- TF-A - lists.trustedfirmware.org

Canceled event with note: TF-A Tech Forum @ Thu Feb 24, 2022 4pm - 5pm (GMT) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been canceled with this note: "No topic to be presented this week. Cancelling meeting." Title: TF-A Tech Forum We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   When: Thu Feb 24, 2022 4pm – 5pm United Kingdom Time Calendar: tf-a(a)lists.trustedfirmware.org Who: * Bill Fletcher - creator * marek.bykowski(a)gmail.com * okash.khawaja(a)gmail.com * tf-a(a)lists.trustedfirmware.org Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this courtesy email at the account tf-a(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

3 years, 8 months

1
0
0 0

Re: please fix incomplete distclean Makefile target

by Nicolas Boulenguez

Hello. This threads originates in a trivial fix for the 'clean' Makefile target. All contributions, even cosmetic and/or from the outside world, must follow the same formal process. Apparently, the process fails for external contributors. The discussion is visible there: https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.… At this moment, there were more people involved in the discussion than letters affected by the patch, so I was invited to switch to a private mail exchange. I was asked to describe the error messages, did so, and was forgotten ever since. Almost a year has passed, the patch is neither refused nor applied. The connection error still prevents some/all external contributions. The only effect of my request so far is that I have been obliged to create accounts on github and your gerrit instance. Is there hope for a more satisfying conclusion?

3 years, 8 months

2
1
0 0

Canceled event with note: TF-A Tech Forum @ Thu Feb 10, 2022 4pm - 5pm (GMT) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been canceled with this note: "No topics prepared for this week." Title: TF-A Tech Forum We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   When: Thu Feb 10, 2022 4pm – 5pm United Kingdom Time Calendar: tf-a(a)lists.trustedfirmware.org Who: * Bill Fletcher - creator * marek.bykowski(a)gmail.com * okash.khawaja(a)gmail.com * tf-a(a)lists.trustedfirmware.org Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this courtesy email at the account tf-a(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

3 years, 8 months

1
0
0 0

Is there any development roadmap(plan) for the Arm CCA features?

by Sangwan Kwon

Hi, I checked that TF-A supports FEAT_RME since v2.6. (https://trustedfirmware-a.readthedocs.io/en/latest/change-log.html) And those are developed on rme_prototype branch. ( https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/log/?h=topics/r… ) But it is not updated since last year (September, 2021). I was wondering if there is a development plan or active branch about Arm CCA features (like RME RMM). BRs, Sangwan Kwon

3 years, 8 months

2
1
0 0

Cannot successfully jump to the UEFI Boot Loader in the normal world with the RME enabled FVP_Base_RevC_2xAEMvA

by Beom Heyn Kim

Hi, With RME enabled FVP_Base_RevC_2xAEMvA, we are trying to have TF-A's BL31 successfully exit EL3 and jump to a normal world boot firmware (edk2 UEFI boot loader) instead of tftf.bin. Yet, it fails with the following log messages (showing the last 3): INFO: BL31: Preparing for EL3 exit to normal world INFO: Entry point address = 0x88000000 INFO: SPSR = 0x3c9 We could boot and run RMM and tftf.bin successfully following the instructions on the TF-A documentation page ( https://trustedfirmware-a.readthedocs.io/en/latest/components/realm-managem…). While keeping build and run commands same, we tried to just replace the tftf.bin with FVP_AARCH64_EFI.fd, the build artifact of the edk2-platform for ARM ( https://github.com/tianocore/edk2-platforms/tree/master/Platform/ARM) We checked both tftf.bin and FVP_AARCH64_EFI.fd cases result in the same entry point address 0x88000000. Yet, the latter stops after exiting EL3 as aforementioned, unlike tftf.bin which successfully proceeds to run some tests afterwards. Also, we found that FVP_AARCH64_EFI.fd can boot successfully with the same fast model but without RME enabled. What is the possible reason for this symptom and the necessary tweaks we should do to address this issue? What should we look for to get some clue? Cheers,

3 years, 8 months

2
1
0 0

Re: How secondary core(s) move from TF-A into Kernel space using PSCI - 4 x A55 ?

by Manish Pandey2

Hi Yusuf, I hope you have gone through https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/porting-… 1. Distinguishing between a cold boot and a warm boot. 2. In the case of a cold boot and the CPU being a secondary CPU, ensuring that the CPU is placed in a platform-specific state until the primary CPU performs the necessary steps to remove it from this state. 3. In the case of a warm boot, ensuring that the CPU jumps to a platform- specific address in the BL31 image in the same processor mode as it was when released from reset. Secondary cores are kept in TF-A holding pen until primary core makes a request to start secondary core(from OS through PSCI CPU_ON). On receiving this call primary breaks the condition which held secondary. For example, investigate a5ds platform's plat_secondary_cold_boot_setup() & a5ds_pwr_domain_on(). Platform also provides warm_boot_entrypoint (most platform uses bl31_warm_entrypoint) from where secondary starts execution. Primary core is responsible for platform initialization using platform helper functions mentioned https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/porting-… (make sure your platform has implemented all the mandatory hooks). Hope this helps thanks Manish ________________________________ From: Mohd Yusuf Abdul Hamid via TF-A <tf-a(a)lists.trustedfirmware.org> Sent: 07 February 2022 02:32 To: tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org> Subject: [TF-A] How secondary core(s) move from TF-A into Kernel space using PSCI - 4 x A55 ? Hi, I have been stuck at this problem for more than a week. Hopefully good folks here can help clarify a few things. Platform 4x Cortex A55 single cluster. What I got working: 1. I can boot single core kernel to shell using TFA bl31 Baremetal (bare minimum startup + platform specific SOC enablement, EL3) -> TFA bl31 -> Kernel 2. I added PSCI in DT and can see the hook trigger service and hotplug secondary core in. Secondary core woke up: 1. Bare minimum startup (skip SOC specific enablement) -> TFA bl31 -> go thru 'plat_secondary_cold_boot_setup' path, using 'RESET_TO_BL31:=1' Now, I am not sure how from there, the secondary core would jump to: a. If jump to kernel's 'secondary_holding_pen' it looks like it would drop from EL3 -> EL1 and wait (however at this point Core0 is already in cpu_idle) and won't continue a.1 For this case, I am also not sure why I hit "instruction abort" in core1 - from what I read MMU hasnt been set up, which is true. I also wonder at what point MMU is set up for this path in the secondary core? b. If jump to 'secondary_entry' I believe the core is still in EL3 at this point and I will get an exception at 'set_cpu_boot_mode_flag' c. If someone can summarize what are the minimum requirements for the secondary core to get set up before jumping to 'secondary_holding_pen'/'secondary_entry' whichever is applicable. Any pointers would be much appreciated. ps: I have access to Trace32. Mohd Yusuf Abdul Hamid

3 years, 8 months

2
1
0 0

What Doc / NDA doc do I need when I want to add a new platfrom in TF-A / OPTEE? (i.e., RK3566 )

by 起飞的老杨

Hello, Everyone, If I want to add a new platform support in TF-A for RK3566 as an example, what Documentation do I need to read. Using RK3399 as a contrast ( because most of RK3399 doc is opened in internet ), we already know this SoC is supported in OPTEE and TF-A. And I can get RK3399 Docs:* TRM V1.3 Part 1*, T*RM V1.3 Part2*, *TRM V1.4 Part 1*, *Datasheet V2.1*. I can see in *TRM chapter 16 System Security, *there are some descriptions about system security, and references to other system registers, like *SGRF, *etc, but it still seems to me insufficiently ( No SGRF description ) to finish a full support platform implementation in TF-A. Some people said I need to sign an NDA with Rockchip to get Security related part docs. But when I reach to Rockchip, they said all docs are opened already, No NDA options. When I talked to one partner/distributor of Rockchip, only security related doc is also some doc I can find on internet. So I am curious and confused, can I, as a third party developer, develop a new platform implementation for TF-A / OPTEE ( specially for Rockchip Platform )? Thanks

3 years, 8 months

2
2
0 0

How secondary core(s) move from TF-A into Kernel space using PSCI - 4 x A55 ?

by Mohd Yusuf Abdul Hamid

Hi, I have been stuck at this problem for more than a week. Hopefully good folks here can help clarify a few things. Platform 4x Cortex A55 single cluster. What I got working: 1. I can boot single core kernel to shell using TFA bl31 Baremetal (bare minimum startup + platform specific SOC enablement, EL3) -> TFA bl31 -> Kernel 2. I added PSCI in DT and can see the hook trigger service and hotplug secondary core in. Secondary core woke up: 1. Bare minimum startup (skip SOC specific enablement) -> TFA bl31 -> go thru 'plat_secondary_cold_boot_setup' path, using 'RESET_TO_BL31:=1' Now, I am not sure how from there, the secondary core would jump to: a. If jump to kernel's 'secondary_holding_pen' it looks like it would drop from EL3 -> EL1 and wait (however at this point Core0 is already in cpu_idle) and won't continue a.1 For this case, I am also not sure why I hit "instruction abort" in core1 - from what I read MMU hasnt been set up, which is true. I also wonder at what point MMU is set up for this path in the secondary core? b. If jump to 'secondary_entry' I believe the core is still in EL3 at this point and I will get an exception at 'set_cpu_boot_mode_flag' c. If someone can summarize what are the minimum requirements for the secondary core to get set up before jumping to 'secondary_holding_pen'/'secondary_entry' whichever is applicable. Any pointers would be much appreciated. ps: I have access to Trace32. Mohd Yusuf Abdul Hamid

3 years, 8 months

1
0
0 0

Re: GIC-600 errata 1717652: missed wake requests

by Bipin Ravi

Hi Okash, In TF-A project, we haven't supported errata patches for system IP's like GIC-600 until now. We typically support Cat B errata patches for Arm CPU implementations that are made public. Additionally we also support DSU errata patches for the TF-A supported CPUs as applicable. But we are more than happy to support any code reviews required for the implementation of the below said errata. Thanks, Bipin -----Original Message----- From: tf-a-request(a)lists.trustedfirmware.org <tf-a-request(a)lists.trustedfirmware.org> Sent: Thursday, January 27, 2022 6:00 PM To: tf-a(a)lists.trustedfirmware.org Subject: TF-A Digest, Vol 37, Issue 16 1. GIC-600 errata 1717652: missed wake requests (Okash Khawaja) ---------------------------------------------------------------------- Message: 1 Date: Thu, 27 Jan 2022 13:36:32 +0000 From: Okash Khawaja <okash(a)google.com> Subject: [TF-A] GIC-600 errata 1717652: missed wake requests To: tf-a(a)lists.trustedfirmware.org Message-ID: <CAGjWKv6TTLVvF7GfsmY76QFjSzcSX8DqPuPukJQAOH-AqAvuLg(a)mail.gmail.com> Content-Type: text/plain; charset="UTF-8" Hi, It seems like TF-A's GIC600 driver currently doesn't have support for the Cat B errata 1717652 "Wake_request may not be delivered if multiple cores are woken by PPIs at the same time". Are there plans to support this? Thanks, Okash ------------------------------ Subject: Digest Footer TF-A mailing list -- tf-a(a)lists.trustedfirmware.org To unsubscribe send an email to tf-a-leave(a)lists.trustedfirmware.org ------------------------------ End of TF-A Digest, Vol 37, Issue 16 ************************************

3 years, 9 months

2
1
1 0

GIC-600 errata 1717652: missed wake requests

by Okash Khawaja

Hi, It seems like TF-A's GIC600 driver currently doesn't have support for the Cat B errata 1717652 "Wake_request may not be delivered if multiple cores are woken by PPIs at the same time". Are there plans to support this? Thanks, Okash

3 years, 9 months

1
0
0 0

Updated invitation: TF-A Tech Forum @ Thu Jan 27, 2022 4pm - 5pm (GMT) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been changed. Title: TF-A Tech Forum Agenda for Session on 27th January 2020Introduction of Arm CCA Context ManagementSession Presented by: Manish Pandey, Soby Mathew and Zelalem AwekeDetails: With the introduction of Arm CCA, the context management library needs to manage the context for one more world (realm world). Since the current context management library has evolved over time, some of design principles need sharpening / re-defining to make it easier to manage and make it less error-prone when managing the 3 worlds. The proposal lists down the design principles and discusses about introduction of new CPU Context for the root world (EL3). The refactor will increase the overall robustness of EL3 firmware as it will enforce a design pattern in software plus have a more predictable sysreg state during execution at EL3.We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   (changed) When: Thu Jan 27, 2022 4pm – 5pm United Kingdom Time Calendar: tf-a(a)lists.trustedfirmware.org Who: * Bill Fletcher - creator * marek.bykowski(a)gmail.com * okash.khawaja(a)gmail.com * tf-a(a)lists.trustedfirmware.org Event details: https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this courtesy email at the account tf-a(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

3 years, 9 months

1
0
1 0

TF-A Technical Forum Session Agenda this week

by Joanna Farley

Agenda for Session on 27th January 2020 * Introduction of Arm CCA Context Management * Session Presented by: Manish Pandey, Soby Mathew and Zelalem Aweke * Details: With the introduction of Arm CCA, the context management library needs to manage the context for one more world (realm world). Since the current context management library has evolved over time, some of design principles need sharpening / re-defining to make it easier to manage and make it less error-prone when managing the 3 worlds. The proposal lists down the design principles and discusses about introduction of new CPU Context for the root world (EL3). The refactor will increase the overall robustness of EL3 firmware as it will enforce a design pattern in software plus have a more predictable sysreg state during execution at EL3. We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/<https://www.google.com/url?q=https://www.trustedfirmware.org/meetings/tf-a-…> Trusted Firmware is inviting you to a scheduled Zoom meeting. Join Zoom Meeting https://zoom.us/j/9159704974<https://www.google.com/url?q=https://zoom.us/j/9159704974&sa=D&source=calen…> Meeting ID: 915 970 4974 One tap mobile +16465588656,,9159704974# US (New York) +16699009128,,9159704974# US (San Jose) Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 915 970 4974 Find your local number: https://zoom.us/u/ad27hc6t7h<https://www.google.com/url?q=https://zoom.us/u/ad27hc6t7h&sa=D&source=calen…>

3 years, 9 months

1
0
0 0

Updated invitation: TF-A Tech Forum @ Thu Jan 27, 2022 4pm - 5pm (GMT) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been changed. Title: TF-A Tech Forum Agenda for Session on 27th January 2020introduction of Arm CCA Context ManagementSession Presented by: Manish Pandy, Soby Mathew and Zelalem AwekeDetails: With the introduction of Arm CCA, the context management library needs to manage the context for one more world (realm world). Since the current context management library has evolved over time, some of design principles need sharpening / re-defining to make it easier to manage and make it less error-prone when managing the 3 worlds. The proposal lists down the design principles and discusses about introduction of new CPU Context for the root world (EL3). The refactor will increase the overall robustness of EL3 firmware as it will enforce a design pattern in software plus have a more predictable sysreg state during execution at EL3.We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   (changed) When: Thu Jan 27, 2022 4pm – 5pm United Kingdom Time Calendar: tf-a(a)lists.trustedfirmware.org Who: * Bill Fletcher - creator * marek.bykowski(a)gmail.com * okash.khawaja(a)gmail.com * tf-a(a)lists.trustedfirmware.org Event details: https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this courtesy email at the account tf-a(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

3 years, 9 months

1
0
0 0

RFC for context management refactoring in TF-A

by Soby Mathew

Hello Everyone, We have a proposal to refactor the Context management framework in TF-A and an RFC is pushed for review here: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651 . The abstract of the RFC is given below: With the introduction of Arm CCA, the context management library needs to manage the context for one more world (realm world). Since the current context management library has evolved over time, some of design principles need sharpening / re-defining to make it easier to manage and make it less error-prone when managing the 3 worlds. The proposal lists down the design principles and discusses about introduction of new CPU Context for the root world (EL3). The refactor will increase the overall robustness of EL3 firmware as it will enforce a design pattern in software plus have a more predictable sysreg state during execution at EL3. The plus point here is that many of the design principles are already adhered to in one way or other in the current the implementation so much of the work can be done in an incremental fashion without much disruption. Along with @Zelalem Aweke<mailto:Zelalem.Aweke@arm.com> and @Manish Pandey2<mailto:Manish.Pandey2@arm.com>, we hope to discuss the this RFC and how this translates to code changes in TF-A during the Tech Forum this week. Best Regards Soby Mathew

3 years, 9 months

1
0
0 0

About arm_validate_ns_entrypoint in arm_pm.c

by Ming Huang

Hi, arm_validate_ns_entrypoint() in plat/arm/common/arm_pm.c check ARM_NS_DRAM1_BASE and ARM_NS_DRAM2_BASE only, for some platform there are include more than two non-secure dram areas. It will bring dependencies between TF-A and physical memory space which can get from uefi atfer memory initialization, if arm_validate_ns_entrypoint() include the entire physical memory space. In my mind, the kernel should guarantee the validity of entry point. So why this check is need? Thanks, Ming

3 years, 9 months

3
3
0 0

imx8mm-evk does not boot kernel 5.16 with mainline TF-A

by Fabio Estevam

Hi, I am running U-Boot 2022.01 on imx8mm-evk. If I build the NXP vendor-based TF-A (imx_5.4.47_2.2.0) I am able to boot kernel 5.16 just fine. However, if I use the upstream TF-A (v2.5 or v2.6), the kernel fails to boot most of the attempts. Peng, Jacky, Could you please try booting kernel 5.16 + U-Boot 2022.01 built with TF-A v2.6? What is missing in upstream TF-A to be able to boot kernel 5.16? Thanks, Fabio Estevam

3 years, 9 months

2
1
0 0

fw update & anti-rollback versioning

by Etienne CARRIERE

Dear all, (and may the new year be happy to you and your beloved) In the course of evaluating the FW update flows for systems with FIP images, we identified the following requirements: Req1: The FIP image, or the components in the FIP, must have a version field. Each version field will be compared against the anti-rollback counter of the platform that the FIP or its component is bound to. Req2: We must be able to increment the FIP version field (though a FIP image FW update) without affecting the anti-rollback counter value. The anti-rollback counter should be incremented only for security updates upon explicit request. Req3: The version field should be present even if the FIP does not contain image certificates. Currently the FIP carries a version field in the different certificates, the anti-rollback counters are updated every time the root certificate value increased. This is not flexible enough and does not allow trial/acceptance of updates. Can we open a discussion on how to enhance the version/anti-rollback counter update in TF-A? Best regards, Etienne Carriere ST Restricted

3 years, 9 months

4
6
0 0

TF-A (inc Hafnium) Tech Forum this week

by Joanna Farley

Hi Everyone, Welcome to 2022! To start off this year’s Tech Forum’s we will use the session this week to follow up on two ongoing email list discussion subjects: * Hafnium Build and Tooling Options. * Discussion led by Olivier Deprez. * Covering recent changes to the Hafnium project that has neem announced on the Hafnium mailing list https://lists.trustedfirmware.org/archives/list/hafnium@lists.trustedfirmwa…<https://www.google.com/url?q=https%3A%2F%2Flists.trustedfirmware.org%2Farch…> * Firmware Update and Anti-Rollback Versioning * Discussion led by Manish Badarkhe and Manish Pandey2 * An opportunity to discuss the recent email thread on this topic on the TF-A mailing list. https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.…<https://www.google.com/url?q=https%3A%2F%2Flists.trustedfirmware.org%2Farch…> If you don’t have the invite which just been updated the meeting details are: TF-A Tech Forum Thursday, January 13⋅4:00 – 5:00pm GMT Trusted Firmware is inviting you to a scheduled Zoom meeting. Join Zoom Meeting https://zoom.us/j/9159704974<https://www.google.com/url?q=https://zoom.us/j/9159704974&sa=D&source=calen…> Meeting ID: 915 970 4974 One tap mobile +16465588656,,9159704974# US (New York) +16699009128,,9159704974# US (San Jose) Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 915 970 4974 Find your local number: https://zoom.us/u/ad27hc6t7h<https://www.google.com/url?q=https://zoom.us/u/ad27hc6t7h&sa=D&source=calen…> Thanks all Joanna

3 years, 9 months

1
0
0 0

Updated invitation: TF-A Tech Forum @ Thu Jan 13, 2022 4pm - 5pm (GMT) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been changed. Title: TF-A Tech Forum The Tech Forum this week will cover two discussion subjects:Hafnium Build and Tooling Options.  Discussion led by Olivier Deprez.Covering recent changes to the Hafnium project that has neem announced on the Hafnium mailing list https://lists.trustedfirmware.org/archives/list/hafnium@lists.trustedfirmwa… Update and Anti-Rollback VersioningDiscussion led by Manish Badarkhe and Manish Pandey2An opportunity to discuss the recent email thread on this topic on the TF-A mailing list. https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.… run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   (changed) When: Thu Jan 13, 2022 4pm – 5pm United Kingdom Time Calendar: tf-a(a)lists.trustedfirmware.org Who: * Bill Fletcher - creator * marek.bykowski(a)gmail.com * okash.khawaja(a)gmail.com * tf-a(a)lists.trustedfirmware.org Event details: https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this courtesy email at the account tf-a(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

3 years, 9 months

1
0
0 0

MISRA C compliance spreadsheet access permission

by Lim, Jit Loon

Hi TF-A committee, We are trying to access to the MISRA C spreadsheet mentioned over here. [cid:image001.jpg@01D806BE.A535F7C0] https://developer.trustedfirmware.org/file/download/lamajxif3w7c4mpjeoo5/PH… However, we are facing issue to open the spreadsheet and we are getting "Invalid Authorization". [cid:image002.jpg@01D806BE.A535F7C0] After we click on the "Continue", the website show Restricted File and we have no access permission. [cid:image003.jpg@01D806BE.A535F7C0] Thus, we would like to get your help to assist us on how to obtain the spreadsheet. Hope to hear from you soon. Thanks Best Regards JL Lim (Benjamin)

3 years, 9 months

2
2
0 0

A problem about assert failed in TF-A

by Chenxu Wang

Hi all, I am running FVP with 2CPUs, Cactus SP (SEL1), Hafnium (SEL2) and KVM VHE. Sometimes I send the "FFA_MSG_SEND_DIRECT_REQ" smc call from KVM (I fill 0x8400006f in x0, then VMID and SP ID in x1, let x2 as 0). It says assert failed, like this: ASSERT: lib/el3_runtime/aarch64/context_mgmt.c:651 BACKTRACE: START: assert 0: EL3: 0x4005cac 1: EL3: 0x400323c 2: EL3: 0x400620c 3: EL3: 0x400e180 4: EL3: 0x4005a94 BACKTRACE: END: assert After I check the bl31.dump, I notice that: when services/std_svc/spmd/spmd_main.c sends the FFA call (from NS to S) via "spmd_smc_forward(smc_fid, secure_origin,x1, x2, x3, x4, handle)", it will go to cm_el1_sysregs_context_restore(secure_state_out) and cm_el2_sysregs_context_restore(secure_state_out), then it will assert the cm_get_context(). it gets the NULL context, so assert failed. Before the problem appeared, I have modified many codes on a dirty TF-A v2.4 (commit hash is 0aa70f4c4c023ca58dea2d093d3c08c69b652113), Hafnium and TF-A-TESTS. I also mail with Hafnium MailList, they consider it can be a problem in EL3. Such assert is NOT ALWAYS failed. I mean, maybe when I run FVP and send "smc" now, it is failed. But when I shut down, run FVP, and send the same instruction with the same parameter again, it is OK. I want to know, what is the possible reasons for suddenly losing the secure context. Can you give me some advice on debugging? e.g., where should I check? Need I provide more info? Sincerely, Wang

3 years, 10 months

3
4
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 374565: Error handling issues (CHECKED_RETURN) /drivers/st/mmc/stm32_sdmmc2.c: 176 in stm32_sdmmc2_init() ________________________________________________________________________________________________________ *** CID 374565: Error handling issues (CHECKED_RETURN) /drivers/st/mmc/stm32_sdmmc2.c: 176 in stm32_sdmmc2_init() 170 171 mmio_write_32(base + SDMMC_POWER, 172 SDMMC_POWER_PWRCTRL_PWR_CYCLE | sdmmc2_params.dirpol); 173 mdelay(POWER_CYCLE_DELAY); 174 175 if (sdmmc2_params.vmmc_regu != NULL) { >>> CID 374565: Error handling issues (CHECKED_RETURN) >>> Calling "regulator_enable" without checking return value (as is done elsewhere 6 out of 7 times). 176 regulator_enable(sdmmc2_params.vmmc_regu); 177 } 178 179 mdelay(VCC_POWER_ON_DELAY); 180 181 mmio_write_32(base + SDMMC_POWER, sdmmc2_params.dirpol); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…

3 years, 10 months

1
0
0 0

How to change the address of region "RAM" in BL31?

by Chenxu Wang

Hi all, I want to add some big data structures in BL31 (e.g., create a large uint32_t array). Also, I reserve a secure memory space (assume it is 0xa000_0000 - 0xb000_0000) by configuring TZASC. Now, the BL31 says build/fvp/debug/bl31/bl31.elf section `.bss' will not fit in region `RAM' aarch64-none-elf-ld: BL31 image has exceeded its limit. aarch64-none-elf-ld: region `RAM' overflowed by 458752 bytes It looks like that the previous RAM cannot hold my big data structures. If I want to add my reserved region into RAM (so I may allocate these data into the reserved region), what should I do? Sincerely, Wang

3 years, 10 months

2
1
0 0

Re: [TF-A] [TF-M] Tip on cloning TF-M on OS X Monterey

by Gyorgy Szing

Hi, Please allow me to add some more details. Also posting to the TF-A list, as all tf.org repositories are affected. The root cause of this issue is OpenSSH dropping support for SHA-1 RSA signatures with the 8.8 release, and thus any OS (or git client) coming with a recent version is affected. I.e. the newest git for windows is affected too, and so are “top notch” Linux distributions like Arch. For details see the “Potentially-incompatible changes” chapter here: https://www.openssh.com/releasenotes.html As the above page states “Incompatibility is more likely when connecting to older SSH implementations…”, and thus a server-side update would eliminate the problem. Till that happens the page above list multiple client-side workarounds. (It is possible to amend the ssh config in a way that fixes all repositories.) /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kevin Townsend via TF-M Sent: December 15, 2021 13:06 To: Thomas Törnblom via TF-M <tf-m(a)lists.trustedfirmware.org> Subject: [TF-M] Tip on cloning TF-M on OS X Monterey I recently switched to a new MBP that ships with OS X Monterey, and on both 12.0 and 12.1 (released this week) git clone seems to be broken when you're using HTTP rather than SSH: digital envelope routines:CRYPTO_internal:bad key length In order to clone TF-M, I had to make the following changes. 1. Add these details to $HOME/.ssh/config (microbuilder being my github username, associated with my TF-M account): Host trustedfirmware.org<http://trustedfirmware.org> User microbuilder Hostname review.trustedfirmware.org<http://review.trustedfirmware.org> Port 29418 IdentityFile ~/.ssh/id_rsa IdentitiesOnly yes 2. Then try to clone with: $ git clone trustedfirmware.org:/TF-M/trusted-firmware-m.git This fails, however, since it tries to clone tf-m-tests.git, so: 3. Edit lib/ext/tf-m-tests/fetch_repo.cmake, changing: FetchContent_Declare(tfm_test_repo GIT_REPOSITORY trustedfirmware.org:TF-M/tf-m-tests.git # GIT_REPOSITORY https://git.trustedfirmware.org/TF-M/tf-m-tests.git GIT_TAG ${TFM_TEST_REPO_VERSION} GIT_PROGRESS TRUE ) This let me at least clone TF-M until the issues with HTTP-based cloning are fixed. Hope this is useful to someone else working on OS X natively. Kevin

3 years, 10 months

1
0
0 0

FCONF warning for TOS_FW_CONFIG

by Yann Gautier

Hi, On STM32MP1, we'd like BL2 to be agnostic of what BL32 is in the FIP. It can be either OP-TEE or TF-A SP_min. But on STM32MP1, SP_min needs a device tree file (TOS_FW_CONFIG_ID), whereas OP-TEE doesn't use this separate DT image. As TOS_FW_CONFIG_ID is in list of images to be loaded by BL2, we then have a warning message in case OP-TEE is used: WARNING: FCONF: Invalid config id 26 I'd like to silence this warning with this kind of patch: diff --git a/lib/fconf/fconf_dyn_cfg_getter.c b/lib/fconf/fconf_dyn_cfg_getter.c index 25dd7f9eda..f7e9834c3b 100644 --- a/lib/fconf/fconf_dyn_cfg_getter.c +++ b/lib/fconf/fconf_dyn_cfg_getter.c @@ -51,7 +51,11 @@ struct dyn_cfg_dtb_info_t *dyn_cfg_dtb_info_getter(unsigned int config_id) } } - WARN("FCONF: Invalid config id %u\n", config_id); + if (config_id == TOS_FW_CONFIG_ID) { + VERBOSE("FCONF: No TOS_FW_CONFIG image\n"); + } else { + WARN("FCONF: Invalid config id %u\n", config_id); + } return NULL; } I can change the VERBOSE message to INFO. Do you think it is OK if I push the patch? Thanks, Yann

3 years, 10 months

2
6
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-A