Mandatory verification during `psa_fwu_install()`

athoelke commented 2 years ago

The v0.7 specification requires that the implementation verifies the validity and dependencies of an update (see the v0.7 specification description). This must happen during the install operation, or can be deferred to reboot.

These rules in the specification prevent this API being used solely as a Hardware or Platform Abstraction Layer (HAL), where the Client is trusted to enforce all of the verification process, and does not require them to be repeated by the Update Service.

Note: For implementations where the Update Service is inside a Root of Trust, and the Client is not - then the Update Service must perform all of the validity, authenticity, and dependency verification, even if this is also done by the Server or Client.

Question

Shoudl the following use case be in scope for the API?

I want to use the Firmware Update API as a HAL between my trusted Update Client and the platform's installation mechanism. I do not require the Update Service to perform verification of the update, only provide an abstraction of the firmware store.

athoelke commented 2 years ago

The discussion of deployment use cases in #16 provides a broader context in which this particular question is best understood...

athoelke commented 2 years ago

Withdrawing this issue as resolution of #16 will determine the impact on the install API.

ARM-software / psa-firmware-update-spec

Mandatory verification during `psa_fwu_install()` #13

Question