October 2023 - TF-A - lists.trustedfirmware.org

Firmware-A v2.10 release code freeze notification

by Olivier Deprez

Hi All, The next release of the Firmware-A bundle of projects tagged v2.10 has an expected code freeze date of Nov, 7th 2023. Refer to the Release Cadence section from TF-A documentation (https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/about…). Closing out the release takes around 6-10 working days after the code freeze. Preparations tasks for v2.10 release should start in coming month. We want to ensure that planned feature patches for the release are submitted in good time for the review process to conclude. As a kind recommendation and a matter of sharing CI resources, please launch CI jobs with care e.g.: -For simple platform, docs changes, or one liners, use Allow-CI+1 label (no need for a full Allow-CI+2 run). -For large patch stacks use Allow-CI+2 at top of the patch stack (and if required few individual Allow+CI+1 in the middle of the patch stack). -Carefully analyze results and fix the change if required, before launching new jobs on the same change. -If after issuing a Allow-CI+1 or Allow-CI+2 label a Build start notice is not added as a gerrit comment on the patch right away please be patient as under heavy load CI jobs can be queued and in extreme conditions it can be over an hour before the Build start notice is issued. Issuing another Allow-CI+1 or Allow-CI+2 label will just result in an additional job being queued. Thanks & Regards, Olivier.

6 months, 1 week

1
3
0 0

Need a mechanism to easily define platform-independent SMC FIDs

by Julius Werner

Hi, I would like to restart a discussion that we already had a few years ago on a thread called "SMC to intentionally trigger a panic in TF-A" (https://lists.trustedfirmware.org/archives/search?mlist=tf-a%40lists.truste…) but that petered out without any real resolution (and resulted in me ultimately not implementing the feature I was hoping to add). Basically, we are repeatedly stumbling over the problem that we have a use case for some platform-independent SMC API that we want to implement in TF-A, but don't have an appropriate SMC FID range to put it. My request from a few years ago was about implementing a call to intentionally trigger a panic in TF-A for test-automation purposes. Today we came up with a use case where a Trusted OS wants to query BL31 about the location of a shared log buffer: https://review.trustedfirmware.org/20478 . Currently, the available SMC ranges are Arm, CPU, SiP, OEM, Standard, Hypervisor, TA and TOS. The SiP, OEM and TOS ranges are all specific to a single silicon vendor, OEM or trusted OS implementation, so they are not good targets to implement APIs that would make sense to be shared among multiple of these. In theory, the Standard range would probably be the right target to implement calls that are independently useful for multiple platforms / OSes... but as far as I understand, adding a new call to that range requires petitioning Arm to update the SMC calling convention itself, which is a ridiculously high bar to implement a small utility API. In practice, the only choice we have for implementing these kinds of calls is to let every OEM, SiP or TOS assign its own (different) FID for it and then write separate SMC handlers for each in TF-A that all end up calling the same underlying function... which creates a lot of unnecessary code duplication and identifier soup (especially in the case of SMCs for the non-secure OS which would then be implemented by a platform-independent Linux driver that needs a big mapping table to decide which FID to use on which platform for the same API). I think it would be very useful if there was another range of easily allocatable FIDs that developers could just add to with a simple TF-A CL without having to go through a huge specification update process. There are still 41 OENs unused in the Arm SMCCC, and I don't think any new ones were added in the 10 years that the specification existed... so we are really not going to run out of them any time soon. If we could get even one of those OENs for this purpose, we would have 64K FIDs to use up for our small, simple platform-independent API needs, which should last us a long while. We could maybe call it the "Secure Monitor range" and say the FIDs are specific to a certain implementation of Secure Monitor (e.g. TF-A). Then there could just be a header file in the TF-A sources that serves as the authoritative FID assignment table for TF-A, and anyone with a sufficiently useful idea (subject to TF-A maintainer review) for a platform-independent API like this could add it there by just uploading a patch. I recently argued for a similar "simple tag allocation" concept on https://github.com/FirmwareHandoff/firmware_handoff and it found support there, so I hope I'll be able to convince you that it would be useful for SMC FIDs as well?

7 months

3
3
0 0

Cache Maintenance For SiP buffers

by Ahmad Fatoum

Hi, I was looking at imx_hab_handler, which forwards calls into the BootROM on i.MX SoCs in response to secure monitor calls. The BootROM call (and thus the SiP call) accepts two pointers as arguments, where it writes data. The plat/imx/imx8m/imx8m*/imx8m*_bl31_setup.c files map the RAM as MT_MEMORY | MT_RW, which would mean that not only is it writable from TF-A side, but it's also mapped cacheable. I see no explicit cache maintenance in the i.MX SiP code for these two pointer arguments and haven't been successful to find where in TF-A core code if at all, complete D-Cache is flushed on SMC exit. Therefore I ask: - Don't shared non-secure memory buffers between EL3 and lower EL require explicit cache maintenance? - Did I miss the place where this cache maintenance is done? - How did it work so far? barebox does explicit flushing before HAB SiP, invalidation after. U-Boot doesn't do cache maintenance. Both apparently work... Thanks, Ahmad --- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |

10 months, 1 week

3
11
0 0

Suspend to RAM support for K3 J7200

by Thomas Richard

Hello, I just sent a series to gerrit: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/23992. I'm writing this email to add more context to this series, as I didn't find how to to it with gerrit. This series is only the TF-A part to add suspend to RAM support for the TI K3 J7200 target. Some modifications are also needed in Linux kernel, U-Boot (R5 SPL) and DM-Firmware. During the suspend sequence, TF-A save itself in DRAM, in a reserved memory region dedicated to lpm. TF-A will be restored by R5 SPL. We need to save it in DRAM (which will be in retention mode during suspend) because as it runs in SRAM, it will be lost once the SOC is powered-off by the PMIC. Best Regards, -- Thomas Richard, Bootlin Embedded Linux and Kernel engineering https://bootlin.com

1 year

4
3
0 0

Trusted Firmware-A LTS v2.8.10 Release Announcement

by Yann GAUTIER - foss

Hello, Trusted Firmware-A LTS version 2.8.10 is now available. This release contains the support for MbedTLS v2.28.5, and documentation updates. The complete list can be found here<https://trustedfirmware-a.readthedocs.io/en/lts-v2.8.10/change-log.html>. Thanks.

1 year

1
0
0 0

TF-A Tech Forum on Oct 19th 2023

by Olivier Deprez

Hi, For the TF-A Tech forum on Oct, 19th Manish Badarkhe from Arm TF-A team will present: Migration to PSA Crypto API Agenda: Existing Crypto Mechanism - using legacy Crypto API What is PSA? Design of PSA Crypto API Use of PSA Crypto API in TF-A PSA Crypto API verification using CI Future Scope: MbedTLS with PSA Crypto driver Regards, Olivier. ________________________________________ From: Trusted Firmware Public Meetings Sent: 14 June 2020 19:21 To: Trusted Firmware Public Meetings; tf-a(a)lists.trustedfirmware.org Subject: [TF-A] Invitation: TF-A Tech Forum @ Every 2 weeks from 16:00 to 17:00 on Thursday (BST) (tf-a(a)lists.trustedfirmware.org) When: 19 October 2023 17:00-18:00. Where: You have been invited to the following event. TF-A Tech Forum When Every 2 weeks from 16:00 to 17:00 on Thursday United Kingdom Time Calendar tf-a(a)lists.trustedfirmware.org Who • Bill Fletcher- creator • tf-a(a)lists.trustedfirmware.org more details »<https://www.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1cTJrM…> We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/<https://www.google.com/url?q=https%3A%2F%2Fwww.trustedfirmware.org%2Fmeetin…> Trusted Firmware is inviting you to a scheduled Zoom meeting. Join Zoom Meeting https://zoom.us/j/9159704974<https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fj%2F9159704974&sa=D&us…> Meeting ID: 915 970 4974 One tap mobile +16465588656,,9159704974# US (New York) +16699009128,,9159704974# US (San Jose) Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 915 970 4974 Find your local number: https://zoom.us/u/ad27hc6t7h<https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fu%2Fad27hc6t7h&sa=D&us…> Going (tf-a(a)lists.trustedfirmware.org)? All events in this series: Yes<https://www.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tMmk1cT…> - Maybe<https://www.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tMmk1cT…> - No<https://www.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tMmk1cT…> more options »<https://www.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1cTJrM…> Invitation from Google Calendar<https://www.google.com/calendar/> You are receiving this courtesy email at the account tf-a(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively, you can sign up for a Google Account at https://www.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organiser and be added to the guest list, invite others regardless of their own invitation status or to modify your RSVP. Learn more<https://support.google.com/calendar/answer/37135#forwarding>.

1 year, 1 month

1
0
0 0

Compile error when SAVE_KEYS=1 in tf-a v2.9.0

by xtaens＠qq.com

Hello everyone, When I used TF-A 2.9.0 (commit b06b509eb2b7f0f4dce1b4133500cf30aa0dcd4a) to compile FVP, I opened the SAVE_KEYS=1 and modified the relevant code to save the key, but the compilation failed. The error message is as follows, SAVE_KEYS=0 compile is normal. It is also normal in lts-v2.8.9. Is this question not configured or TF-A has bugs? //Compile information MBEDTLS_VERSION_MAJOR is [2] MBEDTLS_VERSION_MINOR is [28] Including drivers/auth/mbedtls/mbedtls_crypto.mk Building fvp Selected OpenSSL version: 3.0.2 Built tools/cert_create/cert_create successfully Selected OpenSSL version: 3.0.2 NOTICE: CoT Generation Tool: Built : 16:00:52, Oct 13 2023 NOTICE: Target platform: TBBR Generic NOTICE: Creating new key for 'Root Of Trust key' WARNING: Cannot open file /mnt/sdb/tanwc/linux/tf-a/build/fvp/debug/trusted_rsa2048.pem ERROR: Cannot load key from /mnt/sdb/tanwc/linux/tf-a/build/fvp/debug/trusted_rsa2048.pem ERROR: Error loading '/mnt/sdb/tanwc/linux/tf-a/build/fvp/debug/trusted_rsa2048.pem' make: *** [Makefile:1652: certificates] Error 1 //File modification: Define the specified macro diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 41d1b66c1..216659835 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -377,6 +377,22 @@ ifneq (${TRUSTED_BOARD_BOOT},0) # Include common TBB sources AUTH_SOURCES := drivers/auth/auth_mod.c \ drivers/auth/img_parser_mod.c + ifeq (${GENERATE_COT},1) + TFW_NVCTR_VAL ?= 0 + NTFW_NVCTR_VAL ?= 0 + KEY_SIZE ?= + HASH_ALG ?= sha256 + KEY_ALG ?= ecdsa + TF_MBEDTLS_KEY_ALG := ${KEY_ALG} + + ifeq (${SAVE_KEYS},1) + TRUSTED_WORLD_KEY ?= ${BUILD_PLAT}/trusted_${KEY_ALG}${KEY_SIZE}.pem + NON_TRUSTED_WORLD_KEY ?= ${BUILD_PLAT}/non-trusted_${KEY_ALG}${KEY_SIZE}.pem + BL31_KEY ?= ${BUILD_PLAT}/soc_${KEY_ALG}${KEY_SIZE}.pem + BL32_KEY ?= ${BUILD_PLAT}/trusted_os_${KEY_ALG}${KEY_SIZE}.pem + BL33_KEY ?= ${BUILD_PLAT}/non-trusted_os_${KEY_ALG}${KEY_SIZE}.pem + endif + endif # Include the selected chain of trust sources. ifeq (${COT},tbbr) //The compilation command I use make -j ARM_ARCH_MAJOR=8 \ ARCH=aarch64 \ CROSS_COMPILE=aarch64-linux-gnu- \ DEBUG=1 \ PLAT=fvp \ TRUSTED_BOARD_BOOT=1 \ GENERATE_COT=1 \ SAVE_KEYS=1 \ ARM_ROTPK_LOCATION=devel_rsa \ MBEDTLS_DIR=/mbedtls \ BL33=/mnt/uboot.bin \ all fip Thanks

1 year, 1 month

2
2
0 0

Usage of assert functions in TFA Code

by Nithin S

Hello, There are multiple occurrences in TFA Code where assert statements are used to handle function arguments. But these assert statements are currently enabled only in debug mode. So, I wanted to know that will there be any harm in continuing to use assert statements in production code as well for handling failures? Regards, Nithin S

1 year, 1 month

3
3
0 0

Trusted Firmware-A LTS v2.8.9 Release Announcement

by Varun Wadekar

Hello, Trusted Firmware-A LTS version 2.8.9 is now available. This release contains the support for the new Errata ABI and Errata Framework along with the conversion patches for all CPUs. The complete list can be found here<https://ci-builds.trustedfirmware.org/static-files/_5qFfMg2QdoFuFBk6-0oB6Jm…>. We will update the official readthedocs page shortly. Thanks.

1 year, 1 month

1
0
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 5 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 395749: Control flow issues (UNREACHABLE) /mbedtls/library/psa_crypto.c: 7945 in psa_pake_input() ________________________________________________________________________________________________________ *** CID 395749: Control flow issues (UNREACHABLE) /mbedtls/library/psa_crypto.c: 7945 in psa_pake_input() 7939 default: 7940 (void) step; 7941 status = PSA_ERROR_NOT_SUPPORTED; 7942 goto exit; 7943 } 7944 >>> CID 395749: Control flow issues (UNREACHABLE) >>> This code cannot be reached: "status = psa_driver_wrapper...". 7945 status = psa_driver_wrapper_pake_input(operation, driver_step, 7946 input, input_length); 7947 7948 if (status != PSA_SUCCESS) { 7949 goto exit; 7950 } ** CID 395684: Control flow issues (UNREACHABLE) /mbedtls/library/psa_crypto.c: 7344 in psa_pake_setup() ________________________________________________________________________________________________________ *** CID 395684: Control flow issues (UNREACHABLE) /mbedtls/library/psa_crypto.c: 7344 in psa_pake_setup() 7338 #endif /* PSA_WANT_ALG_JPAKE */ 7339 { 7340 status = PSA_ERROR_NOT_SUPPORTED; 7341 goto exit; 7342 } 7343 >>> CID 395684: Control flow issues (UNREACHABLE) >>> This code cannot be reached: "operation->stage = 1;". 7344 operation->stage = PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS; 7345 7346 return PSA_SUCCESS; 7347 exit: 7348 psa_pake_abort(operation); 7349 return status; ** CID 395609: Control flow issues (UNREACHABLE) /mbedtls/library/psa_crypto.c: 8002 in psa_pake_get_implicit_key() ________________________________________________________________________________________________________ *** CID 395609: Control flow issues (UNREACHABLE) /mbedtls/library/psa_crypto.c: 8002 in psa_pake_get_implicit_key() 7996 #endif /* PSA_WANT_ALG_JPAKE */ 7997 { 7998 status = PSA_ERROR_NOT_SUPPORTED; 7999 goto exit; 8000 } 8001 >>> CID 395609: Control flow issues (UNREACHABLE) >>> This code cannot be reached: "status = psa_driver_wrapper...". 8002 status = psa_driver_wrapper_pake_get_implicit_key(operation, 8003 shared_key, 8004 sizeof(shared_key), 8005 &shared_key_len); 8006 8007 if (status != PSA_SUCCESS) { ** CID 395586: Control flow issues (DEADCODE) /mbedtls/library/psa_crypto.c: 8019 in psa_pake_get_implicit_key() ________________________________________________________________________________________________________ *** CID 395586: Control flow issues (DEADCODE) /mbedtls/library/psa_crypto.c: 8019 in psa_pake_get_implicit_key() 8013 shared_key, 8014 shared_key_len); 8015 8016 mbedtls_platform_zeroize(shared_key, sizeof(shared_key)); 8017 exit: 8018 abort_status = psa_pake_abort(operation); >>> CID 395586: Control flow issues (DEADCODE) >>> Execution cannot reach the expression "abort_status" inside this statement: "return (status == 0) ? abor...". 8019 return status == PSA_SUCCESS ? abort_status : status; 8020 } 8021 8022 psa_status_t psa_pake_abort( 8023 psa_pake_operation_t *operation) 8024 { ** CID 395567: Control flow issues (UNREACHABLE) /mbedtls/library/psa_crypto.c: 7781 in psa_pake_output() ________________________________________________________________________________________________________ *** CID 395567: Control flow issues (UNREACHABLE) /mbedtls/library/psa_crypto.c: 7781 in psa_pake_output() 7775 default: 7776 (void) step; 7777 status = PSA_ERROR_NOT_SUPPORTED; 7778 goto exit; 7779 } 7780 >>> CID 395567: Control flow issues (UNREACHABLE) >>> This code cannot be reached: "status = psa_driver_wrapper...". 7781 status = psa_driver_wrapper_pake_output(operation, driver_step, 7782 output, output_size, output_length); 7783 7784 if (status != PSA_SUCCESS) { 7785 goto exit; 7786 } ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…

1 year, 1 month

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

TF-A October 2023