1. Introduction

1.1. About Platform Security Architecture

This document is one of a set of resources provided by Arm that can help organizations develop products that meet the security requirements of PSA Certified on Arm-based platforms. The PSA Certified scheme provides a framework and methodology that helps silicon manufacturers, system software providers and OEMs to develop more secure products. Arm resources that support PSA Certified range from threat models, standard architectures that simplify development and increase portability, and open-source partnerships that provide ready-to-use software. You can read more about PSA Certified here at www.psacertified.org and find more Arm resources here at developer.arm.com/platform-security-resources.

1.2. About the Firmware Update API

The interface described in this document is a PSA Certified API, that provides a portable programming interface to firmware update and installation operations on a wide range of hardware.

The interface enables the software and systems that manage and deliver a firmware update to a device, to be developed independently from the hardware-specific mechanisms required to apply the update to the device. Reusing the deployment and delivery system for firmware updates reduces the complexity of providing firmware updates across a diverse set of managed devices.

You can find additional resources relating to the Firmware Update API here at arm-software.github.io/psa-api/fwu, and find other PSA Certified APIs here at arm-software.github.io/psa-api.

1.3. Firmware update

Connected devices need a reliable and secure firmware update mechanism. Incorporating such an update mechanism is a fundamental requirement for fixing vulnerabilities, but it also enables other important capabilities such as updating configuration settings and adding new functionality. This can be particularly challenging for devices with resource constraints, as highlighted in Report from the Internet of Things Software Update (IoTSU) Workshop 2016 [RFC8240].

Figure 1 depicts the actors and agents involved in a typical firmware update scenario.


Figure 1 A typical over-the-air firmware update scenario

In this example, the new firmware is uploaded by the Firmware creator to an Update server. The Update server communicates with an Update client application on the device, announcing the availability of new firmware. The client downloads the new firmware, and installs it into the device firmware storage.

In Figure 1, the Update client has to combine the following capabilities:

  • The specific protocols used by the network operator in which the device is deployed

  • The specific mechanism used by the hardware platform to install firmware for execution

Devices developed for the Internet of Things (IoT) have a very diverse ecosystem of hardware and software developers, and utilize a broad set of communication protocols and technologies. This will lead to a large, fragmented set of Update clients, that are each tightly coupled to one hardware platform and one network protocol.

The Firmware Update API separates the software responsible for delivering the new firmware in the device, from the software that is responsible for storing and installing it in the device memory. Figure 2 shows how the Firmware Update API separates an Update client, which obtains the new firmware from the Firmware Server, from an Update service, which stores the firmware in the device memory.


Figure 2 The Firmware Update API

In practice, this enables an Update client to be written independently of the firmware storage design, and the Update service to be written independently of the delivery mechanism.

The remainder of this document includes:

The appendixes provide additional information: