diff --git a/.github/workflows/u-boot.yml b/.github/workflows/u-boot.yml
index 91bb80c0..fb681c92 100644
--- a/.github/workflows/u-boot.yml
+++ b/.github/workflows/u-boot.yml
@@ -70,6 +70,8 @@ jobs:
               u-boot/u-boot-nodtb.bin.gz-dtb \
               u-boot/u-boot.bin \
               u-boot/rb1-boot.img \
+              u-boot/u-boot-cap.bin \
+              u-boot/u-boot.cab \
               ${BUILD_DIR}
           # perhaps help NFS sync
           sync
diff --git a/README.md b/README.md
index c91796a2..8ce4016a 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,35 @@ Initially, this repository provides [debos](https://github.com/go-debos/debos) r
 
 We are also working towards providing ready-to-use, pre-built images – stay tuned!
 
+## Firmware updates
+
+On standard Linux distros like Debian, firmware updates are generally delivered via Linux Vendor Firmware Service ([LVFS](https://fwupd.org/)). The OEM/ODM vendors usually upload latest firmware releases on LVFS (refer [here](https://lvfs.readthedocs.io/en/latest/upload.html)) as cabinet (.cab) firmware archive files containing at least one metadata (.metainfo.xml) file describing the firmware update. On the device, fwupd is installed which provides a system-activated daemon listening on D-Bus for installing any firmware updates.
+
+### Firmware delivery
+
+On a Desktop system, its usually GNOME Software which monitors LVFS for any firmware updates and pushes to fwupd if any. On a headless system like most embedded devices, the fwupdmgr command line tool can be used to monitor LVFS for firmware updates as follows:
+
+```bash
+# Download latest metadata from LVFS
+fwupdmgr refresh
+
+# Fetch device specific firmware updates from LVFS
+fwupdmgr get-updates
+
+# Install firmware updates
+fwupdmgr update
+```
+
+### Firmware on devices supported by Qualcomm Linux
+
+The firmware on Qualcomm devices is expected to support UEFI UpdateCapsule plugin for fwupd daemon. However, currently firmware for Qualcomm devices in not available in LVFS which is a work in progress as of now. In order to play with UEFI firmware capsule updates, one can use fwupdtool to locally update firmware like on RB1 as follows:
+
+```bash
+# Transfer U-Boot firmware cabinet archive build from scripts/build-u-boot-rb1.sh to RB1
+sudo fwupdtool install u-boot.cab
+# It will ask for a reboot for the UEFI firmware capsule update to happen
+```
+
 ## Branches
 
 main: Primary development branch. Contributors should develop submissions based on this branch, and submit pull requests to this branch.
diff --git a/debos-recipes/qualcomm-linux-debian-rootfs.yaml b/debos-recipes/qualcomm-linux-debian-rootfs.yaml
index acd82160..4f9b8b7c 100644
--- a/debos-recipes/qualcomm-linux-debian-rootfs.yaml
+++ b/debos-recipes/qualcomm-linux-debian-rootfs.yaml
@@ -36,6 +36,8 @@ actions:
       - dosfstools
       # ext4 tools, notably e2fsck for the root filesystem
       - e2fsprogs
+      # fwupd tools, enable OTA EFI firmware capsule updates
+      - fwupd
       # defaults to "systemd-sysv"; perhaps not needed
       - init
       # Ethernet, Wi-Fi, WWAN; built-in DHCP client
diff --git a/scripts/build-u-boot-rb1.sh b/scripts/build-u-boot-rb1.sh
index d9d12b37..08cedfc3 100755
--- a/scripts/build-u-boot-rb1.sh
+++ b/scripts/build-u-boot-rb1.sh
@@ -13,6 +13,8 @@ U_BOOT_DEVICE_TREE="qcom/qrb2210-rb1"
 ABOOT_BASE_ADDRESS="0x80000000"
 ABOOT_PAGE_SIZE="4096"
 ABOOT_OUTPUT="rb1-boot.img"
+CAPSULE_OUTPUT="u-boot-cap.bin"
+CABINET_OUTPUT="u-boot.cab"
 
 log_i() {
     echo "I: $*" >&2
@@ -34,6 +36,8 @@ packages="${packages} make bison flex bc libssl-dev gnutls-dev xxd"
 packages="${packages} coreutils"
 # needed to pack resulting u-boot binary into an Android boot image
 packages="${packages} gzip mkbootimg"
+# needed to build fwupd cabinet archive for EFI firmware capsule updates
+packages="${packages} fwupd"
 
 log_i "Checking build-dependencies ($packages)"
 missing=""
@@ -89,3 +93,25 @@ mkbootimg --base "${ABOOT_BASE_ADDRESS}" \
     --ramdisk empty-ramdisk \
     --output "${ABOOT_OUTPUT}"
 
+# EFI firmware capsule and fwupd cabinet files generation. Note that currently
+# only U-Boot firmware can be updated using capsule updates without support for
+# dual bank (A/B) capsule updates. The next steps is to add support for dual
+# bank capsule updates as well as support to update Qualcomm downstream boot
+# firmware too.
+
+# The GUID used below for U-Boot firmware can be generated dynamically via:
+# $ ./tools/mkeficapsule guidgen dts/upstream/src/arm64/qcom/qrb2210-rb1.dtb UBOOT_BOOT_PARTITION
+# Generating GUIDs for qcom,qrb2210-rb1 with namespace 8c9f137e-91dc-427b-b2d6-b420faebaf2a:
+# UBOOT_BOOT_PARTITION: 77F90B51-588C-5EF0-AAB9-046AEB2AC8C5
+
+./tools/mkeficapsule \
+    --index 1 \
+    --instance 0 \
+    --guid 77F90B51-588C-5EF0-AAB9-046AEB2AC8C5 \
+    "${ABOOT_OUTPUT}" \
+    "${CAPSULE_OUTPUT}"
+rm -f "${CABINET_OUTPUT}"
+fwupdtool build-cabinet \
+    "${CABINET_OUTPUT}" \
+    "${CAPSULE_OUTPUT}" \
+    board/qualcomm/u-boot-cap.metainfo.xml