- TF-A - lists.trustedfirmware.org

Planned Jenkins migration - Friday 30 May 2025, 14:30-18:30 BST

by Chris Kay

Hi folks, We are planning on going live with the migration of the TF.org Open CI tomorrow, Friday 30th May, which will migrate Jenkins (ci.trustedfirmware.org) from on-premises to cloud-managed infrastructure. We expect a downtime of 2-4 hours beginning at 14:30 GMT+1, during which anything which interacts with Jenkins will be unavailable. Please note that the Jenkins build history is not being transferred - if you have Gerrit changes in review with the Allow-CI+1/+2 label, you will need to retrigger the CI once migration is complete by reapplying the label. We will send out a follow-up email once we have restored service availability. Regards, Chris

1 day, 1 hour

1
0
0 0

Canceled event with note: TF-A Tech Forum @ Thu May 29, 2025 5pm - 6pm (GMT+2) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

This event has been canceled with a note: "Hi, Cancelling as no topic planned for this week. Regards, Olivier. " TF-A Tech Forum Thursday May 29, 2025 ⋅ 5pm – 6pm Central European Time - Paris Location https://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34… https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9355786… Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: TF-A Tech ForumTime: May 15, 2025 02:00 PM London Every 2 weeks on Thu, 78 occurrence(s)Please download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJcocu6gqDgjEtOkyBhSQauR1sUyFwIcNKLa/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34.1Meeting ID: 935 5786 3987Passcode: 939141---One tap mobile+12532158782,,93557863987# US (Tacoma)+13017158592,,93557863987# US (Washington DC)---Dial by your location• +1 253 215 8782 US (Tacoma)• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• +1 346 248 7799 US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 689 278 1000 US• +1 719 359 4580 US• +1 253 205 0468 US• 833 548 0276 US Toll-free• 833 548 0282 US Toll-free• 833 928 4608 US Toll-free• 833 928 4609 US Toll-free• 833 928 4610 US Toll-free• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 935 5786 3987Find your local number: https://linaro-org.zoom.us/u/adoz9mILli Guests tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

1 day, 5 hours

1
0
0 0

Trusted Firmware-A LTS v2.12.3 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.12.3 is now available. This release contains the following patches: 70ed22957 fix(deps): remove deprecated husky commands [1] 1967879b3 chore(cpus): remove in-order checks [2] 5d8f821c5 refactor(cpus): drop unused argument forward_flag [3] 1ca07cd72 refactor(cpus): move errata check to common code [4] 481e161eb refactor(cpus): optimize CVE checking [5] fdd706702 fix(cpus): drop esb from the Neoverse N1 [6] 88da40bcb chore(docs): add a SBOM template in CycloneDX format [7] 1cd56abd8 docs(prerequisites): update mbedtls to v3.6.3 [8] cb3aea9ca feat(mbedtls): update mbedtls to version 3.6.3 [9] [1] https://review.trustedfirmware.org/q/I8b7fa82aa7b5e178554a1b4a650b2b1b80440… [2] https://review.trustedfirmware.org/q/Iee5a8cb49834e9f35c6c2f2a84065430ca1ec… [3] https://review.trustedfirmware.org/q/Ib1fcbe081e94657e21d983e0db59ceec9993b… [4] https://review.trustedfirmware.org/q/I2c6d4468f7125d4d99ccdebc5ea8f9e439036… [5] https://review.trustedfirmware.org/q/I873534e367a35c99461d0a616ff7bf856a000… [6] https://review.trustedfirmware.org/q/I5775180ec61373cc5d1b9831e3fa0f2fbb19e… [7] https://review.trustedfirmware.org/q/Ia34338854a0eaa4f3a8799c23e46aae382792… [8] https://review.trustedfirmware.org/q/I62bc0fd6e40a38143ad3118a2e8e8d63c728a… [9] https://review.trustedfirmware.org/q/Icad24203a36cb7e5b0a6f2275cb3b5346dcd1… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.12.3/change-log.html Thanks, TF-A LTS team

1 week

1
0
0 0

Trusted Firmware-A LTS v2.10.17 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.10.17 is now available. This release contains the following patches: 93982eb31 build(npm): adhere to Husky deprecation notice [1] 2f7327030 fix(cpus): drop esb from the Neoverse N1 [2] b42c3c05c chore(docs): add a SBOM template in CycloneDX format [3] [1] https://review.trustedfirmware.org/q/I18ea1bbaedbb4213cc04c21413d75c9757ff7… [2] https://review.trustedfirmware.org/q/I5775180ec61373cc5d1b9831e3fa0f2fbb19e… [3] https://review.trustedfirmware.org/q/Ia34338854a0eaa4f3a8799c23e46aae382792… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.10.17/change-log.html Thanks, TF-A LTS team

1 week

1
0
0 0

Trusted Firmware-A LTS v2.8.32 Release Announcement

by ci_notify＠trustedfirmware.org

1 week

1
0
0 0

Trusted Firmware v2.13 release announcement

by Olivier Deprez

Hi All, We are pleased to announce the formal release of Trusted Firmware-A version 2.13 bundle of project deliverables. This includes Trusted Firmware-A, Trusted Firmware-A Tests, Hafnium, TF-RMM, Trusted Services, and TF-A OpenCI scripts/jobs components. These went live on May, 22nd 2025. Please find references to tags and change logs at the end of this email. Many thanks to the trustedfirmware.org community for the active engagement in delivering this release! Notable features of the release version 2.13 are as follows: TF-A/EL3 * Alto CPU support * Architecture feature support for PMUv3p9. PAUTH_LR and SPE_FDS. * Refactor PSCI to let each CPU core initialise its own context, allowing TF-A to natively handle asymmetric configurations * PSCI Powerdown abandon feature support * SMCCC_FEATURE_AVAILABILITY support based on SMCCC v1.5 specification * Firmware Handoff * Library enhancements to add more TE types in library * All BL interfaces for FVP are now migrated to use Transfer List along in different boot scenarios (RESET_TO_BL1/BL2/BL31) * TC platform is now using Transfer List for booting * HOB creation Library (from edk2) is now hosted in TF-A * New Platforms: mt8189, mt8196, qcs615, RK3576, AM62L Boot flow * Feature Additions * Added discrete TPM support in BL1/BL2 for the RPi3 platform. * Support for MbedTLS PSA Crypto with ROMLIB on FVP. * Redesigned PSA Crypto Key ID management to avoid repeated key creation/destruction. * Test Additions * Support for MbedTLS PSA Crypto with ROMLIB on FVP. * Added basic boot test for TF-RMM with TF-A and TFTF (Realm Payload) in Jenkins CI. * Integrated DRTM ACS test suite into TF-A Jenkins CI. * Added missing test configuration for ROTPK in register on FVP platform. * Build System * Refactored ROTPK key/hash generation to auto-generate required files during build. * mbedTLS Improvements * Migrated to mbedTLS version 3.6.3. Errata/Security mitigations (CPU/GIC) * CVE-2024-5660, CVE-2024-7881 * Cortex-A510, Cortex-A715, Cortex-X4, Cortex-X925, Neoverse V3 Hafnium/SPM (S-EL2) * FF-A v1.2 completed: indirect messaging with service UUIDs. * FF-A v1.3 early adoption: Update to FFA_MEM_PERM_GET ABIs. * StMM integration: provide HOB structure as boot information. * Power management update: * Bootstrapped secondary vCPUs on secondary cores power on flows. * SP's subscription to the power off event. * SP loading: SP artefacts can be bundled in a TL format. I.e SP binary and SP manifest (DTB). * Resuming ECs for interrupt handling assisted by NWd Scheduler when the SP is in waiting state, with sri-interrupts-policy field in the SP manifest. TF-RMM (R-EL2) * Deprivileging RMM code via EL0 App support * Added some support for some RMMv1.1 APIs - "RMI_DEV_MEM_(UN)MAP", support for device granules in "RMI_GRANULE_DELEGATE" and "RMI_GRANULE_UNDELEGATE". * Additional hardening of RMM via compiler flags `-fstack-protector-strong`, '-Wextra', '-Wstrict-overflow', '-D_FORTIFY_SOURCE=2' and '-Wnull-dereference'. * New platform support for RD-V3-R1 and RD-V3-R1-Cfg1 FVPs. * Dynamic discovery of PCIE Root complex topology and device memory from the Boot manifest. Trusted Services (v1.2.0) * Introduced the fTPM SP. The implementation is experimental. * Introduce the new Arm Reference Design-1 AE platform targeting the Automotive segment. It features high-performance Arm Neoverse V3AE Application Processor compute system, Arm Cortex-R82AE based Safety Island, and a Runtime Security Engine (RSE) for enhanced security. * Updated the se-proxy deployment and added support for the Firmware Update Proxy service. The FWU Proxy implements a Platform Security Firmware Update for the A-profile Arm Architecture<https://developer.arm.com/documentation/den0118/latest/> compliant FWU Agent which runs a PSA Certified Firmware Update API 1.0<https://arm-software.github.io/psa-api/fwu/1.0/> compliant client as its backend. TF-A Tests * Enhancements to fuzzing tests (EL3 vendor specific SMC, SDEI, FF-A interface, capability for randomized fuzzing inputs) * Functionality test * Firmware Handoff : AArch32 tests and event log testing * SMCCC_ARCH_FEATURE_AVAILABILITY * RAS system registers, FPMR, SCTLR2, THE and D128 * validate psci_is_last_cpu_to_idle_at_pwrlvl * SPM/FF-A : HOB generation, PPI timer interrupts, v1.2 RXTX headers * RMM: Tests introduced for majority of features developed in RMM * Platform Support * Versal NET * Versal * Neoverse-RD Release tags across repositories: https://git.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/r… https://git.trustedfirmware.org/plugins/gitiles/TF-A/tf-a-tests/+/refs/tags… https://git.trustedfirmware.org/plugins/gitiles/ci/tf-a-ci-scripts/+/refs/t… https://git.trustedfirmware.org/plugins/gitiles/ci/tf-a-job-configs/+/refs/… https://git.trustedfirmware.org/plugins/gitiles/hafnium/hafnium.git/+/refs/… https://git.trustedfirmware.org/plugins/gitiles/ci/hafnium-ci-scripts/+/ref… https://git.trustedfirmware.org/plugins/gitiles/ci/hafnium-job-configs/+/re… https://git.trustedfirmware.org/plugins/gitiles/TF-RMM/tf-rmm/+/refs/tags/t… https://git.trustedfirmware.org/plugins/gitiles/TS/trusted-services/+/refs/… Change logs: https://trustedfirmware-a.readthedocs.io/en/v2.13.0/change-log.html#id1 https://trustedfirmware-a-tests.readthedocs.io/en/v2.13.0/change-log.html#v… https://hafnium.readthedocs.io/en/v2.13.0/change-log.html#v2-13 https://tf-rmm.readthedocs.io/en/latest/about/change-log.html#v0-7-0 https://trusted-services.readthedocs.io/en/stable/project/change-log.html#v… Regards, Olivier.

1 week

1
0
0 0

Canceled event with note: TF-A Tech Forum @ Thu May 15, 2025 5pm - 6pm (GMT+2) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

This event has been canceled with a note: "Hi, No topic proposed so cancelling this week. Regards, Olivier. " TF-A Tech Forum Thursday May 15, 2025 ⋅ 5pm – 6pm Central European Time - Paris Location https://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34… https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9355786… Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: TF-A Tech ForumTime: May 15, 2025 02:00 PM London Every 2 weeks on Thu, 78 occurrence(s)Please download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJcocu6gqDgjEtOkyBhSQauR1sUyFwIcNKLa/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34.1Meeting ID: 935 5786 3987Passcode: 939141---One tap mobile+12532158782,,93557863987# US (Tacoma)+13017158592,,93557863987# US (Washington DC)---Dial by your location• +1 253 215 8782 US (Tacoma)• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• +1 346 248 7799 US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 689 278 1000 US• +1 719 359 4580 US• +1 253 205 0468 US• 833 548 0276 US Toll-free• 833 548 0282 US Toll-free• 833 928 4608 US Toll-free• 833 928 4609 US Toll-free• 833 928 4610 US Toll-free• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 935 5786 3987Find your local number: https://linaro-org.zoom.us/u/adoz9mILli Guests tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 weeks, 1 day

1
0
0 0

Re: Question about memory mapping attributes for MT_DEVICE

by Olivier Deprez

The email was moderated, re-sending on behalf of Andrei. ________________________________ From: Andrei Stefanescu <andrei.stefanescu(a)nxp.com> Sent: 13 May 2025 12:35 To: tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org> Cc: Ghennadi Procopciuc <ghennadi.procopciuc(a)nxp.com>; Ciprian Marian Costea <ciprianmarian.costea(a)nxp.com>; Alexandru-Catalin Ionita <alexandru-catalin.ionita(a)nxp.com> Subject: Question about memory mapping attributes for MT_DEVICE Hi, I noticed that the memory mapping attributes for MT_DEVICE memory are defined to: nGnRE [1]. Why was nGnRE selected instead of nGnRnE? Platforms which have USE_COHERENT_MEM set to 1 will map the coherent memory area as MT_DEVICE. This area is helpful for cases where a backery lock is shared between cores which have MMU enabled and cores which don’t (whose access is equivalent to nGnRnE). This would generate an access attributes mismatch for the coherent memory area. Would it be ok to send a patch which changes the ATTR_DEVICE to nGnRnE? Best regards, Andrei Stefanescu [1] - https://git.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a.git…

2 weeks, 3 days

3
6
0 0

Changelog for v2.13 Release

by Govindraj Raja

Hello Everyone, Ahead of the TF-A v2.13 release, please review the autogenerated changelog for your platform. It’s built from the commit messages of all patches merged since v2.12. If you spot anything that needs a quick manual tweak, just let us know. Patch: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/38170 Rendered Version: https://ci-builds.trustedfirmware.org/static-files/Jr7PSOAIj0pMAfjvJ-b7Y7G7… -- Thanks, Govindraj R

3 weeks

1
0
0 0

Firmware-A v2.13 release code freeze notification

by Olivier Deprez

Hi All, The next release of the Firmware-A bundle of projects tagged v2.13 has an expected code freeze date of May, 2nd 2025. In order to accommodate the Linaro connect event occurring during the week of May 12th we may extend the release completion date up until the week of May 26th. v2.13 release preparation tasks start from now. We want to ensure that planned feature patches for the release are submitted in good time for the review process to conclude. As a kind recommendation and a matter of sharing CI resources, please launch CI jobs with care e.g.: -For simple platform, docs changes, or one liners, use Allow-CI+1 label (no need for a full Allow-CI+2 run). -For large patch stacks use Allow-CI+2 at top of the patch stack (and if required few individual Allow+CI+1 labels in the middle of the patch stack). -Carefully analyze results and fix the change if required, before launching new jobs on the same change. -If after issuing a Allow-CI+1 or Allow-CI+2 label a Build start notice is not added as a gerrit comment on the patch right away please be patient as under heavy load CI jobs can be queued and in extreme conditions it can be over an hour before the Build start notice is issued. Issuing another Allow-CI+1 or Allow-CI+2 label will just result in an additional job being queued. Regards, Olivier.

3 weeks, 1 day

1
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-A