April 2023 - TF-A - lists.trustedfirmware.org

Need a mechanism to easily define platform-independent SMC FIDs

by Julius Werner

Hi, I would like to restart a discussion that we already had a few years ago on a thread called "SMC to intentionally trigger a panic in TF-A" (https://lists.trustedfirmware.org/archives/search?mlist=tf-a%40lists.truste…) but that petered out without any real resolution (and resulted in me ultimately not implementing the feature I was hoping to add). Basically, we are repeatedly stumbling over the problem that we have a use case for some platform-independent SMC API that we want to implement in TF-A, but don't have an appropriate SMC FID range to put it. My request from a few years ago was about implementing a call to intentionally trigger a panic in TF-A for test-automation purposes. Today we came up with a use case where a Trusted OS wants to query BL31 about the location of a shared log buffer: https://review.trustedfirmware.org/20478 . Currently, the available SMC ranges are Arm, CPU, SiP, OEM, Standard, Hypervisor, TA and TOS. The SiP, OEM and TOS ranges are all specific to a single silicon vendor, OEM or trusted OS implementation, so they are not good targets to implement APIs that would make sense to be shared among multiple of these. In theory, the Standard range would probably be the right target to implement calls that are independently useful for multiple platforms / OSes... but as far as I understand, adding a new call to that range requires petitioning Arm to update the SMC calling convention itself, which is a ridiculously high bar to implement a small utility API. In practice, the only choice we have for implementing these kinds of calls is to let every OEM, SiP or TOS assign its own (different) FID for it and then write separate SMC handlers for each in TF-A that all end up calling the same underlying function... which creates a lot of unnecessary code duplication and identifier soup (especially in the case of SMCs for the non-secure OS which would then be implemented by a platform-independent Linux driver that needs a big mapping table to decide which FID to use on which platform for the same API). I think it would be very useful if there was another range of easily allocatable FIDs that developers could just add to with a simple TF-A CL without having to go through a huge specification update process. There are still 41 OENs unused in the Arm SMCCC, and I don't think any new ones were added in the 10 years that the specification existed... so we are really not going to run out of them any time soon. If we could get even one of those OENs for this purpose, we would have 64K FIDs to use up for our small, simple platform-independent API needs, which should last us a long while. We could maybe call it the "Secure Monitor range" and say the FIDs are specific to a certain implementation of Secure Monitor (e.g. TF-A). Then there could just be a header file in the TF-A sources that serves as the authoritative FID assignment table for TF-A, and anyone with a sufficiently useful idea (subject to TF-A maintainer review) for a platform-independent API like this could add it there by just uploading a patch. I recently argued for a similar "simple tag allocation" concept on https://github.com/FirmwareHandoff/firmware_handoff and it found support there, so I hope I'll be able to convince you that it would be useful for SMC FIDs as well?

7 months

3
3
0 0

TF-A v2.9 Release Schedule

by Joanna Farley

TF-A Community, This is to notify that we are planning to target the Trusted Firmware-A 2.9 release during the middle of May 2023 as part of the regular 6 month cadence. The aim is to consolidate all TF-A work since the 2.8 release. As part of this, a release candidate tag is targeted to be created and release activities commence from 10th May 2023 across all TF-A repositories. Essentially we will not merge any major enhancements from this date until the release is made. Please ensure any patches desired to make the 2.9 release are submitted in good time to be complete by 9th May 2023. Any major enhancement patches still open after that date will not be merged until after the release. This will involve the various repositories making up the broader TF-A project including the TF-A mainline, TF-A Tests, Hafnium, TF-A CI Scripts and TF-A CI Job. In addition a TF-RMM repository release will be made that is compatible with v2.9. We will endeavour minimise the disruption on patch merging and complete release activities ASAP after we start normally completing within 7-10 working days. Regards Joanna Farley

1 year, 6 months

2
1
0 0

[RFC] Proposed location to host the firmware handoff specification.

by Jose Marinho

Hi, Arm worked to draft a firmware handoff [1] specification, evolving it based on community feedback. This activity followed the request of some members of the Arm ecosystem [2]. The spec (still at ALP – feedback/comments welcome!) standardizes how information is propagated between different firmware components during boot. The spec hopes to remove the reliance on bespoke/platform-specific information handoff mechanisms, thus reducing the code maintenance burden. The concept of entry types is present in the spec – these are data structure layouts that carry a specific type of data. New types are meant to be added, following the needs and use-cases of the different communities. Thus, these communities should be empowered to request new types! To enable community contributions, the specification must be hosted in a location that is friendly to change requests. We propose to host the spec in trustedfirmware.org (tf.org). Tf.org hosts several open-source projects and already has an open governance model. TF-A, and the associated community, rely on tf.org, and thus are already well equipped to maintain this specification and keep it up to date. Tf.org is agnostic of any downstream projects that would adopt this specification (e.g. U-boot, EDK2, etc.). We welcome the views of the communities and want to understand if there are any strong objections to what’s being proposed! If anyone has objections, we are happy to consider alternatives and associated trade-offs. Regards [1] https://developer.arm.com/documentation/den0135/latest [2] Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages - TF-A - lists.trustedfirmware.org<https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.…>

1 year, 6 months

10
32
1 0

Allow platforms to deny CPU power off request

by Varun Wadekar

Hello, We have a use case where we want to deny the CPU power off from a certain PE. The current lib/psci does not provide a way for a platform to do this. We have support to return an error from svc_off, but this does not cover the scenario where svc_off is NULL. There are multiple ways of handling this scenario. 1. Introduce a new platform function to check if CPU_OFF is allowed on the core 2. Return an error code from the pwr_domain_off() handler and unwind the CPU_OFF request 3. Something else. Any suggestions? -Varun

1 year, 7 months

3
4
0 0

Canceled event with note: TF-A Tech Forum @ Thu Apr 20, 2023 4pm - 5pm (BST) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been canceled with a note: "The original topic for this TechForum will be held on a future date. No alternative topic has been identified for this session so cancelling." TF-A Tech Forum Thursday Apr 20, 2023 ⋅ 4pm – 5pm United Kingdom Time This session will no longer take place on this date. It will be rescheduled.This slot is now free for another session although nothing has yet been identified.======================================Reserving for a discussion on Signer-id Extraction Design for Manish Badarkhe. More details of this session will be sent closer to the session date.-----------------We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org don.harbin(a)linaro.org moritzf(a)google.com ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

1 year, 7 months

1
0
0 0

Deprecation of Arm CryptoCell-712/713 drivers

by Sandrine Bailleux

Hello, This is a courtesy notification that we plan to deprecate Arm CryptoCell-712 and CryptoCell-713 drivers in TF-A release v2.9, with the goal to remove their source code from the tree in the following TF-A release after that. This won't affect any upstream platforms beyond Arm Ltd platforms (under plat/arm/ folder). If you have any concerns with this, please raise them by Monday, April 24th. Best regards, Sandrine

1 year, 7 months

1
0
0 0

TF-A with TRUSTED_BOARD_BOOT failed when using mbedtls-3.4.0

by Chen-Yu Yang

Hi, I'm using TF-A 2.8 on mt7986 board, enable TRUSTED_BOARD_BOOT using mbedtls-3.4.0, TF-A BL2 hanged when loading BL31, it seems that BL2 failed to get correct oid in function get_ext(drivers/auth/mbedtls/mbedtls_x509_parser.c) after calling mbedtls_oid_get_numeric_string mbedtls_oid_get_numeric_string in 3.4.0 uses %c to print part of oid, (https://github.com/Mbed-TLS/mbedtls/blob/v3.4.0/library/oid.c#L864) but seems that ATF libc's snprintf doesn't support %c format, which causes mbedtls_oid_get_numeric_string to return incorrect oid oid_str dump in get_ext oid_str=%c.49.6.1.4.1.4128.2100.1 (mbedtls_oid_get_numeric_string) oid_str=1.3.6.1.4.1.4128.2100.1 (TRUSTED_FW_NVCOUNTER_OID) I try to change snprintf format %c to %u in mbedtls_oid_get_numeric_string, TF-A boots successfully Thanks

1 year, 7 months

3
3
0 0

Re: Question about the Memory Encryption Engine on FVP

by Sandrine Bailleux

Hi, Concerning the following Fast Model Component: https://developer.arm.com/documentation/100964/1121/Fast-Models-components/… This component is already publicly documented although it is not integrated yet into the AEM FVP. The main usage is to identify software mis-programming, where the same Physical address is accessed through more than one Physical Address Space (PAS). As such, it is intended as a development / debugging tool only. If such a mis-programming scenario happened then the memory page corresponding to the accessed physical address would get corrupted. Notice memory encryption is not yet supported in TF-A's SW stacks. You won't find a reference for this feature in TF-A / TF-a-tests just now. Best regards, Sandrine

1 year, 7 months

1
0
0 0

Updated invitation: TF-A Tech Forum @ Thu Apr 20, 2023 4pm - 5pm (BST) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been updated Changed: description TF-A Tech Forum Thursday Apr 20, 2023 ⋅ 4pm – 5pm United Kingdom Time This session will no longer take place on this date. It will be rescheduled.This slot is now free for another session although nothing has yet been identified.======================================Reserving for a discussion on Signer-id Extraction Design for Manish Badarkhe. More details of this session will be sent closer to the session date.-----------------We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org don.harbin(a)linaro.org moritzf(a)google.com View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Reply for tf-a(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

1 year, 7 months

1
0
0 0

Is TF-A going to support MBEDTLS_AESCE_C option in mbedtls-3.4.0?

by Chen-Yu Yang

Hi, I'm working in TF-A 2.8 with mbedtls, I notice that mbedtls-3.4.0 starts to support AES crypto extension(MBEDTLS_AESCE_C) for some security reasons, I upgrade mbedtls from 2.28.0 to 3.4.0, and try to enable MBEDTLS_AESCE_C in TF-A. I fail to compile mbedtls aesce.c in TF-A build environment. I use CROSS_COMPILE=aarch64-gcc-7.5.0. It seems that AESCE needs some std libraries(e.g. arm_neon.h) supported by aarch64 gcc, while TF-A disables std libraries, and some compile flags(e.g. -mgeneral-regs-only) are conflict with current TF-A. I wonder is TF-A going to support MBEDTLS_AESCE_C option? Thanks

1 year, 7 months

2
2
0 0

2024

2023

2022

2021

2020

2019

2018

TF-A April 2023