A new platform feature being worked on by Arm engineers for the Linux kernel is Live Firmware Activation to allow for updated firmware components to be deployed without requiring a system reboot.
As Arm continues to make progress in the data center and hyperscaler space, Arm is rolling out Live Firmware Activation “LFA” for deploying firmware updates whether it be security fixes or functional issues without the need of any system downtime due to a reboot.
Arm engineer Andre Przywara describes the LFA feature as:
“This series implements the kernel side support of the Arm Live Firmware Activation (LFA) specification. LFA enables the activation of updated firmware components without requiring a system reboot, reducing downtime and allowing quicker deployment of critical bug fixes in environments such as data centers and hyperscale systems. It requires explicit firmware support, both via an agent running in EL3 (for instance in TF-A, already merged), but also in the firmware component to be activated. TF-RMM recently merged support for this.
Unlike the usual firmware update process (which may use tools like fwupd), LFA focuses solely on the activation of an already updated firmware component, called “pending activation” in LFA lingo. This works by signalling the LFA agent (part of the EL3 runtime firmware) via an SMC call, which then does the heavy lifting of the live update, in cooperation with the to-be-updated firmware component.
Key features of the driver:
* Detects LFA support in system firmware (EL3).
* Lists all firmware components that support live activation, identified by their GUID.
* Exposes component attributes (e.g., activation capability, and activation pending) via sysfs under /sys/firmware/lfa//.
* Provides interfaces to:
– Trigger activation of an updated firmware component.
– Cancel an ongoing activation if required.”
It is described as similar to Intel Platform Firmware Runtime Update and Telemetry. There is also talk of potentially integrating Arm LFA into the likes of Fwupd for live/runtime firmware update support there too.
Those wishing to learn more about the Arm Live Firmware Activation support can see this patch series for the Linux kernel side work on enabling this functionality.
