Hi everyone,
we applied the ST FWU reference solution on our own platform based on the STM32MP157F.
The solution was taken and adapted from the ST Yocto layer meta-st-ota (https://github.com/PRG-MPU-CUST/meta-st-ota).
We have a few questions to clarify the default behavior:
What is the default behavior in the early boot stage
Do we understand correctly that fsbl1 and fsbl2 are intended to contain identical TF-A images for fail-safe purposes, and that the ROM looks for the first valid FSBL (starting from fsbl1) and loads it?
Rollback behavior at ROM / TF-A layer
Is it correct that there is no FWU rollback concept implemented in ROM / TF-A itself?
I.e. fsbl1 is not treated as part of a bank like [fip-a, bootfs-a, rootfs-a], but instead the two FSBL slots are only there to allow a second try to load the same TF-A version from fsbl2 if fsbl1 fails?
Updating TF-A over-the-air
If we decide to update TF-A via OTA (with RAUC and the ST FWU solution), do we understand correctly that:
TF-A needs to be included in the bundle, and
the new TF-A image must be written to both fsbl1 and fsbl2 to keep the ROM fail-safe behavior?
Guidance for making TF-A updateable
Are there any ST documents, examples or patches you can point us to that describe the recommended way to make TF-A updateable in an FWU / RAUC setup on STM32MP1?
Thank you very much for any help!
