FWU Metadata partition protection

pp2 · ‎2024-08-23

Hi,

I'm looking at the wic file for STM32MP13 and see two metadata partitions for ATF firmware update. I'm wondering how are these partitions secured from access / modifications from non-trusted world? Since write (and optionally read) operation should only be performed from secure world what is the mechanism that prevents doing this from non secure world? Is there any? If so, how is this configured? I'm also curious whether the same mechanism applies to STM32MP2

Christophe Guibout · ‎2024-08-26

Hello @pp2,

metadata partitions are not secured, so that the firmware update agent running on linux is able to write boot options into it, and TF-A is able to read them.

BR,

Christophe

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

pp2 · ‎2024-08-26

Thanks, how about fip-a and fip-b partitions then? Are they also fully accessible from non-secure world? Because from what I understand these partitions should be updated from secure-world only, so are they protected somehow from modifications originated from non-secure world?

Christophe Guibout · ‎2024-08-28

Hello @pp2,

With OpenSTLinux distribution, fip-a and fip-b are accessible from non-secure world (for the same reason as metadata).

On a final product, I would recommand to tune linux permissions to forbid user to access to these partitions.

To ensure fip paritition integrity on boot, using secure boot could be an option.

BR,

Christophe

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.