Skip to main content

firmware-update-log

A portable, tamper-evident firmware-update audit log built on <alp/update_log.h>. Works on every Alp SoM — the backend is selected at boot.

Source: examples/connectivity/firmware-update-log/.

What it does

  1. Opens the device's update log and appends a few entries (firmware version, SHA-256 image hash, status).
  2. Walks the chain with alp_update_log_verify() and prints the verdict.
  3. Reports the assurance tier — SW_TAMPER_EVIDENT (SHA-256 hash-chain + monotonic counter) or HW_ENFORCED (TF-M Protected Storage + a hardware non-decrementable counter).

It runs on native_sim (software tier) and on SoMs with a TF-M + monotonic-counter backend (hardware tier). The Slice-1 store is in-RAM; durable persistence via NVS is follow-up work.

board.yaml

preset: native_sim

cores:
app:
app: ./src

diagnostics:
log_level: info

Expected output

[firmware-update-log] assurance: SW_TAMPER_EVIDENT
[firmware-update-log] appended seq 0..2
[firmware-update-log] verify -> OK

See also

Questions about this page? Discuss in Community Forum