- TF-A - lists.trustedfirmware.org

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 6 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 6 of 6 defect(s) ** CID 443168: Error handling issues (CHECKED_RETURN) /plat/st/stm32mp2/bl2_plat_setup.c: 183 in bl2_el3_plat_arch_setup() ________________________________________________________________________________________________________ *** CID 443168: Error handling issues (CHECKED_RETURN) /plat/st/stm32mp2/bl2_plat_setup.c: 183 in bl2_el3_plat_arch_setup() 177 BL_CODE_END - BL_CODE_BASE, 178 MT_CODE | MT_SECURE); 179 180 configure_mmu(); 181 182 /* Prevent corruption of preloaded Device Tree */ >>> CID 443168: Error handling issues (CHECKED_RETURN) >>> Calling "mmap_add_dynamic_region" without checking return value (as is done elsewhere 25 out of 29 times). 183 mmap_add_dynamic_region(DTB_BASE, DTB_BASE, 184 DTB_LIMIT - DTB_BASE, 185 MT_RO_DATA | MT_SECURE); 186 187 if (dt_open_and_check(STM32MP_DTB_BASE) < 0) { 188 panic(); ** CID 443167: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3588/drivers/scmi/rk3588_clk.c: 578 in rk3588_b0pll_get_rate() ________________________________________________________________________________________________________ *** CID 443167: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3588/drivers/scmi/rk3588_clk.c: 578 in rk3588_b0pll_get_rate() 572 573 rate64 *= m; 574 rate64 = rate64 / p; 575 576 if (k != 0) { 577 /* fractional mode */ >>> CID 443167: Integer handling issues (OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "24000000U * k" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned). 578 uint64_t frac_rate64 = 24000000 * k; 579 580 postdiv = p * 65535; 581 frac_rate64 = frac_rate64 / postdiv; 582 rate64 += frac_rate64; 583 } ** CID 443166: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 443166: Memory - corruptions (OVERRUN) /plat/intel/soc/common/socfpga_vab.c: 97 in socfpga_vab_authentication() 91 if (!IS_BYTE_ALIGNED(img_sz, sizeof(uint32_t))) { 92 ERROR("Image size (%d bytes) not aliged to 4 bytes!\n", img_sz); 93 return -EIMGERR; 94 } 95 96 /* Generate HASH384 from the image */ >>> CID 443166: Memory - corruptions (OVERRUN) >>> Overrunning array "hash384" of 12 bytes by passing it to a function which accesses it at byte offset 47. 97 sha384_start((uint8_t *)img_addr, img_sz, hash384, CHUNKSZ_PER_WD_RESET); 98 cert_hash_ptr = (uint8_t *)(img_addr + img_sz + VAB_CERT_MAGIC_OFFSET + 99 VAB_CERT_FIT_SHA384_OFFSET); 100 101 /* 102 * Compare the SHA384 found in certificate against the SHA384 ** CID 443165: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3588/drivers/scmi/rk3588_clk.c: 747 in rk3588_b1pll_get_rate() ________________________________________________________________________________________________________ *** CID 443165: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3588/drivers/scmi/rk3588_clk.c: 747 in rk3588_b1pll_get_rate() 741 742 rate64 *= m; 743 rate64 = rate64 / p; 744 745 if (k != 0) { 746 /* fractional mode */ >>> CID 443165: Integer handling issues (OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "24000000U * k" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned). 747 uint64_t frac_rate64 = 24000000 * k; 748 749 postdiv = p * 65535; 750 frac_rate64 = frac_rate64 / postdiv; 751 rate64 += frac_rate64; 752 } ** CID 443164: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3588/drivers/scmi/rk3588_clk.c: 408 in rk3588_lpll_get_rate() ________________________________________________________________________________________________________ *** CID 443164: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3588/drivers/scmi/rk3588_clk.c: 408 in rk3588_lpll_get_rate() 402 403 rate64 *= m; 404 rate64 = rate64 / p; 405 406 if (k != 0) { 407 /* fractional mode */ >>> CID 443164: Integer handling issues (OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "24000000U * k" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned). 408 uint64_t frac_rate64 = 24000000 * k; 409 410 postdiv = p * 65535; 411 frac_rate64 = frac_rate64 / postdiv; 412 rate64 += frac_rate64; 413 } ** CID 254051: Memory - illegal accesses (OVERRUN) /plat/intel/soc/common/lib/sha/sha.c: 206 in sha512_base_do_finalize() ________________________________________________________________________________________________________ *** CID 254051: Memory - illegal accesses (OVERRUN) /plat/intel/soc/common/lib/sha/sha.c: 206 in sha512_base_do_finalize() 200 const int bit_offset = SHA512_BLOCK_SIZE - sizeof(uint64_t[2]); 201 uint64_t *bits = (uint64_t *)(sctx->buf + bit_offset); 202 unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE; 203 204 sctx->buf[partial++] = 0x80; 205 if (partial > bit_offset) { >>> CID 254051: Memory - illegal accesses (OVERRUN) >>> Overrunning array of 128 bytes at byte offset 128 by dereferencing pointer "sctx->buf + partial". [Note: The source code implementation of the function has been overridden by a builtin model.] 206 memset(sctx->buf + partial, 0x0, SHA512_BLOCK_SIZE - partial); 207 partial = 0; 208 209 sha512_block_fn(sctx, sctx->buf, 1); 210 } 211 ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…

10 months, 2 weeks

1
0
0 0

Canceled event with note: TF-A Tech Forum @ Thu Aug 22, 2024 5pm - 6pm (GMT+2) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

This event has been canceled with a note: "Hi, Cancelling today as no topic. Regards, Olivier." TF-A Tech Forum Thursday Aug 22, 2024 ⋅ 5pm – 6pm Central European Time - Paris We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvdU84QT09 One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

10 months, 3 weeks

1
0
0 0

Re: TF-A Tech Forum

by Olivier Deprez

Hi, cancelling today as no topic. Regards, Olivier. ________________________________ From: Trusted Firmware Public Meetings Sent: 24 July 2024 17:36 To: Trusted Firmware Public Meetings <linaro.org_havjv2figrh5egaiurb229pd8c(a)group.calendar.google.com>; marek.bykowski(a)gmail.com <marek.bykowski(a)gmail.com>; okash.khawaja(a)gmail.com <okash.khawaja(a)gmail.com>; tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org> Subject: TF-A Tech Forum When: 22 August 2024 17:00-18:00. Where: TF-A Tech Forum We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this This event has been updated We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/<https://www.google.com/url?q=https%3A%2F%2Fwww.trustedfirmware.org%2Fmeetin…> Trusted Firmware is inviting you to a scheduled Zoom meeting. Join Zoom Meeting https://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvd…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fmy%2Ftruste…> One tap mobile +16465588656,,9159704974# US (New York) +16699009128,,9159704974# US (San Jose) Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 915 970 4974 Find your local number: https://zoom.us/u/ad27hc6t7h<https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fu%2Fad27hc6t7h&sa=D&us…> When Every 2 weeks from 8am to 9am on Thursday (Mountain Standard Time - Phoenix) Guests marek.bykowski(a)gmail.com<mailto:marek.bykowski@gmail.com> okash.khawaja(a)gmail.com<mailto:okash.khawaja@gmail.com> tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> View all guest info<https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1…> RSVP for tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> for all events in this series <https://calendar.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tM…> Yes <https://calendar.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tM…> No <https://calendar.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tM…> Maybe <https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1…> More options Invitation from Google Calendar<https://calendar.google.com/calendar/> You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more<https://support.google.com/calendar/answer/37135#forwarding>

10 months, 3 weeks

1
0
0 0

Query regarding the test coverage thru tf-a-tests

by Thangaraj, Senthil Nathan

Dear TF-A team, I have a query regarding the TF-A test. Specifically, I would like to know if there is a method to find out the code coverage for a specific test or for all the tests in current run? Your direction in this regard will be really appreciated. Thank you, Senthil

10 months, 3 weeks

1
0
1 0

Arm TF-A can not access linux kernel's virtual/physical address?

by 钱非凡

In my opinion, Arm TF-A (EL3) has higher privileges than Linux Kernel (EL1), and Secure World should be able to access all memory address in Normal World. To verify this feature, I added a new SMC call in Arm TF-A and wrote a kernel module to test it (on a Hikey960 Development Board). But the program does not run as expected that Arm TF-A stucked while accessing the memory address passed by Linux Kernel. Here is my kernel module, which uses `alloc_pages` to acquire a physical address, and uses `page_address` converting it to a virtual address. And the module passes the physical address and the virtual address to Arm TF-A using `smc #0`: ```cpp static int __init smc_testing_init(void) { uintptr_t phys_addr, virt_addr; pr_info("Mmodule loaded\n"); phys_addr = (uintptr_t) alloc_pages(GFP_KERNEL, 2); virt_addr = (uintptr_t) page_address((struct page *) phys_addr); memset((void *) virt_addr, 'A', PAGE_SIZE << 2); printk("phys_addr: 0x%llx, virt_addr: 0x%llx\n", (uint64_t) phys_addr, (uint64_t) virt_addr); asm volatile( "ldr x0, =0xC8000003\n" "mov x1, %0\n" "mov x2, %1\n" "smc #0\n" : : "r" (phys_addr), "r" (virt_addr) : "x0", "x1", "x2" ); __free_pages((struct page *) phys_addr, 2); return 0; } static void __exit smc_testing_exit(void) { pr_info("Module unloaded\n"); } ``` And here is the handler's code in Arm TF-A, which prints the addresses of physical address and virtual address, and access the first element of the memory address: ```cpp if (0xC8000003 == smc_fid) { uintptr_t virt_addr = x3; NOTICE("phys_addr: 0x%lx, virt_addr: 0x%lx\n", phys_addr, virt_addr); NOTICE("virt_addr[0] = 0x%x\n", *((uint32_t *)virt_addr)); NOTICE("phys_addr[0] = 0x%x\n", *((uint32_t *)phys_addr)); SMC_RET0(handle); } ``` Here is the output, Arm TF-A handles the request successfully, but failed to access the memory address passed by Linux Kernel: ```bash # insmod ./smc_testing.ko [ 75.259590] smc_testing: loading out-of-tree module taints kernel. [ 75.266682] Mmodule loaded [ 75.269404] phys_addr: 0xfffffc0002dc5e00, virt_addr: 0xffff0000b7178000 NOTICE: phys_addr: 0xfffffc0002dc5e00, virt_addr: 0xffff0000b7178000 [ 96.276605] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 96.282741] rcu: 4-...0: (1 ticks this GP) idle=72ec/1/0x4000000000000000 softirq=204/204 fqs=2592 [ 96.291835] (detected by 0, t=5253 jiffies, g=-643, q=16 ncpus=8) [ 96.298044] Task dump for CPU 4: [ 96.301287] task:insmod state:R running task stack:0 pid:201 ppid:185 flags:0x00000006 [ 96.311254] Call trace: [ 96.313713] __switch_to+0xe4/0x160 [ 96.317241] printk_rb_static+0x30/0x58 ```

10 months, 3 weeks

2
1
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 441243: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 441243: Memory - corruptions (OVERRUN) /plat/xilinx/common/pm_service/pm_svc_main.c: 516 in eemi_api_handler() 510 module_id = (api_id & MODULE_ID_MASK) >> 8U; 511 512 PM_PACK_PAYLOAD7(payload, module_id, security_flag, api_id, 513 pm_arg[0], pm_arg[1], pm_arg[2], pm_arg[3], 514 pm_arg[4], pm_arg[5]); 515 >>> CID 441243: Memory - corruptions (OVERRUN) >>> Overrunning callee's array of size 7 by passing argument "7UL" in call to "pm_ipi_send_sync". 516 ret = pm_ipi_send_sync(primary_proc, payload, (uint32_t *)buf, 517 PAYLOAD_ARG_CNT); 518 519 SMC_RET4(handle, (uint64_t)ret | ((uint64_t)buf[0] << 32U), 520 (uint64_t)buf[1] | ((uint64_t)buf[2] << 32U), 521 (uint64_t)buf[3] | ((uint64_t)buf[4] << 32U), ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…

11 months

1
0
0 0

Canceled event with note: TF-A Tech Forum @ Thu Aug 8, 2024 4pm - 5pm (BST) (tf-a@lists.trustedfirmware.org)

by Joanna Farley

This event has been canceled with a note: "No topics scheduled this week so cancelling. Also a lot of people seem to be away on vacations." TF-A Tech Forum Thursday Aug 8, 2024 ⋅ 4pm – 5pm United Kingdom Time We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvdU84QT09 One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

11 months, 1 week

1
0
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 440627: Control flow issues (DEADCODE) /plat/allwinner/sun50i_h616/sunxi_h616_dtb.c: 56 in sunxi_soc_fdt_fixup() ________________________________________________________________________________________________________ *** CID 440627: Control flow issues (DEADCODE) /plat/allwinner/sun50i_h616/sunxi_h616_dtb.c: 56 in sunxi_soc_fdt_fixup() 50 if (ret != 0) { 51 return; 52 } 53 54 node = fdt_node_offset_by_phandle(dtb, phandle); 55 if (ret != 0) { >>> CID 440627: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "return;". 56 return; 57 } 58 59 ccsidr = armv8_get_ccsidr(CACHE_L2U); 60 sets = ((ccsidr >> CCSIDR_SETS_SHIFT) & CCSIDR_SETS_MASK) + 1; 61 line_size = 16U << ((ccsidr >> CCSIDR_LSIZE_SHIFT) & CCSIDR_LSIZE_MASK); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…

11 months, 2 weeks

1
0
0 0

Re: Integrate TF-A and PSA Crypto API with PUFcc

by Jothikumar Mani

HI Andy, Thank you for explaining, psa-arch-test(psa certified api compliance) testsuite currently used with TFM +MbedTLS environment as a release gate, and there is trusted service team whom were running the psa-arch-test package on arm-A class devices. Coming back to the question related to psa-arch-test, the current available package should suffice to check the compliance of crypto necessary tasks/functinoality, fyi we have already validated the latest psa-arch-test repo with the mbedtls 3.6. So I would not be more concern about the psa-arch-test being compliant to latest 1.2.1 spec. because between 1.1.0 and 1.2.1 there were minimal changes which is not showstopper for the psa certified api certification. Regards, JK From: Andy Chen <andychen(a)pufsecurity.com> Date: Thursday, 25 July 2024 at 5:30 AM To: Jothikumar Mani <Jothikumar.Mani(a)arm.com>, Manish Badarkhe <Manish.Badarkhe(a)arm.com>, tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org> Cc: Diya Soubra <Diya.Soubra(a)arm.com>, Victoria Lee <victorialee(a)pufsecurity.com>, Andrew <andrewirvin(a)pufsecurity.com> Subject: 回覆: Integrate TF-A and PSA Crypto API with PUFcc Hi Jothikumar and Manish, It's great to discuss with you and thanks. Sure, it's more clarity with usage scenarios: 1. As a Security IP provider, our PUFcc functions as a Hardware Root of Trust. However, mbedTLS currently doesn't fully support HRoT. Therefore, we are integrating directly into the PSA Crypto API, which permits customization. 1. While working on PSA L3 or L2R, we frequently face version conflicts. That why, in this project, we aim to confirm these version issues (including the dev. and test bench). 1. This also means that both TF-A and TF-M support PSA Crypto API, so we can also support both through this package. There is our PSA Software Package with PUFcc. We try to find the best way to support cryptographic tasks. Additionally, we plan to use the same development platform as ARM to ensure optimal compatibility for our customers. It means we would try to know the FPV, although I'm not sure if we can add external IPs. If I misunderstood or you have any ideas, please feel free to tell me. [cid:ed0bb76e-fb77-4502-ae5d-f8443d6b4fc4] Have a Nice Day, Andy ________________________________ 寄件者: Jothikumar Mani <Jothikumar.Mani(a)arm.com> 寄件日期: 2024年7月24日下午 11:48 收件者: Andy Chen <andychen(a)pufsecurity.com>; Manish Badarkhe <Manish.Badarkhe(a)arm.com>; tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org> 副本: Diya Soubra <Diya.Soubra(a)arm.com>; Victoria Lee <victorialee(a)pufsecurity.com>; Andrew <andrewirvin(a)pufsecurity.com> 主旨: RE: Integrate TF-A and PSA Crypto API with PUFcc Hi Andy, Please find my reply in the previous mail. Regards, JK From: Andy Chen <andychen(a)pufsecurity.com> Sent: Wednesday, July 24, 2024 8:11 PM To: Manish Badarkhe <Manish.Badarkhe(a)arm.com>; Jothikumar Mani <Jothikumar.Mani(a)arm.com>; tf-a(a)lists.trustedfirmware.org Cc: Diya Soubra <Diya.Soubra(a)arm.com>; Victoria Lee <victorialee(a)pufsecurity.com>; Andrew <andrewirvin(a)pufsecurity.com> Subject: 回覆: Integrate TF-A and PSA Crypto API with PUFcc Hi Manish, Thanks for your information. We need to integrate our hardware Crypto IP (PUFcc). And it seems that FVP cannot add custom IP, so we are planning to purchase an FPGA with the A53 - AXU9EGB<https://www.xilinx.com/products/boards-and-kits/1-1ervp7b.html> for our needs. And we need to make sure it is compatible with TF-A lts-v2.10.5. Thanks. Hi Jothikumar, We would try to integrate with PSA Crypto API, and we need a test bench for v1.2.1. Please feel free to let me know if you have any suggestions. [JK] : may I know what the intent is to requesting the crypto v1.2.1 spec compliance suites?, if you are looking for the PSA Certified APIs compliance for your product then the currently available testsuite is more than sufficient. Also, the mbedTLS version mentioned also only supports psa-crypto spec v1.1.0. I am trying to under the end goal of the psa certified api compliance suite usage with your product. Answer to this question will help me to give better suggestion. For TF-A, we plan to integrate with: TF-A lts-v2.10.5 PSA Crypto API - v1.1.0 >>> v1.2.1 PSA Certified APIs Architecture Test Suite - v1.6 Thank you very much. Have a Nice Day, Andy ________________________________ 寄件者: Manish Badarkhe <Manish.Badarkhe(a)arm.com<mailto:Manish.Badarkhe@arm.com>> 寄件日期: 2024年7月24日下午 06:12 收件者: tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>; Andy Chen <andychen(a)pufsecurity.com<mailto:andychen@pufsecurity.com>>; Jothikumar Mani <Jothikumar.Mani(a)arm.com<mailto:Jothikumar.Mani@arm.com>> 副本: Diya Soubra <Diya.Soubra(a)arm.com<mailto:Diya.Soubra@arm.com>>; Victoria Lee <victorialee(a)pufsecurity.com<mailto:victorialee@pufsecurity.com>>; Andrew <andrewirvin(a)pufsecurity.com<mailto:andrewirvin@pufsecurity.com>> 主旨: Re: Integrate TF-A and PSA Crypto API with PUFcc Hi Andy Please see my replies inline. Adding Jothikumar Mani for PSA Certified APIs Architecture Test Suite. Thanks, Manish Badarkhe ________________________________ From: Andy Chen via TF-A <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>> Sent: 23 July 2024 09:55 To: tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>> Cc: Diya Soubra <Diya.Soubra(a)arm.com<mailto:Diya.Soubra@arm.com>>; Victoria Lee <victorialee(a)pufsecurity.com<mailto:victorialee@pufsecurity.com>>; Andrew <andrewirvin(a)pufsecurity.com<mailto:andrewirvin@pufsecurity.com>> Subject: [TF-A] Integrate TF-A and PSA Crypto API with PUFcc Hi TF-A teams, This is Andy from PUFsecurity, and we have a project with ARM. We try to integrate the PSA Crypto API with PUFcc (Our Crypto Engine) on TF-A. However, there are multiple versions included, and we need your assistance for specification clarification. Please ensure the versions match your recommendations. For TF-A, we plan to integrate with: TF-A lts-v2.10.5 PSA Crypto API - v1.1.0 PSA Certified APIs Architecture Test Suite - v1.6 [MB]: This looks fine. As TF-A lts-v2.10.5 using mbedTLS v3.6.0 which is compliance with PSA Crypto API - v1.1.0 but mbedTLS team can provide more detailed answer on this and also on test suite PSA Certified APIs Architecture Test Suite - v1.6. TF-A It would be beneficial to use the same hardware (FPGA) and tools as the ARM development team. If we can confirm which models are used for TF-A , scripts or details with the ARM hardware That would be grateful. [MB]: We are using FVP AEM model i.e. FVP_Base_RevC-2xAEMvA (Model version: 11.26, Build: 11). Test Run with PSA Crypto you can find here: https://ci.trustedfirmware.org/job/tf-a-builder/4029201/ (today's daily run) PSA Crypto API - The test bench is using the PSA Crypto API v1.1.0, and it is published in 2022. And Now is v1.2.1 in March 2024. I not sure it is a good choose or not. [cid:image001.png@01DADE0E.1BA75330] [MB]: It looks like arch-test is not upgraded to use v1.2.1 PSA Crypto API. Added Jothikumar Mani, he may have idea about this. Test Bench - For the "PSA Certified APIs Architecture Test Suite - v1.6," we would like to identify which test codes (test_c001 to test_c067) are relevant for TF-A. [MB]: Again, TF-A is not using this test suite, so we don't have any insights unless we review all these tests. TF-A mainly uses the following PSA_* APIs for signature verification, hash calculation, and hash comparison. psa_crypto_init mbedtls_md_psa_alg_from_type psa_set_key_algorithm psa_set_key_type psa_set_key_usage_flags psa_import_key psa_destroy_key psa_verify_message psa_hash_compute psa_hash_compare Thank you very much!!! Have a Nice Day, Andy [cid:image002.png@01DADE0E.1BA75330] 熵碼科技股份有限公司 Tel: 886-3-5601010 #2119 Email: andychen(a)pufsecurity.com<mailto:andychen@pufsecurity.com> Website: https://www.pufsecurity.com/ -------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.-------- -------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.-------- -------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.-------- -------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.--------

11 months, 3 weeks

2
2
0 0

Re: Integrate TF-A and PSA Crypto API with PUFcc

by Jothikumar Mani

Hi Andy, Please find my reply in the previous mail. Regards, JK From: Andy Chen <andychen(a)pufsecurity.com> Sent: Wednesday, July 24, 2024 8:11 PM To: Manish Badarkhe <Manish.Badarkhe(a)arm.com>; Jothikumar Mani <Jothikumar.Mani(a)arm.com>; tf-a(a)lists.trustedfirmware.org Cc: Diya Soubra <Diya.Soubra(a)arm.com>; Victoria Lee <victorialee(a)pufsecurity.com>; Andrew <andrewirvin(a)pufsecurity.com> Subject: 回覆: Integrate TF-A and PSA Crypto API with PUFcc Hi Manish, Thanks for your information. We need to integrate our hardware Crypto IP (PUFcc). And it seems that FVP cannot add custom IP, so we are planning to purchase an FPGA with the A53 - AXU9EGB<https://www.xilinx.com/products/boards-and-kits/1-1ervp7b.html> for our needs. And we need to make sure it is compatible with TF-A lts-v2.10.5. Thanks. Hi Jothikumar, We would try to integrate with PSA Crypto API, and we need a test bench for v1.2.1. Please feel free to let me know if you have any suggestions. [JK] : may I know what the intent is to requesting the crypto v1.2.1 spec compliance suites?, if you are looking for the PSA Certified APIs compliance for your product then the currently available testsuite is more than sufficient. Also, the mbedTLS version mentioned also only supports psa-crypto spec v1.1.0. I am trying to under the end goal of the psa certified api compliance suite usage with your product. Answer to this question will help me to give better suggestion. For TF-A, we plan to integrate with: TF-A lts-v2.10.5 PSA Crypto API - v1.1.0 >>> v1.2.1 PSA Certified APIs Architecture Test Suite - v1.6 Thank you very much. Have a Nice Day, Andy ________________________________ 寄件者: Manish Badarkhe <Manish.Badarkhe(a)arm.com<mailto:Manish.Badarkhe@arm.com>> 寄件日期: 2024年7月24日下午 06:12 收件者: tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>; Andy Chen <andychen(a)pufsecurity.com<mailto:andychen@pufsecurity.com>>; Jothikumar Mani <Jothikumar.Mani(a)arm.com<mailto:Jothikumar.Mani@arm.com>> 副本: Diya Soubra <Diya.Soubra(a)arm.com<mailto:Diya.Soubra@arm.com>>; Victoria Lee <victorialee(a)pufsecurity.com<mailto:victorialee@pufsecurity.com>>; Andrew <andrewirvin(a)pufsecurity.com<mailto:andrewirvin@pufsecurity.com>> 主旨: Re: Integrate TF-A and PSA Crypto API with PUFcc Hi Andy Please see my replies inline. Adding Jothikumar Mani for PSA Certified APIs Architecture Test Suite. Thanks, Manish Badarkhe ________________________________ From: Andy Chen via TF-A <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>> Sent: 23 July 2024 09:55 To: tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>> Cc: Diya Soubra <Diya.Soubra(a)arm.com<mailto:Diya.Soubra@arm.com>>; Victoria Lee <victorialee(a)pufsecurity.com<mailto:victorialee@pufsecurity.com>>; Andrew <andrewirvin(a)pufsecurity.com<mailto:andrewirvin@pufsecurity.com>> Subject: [TF-A] Integrate TF-A and PSA Crypto API with PUFcc Hi TF-A teams, This is Andy from PUFsecurity, and we have a project with ARM. We try to integrate the PSA Crypto API with PUFcc (Our Crypto Engine) on TF-A. However, there are multiple versions included, and we need your assistance for specification clarification. Please ensure the versions match your recommendations. For TF-A, we plan to integrate with: TF-A lts-v2.10.5 PSA Crypto API - v1.1.0 PSA Certified APIs Architecture Test Suite - v1.6 [MB]: This looks fine. As TF-A lts-v2.10.5 using mbedTLS v3.6.0 which is compliance with PSA Crypto API - v1.1.0 but mbedTLS team can provide more detailed answer on this and also on test suite PSA Certified APIs Architecture Test Suite - v1.6. TF-A It would be beneficial to use the same hardware (FPGA) and tools as the ARM development team. If we can confirm which models are used for TF-A , scripts or details with the ARM hardware That would be grateful. [MB]: We are using FVP AEM model i.e. FVP_Base_RevC-2xAEMvA (Model version: 11.26, Build: 11). Test Run with PSA Crypto you can find here: https://ci.trustedfirmware.org/job/tf-a-builder/4029201/ (today's daily run) PSA Crypto API - The test bench is using the PSA Crypto API v1.1.0, and it is published in 2022. And Now is v1.2.1 in March 2024. I not sure it is a good choose or not. [cid:image001.png@01DADE0E.1BA75330] [MB]: It looks like arch-test is not upgraded to use v1.2.1 PSA Crypto API. Added Jothikumar Mani, he may have idea about this. Test Bench - For the "PSA Certified APIs Architecture Test Suite - v1.6," we would like to identify which test codes (test_c001 to test_c067) are relevant for TF-A. [MB]: Again, TF-A is not using this test suite, so we don't have any insights unless we review all these tests. TF-A mainly uses the following PSA_* APIs for signature verification, hash calculation, and hash comparison. psa_crypto_init mbedtls_md_psa_alg_from_type psa_set_key_algorithm psa_set_key_type psa_set_key_usage_flags psa_import_key psa_destroy_key psa_verify_message psa_hash_compute psa_hash_compare Thank you very much!!! Have a Nice Day, Andy [cid:image002.png@01DADE0E.1BA75330] 熵碼科技股份有限公司 Tel: 886-3-5601010 #2119 Email: andychen(a)pufsecurity.com<mailto:andychen@pufsecurity.com> Website: https://www.pufsecurity.com/ -------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.-------- -------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.-------- -------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.--------

11 months, 3 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-A