doc: nrf54h: Add SDFW update description

Add description of SUIT based update of: - Secure Domain Firmware - Secure Domain Firmware Recovery Jira: NCSDK-27725 Signed-off-by: Adam Szczygieł <[email protected]>
nrfconnect · Nov 4, 2024 · 1f68b74 · 1f68b74
1 parent a945bb2
commit 1f68b74
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 0 deletions.
diff --git a/..._guides/working_with_nrf/nrf54h/images/nrf54h20_suit_sdfw_sdrfw_update_flow.png b/..._guides/working_with_nrf/nrf54h/images/nrf54h20_suit_sdfw_sdrfw_update_flow.png
diff --git a/...f/app_dev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_components.rst b/...f/app_dev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_components.rst
@@ -12,6 +12,8 @@ Using and modifying the component types allows for operational, fine-tuned custo
 
 See the :ref:`component_ID` section for more information.
 
+.. _suit_component_types:
+
 Component types
 ***************
 

diff --git a/doc/nrf/app_dev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_dfu.rst b/doc/nrf/app_dev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_dfu.rst
@@ -34,3 +34,4 @@ For a list of available SUIT samples, see the :ref:`suit_samples` page.
    ug_nrf54h20_suit_hierarchical_manifests
    ug_nrf54h20_suit_soc_binaries
    ug_nrf54h20_suit_recovery.rst
+   ug_nrf54h20_suit_sdfw_sdrfw_update.rst
diff --git a/...vice_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_hierarchical_manifests.rst b/...vice_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_hierarchical_manifests.rst
@@ -29,6 +29,8 @@ Manifest are organized in a hierarchy-tree structure consisting of a single root
 
    Hierarchical manifest topology
 
+.. _suit_default_manifest_topology_for_the_nrf54h20_soc:
+
 Default manifest topology for the nRF54H20 SoC
 **********************************************
 

diff --git a/...ev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_sdfw_sdrfw_update.rst b/...ev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_sdfw_sdrfw_update.rst
@@ -0,0 +1,50 @@
+.. _ug_nrf54h20_suit_sdfw_sdrfw_update:
+
+Secure Domain Firmware Update
+#############################
+
+.. contents::
+   :local:
+   :depth: 2
+
+
+Both the Secure Domain Firmware (SDFW) and the recovery image for the Secure Domain Firmware are launched on a core responsible for establishing the Root of Trust as a Secure Domain.
+Due to security requirements, the update process for these binaries differs significantly from regular updates in local domains.
+
+To ensure that trusted execution can be established on the device, a valid recovery image for the Secure Domain Firmware must be present on the device before performing a Secure Domain Firmware update.
+An update is initiated only if the update candidate is verified by the Secure Domain ROM using a key that matches the requested update type.
+
+The SUIT framework allows flexible firmware launching and updating while keeping parts of the codebase unmodifiable by end users.
+A common approach is to use a platform-specific layer that maps firmware blocks to device memory ranges, simplifying updates for basic systems.
+Manifests can describe actions required to launch or update each firmware block.
+In the nRF54H20, this approach is used in some areas, but the SDFW and the recovery image of the SDFW require the Secure Domain ROM to handle launching and updates, rather than direct copying to a destination address.
+
+
+Implementation
+**************
+
+SUIT manifests use components to define executable or updatable entities.
+On a given platform, components may have different characteristics that require varied approaches for launching or updating (for example, execution in place instead of copying to RAM).
+
+As described in :ref:`suit_component_types`, a special SUIT component type (``SOC_SPEC``) describes components that are controlled by Nordic Semiconductor.
+
+For the nRF54H20 SoC, there are two components of this type: one for the SDFW and the other for the SDFW recovery image.
+These are identified by component IDs 1 and 2, respectively:
+
+* ``SOC_SPEC/1`` - Secure Domain Firmware
+* ``SOC_SPEC/2`` - Secure Domain Firmware recovery image
+
+As shown in :ref:`suit_default_manifest_topology_for_the_nrf54h20_soc`, both components are included in a single SUIT manifest.
+This manifest is managed by the ``Nordic top`` manifest, which is, in turn, controlled by the ``Root`` manifest.
+
+Update process
+**************
+
+The update process begins by attempting to update the Secure Domain Firmware (SDFW) recovery image.
+If this update fails, the process still proceeds with updating the SDFW.
+To prevent ambiguity if one slot update fails while the other succeeds, the manifest version reflects the version of the Secure Domain Firmware.
+
+.. figure:: images/nrf54h20_suit_sdfw_sdrfw_update_flow.png
+   :alt: Secure Domain Firmware and Secure Domain Firmware Recovery update flow
+
+   Update flow for the Secure Domain Firmware and the Secure Domain Firmware recovery image