mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-06-06 02:40:18 +00:00
Code Issues Projects Releases Wiki Activity

arm-bsp/documentation: corstone1000: update the architecture document

Browse Source 
align the architecture document with the upcoming CORSTONE1000-2023.11 release

Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
This commit is contained in:
Emekcan Aras
2023-11-24 12:55:12 +00:00
committed by Ross Burton
parent 86e2984459
commit e1424f8ac6
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-arm-bsp/documentation/corstone1000/software-architecture.rst
+10 -5
View File
@@ -72,8 +72,10 @@ non-secure and the secure world is performed via FF-A messages.
An external system is intended to implement use-case specific
functionality. The system is based on Cortex-M3 and run RTX RTOS.
Communictaion between external system and Host(cortex-A35) is performed
using MHU as transport mechanism and rpmsg messaging system.
Communication between the external system and Host (Cortex-A35) is performed
using MHU as transport mechanism and rpmsg messaging system (the external system
support in Linux is disabled in this release. More info about this change can be found in the
release-notes).
Overall, the Corstone-1000 architecture is designed to cover a range
of Power, Performance, and Area (PPA) applications, and enable extension
@@ -157,9 +159,9 @@ Secure Firmware Update
**********************
Apart from always booting the authorized images, it is also essential that
the device only accepts the authorized images in the firmware update
the device only accepts the authorized (signed) images in the firmware update
process. Corstone-1000 supports OTA (Over the Air) firmware updates and
follows Platform Security Firmware Update sepcification (`FWU`_).
follows Platform Security Firmware Update specification (`FWU`_).
As standardized into `FWU`_, the external flash is divided into two
banks of which one bank has currently running images and the other bank is
@@ -172,7 +174,10 @@ Image (the initramfs bundle). The new images are accepted in the form of a UEFI
:width: 690
:alt: ExternalFlash
When Firmware update is triggered, u-boot verifies the capsule by checking the
capsule signature, version number and size. Then it signals the Secure Enclave
that can start writing UEFI capsule into the flash. Once this operation finishes
,Secure Enclave resets the entire system.
The Metadata Block in the flash has the below firmware update state machine.
TF-M runs an OTA service that is responsible for accepting and updating the
images in the flash. The communication between the UEFI Capsule update