About this document
Release information
The change history table lists the changes that have been made to this document.
Date |
Version |
Confidentiality |
Change |
|---|---|---|---|
Feb 2021 |
0.7 Beta 0 |
Non-confidential |
First release at Beta quality. |
PSA Firmware Update API
Copyright © 2020-2021, Arm Limited or its affiliates. All rights reserved. The copyright statement reflects the fact that some draft issues of this document have been released, to a limited circulation.
Arm Non-Confidential Document Licence (“Licence”)
This Licence is a legal agreement between you and Arm Limited (“Arm”) for the use of Arm’s intellectual property (including, without limitation, any copyright) embodied in the document accompanying this Licence (“Document”). Arm licenses its intellectual property in the Document to you on condition that you agree to the terms of this Licence. By using or copying the Document you indicate that you agree to be bound by the terms of this Licence.
“Subsidiary” means any company the majority of whose voting shares is now or hereafter owner or controlled, directly or indirectly, by you. A company shall be a Subsidiary only for the period during which such control exists.
This Document is NON-CONFIDENTIAL and any use by you and your Subsidiaries (“Licensee”) is subject to the terms of this Licence between you and Arm.
Subject to the terms and conditions of this Licence, Arm hereby grants to Licensee under the intellectual property in the Document owned or controlled by Arm, a non-exclusive, non-transferable, non-sub-licensable, royalty-free, worldwide licence to:
use and copy the Document for the purpose of designing and having designed products that comply with the Document;
manufacture and have manufactured products which have been created under the licence granted in (i) above; and
sell, supply and distribute products which have been created under the licence granted in (i) above.
Licensee hereby agrees that the licences granted above shall not extend to any portion or function of a product that is not itself compliant with part of the Document.
Except as expressly licensed above, Licensee acquires no right, title or interest in any Arm technology or any intellectual property embodied therein.
THE DOCUMENT IS PROVIDED “AS IS”. ARM PROVIDES NO REPRESENTATIONS AND NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE DOCUMENT. Arm may make changes to the Document at any time and without notice. For the avoidance of doubt, Arm makes no representation with respect to, and has undertaken no analysis to identify or understand the scope and content of, third party patents, copyrights, trade secrets, or other rights.
NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS LICENCE, TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL ARM BE LIABLE FOR ANY DAMAGES, IN CONTRACT, TORT OR OTHERWISE, IN CONNECTION WITH THE SUBJECT MATTER OF THIS LICENCE (INCLUDING WITHOUT LIMITATION) (I) LICENSEE’S USE OF THE DOCUMENT; AND (II) THE IMPLEMENTATION OF THE DOCUMENT IN ANY PRODUCT CREATED BY LICENSEE UNDER THIS LICENCE). THE EXISTENCE OF MORE THAN ONE CLAIM OR SUIT WILL NOT ENLARGE OR EXTEND THE LIMIT. LICENSEE RELEASES ARM FROM ALL OBLIGATIONS, LIABILITY, CLAIMS OR DEMANDS IN EXCESS OF THIS LIMITATION.
This Licence shall remain in force until terminated by Licensee or by Arm. Without prejudice to any of its other rights, if Licensee is in breach of any of the terms and conditions of this Licence then Arm may terminate this Licence immediately upon giving written notice to Licensee. Licensee may terminate this Licence at any time. Upon termination of this Licence by Licensee or by Arm, Licensee shall stop using the Document and destroy all copies of the Document in its possession. Upon termination of this Licence, all terms shall survive except for the licence grants.
Any breach of this Licence by a Subsidiary shall entitle Arm to terminate this Licence as if you were the party in breach. Any termination of this Licence shall be effective in respect of all Subsidiaries. Any rights granted to any Subsidiary hereunder shall automatically terminate upon such Subsidiary ceasing to be a Subsidiary.
The Document consists solely of commercial items. Licensee shall be responsible for ensuring that any use, duplication or disclosure of the Document complies fully with any relevant export laws and regulations to assure that the Document or any portion thereof is not exported, directly or indirectly, in violation of such export laws.
This Licence may be translated into other languages for convenience, and Licensee agrees that if there is any conflict between the English version of this Licence and any translation, the terms of the English version of this Licence shall prevail.
The Arm corporate logo and words marked with ® or ™ are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. Other brands and names mentioned in this document may be the trademarks of their respective owners. No licence, express, implied or otherwise, is granted to Licensee under this Licence, to use the Arm trade marks in connection with the Document or any products based thereon. Visit Arm’s website at https://www.arm.com/company/policies/trademarks for more information about Arm’s trademarks.
The validity, construction and performance of this Licence shall be governed by English Law.
Copyright © 2020-2021, Arm Limited or its affiliates. All rights reserved.
Arm document reference: LES-PRE-21585 version 4.0
References
This document refers to the following documents.
Ref |
Document Number |
Title |
|---|---|---|
[PSA-SM] |
DEN 0079 |
PSA Security Model. https://pages.arm.com/psa-resources-sm.html |
[PSA-TB] |
DEN 0072 |
PSA Trusted Boot and Firmware Update. https://pages.arm.com/psa-resources-tbfu.html |
[PSA-ATT] |
IHI 0085 |
PSA Attestation API. https://pages.arm.com/psa-apis.html |
[PSA-DBG] |
PSA-DBG-AUTH |
PSA Debug Access Control. |
[PSA-CERT] |
JSA DEN 002 |
PSA Certified™ Level 2 Lightweight Protection Profile. https://www.psacertified.org/resources/ |
[SUIT] |
IETF, A Concise Binary Object Representation (CBOR)-based Serialization Format for the Software Updates for Internet of Things (SUIT) Manifest. https://tools.ietf.org/html/draft-ietf-suit-manifest-04 |
|
[SUIT-ARCH] |
IETF, A Firmware Update Architecture for Internet of Things. https://tools.ietf.org/html/draft-ietf-suit-architecture-08#page-22 |
|
[RFC4122] |
IETF, A Universally Unique IDentifier (UUID) URN Namespace. https://tools.ietf.org/html/rfc4122 |
|
[EBBR] |
ARM DEN 0064 |
ARM, Embedded Base Boot Requirements. |
[SUIT-CODE] |
GitHub, Example code to generate and parse SUIT manifests. https://github.com/ARMmbed/suit-manifest-generator |
Terms and abbreviations
This document uses the following terms and abbreviations.
Term |
Meaning |
|---|---|
| Application firmware | The main application firmware for the platform, typically comprising an Operating System (OS) and application tasks. On a platform with isolation, the application firmware runs in the NSPE. |
| Application Root of Trust | This is the security domain in which additional security services are implemented. See PSA Security Model [PSA-SM] for details. |
| CBOR | Concise Binary Object Representation (CBOR). A binary data serialization format loosely based on JSON. |
| Cloud connector | See Update client. |
| CSP | Cloud service provider |
| Implementation Defined | Behavior that is not defined by the this specification, but is defined and documented by individual implementations. Firmware developers can choose to depend on IMPLEMENTATION DEFINED behavior, but must be aware that their code might not be portable to another implementation. |
| ISV | Independent software vendor |
| Manifest | Image metadata that is signed with a cryptographic key. |
| MPU | Memory Protection Unit |
| Non-secure Processing Environment (NSPE) | This is the security domain outside of the Secure Processing Environment. It is the Application domain, typically containing the application firmware and hardware. |
| NSPE | See Non-secure Processing Environment. |
| OEM | Original Equipment Manufacturer |
| OTA | See Over-the-Air. |
| Over-the-Air (OTA) | The procedure where a device downloads an update from a remote location (“over the air”). |
| Programmer error | An error that is caused by the misuse of a programming interface. A PROGRAMMER ERROR is in the caller of the interface, but it is detected by the implementer of the interface. |
| PSA | Platform Security Architecture |
| PSA Immutable Root of Trust | The hardware, code and data that cannot be modified following manufacturing. See PSA Security Model [PSA-SM] for details. |
| PSA Root of Trust | This defines the most trusted security domain within a PSA system. See PSA Security Model [PSA-SM] for details. |
| PSA Updateable Root of Trust | The Root of Trust firmware that can be updated following manufacturing. See PSA Security Model [PSA-SM] for details. |
| Root of Trust (RoT) | This is the minimal set of software, hardware and data that is implicitly trusted in the platform — there is no software or hardware at a deeper level that can verify that the Root of Trust is authentic and unmodified. See PSA Security Model [PSA-SM]. |
| RoT | See Root of Trust. |
| Secure Partition | A thread of execution with protected runtime state within the Secure Processing Environment. Container for the implementation of one or more RoT services. Multiple Secure Partitions may exist on a platform. |
| Secure Partition Manager (SPM) | Part of the PSA Firmware Framework that is responsible for isolating software in Partitions, managing the execution of software within Partitions, and providing IPC between Partitions. |
| Secure Processing Environment (SPE) | This is the security domain that includes the PSA Root of Trust and the Application Root of Trust domains. |
| SPE | See Secure Processing Environment. |
| SPM | See Secure Partition Manager. |
| Trusted Boot | Trusted Boot is technology to provide a chain of trust for all the components during boot. See PSA Trusted Boot and Firmware Update [PSA-TB]. |
| Update client | Software component that is responsible for downloading firmware updates to the device. The Update client is part of the application firmware. |
Conventions
Typographical conventions
The typographical conventions are:
- italic
Introduces special terminology, and denotes citations.
monospaceUsed for assembler syntax descriptions, pseudocode, and source code examples.
Also used in the main text for instruction mnemonics and for references to other items appearing in assembler syntax descriptions, pseudocode, and source code examples.
- small capitals
Used for some common terms such as implementation defined.
Used for a few terms that have specific technical meanings, and are included in the Terms and abbreviations.
- Red text
Indicates an open issue.
- Blue text
Indicates a link. This can be
A cross-reference to another location within the document
A URL, for example http://infocenter.arm.com
Numbers
Numbers are normally written in decimal. Binary numbers are preceded by 0b, and
hexadecimal numbers by 0x.
In both cases, the prefix and the associated value are written in a monospace
font, for example 0xFFFF0000. To improve readability, long numbers can be
written with an underscore separator between every four characters, for example
0xFFFF_0000_0000_0000. Ignore any underscores when interpreting the value of
a number.
Feedback
Arm welcomes feedback on its documentation.
Feedback on this book
If you have comments on the content of this book, send an e-mail to arm.psa-feedback@arm.com. Give:
The title (PSA Firmware Update API).
The number and issue (IHI 0093 0.7 Beta (Issue 0)).
The page numbers to which your comments apply.
The rule identifiers to which your comments apply, if applicable.
A concise explanation of your comments.
Arm also welcomes general suggestions for additions and improvements.
A description of the open issues is described in appendix Future changes.