Skip to main content

Base variant

The base variant of RPMB can be either provisioned or unprovisioned. However, UEFI variables such as OsIndications and OsTrialBootStatus remain disabled. The system triggers a capsule update in this configuration only if it detects a capsule file in the EFI partition at /EFI/UpdateCapsule/. After the system initiates the capsule update process, it updates the ESRT table, which users can access through the kernel shell using the /sys/firmware/efi/esrt/entries/entry0/ path.

Advanced variant

The advanced variant of RPMB can operate in two modes: provisioned or unprovisioned.
  • Unprovisioned RPMB: You can initiate the capsule update even if RPMB isn’t configured. If UEFI detects a capsule, you can check the update status by viewing the ESRT table from the kernel shell. The trial boot and rollback features are available only when the system sets up RPMB.
  • Provisioned RPMB: In contrast, when you provision RPMB, you use the UEFI variables to determine whether to trigger the capsule update and enable trial boot and rollback features.
The following table shows the availability of capsule update and trial boot rollback for base or advance variants based on the availability of the capsule (in EFI), RPMB provisioned and the UEFI variables.
Capsule foundRPMB ProvisionOsIndications variable presentOsTrialBootStatus variable presentAvailability of capsule update featureAvailability of trial boot rollback featureApplicable variantNotes
YesYesNoNoYesNo(Standard)Base + upstream distro
YesYesNoYesNoNoAdvancedRPMB partition needs to be erased by OS when switching from advanced to base variant on the same device. To erase RPMB partition, run the following command.
fastboot oem rpmb_erase
YesYesYesNoYesNoAdvanced
YesYesYesYesYesYesAdvanced
  1. uefi_sec Linux app is used to explicitly sync the UEFI variables to RPMB.
  2. RPMB partition needs to be erased by OS when switching from advanced to base variant on the same device. To erase RPMB partition, run the following command.
fastboot oem rpmb_erase
YesNoNoNoYesNoBase + advanced + upstream distro
  • You can’t enable UEFI variables on base variants from Linux, regardless of RPMB provisioning status.
  • In the base variant, the system triggers a capsule update if it finds the capsule in the EFI partition. It ignores the OsIndications variable and disables the trial boot and rollback features.
  • In the advanced variant, the capsule update is only triggered if the OsIndications and the OsTrialBootStatus variables are present.
Advanced and base variants

Trigger capsule update

See Trigger the capsule update.