System on Chip (“SoC” or “SOC”) vendors and their original equipment manufacturer (OEM) partners often push firmware update on computing devices being used by end-users in field to provide feature enhancements, security fixes, bug fixes, support rollback, and recovery options, etc.
However, conventional techniques are inefficient, cumbersome, and problematic, such as a) difficult maintenance due to forcing platform boot firmware to have firmware update driver code related to platform boot/device code, which includes flash cost and duplicates the work, making it hard maintain; b) security vulnerabilities around rollback due to raw binary scheme not capable of signing images using trusted execution environment (TEE) being keymaster; and c) wastage of space and other system resources due to backing up of copies of capsule images of previous and current copies, which forces wastage of space on disk; and/or the like.