re: Is NS_BL1U necessary to do FWU ?
Hi Jun Chen
I think this TBBR FWU documentation https://trustedfirmware-a.readthedocs.io/en/latest/components/firmware-updat... might help you understand the role of BL2U in FWU. Secure-world BL2U is mainly responsible for platform setup, for example initializing TZC [1] and Non-Secure BL2U writes new images to non-volatile memory such as NAND flash. Is this helpful? If you have any further questions, please do not hesitate to contact us. [1]: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/bl2u/bl2u_m...
Thanks, Manish Badarkhe
From: Jun.Chen(陳奕昕) via TF-A <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Date: Thursday, 16 February 2023 at 11:32 To: tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: [TF-A] Is NS_BL1U necessary to do FWU ? Hi,
In ARM TBBR, there is a requirement “R0100_TBBR_AFM_FLASHING” (The AP firmware must switch to the Non-Trusted world for executing the SoC firmware loader), But there is no requirement for secure boot as long as I finish chain if ROT verification.
So, can I implement FWU in BL2 which is verified and load from BL1 (ROM)? For example, BL1(ROM) -> Load and verify BL2U with new image from SD to secure RAM -> execute BL2U in Secure RAM then write new image to NAND flash
Best regards, Jun