From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 54424FD706B for ; Tue, 17 Mar 2026 10:33:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject: To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=oTCQrmtApsBTFSuSkYzsDhswFrnhBNcsX0R3gRG9NVU=; b=NwQiO1a/qDBYeQ bfeF9uMM4HpldyJlKEizpShnkRPfaEnygNZlTsrlRhBbH20MfDSALDrIUMjNIQjCb5sU8hzkpTiee OxmhUA+LeycMkKG1g2XArhTlBkpbTsC7tjGKXZ47ucZIwdnzCYuibW6ZnqbRS1f2FUPAqk2KjjQCf EyRyvaDt0y0pcz/N6xFr3Y/R4zwLqWtcikUisE/x333dcxiCr5JPldilAGaEncQxsnM1OCS3E3xhn Vd7BTgZcPmzKPDdSeg02FFWkB2F3TVAsm9m8ejzme0C9RPRCItaQuiGZWjYHVpVuvpfC3S2JU3/Wi hiCvLwElEjkEsRA+JwXA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1w2RkF-000000061zW-1WCi; Tue, 17 Mar 2026 10:33:51 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1w2RkC-000000061wk-1Aoq for linux-arm-kernel@lists.infradead.org; Tue, 17 Mar 2026 10:33:49 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5877F1476; Tue, 17 Mar 2026 03:33:38 -0700 (PDT) Received: from e142021.fritz.box (usa-sjc-mx-foss1.foss.arm.com [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 066BE3F7BD; Tue, 17 Mar 2026 03:33:41 -0700 (PDT) From: Andre Przywara To: Mark Rutland , Lorenzo Pieralisi , Sudeep Holla Subject: [PATCH v2 0/8] Arm Live Firmware Activation (LFA) support Date: Tue, 17 Mar 2026 11:33:26 +0100 Message-ID: <20260317103336.1273582-1-andre.przywara@arm.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260317_033348_428245_16DDB36A X-CRM114-Status: GOOD ( 25.17 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Conor Dooley , vsethi@nvidia.com, Salman Nabi , Rob Herring , linux-kernel@vger.kernel.org, vwadekar@nvidia.com, Trilok Soni , devicetree@vger.kernel.org, Nirmoy Das , Krzysztof Kozlowski , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi all, this is version 2 of the Live Firmware Activation kernel support. There were some significant changes to the code compared to the previous v1 post [1]: the images are now managed using an embedded kobject, joined by a kset representing the /sys/firmware/lfa directory. The locking has been overhauled, there is no longer a global lock, but just the kset list lock, and a readers/writer lock when doing the actual SMC accesses. Also this series now includes support for the ACPI notification, as contributed by Veda [2] (many thanks for that!), and support for the DT interrupt. Also there is a new sysfs switch file to allow the automatic activation. This is now multiple patches, mostly to help review and to give credit to Veda's work. If people agree, some of the patches can be squashed for submission, eventually. More detailed changelog below. ============================== This series implements the kernel side support of the Arm Live Firmware Activation (LFA) specification [3]. LFA enables the activation of updated firmware components without requiring a system reboot, reducing downtime and allowing quicker deployment of critical bug fixes in environments such as data centers and hyperscale systems. It requires explicit firmware support, both via an agent running in EL3 (for instance in TF-A, already merged), but also in the firmware component to be activated. TF-RMM recently merged support for this. Unlike the usual firmware update process (which may use tools like fwupd), LFA focuses solely on the activation of an already updated firmware component, called "pending activation" in LFA lingo. This works by signalling the LFA agent (part of the EL3 runtime firmware) via an SMC call, which then does the heavy lifting of the live update, in cooperation with the to-be-updated firmware component. Key features of the driver: * Detects LFA support in system firmware (EL3). * Lists all firmware components that support live activation, identified by their GUID. * Exposes component attributes (e.g., activation capability, and activation pending) via sysfs under /sys/firmware/lfa//. * Provides interfaces to: - Trigger activation of an updated firmware component. - Cancel an ongoing activation if required. A more detailed list of features can be found in patch 2/8. Based on v7.0-rc1. This work is conceptually similar to Intel’s Platform Firmware Runtime Update and telemetry (PFRUT) [4] and TDX module updates [5], but targets Arm platforms. The driver has been used to successfully activate a Realm Management Monitor (RMM) firmware image in a controlled test environment. RMM is analogous to Intel’s TDX module. There is effort on similar work from the OCP [6]. Future work may include integration with utilities like fwupd to automatically select the appropriate driver, based on platform architecture, for Live/Runtime firmware updates. Please have a look, test and comment! Best regards, Salman and Andre Changelog v1 .. v2: - restrict build to arm64 (the LFA spec only supports AArch64) - rename and extend central data structure to fw_image - use separate GPR register sets for some SMC calls - provide wrapper for error messages to prevent out-of-bound access - return GUID in the "name" sysfs file when image is unknown - fix wrong attribute in pending version number show function - add missing include files and order them properly - fix memory leaks in error cleanup paths - handle lifetime using embedded kobjects and a kset - drop global lfa_lock, use kset list lock and kobject refcount instead - add DT binding documentation - add timeout and watchdog re-arming (contributed by Veda) - relax timeout period and do not block while waiting - register ACPI notification (contributed by Veda) and DT interrupt - refactor ACPI notification code to allow sharing with DT code - use faux device instead of platform driver - add auto_activate file to control automatic activation - introduce rwsem mutex to prevent using stale sequence ID - use labels and goto instead of infinite loop when retrying activation - initialise workqueue only once (thanks to Nirmoy) - various cleanups on reported messages and code formatting - rebase on top of v7.0-rc1 Changelog RFC .. v1: - Updated SMCCC version 1.1 to 1.2 per the LFA specification requirement. - Changed "image_props" array to a linked list to support the dynamic removal and addition of firmware images. - Added code to refresh firmware images following a successful activation. - Added a work_queue to handle the removal of firmware image attribute from it's respective kobject "_store" handle. - Refactored prime and activate into separate functions. - Kernel config for LFA now defaults to "y" i.e. included by default. - Added individual kernel attribute files removal when removing the respective kobjects using kobject_put(). - mutex_lock added to activate_fw_image() and prime_fw_image() calls. - Renamed create_fw_inventory to update_fw_image_node. - Renamed create_fw_images_tree to update_fw_images_tree. - Added two more attributes due to specs update from bet0 to bet1: current_version: For retrieval of the current firmware's version info. pending_version: For retrieval of the pending firmware's version info. - Minor changes such as, improved firmware image names, and code comments. - do...while loops refactored to for(;;) loops. [1] https://lore.kernel.org/linux-arm-kernel/20260119122729.287522-1-salman.nabi@arm.com/ [2] https://lore.kernel.org/linux-arm-kernel/20260210224023.2341728-1-vvidwans@nvidia.com/ [3] https://developer.arm.com/documentation/den0147/latest/ [4] https://lore.kernel.org/all/cover.1631025237.git.yu.c.chen@intel.com/ [5] https://lore.kernel.org/all/20250523095322.88774-1-chao.gao@intel.com/ [6] https://www.opencompute.org/documents/hyperscale-cpu-impactless-firmware-updates-requirements-specification-v0-7-9-29-2025-pdf Andre Przywara (4): dt-bindings: arm: Add Live Firmware Activation binding firmware: smccc: lfa: Add auto_activate sysfs file firmware: smccc: lfa: Register DT interrupt firmware: smccc: lfa: introduce SMC access lock Salman Nabi (1): firmware: smccc: Add support for Live Firmware Activation (LFA) Vedashree Vidwans (3): firmware: smccc: lfa: Move image rescanning firmware: smccc: lfa: Add timeout and trigger watchdog firmware: smccc: lfa: Register ACPI notification .../devicetree/bindings/arm/arm,lfa.yaml | 45 + drivers/firmware/smccc/Kconfig | 10 + drivers/firmware/smccc/Makefile | 1 + drivers/firmware/smccc/lfa_fw.c | 1008 +++++++++++++++++ 4 files changed, 1064 insertions(+) create mode 100644 Documentation/devicetree/bindings/arm/arm,lfa.yaml create mode 100644 drivers/firmware/smccc/lfa_fw.c -- 2.43.0