Hi Jun Chen

 

Sorry for the delay in reply.  Please see my reply inline.

I hope this is helpful. In case of further questions, please let us know.

 

Thanks,
Manish Badarkhe

 

From: Jun.Chen(陳奕?) <jun.chen@vatics.com>
Date: Thursday, 16 February 2023 at 13:08
To: Manish Badarkhe <Manish.Badarkhe@arm.com>, tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Subject: RE: Is NS_BL1U necessary to do FWU ?

Hi Manish Badarkhe,

    Thanks for your reply.

I have read the TBBR document and understand the role of current BL2U and NS-BL2U.

But I dont understand why is that  (switch to the Non-Trusted world for flashing) be must,

 

If I can verify the chain of trust from BL1(ROM) -> Secure BL2 -> Secure BL31

and I can verify the image signature + rollback counter in BL31 (with embedded secure IC)

Can I do the flashing Job in BL31 (secure world)?

Is there any security issue ?

 

  1. Downloading the firmware update bundle might requires complex drivers such UART or ethernet. It is not desirable to put all that complexity in the Secure world (BL1 or BL31). This is why we delegated this responsibility to the Normal world components i.e.NS_BL1U and NS_BL2U
  2. BL1/BL2/BL31 components are trusted through trusted boot. Trusted boot protects against tampering. IOW it only guarantees that you are truly executing the code you wanted to execute, and not some malicious code. But obviously it does not guarantee that the code is correct, even trusted code can have bugs! So from a security point of view, the principle of least privilege advise us to move code outside of the secure world when we can. The Secure world TCB should be as small as possible
  3. It is essential that the firmware recovery process begins with immutable code to prevent tampering or corruption. Even though BL31 is runtime firmware, it can still be attacked and corrupted, even though it is trusted

 

Thanks

Best regards,

Jun Chen

 

 

From: Manish Badarkhe <Manish.Badarkhe@arm.com>
Sent: Thursday, February 16, 2023 8:20 PM
To: Jun.Chen(陳奕?) <jun.chen@vatics.com>; tf-a@lists.trustedfirmware.org
Subject: Re: Is NS_BL1U necessary to do FWU ?

 

Hi Jun Chen

I think this TBBR FWU documentation https://trustedfirmware-a.readthedocs.io/en/latest/components/firmware-update.html?highlight=FWU#tbbr-firmware-update-tbbr-fwu might help you understand the role of BL2U in FWU.
Secure-world BL2U is mainly responsible for platform setup, for example initializing TZC [1] and Non-Secure BL2U writes new images to non-volatile memory such as NAND flash. Is this helpful? If you have any further questions, please do not hesitate to contact us.

[1]: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/bl2u/bl2u_main.c

 

Thanks,

Manish Badarkhe

 

From: Jun.Chen(陳奕?) via TF-A <tf-a@lists.trustedfirmware.org>
Date: Thursday, 16 February 2023 at 11:32
To: tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Subject: [TF-A] Is NS_BL1U necessary to do FWU ?

Hi,

 

In ARM TBBR, there is a requirement

R0100_TBBR_AFM_FLASHING (The AP firmware must switch to the Non-Trusted world for executing the SoC firmware loader),

But there is no requirement for secure boot as long as I finish chain if ROT verification.

 

So, can I implement FWU in BL2 which is verified and load from BL1 (ROM)?

For example,

   BL1(ROM) -> Load and verify BL2U with new image from SD to secure RAM -> execute BL2U in Secure RAM then write new image to NAND flash

 

Best regards,

Jun