[BCC all OP-TEE maintainers]
Hi OP-TEE maintainers & contributors,
OP-TEE version 4.11.0 was initially planned for release on 2026-06-17.
When we discussed this in the OP-TEE contributors forum today, we agreed
to cancel it, as none of the core maintainers are available during the
release cycle.
We will schedule the 4.11.0 release on 2026-10-16 instead.
I'm updating the release page accordingly:
https://optee.readthedocs.io/en/latest/general/releases.html
The corresponding PR is:
https://github.com/OP-TEE/optee_docs/pull/287
Thanks for your understanding, and we'll be back in touch as the new
date approaches.
Cheers,
Jens
Hello soc maintainers,
Please pull this small patch updating my email address to a @kernel.org
address. I lose access to my Linaro address next week.
Thanks,
Jens
The following changes since commit 8cd9520d35a6c38db6567e97dd93b1f11f185dc6:
Linux 7.1 (2026-06-14 15:58:38 +0100)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee.git tags/tee-update-for-v7.2
for you to fetch changes up to 314c243b201b678fa89226b1eaea51a71340454e:
MAINTAINERS: .mailmap: update Jens Wiklander's email address (2026-06-22 15:24:51 +0200)
----------------------------------------------------------------
Update update Jens Wiklander's email address
----------------------------------------------------------------
Jens Wiklander (1):
MAINTAINERS: .mailmap: update Jens Wiklander's email address
.mailmap | 1 +
MAINTAINERS | 6 +++---
2 files changed, 4 insertions(+), 3 deletions(-)
Hi,
Tomorrow, Tuesday, it's time for another OP-TEE contributors' monthly
meeting. For time and connection details, see the calendar at
https://www.trustedfirmware.org/meetings/
Maintainers in July:
- Jens is unavailable most or all of July
OP-TEE release July 17:
- Someone needs to fill in for Jens, or we cancel or postpone the release
Next OP-TEE Contributors Forum, July 28
- Can someone else host the meeting, or should we cancel it?
Adding sections in MAINTAINERS
- Core reviewers
- Various TAs
- Updating other parts
Any updates for Kconfig support?
Any other topics?
Cheers,
Jens
Hi everyone,
I am sending this email to all tf.org project mailing lists to ensure all maintainers are aware and on board regarding this matter. If you have any concerns or questions, please reply on tf.org Discord #general channel, where I'll create a thread, as I think it will be much easier than dealing with cross-mailing lists emails.
Background
When a security vulnerability is discovered in one of the trustedfirmware.org projects, it is common to request a "Common Vulnerabilities and Exposures" (CVE) number. This number uniquely references the issue, which can then be searched in the vulnerability databases. One of these databases is NIST's "National Vulnerability Database" (NVD): https://nvd.nist.gov<https://nvd.nist.gov/vuln/detail/CVE-2023-51712>
Entering a specific CVE number in NVD search engine will allow you to easily find the details of a specific issue, for example:
https://nvd.nist.gov/vuln/detail/CVE-2023-51712
However, sometimes one is not looking for a specific CVE number but rather wants to list all known vulnerabilities affecting a particular project. For this, one can use the Common Platform Enumerations (CPE) search engine:
https://nvd.nist.gov/products/cpe/search
CPE is a structured naming scheme that includes information like the vendor name, the project name, the version / tag, and so on.
See https://nvd.nist.gov/products/cpe for more details.
So for example, https://nvd.nist.gov/vuln/detail/CVE-2023-51712 referenced above has the following CPE:
cpe:2.3:o:arm:trusted_firmware-m:*:*:*:*:*:*:*:*
This basically means
*
CPE version 2.3 is in use
*
'o is the type of project, in this case it stands for Operating Systems (which is probably the closest match for low-level code like TF-M)
*
'arm' is the vendor (that is wrong, see below)
*
'trusted_firmware-m' is the project name,
Problem statement
It appears that CPEs used in NVD to reference vulnerabilities in tf.org projects differ a lot across projects. For some projects, there's even multiple of them. Sometimes the vendor is "arm", sometimes it's "linaro", or something else.
Some of the TF-A and MbedTLS maintainers have initiated discussions with NVD to get this simplified and unified, but it would make sense to align other tf.org projects as well.
Proposal
CPE naming rules are that the vendor name should the parent organization of the project. Thus the proposal would be for all tf.org projects to use "trustedfirmware" as the vendor name in their CPE.
For example:
cpe:2.3:o:trustedfirmware:trusted_firmware-m:*:*:*:*:*:*:*:*
cpe:2.3:a:trustedfirmware:mbed_tls:*:*:*:*:*:*:*:*
We're only proposing to change the vendor name here ; each project is then free to choose how they want the project name or the type of software project they want to encode there.
Thanks for reading,
Best regards,
Sandrine Afsa
Hi all,
This series fixes the Endpoint Memory Access Descriptor (EMAD) offset
calculations and adds the necessary bounds checks for both the core
FF-A driver and the pKVM hypervisor.
Prior to FF-A version 1.1, the memory region header didn't specify an
explicit offset for the EMADs, leading to the assumption that they
immediately follow the header.
However, from v1.1 onwards, the specification dictates using the
ep_mem_offset` field to determine the start of the memory access
array.
The patches in this series address this by:
1. Updating the core `arm_ffa` firmware driver to correctly calculate the descriptor
offset using `ep_mem_offset` rather than defaulting to `sizeof(struct ffa_mem_region)`.
It also introduces bounds checking against `max_fragsize`.
2. Enhancing the pKVM hypervisor validation logic to no longer strictly enforce that
the descriptor strictly follows the header, aligning it with the driver behavior
and the FF-A specification, while also ensuring the offset falls within the mailbox
buffer bounds.
While addressing these bugs, Sashiko uncovered other issues that were
fixed in the same series.
All the patches aside from the first one in optee are urgent fixes as
they either impact the hypervisor security or kernel stability.
Changelog
#########
v5->v6:
- Add fixes tag
- Small clean up make variable declaration reverse christmas tree.
v4->v5:
- Collect Sudeep Rbs
- Add extra patch to check base address alignment.
- Remove WARN_ONs in KVM code
- Use ffa_emad_size_get() instead of hardcoded size in KVM code.
v3 -> v4:
- Address review comments and fix Sashiko bugs
v2 -> v3:
- Fixed typo in nvhe/ffa.c (missing sizeof)
v1 -> v2:
- For pKVM, removed the strict placement enforcement for `ep_mem_offset` as it is not
compliant with the spec, and avoids making assumptions about the driver's memory
layout.
Link to:
########
v5: https://lore.kernel.org/all/20260526151934.3783707-1-smostafa@google.com/
v4: https://lore.kernel.org/all/20260520204948.2440882-1-smostafa@google.com/
v3: https://lore.kernel.org/all/20260512124442.1899107-1-sebastianene@google.co…
v2: https://lore.kernel.org/all/20260430160241.1934777-1-sebastianene@google.co…
v1: https://lore.kernel.org/all/ae9KN9nkOgDYJcGP@google.com/T/#t
Mostafa Saleh (4):
optee: ffa: Add NULL check in optee_ffa_lend_protmem
firmware: arm_ffa: Fix out-of-bound writes in ffa_setup_and_transmit()
KVM: arm64: Fix bounds checking in do_ffa_mem_reclaim()
KVM: arm64: Ensure FFA ranges are page aligned
Sebastian Ene (2):
firmware: arm_ffa: Fix Endpoint Memory Access Descriptor offset
calculation
KVM: arm64: Validate the offset to the mem access descriptor
arch/arm64/kvm/hyp/nvhe/ffa.c | 38 ++++++++++++++++++++++---------
drivers/firmware/arm_ffa/driver.c | 21 ++++++++++-------
drivers/tee/optee/ffa_abi.c | 3 +++
include/linux/arm_ffa.h | 2 +-
4 files changed, 44 insertions(+), 20 deletions(-)
--
2.54.0.746.g67dd491aae-goog
Hi all,
This series fixes the Endpoint Memory Access Descriptor (EMAD) offset
calculations and adds the necessary bounds checks for both the core
FF-A driver and the pKVM hypervisor.
Prior to FF-A version 1.1, the memory region header didn't specify an
explicit offset for the EMADs, leading to the assumption that they
immediately follow the header.
However, from v1.1 onwards, the specification dictates using the
ep_mem_offset` field to determine the start of the memory access
array.
The patches in this series address this by:
1. Updating the core `arm_ffa` firmware driver to correctly calculate the descriptor
offset using `ep_mem_offset` rather than defaulting to `sizeof(struct ffa_mem_region)`.
It also introduces bounds checking against `max_fragsize`.
2. Enhancing the pKVM hypervisor validation logic to no longer strictly enforce that
the descriptor strictly follows the header, aligning it with the driver behavior
and the FF-A specification, while also ensuring the offset falls within the mailbox
buffer bounds.
While addressing these bugs, Sashiko uncovered other issues that were
fixed in the same series.
Changelog
#########
v4->v5:
- Collect Sudeep Rbs
- Add extra patch to check base address alignment.
- Remove WARN_ONs in KVM code
- Use ffa_emad_size_get() instead of hardcoded size in KVM code.
v3 -> v4:
- Address review comments and fix Sashiko bugs
v2 -> v3:
- Fixed typo in nvhe/ffa.c (missing sizeof)
v1 -> v2:
- For pKVM, removed the strict placement enforcement for `ep_mem_offset` as it is not
compliant with the spec, and avoids making assumptions about the driver's memory
layout.
Link to:
########
v4: https://lore.kernel.org/all/20260520204948.2440882-1-smostafa@google.com/
v3: https://lore.kernel.org/all/20260512124442.1899107-1-sebastianene@google.co…
v2: https://lore.kernel.org/all/20260430160241.1934777-1-sebastianene@google.co…
v1: https://lore.kernel.org/all/ae9KN9nkOgDYJcGP@google.com/T/#t
Mostafa Saleh (4):
optee: ffa: Add NULL check in optee_ffa_lend_protmem
firmware: arm_ffa: Fix out-of-bound writes in ffa_setup_and_transmit()
KVM: arm64: Fix bounds checking in do_ffa_mem_reclaim()
KVM: arm64: Ensure FFA ranges are page aligned
Sebastian Ene (2):
firmware: arm_ffa: Fix Endpoint Memory Access Descriptor offset
calculation
KVM: arm64: Validate the offset to the mem access descriptor
arch/arm64/kvm/hyp/nvhe/ffa.c | 38 ++++++++++++++++++++++---------
drivers/firmware/arm_ffa/driver.c | 21 ++++++++++-------
drivers/tee/optee/ffa_abi.c | 3 +++
include/linux/arm_ffa.h | 2 +-
4 files changed, 44 insertions(+), 20 deletions(-)
--
2.54.0.746.g67dd491aae-goog
Hi,
Tomorrow, Tuesday, it's time for another OP-TEE contributors' monthly
meeting. For time and connection details, see the calendar at
https://www.trustedfirmware.org/meetings/
Regarding Kconfig support:https://github.com/OP-TEE/optee_os/pull/7714
It appears that the transition will take quite some time. We'll have a
window when some variables have transitioned to be managed by Kconfig,
but others remain managed by the makefiles. Do we care that variables
passed on the command line may work differently, depending on whether
they are managed by makefiles or Kconfig? Can something be done about
it?
Any other topics?
Cheers,
Jens
Hello soc maintainers,
Please pull these two patches for the OP-TEE driver.
Thanks,
Jens
The following changes since commit 028ef9c96e96197026887c0f092424679298aae8:
Linux 7.0 (2026-04-12 13:48:06 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee.git tags/optee-for-v7.2
for you to fetch changes up to 3faa6774ffc5973af39ac9c4f1fe93aa92ec9407:
tee: optee: fix kernel-doc warnings (2026-04-27 14:13:14 +0200)
----------------------------------------------------------------
OP-TEE updates for 7.2
- Fix kernel-doc warnings in optee_private.h and optee_msg.h
- Allow MT_NORMAL_TAGGED shared memory to support ARM64 MTE buffers
----------------------------------------------------------------
Hirokazu Honda (1):
tee: optee: Allow MT_NORMAL_TAGGED shared memory
Rodrigo Zaiden (1):
tee: optee: fix kernel-doc warnings
drivers/tee/optee/call.c | 3 +-
drivers/tee/optee/optee_msg.h | 50 +++++++++-------
drivers/tee/optee/optee_private.h | 120 ++++++++++++++++++++------------------
3 files changed, 94 insertions(+), 79 deletions(-)
Hello soc maintainers,
Please pull this cleanup patch for the AMD-TEE driver.
Thanks,
Jens
The following changes since commit 028ef9c96e96197026887c0f092424679298aae8:
Linux 7.0 (2026-04-12 13:48:06 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee.git tags/amdtee-for-v7.2
for you to fetch changes up to 84a1e6179bd24dc10e47f6fa2b36f0ed345e68d8:
tee: amdtee: store buffer ID in tee_shm->sec_world_id (2026-04-27 14:13:08 +0200)
----------------------------------------------------------------
AMD-TEE update for 7.2
Store buffer ID in tee_shm->sec_world_id and remove internal tracking
structures to align with other TEE drivers
----------------------------------------------------------------
Rijo Thomas (1):
tee: amdtee: store buffer ID in tee_shm->sec_world_id
drivers/tee/amdtee/amdtee_private.h | 16 ------------
drivers/tee/amdtee/call.c | 2 +-
drivers/tee/amdtee/core.c | 52 +++----------------------------------
3 files changed, 5 insertions(+), 65 deletions(-)