diff --git a/source/chapter2-uefi.rst b/source/chapter2-uefi.rst
index 1f0dd4dcc4ea229c0b2047efe058d69e8e623979..4edb6d56177dc07b714150c89beeaf1e0228f8d8 100644
--- a/source/chapter2-uefi.rst
+++ b/source/chapter2-uefi.rst
@@ -98,3 +98,41 @@ The OS must accept each image, that has an acceptance pending, by using a capsul
 - image_uuid
 
 
+Update permission verification
+------------------------------
+
+The FW management guidelines in [NIST_800_193]_ spacify that the system should check:
+
+#. FW image authenticity.
+#. FW update procedure authorization.
+
+The FW image authenticity should be implemented by authenticating the different FW images.
+The FW update authorization should be implemented by verifying that the capsule or its components were assembled
+by the platform owner.
+
+Capsule authorization
+^^^^^^^^^^^^^^^^^^^^^
+
+The OS can expose the UpdateCapsule interface to any non-priveliged system user.
+The FW updates initiator or the FW update package creator should 
+be an authorized user [NIST_800_193]_.
+
+The capsule or the FW images contained in the capsule should be signed by a platform owner key.
+The UEFI implementation should authenticate the capsule or
+the different fw images included in the capsule using the platform owner key.
+
+The capsule or FW image components are signed by the platform owner in a platform specific way.
+
+The platform owner public key is kept in an platform specific NV region.
+
+FW image authentication
+^^^^^^^^^^^^^^^^^^^^^^^
+
+Each FW image should be signed by the FW vendor. The mechanism for FW image vendor public
+key to be provisioned is outside the scope of this document.
+
+The FW vendor signature should be placed before the FW image as is described in the UEFI FMP definition
+(ยง 23.1 [UEFI]_).
+
+The FW images should be authenticated before being written to the FW store or before being
+allowed to execute on the platform.
diff --git a/source/references.rst b/source/references.rst
index 41d7fbd61617aee011dbc137c78aa48fe2d37ce2..f45eec7d0eb84fb0b71b1d631fbb08e9dae1348f 100644
--- a/source/references.rst
+++ b/source/references.rst
@@ -23,3 +23,7 @@ References
 .. [PSBG] `Platform Security Boot Guide
    <https://developer.arm.com/documentation/den0072/0101>`_,
    July 2020, `Arm Limited <http://arm.com>`_
+
+.. [NIST_800_193] `Platform Firmware Resiliency Guidelines
+   <https://csrc.nist.gov/publications/detail/sp/800-193/final>`_,
+   May 2018, NIST