Dear all, (and may the new year be happy to you and your beloved)
In the course of evaluating the FW update flows for systems with FIP images, we identified the following requirements:
Req1: The FIP image, or the components in the FIP, must have a version field. Each version field will be compared against the anti-rollback counter of the platform that the FIP or its component is bound to.
Req2: We must be able to increment the FIP version field (though a FIP image FW update) without affecting the anti-rollback counter value. The anti-rollback counter should be incremented only for security updates upon explicit request.
Req3: The version field should be present even if the FIP does not contain image certificates.
Currently the FIP carries a version field in the different certificates, the anti-rollback counters are updated every time the root certificate value increased. This is not flexible enough and does not allow trial/acceptance of updates.
Can we open a discussion on how to enhance the version/anti-rollback counter update in TF-A?
Best regards, Etienne Carriere
ST Restricted