- TF-A - lists.trustedfirmware.org

Cancelled TF-A TechForum 1st December + update for 15th December

by Joanna Farley

Hi All, I’m cancelling the TF-A Techforum for this Thursday as we have no topic. However, we do plan a session for 15th December. Following the recent addition of QEMU support in TF-A OpenCI [1], we'd like to: Do a quick demo on how to navigate the OpenCI services (Jenkins, LAVA) and find the QEMU boot tests results. * Possibly do a quick demo on how to run these tests on your local machine through TF-A CI scripts. * Give a high-level overview of the changes in TF-A CI scripts and OpenCI infrastructure that made this possible.Following the recent addition of QEMU support in TF-A OpenCI [1], we'd like to: [1] https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.…<https://www.google.com/url?q=https://lists.trustedfirmware.org/archives/lis…> Joanna

3 years, 5 months

1
0
0 0

Updated invitation with note: TF-A Tech Forum @ Thu Dec 15, 2022 4pm - 5pm (GMT) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been updated with a note: "Update for subject on 15th December TF-A Tech Forum" Changed: description TF-A Tech Forum Thursday Dec 15, 2022 ⋅ 4pm – 5pm United Kingdom Time NOTE this is for 15th December 2022Following the recent addition of QEMU support in TF-A OpenCI [1], we'd like to:Do a quick demo on how to navigate the OpenCI services (Jenkins, LAVA) and find the QEMU boot tests results.Possibly do a quick demo on how to run these tests on your local machine through TF-A CI scripts.Give a high-level overview of the changes in TF-A CI scripts and OpenCI infrastructure that made this possible.Following the recent addition of QEMU support in TF-A OpenCI [1], we'd like to:[1]  https://lists.trustedfirmware.org/archives/list/tf-a@list… run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Reply for tf-a(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

3 years, 5 months

1
0
0 0

Canceled event with note: TF-A Tech Forum @ Thu Dec 1, 2022 4pm - 5pm (GMT) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been canceled with a note: "No topics this week so cancelling. We do have a topic for 2 weeks time on 15th December." TF-A Tech Forum Thursday Dec 1, 2022 ⋅ 4pm – 5pm United Kingdom Time We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

3 years, 5 months

1
0
0 0

[PATCH] fix(console): fix crash on spin_unlock with cache disabled

by Baruch Siach

Current code skips load of spinlock address when cache is disabled. The following call to spin_unlock stores into the random location that x0 points to. Move spinlock address load earlier so that x0 is always valid on spin_unlock call. Change-Id: Iac640289725dce2518f2fed483d7d36ca748ffe8 Signed-off-by: Baruch Siach <baruch(a)tkos.co.il> --- I'm posting this patch here since I have found no way to upload to review.trustedfirmware.org. I logged in via github, but I can not add SSH keys ("New SSH Key" grayed out), and "GENERATE NEW PASSWORD" shows Error 500. Hope this is not too wrong. --- plat/common/aarch64/crash_console_helpers.S | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plat/common/aarch64/crash_console_helpers.S b/plat/common/aarch64/crash_console_helpers.S index e2950f5f7c55..75b420893325 100644 --- a/plat/common/aarch64/crash_console_helpers.S +++ b/plat/common/aarch64/crash_console_helpers.S @@ -68,12 +68,12 @@ func plat_crash_console_init mov x4, x30 /* x3 and x4 are not clobbered by spin_lock() */ mov x3, #0 /* return value */ + adrp x0, crash_console_spinlock + add x0, x0, :lo12:crash_console_spinlock + mrs x1, sctlr_el3 tst x1, #SCTLR_C_BIT beq skip_spinlock /* can't synchronize when cache disabled */ - - adrp x0, crash_console_spinlock - add x0, x0, :lo12:crash_console_spinlock bl spin_lock skip_spinlock: -- 2.35.1

3 years, 5 months

2
1
0 0

Supporting QEMU in OpenCI

by Harrison Mutai

Hello everyone, Following our recent release, I'm pleased to provide more details on recent developments in our CI for QEMU. Linaro’s continuous integration platform OpenCI supports running emulated tests on QEMU. The tests are kicked off on Jenkins and deployed through the Linaro Automation and Validation Architecture LAVA. The obvious benefit of this is it makes it relatively easy to test TF-A in CI without a complex hardware setup, much like we do with FVPs. For this reason, we have added scripts to our OpenCI scripts repository to enable running this form of automated tests on QEMU. The initial patches provide a set of end-to-end boot tests (TF-A -> Linux shell prompt) that are included in our daily job [1]. The long term plan is to use this and further QEMU tests to gate patch submission (CI +1, +2), however, this is will only happen when we have confidence in their stability. You can view a sample test run here [2]. You can also reproduce the test setup manually in OpenCI or locally. In OpenCI this is done by running the tf-a-builder job with `qemu-boot-tests` as the test group [3]. In your local setup, this is done with the following command line: ``` $ test_run=1 \ workspace=$(mktemp -d) \ nfs_volume="$workspace" tfa_downloads="https://downloads.trustedfirmware.org/tf-a" tf_root="/path/to/trusted-firmware-a/" \ tftf_root="/path/to/tf-a-tests/" \ test_groups="qemu-boot-tests/qemu-default:qemu-linux.rootfs-fip.uefi-virt" \ bash -x $ci_root/script/run_local_ci.sh ``` We highly encourage you to contribute to the QEMU CI scripts if you can! Whether that be helping extend the tests or providing enhancements. We are also looking for help maintaining this specific area and the infrastructure around it - if this of interest, please do reach out! Cheers! Harrison [1] https://ci.trustedfirmware.org/job/tf-a-main [2] https://tf.validation.linaro.org/scheduler/job/1168495 [3] https://ci.trustedfirmware.org/job/tf-a-builder/

3 years, 5 months

1
0
0 0

Re: 回复： building secure boot tf-a images without ROTK controlled by SW build engineer

by Neely, Brian

Hello, Just following up on my question regarding HSMs (pasted below). Do any of the maintainers of cert_create have feedback on this? Thanks! -Brian Just a quick follow-up on this question of using an HSM (or in general, some form of Key Management Infrastructure) to sign TF-A images. U-Boot has support for this with its mkimage utility (see https://github.com/u-boot/u-boot/blob/master/doc/uImage.FIT/signature.txt#L5...). This appears to a custom engine in OpenSSL (and in this case, the pkcs11 engine). My questions are: 1. Does TF-A’s cert_create tool support using custom OpenSSL engines? 2. If so, is there a procedure for using this? 3. If not, is there a plan to add support for this in the roadmap somewhere? * Or, in general, is there a plan to add HSM support for TF-A image signing?

3 years, 5 months

2
1
0 0

Trusted Firmware-A v2.8 Release Announcement

by Joanna Farley

We are pleased to announce the release of Trusted Firmware-A version 2.8 bundle of project deliverables. This includes Trusted Firmware-A version 2.8, Trusted Firmware-A Tests version 2.8, Hafnium version 2.8 and TF-A OpenCI Scripts/Jobs 2.8 Releases involving the tagging of multiple repositories. These went live on 21st November 2022. The repositories are now open again to take patches under review. On behalf of the TF-A project maintainers, I would like to thank all of the Trustedfirmware.org TF-A Project community for their efforts since the last release. Notable Features of the Version 2.8 Release across repositories are as follows: TF-A Project Repository * Architectural enablement (Arm v8.8 etc) * Added Branch Record Buffer Extension (FEAT_BRBE) * Added Pointer Authentication Extension helper support for QARMA3 (FEAT_PACQARMA3) * Partial support for trapping support for RNDR/RNDRRS (FEAT_RNG_TRAP) * Added Trace Buffer Extension (FEAT_TRBE) * Added SVE fall back if SME not available (FEAT_SME) * Support full SVE vector Length (FEAT_SVE) * Added support for DRTM (Dynamic Root of Trust Measurement ) * Hunter ELP CPU support added * Twenty Four (24) Errata Mitigations for Cortex-A710 , A510, X3, X2, A76, A77, A78C, Neoverse N1, N2, GIC-600 * Ethos-N Driver support for SMMU * Secure Payload Dispatcher added for ProvenCore RTOS * EL3 SPMC feature hardening * CCA Bootflow chain of trust support for AEM FVP * CCA RME development to support TF-RMM upstreaming Hafnium Project Repository * FF-A v1.1 EAC0 additions * Partition runtime model and CPU cycle allocation modes. * Interrupt handling and managed exit flows. * Memory sharing. * Framework notifications and indirect messaging. * Added FF-A console log ABI. * Added support for GICv3.1 extended INTID ranges. * Image footprint optimisation. * Improved SVE support and test coverage. * FF-A v1.0 ACS test suite integration in Open CI. TF-A Tests Project Repository * TF-A Tests support for 4 new platforms (N1SDP, RD-N2, RD-N2-Cfg1, RD-V1) * TF-A Tests CCA RME Realm Payload Testing * TF-A Tests FF-A v1.1 Secure interrupts Testing Platform Support * Three (3) new platforms added including Arm TC2 * Thirty (30) platforms updated * Initial support within TF-A OpenCI CI scripts repository for automating end-to-end boot tests (TF-A -> Linux shell prompt) on QEMU Patch Statistics Across all Repositories * Approx 1100 Patches merged since v2.7 June 2022 release Please refer to the TF-A [1], Hafnium [2] and TF-A Tests [3] changelogs for the complete summary of changes from the previous release. TF-A [4], TF-A Test [5], Hafnium [6], TF-A OpenCI Scripts [7] and TF-A OpenCI Jobs [8] repositories are available along with the compatible TF-RMM repository [9] and documentation [10]. [1] https://trustedfirmware-a.readthedocs.io/en/v2.8/change-log.html#id1 [2] https://review.trustedfirmware.org/plugins/gitiles/hafnium/hafnium/+/HEAD/d… - v2_8<https://review.trustedfirmware.org/plugins/gitiles/hafnium/hafnium/+/HEAD/d…> [3] https://trustedfirmware-a-tests.readthedocs.io/en/v2.8/change-log.html#vers… [4] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tag/?h=v2.8 [5] https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tag/?h=v2.8 [6] https://git.trustedfirmware.org/hafnium/hafnium.git/tag/?h=v2.8 [7] https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/tag/?h=v2.8 [8] https://git.trustedfirmware.org/ci/tf-a-job-configs.git/tag/?h=v2.8 [9] https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tag/?h=tf-rmm-v0.2.0 [10] https://tf-rmm.readthedocs.io/en/tf-rmm-v0.2.0/

3 years, 5 months

1
0
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 87 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 382009: (OVERRUN) ________________________________________________________________________________________________________ *** CID 382009: (OVERRUN) /lib/psci/psci_on.c: 80 in psci_cpu_on_start() 74 * CPU_ON platform hooks have been implemented. 75 */ 76 assert((psci_plat_pm_ops->pwr_domain_on != NULL) && 77 (psci_plat_pm_ops->pwr_domain_on_finish != NULL)); 78 79 /* Protect against multiple CPUs trying to turn ON the same target CPU */ >>> CID 382009: (OVERRUN) >>> Overrunning callee's array of size 8 by passing argument "target_idx" (which evaluates to 4294967295) in call to "psci_spin_lock_cpu". 80 psci_spin_lock_cpu(target_idx); 81 82 /* 83 * Generic management: Ensure that the cpu is off to be 84 * turned on. 85 * Perform cache maintanence ahead of reading the target CPU state to /lib/psci/psci_on.c: 160 in psci_cpu_on_start() 154 psci_set_aff_info_state_by_idx(target_idx, AFF_STATE_OFF); 155 flush_cpu_data_by_index(target_idx, 156 psci_svc_cpu_data.aff_info_state); 157 } 158 159 exit: >>> CID 382009: (OVERRUN) >>> Overrunning callee's array of size 8 by passing argument "target_idx" (which evaluates to 4294967295) in call to "psci_spin_unlock_cpu". 160 psci_spin_unlock_cpu(target_idx); 161 return rc; 162 } 163 164 /******************************************************************************* 165 * The following function finish an earlier power on request. They ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…

3 years, 5 months

1
0
0 0

TF-A TechForum this week

by Joanna Farley

Hello TF-A Community, The meeting invite this week has been updated with an agenda. In case you have not seen this the details are: The TF-RMM component was published last week and was announced in this mailing list: https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.… This week Javier Almansa Sobrino of the TF-RMM team would like to present on the TF-RMM Unit test framework The TF-RMM Unit test framework allows the exercising and validation of the software components of TF-RMM to be performed natively on the development host, making the development of new features, as well as the debugging of existing ones, easier. This talk will introduce this framework as well as the fake_host architecture for TF-RMM which allows the building and running of TF-RMM natively on the development host. We will also discuss how to implement unit tests for different components and we will introduce some features such as code coverage test for TF-RMM. Thanks Joanna Meeting details are: Join Zoom Meeting https://armltd.zoom.us/j/97858987231?pwd=U3NxdEk2YjI0OS90NzE1WEdHWE10Zz09&f… Meeting ID: 978 5898 7231 Passcode: 472153 One tap mobile +16465189805,,97858987231#,,,,*472153# US (New York) +13462487799,,97858987231#,,,,*472153# US (Houston) Dial by your location +1 646 518 9805 US (New York) +1 346 248 7799 US (Houston) +1 408 638 0968 US (San Jose) Meeting ID: 978 5898 7231 Passcode: 472153 Find your local number: https://armltd.zoom.us/u/adRXFKP35m Join by SIP 97858987231(a)zoomcrc.com Join by H.323 162.255.37.11 (US West) 162.255.36.11 (US East) 115.114.131.7 (India Mumbai) 115.114.115.7 (India Hyderabad) 213.19.144.110 (Amsterdam Netherlands) 213.244.140.110 (Germany) 103.122.166.55 (Australia Sydney) 103.122.167.55 (Australia Melbourne) 209.9.211.110 (Hong Kong SAR) 149.137.40.110 (Singapore) 64.211.144.160 (Brazil) 69.174.57.160 (Canada Toronto) 65.39.152.160 (Canada Vancouver) 207.226.132.110 (Japan Tokyo) 149.137.24.110 (Japan Osaka) Meeting ID: 978 5898 7231 Passcode: 472153

3 years, 5 months

1
0
0 0

Updated invitation with note: TF-A Tech Forum @ Thu Nov 17, 2022 4pm - 5pm (GMT) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been updated with a note: "The TF-A Tech Forum will be running this week." Changed: description TF-A Tech Forum Thursday Nov 17, 2022 ⋅ 4pm – 5pm United Kingdom Time The TF-A Tech Forum is being run this week.The TF-RMM component was published last week and was announced in this mailing list posting https://lists.trustedfirmware.org/archives/list/tf-a@lists.tru… week the Javier Almansa Sobrino of the TF-RMM team would like to present on the TF-RMM Unit test frameworkThe TF-RMM Unit test framework allows the exercising and validation of the software components of TF-RMM to be performed natively on the development host, making the development of new features, as well as the debugging of existing ones, easier. This talk will introduce this framework as well as the fake_host architecture for TF-RMM which allows the building and running of TF-RMM natively on the development host. We will also discuss how to implement unit tests for different components and we will introduce some features such as code coverage test for TF-RMM.=======================================================We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Reply for tf-a(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

3 years, 5 months

1
0
0 0

Minimal kernel/firmware on Rock64 (rk3328)

by Robert Meissner

Hello, i found TF a very interesting project, however I would like to get booted with a really minimal firmware/kernel. I have a Rock64 with RK3328 Rockchip which I am trying to boot from sdcard with following sources: https://gitlab.com/jahro_me/sos/-/tree/master/ I have tried to setup UART for the device as described in the manual https://opensource.rock-chips.com/images/9/97/Rockchip_RK3328TRM_V1.1-Part1… On page 13 it states, the BOOT_ROM, INT_RAM is located at 0xffff0000. I have used this adress in kernel_entry https://gitlab.com/jahro_me/sos/-/blob/master/boot.s and in the main section https://gitlab.com/jahro_me/sos/-/blob/master/link.lds However, I could not get the kernel booted. I am not sure, if I need to remap the memory and how to do it. I guess, i should enable it with SGRF_SOC_CON2. Could anyone please help out to get the output, "Hello, You Rock!"? Best regards, Bob

3 years, 5 months

1
0
0 0

Submitting a patch to TF-A

by Jérôme Forissier

Hi, I am trying to send a patch to review.trustedfirmware.org but I get a Permission denied error. =========================== $ git push jforissier@review.trustedfirmware.org:29418/TF-A/trusted-firmware-a HEAD:refs/for/integration jforissier(a)review.trustedfirmware.org: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. $ git clone "ssh:// jforissier@review.trustedfirmware.org:29418/TF-A/trusted-firmware-a" Cloning into 'trusted-firmware-a'... fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. $ ssh -p 29418 jforissier(a)review.trustedfirmware.org jforissier(a)review.trustedfirmware.org: Permission denied (publickey). =========================== I can see my ssh key at https://review.trustedfirmware.org/settings/. I tried to upload it again, I also added -i to the ssh command to make sure the right key is used. What am I doing wrong? Thanks, -- Jerome

3 years, 5 months

4
8
0 0

Changelog for v2.8 Release

by Lauren Wehrmeister

Hi All, Please take a look at the changelog for your respective platforms ahead of the TF-A v2.8 release. The changelog is autogenerated from the commit messages of the patches that have been merged since the v2.7 release. Here's your chance to give us guidance on any small manual adjustments you would like to see. Patch: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17804/ Rendered Version: https://ci-builds.trustedfirmware.org/static-files/51m1_XLaarhS4BLLm1c3Mjdz… Thanks, Lauren

3 years, 5 months

1
0
0 0

Support for SVE + FP in TF-A

by Okash Khawaja

Hi, Currently TF-A doesn't support enabling both SVE and FP for both worlds. What can we do to support both SVE and FP in either world? Thanks, Okash

3 years, 5 months

2
2
0 0

PSCI OS-initiated mode

by Wing Li

Hi, The PSCI specification defines two different power state coordination modes for CPU_SUSPEND that can be used to put a core or a group of cores into a low-power state. These modes are the platform-coordinated mode (default) and the OS-initiated mode (optional). OS-initiated mode is currently not supported by TF-A, while both modes are supported by the Linux Kernel. Requesting reviews for the patches [1] adding support for OS-initiated mode in TF-A and the corresponding tests in TF-A-Tests. Any feedback and comments are much appreciated. Thanks in advance! Wing [1] https://review.trustedfirmware.org/q/topic:psci-osi

3 years, 6 months

1
0
0 0

PSCI OS-initiated mode

by Wing Li

Hi, The PSCI specification defines two different power state coordination modes for CPU_SUSPEND that can be used to put a core or a group of cores into a low-power state. These modes are the platform-coordinated mode (default) and the OS-initiated mode (optional). OS-initiated mode is currently not supported by TF-A, while both modes are supported by the Linux Kernel. Requesting reviews for the patches [1] adding support for OS-initiated mode in TF-A and the corresponding tests in TF-A-Tests. Any feedback and comments are much appreciated. Thanks in advance! Wing [1] https://review.trustedfirmware.org/q/topic:psci-osi

3 years, 6 months

1
0
0 0

Announcing TF-RMM v0.1.0

by Soby Mathew

Hi Everyone The TF-RMM team is pleased to announce the first public release of RMM implementation aligned to RMM Beta0 Specification [1] . The RMM is a software component that runs at Realm EL2 and forms part of a system which implements the Arm Confidential Compute Architecture (Arm CCA). The implementation can create Realm VMs in the Realm PAS and the Realm contents can be attested as specified in the RMM specification. The official trustedfirmware.org git repo can be found at : https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/. There is also a github read-only mirror and can be found at https://github.com/TF-RMM/tf-rmm . Contributions will be accepted via TF-RMM gerrit at trustedfirmware.org : https://review.trustedfirmware.org/q/project:TF-RMM%252Ftf-rmm Please see the readme [2] and the getting started guide [3] to get started with RMM. We expect patches for supporting Realm Management Extension (RME) in linux kernel and related kvm-unit-tests to be available in the coming months. The patch to exercise Realm creation and execution via TF-A-Tests is in review at the moment [4] and the OOB instructions for the same can be found in TF-A RME documentation [5]. We expect these patches to be part of the upcoming TF-A v2.8 release. The mailing list for the project is tf-rmm(a)lists.trustedfirmware.org<mailto:tf-rmm@lists.trustedfirmware.org>. Looking forward to fruitful community engagement and successful deployment Arm CCA systems in future. Best Regards Soby Mathew PS : We hope to setup readthedocs documentation in the coming days, but till then , please bear with the github rendering of the rst documentation. [1] https://developer.arm.com/documentation/den0137/1-0bet0/?lang=en [2] https://github.com/TF-RMM/tf-rmm/blob/main/docs/readme.rst [3] https://github.com/TF-RMM/tf-rmm/blob/main/docs/getting_started/getting-sta… [4] https://review.trustedfirmware.org/c/TF-A/tf-a-tests/+/17221 [5] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17610

3 years, 6 months

1
0
0 0

V2.8 Release code freeze notification

by Joanna Farley

Hi all, As documented in the Release Cadence section of the TF-A documentation (https://trustedfirmware-a.readthedocs.io/en/latest/about/release-informatio…) the v2.8 release has an expected code freeze date of 3rd week of November 2022. That equates to the start of that week Monday 14th November which is one calendar month away from tomorrow when the rc0 tag will be applied. Closing out the release takes around 6-10 working days normally over the last few releases. We want to ensure that planned feature patches for the release are submitted in good time for the review process to conclude. Preparations for v2.8 release is already underway. Thanks Joanna

3 years, 6 months

1
1
0 0

Conditional CMOs

by Okash Khawaja

Hi, When a core is in debug recovery mode its caches are not invalidated upon reset, so the L1 and L2 cache contents from before reset are observable after reset. Similarly, debug recovery mode of DynamIQ cluster ensures that contents of the shared L3 cache are also not invalidated upon transition to On mode. A common use case of booting cores in debug recovery mode is to boot with caches disabled and preserve the caches until a point where software can dump the caches and retrieve their contents. TF-A however unconditionally cleans and invalidates caches at multiple points during boot, e.g. in bl31_entrypoint when cleaning bss and .data sections. This will not only lose the cache content needed for debugging but will potentially corrupt memory as well, leading to bugs when booting in recovery mode. Can we make CMOs in lib/aarch64/cache_helpers.S conditional upon some platform hook to address above scenario? Happy to work on a patch if the idea of conditional CMOs makes sense. Thanks, Okash

3 years, 6 months

3
5
0 0

Canceled event with note: TF-A Tech Forum @ Thu Nov 3, 2022 4pm - 5pm (GMT) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been canceled with a note: "No topics received so cancelling this week." TF-A Tech Forum Thursday Nov 3, 2022 ⋅ 4pm – 5pm United Kingdom Time We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

3 years, 6 months

1
0
0 0

TF-A TechForum this Thursday 3rd November at 4pm GMT

by Joanna Farley

Hi Everyone, We have a TF-A Tech forum scheduled for this Thursday at 4pm GMT. Note the UK clocks moved to GMT from BST last weekend so the meeting may appear an hour different than in previous weeks in your calendar. At this time I do not have any topics to present. Please do reach out to me if you have any topics you would like to present to the TF-A community. If I do not find a topic or hear from the community that they have a topic I will cancel end of day this coming Wednesday 2nd November. Thanks Joanna

3 years, 6 months

1
1
0 0

Inconsistencies with PLAT_XLAT_TABLES_DYNAMIC

by Jeffrey Kardatzke

Hello, Is there a reason there are inconsistencies in the handling of PLAT_XLAT_TABLES_DYNAMIC? Specifically I'm referring to in some places it uses #ifdef logic: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/lib/utils/… and then in others it's using #if: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/include/li… Also in some places it uses add_define: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/services/s… and in others it's explicitly adding the define (w/ or w/out a value) to the _FLAGS for an image. https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/imx/i… https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/b… I wanted to make use of this config option and noticed it wasn't getting picked up even when it was set and was considering cleaning up the usage of it by adding it to make_helpers/defaults.mk and then changing all the #ifdef's for it to be #if's. Thanks, -- Jeffrey Kardatzke jkardatzke(a)google.com Google, Inc.

3 years, 6 months

1
0
0 0

Re: 回复： building secure boot tf-a images without ROTK controlled by SW build engineer

by Neely, Brian

Hello, Just a quick follow-up on this question of using an HSM (or in general, some form of Key Management Infrastructure) to sign TF-A images. U-Boot has support for this with its mkimage utility (see https://github.com/u-boot/u-boot/blob/master/doc/uImage.FIT/signature.txt#L…). This appears to a custom engine in OpenSSL (and in this case, the pkcs11 engine). My questions are: 1. Does TF-A’s cert_create tool support using custom OpenSSL engines? 2. If so, is there a procedure for using this? 3. If not, is there a plan to add support for this in the roadmap somewhere? * Or, in general, is there a plan to add HSM support for TF-A image signing? Thanks, Brian

3 years, 6 months

1
0
0 0

Multi DTBs support in TF-A

by Ayoub Zaki

hello List, Is there anyway to support Multi DTBs in TF-A ? Mit freundlichen Grüßen / Kind regards -- Ayoub Zaki Embedded Systems Consultant

3 years, 6 months

2
3
0 0

Making the first byte of the stack canary a NULL for better security

by zjw88282740＠gmail.com

Hello, After learning the current implementation of plat_get_stack_protector_canary in TF-A, i am curious about why we not make the first byte of canary an NULL byte for better security?

3 years, 6 months

2
1
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

TF-A