Firmware loading query

[MaxLeshin]

Currently Caliptra supports loading the SoC firmware from the SPI flash and compare the SHA(image) to the SoC manifest.

Is it possible to dynamic download the firmware from the host (not from the SPI flash) and directly authenticate the signature?
The motivation behind this query is the hyperscalers requirement is to reduce the amount of flash updates by providing the second stage firmware (signed) dynamically from the host.

[jhand2]

Are you referring to Caliptra 1.x or 2.0?

In 1.x, the boot media is totally up to the SoC; it is given to Caliptra via a mailbox command. So it is not required to boot from SPI.

In 2.x passive mode, the same is true.

In 2.x subsystem mode, the boot flow follows the OCP recovery spec, for which there are bindings to multiple transports IIUC. So the integrator can choose to boot over SPI or I3c or some other transport depending on what boot source they include.

@mhatrevi or @bharatpillilli to link to more details about how subsystem boot works.

[MaxLeshin]

Thanks for the answer. I'm indeed referring to Caliptra 2.0 subsystem mode.
In subsystem mode the image can be loaded either from SPI or I3C (recovery). As far as I understand, downloading the image from PCIe is not supported.

Plus, in both cases, the image should be compared to the existing manifest.
This means that regardless of the source (SPI/I3C) if we want to update the SoC image, need to update the manifest (which is stored in the SPI). Is there an option to authenticate the image without using the manifest?

[bharatpillilli]

Hello,

The physical path on which the FW can be fetched/streamed can be anything chosen by SoC. The requirement is to be able to write/stream the payload (after stripping off the physical channel metadata) into the same streaming boot/recovery interface registers.