- TF-A - lists.trustedfirmware.org

by Varun Wadekar

Hello, As announced in the last Tech forum, the code freeze date for the LTS branch was Feb 3, 2023. We have now merged all the patches published on the wiki [1]. The branch is still locked, and all the CI test runs have now been completed. We are trying to root cause one test failure, though. The RC0 tag was created today, and we request platform owners test the branch [2] on their downstream platforms if they wish. We are still on track to release on Feb 10 and will publish more updates shortly. Thanks. [1] ⚡ LTS Tracking for v2.8.x (trustedfirmware.org)<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper…>. [2] trusted-firmware-a.git - Trusted Firmware for A profile Arm CPUs<https://git.trustedfirmware.org/TF-A%2Ftrusted-firmware-a.git/log/?h=refs%2…>

2 years, 3 months

1
0
0 0

[LTS v2.8.0] The branch is now locked

by Varun Wadekar

External email: Use caution opening links or attachments Hello, As announced in the last Tech forum, the code freeze date for the LTS branch is Feb 3, 2023. We have now locked the branch and won’t be accepting any more commits. The list of the commits that will be merged into the LTS branch can be found at ⚡ LTS Tracking for v2.8.x (trustedfirmware.org)<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper…>. If there are commits that we missed or that need to be in the LTS branch, please reach out to us. We will post more updates shortly. Thanks.

2 years, 4 months

1
0
0 0

Updated invitation with note: TF-A Tech Forum @ Thu Feb 9, 2023 4pm - 5pm (GMT) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been updated with a note: "Updating the agenda for the TF-A Tech Forum session on Feb 9th 2023." Changed: description TF-A Tech Forum Thursday Feb 9, 2023 ⋅ 4pm – 5pm United Kingdom Time Title: Firmware update support in the Trusted Services projectPresented by: Julian HallA reference implementation of the Update Agent has recently been added to Trusted Services. The implementation provides a toolbox of reusable components for adding banked FWU support into firmware for A-Profile devices. The implementation conforms to the Arm FWU-A specification for compatibility with TF-A and other boot loaders that recognise FWU-A metadata.===================================We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org julian.hall(a)arm.com View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Reply for tf-a(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 years, 4 months

1
0
0 0

[LTS v2.8.0] TF-A patches are now ready for merge

by Varun Wadekar

Hello, As announced in the last Tech forum, the code freeze date for the LTS branch is Feb 3, 2023. We have started shortlisting the patches for the lts-v2.8 branch. These are the commits that will be merged into the LTS branch. More details can be found at ⚡ LTS Tracking for v2.8.x (trustedfirmware.org)<https://developer.trustedfirmware.org/w/tf_a/tf-a_lts_meeting_minutes/track…> 1. c7e698cfd fix(cpus): workaround for Cortex-X3 erratum 2615812 2. c45791b2f fix(layerscape): fix errata a008850 3. fa0105693 fix(nxp-ddr): use CDDWW for write to read delay 4. 00bb8c37e fix(nxp-ddr): apply Max CDD values for warm boot 5. 07d8e34fd fix(nxp-drivers): fix tzc380 memory regions config 6. c0c157a68 fix(ls1046a): 4 keys secureboot failure resolved 7. 50aa0ea7a fix(lx2): init global data before using it 8. 4daeaf341 fix(sptool): add dependency to SP image 9. 5fb6946ad fix(console): fix crash on spin_unlock with cache disabled 10. ff1d2ef38 fix(el3_runtime): restore SPSR/ELR/SCR after esb 11. c42402cdf fix(intel): fix fcs_client crashed when increased param size 12. 0ca1d8fba fix(layerscape): unlock write access SMMU_CBn_ACTLR 13. b87b02cf1 fix(cpus): workaround for Cortex-A710 erratum 2768515 14. 1cfde8222 fix(cpus): workaround for Cortex-X2 erratum 2768515 15. 377846b65 fix(st): include utils.h to solve compilation error 16. 1cbe42a51 fix(el3_runtime): allow SErrors when executing in EL3 17. 1ee7c8232 fix(cpus): workaround for Neoverse N2 erratum 2743089 18. b10afcce5 fix(cpus): workaround for Cortex-A78 erratum 2772019 19. 31747f057 fix(cpus): workaround for Neoverse V1 erratum 2743093 20. fd37982a1 fix(auth): forbid junk after extensions 21. 72460f50e fix(auth): require at least one extension to be present 22. 06c01b085 fix(libc): properly define SCHAR_MIN 23. 89d85ad0a fix(cpus): workaround for Cortex-A710 erratum 2282622 24. abb8f936f fix(auth): avoid out-of-bounds read in auth_nvctr() 25. f5c51855d fix(auth): properly validate X.509 extensions 26. f9c6301d7 fix(cpus): workaround for Cortex-X2 erratum 2282622 27. 60719e4e0 fix(plat/css): fix invalid redistributor poweroff 28. 00230e37e fix(cpus): workaround for Cortex-A78C erratum 2772121 29. aea4ccf8d fix(cpus): workaround for Cortex-A510 erratum 2684597 If there are commits that we missed or that need to be in the LTS branch, please reach out to us. Thanks.

2 years, 4 months

1
0
0 0

Updated invitation: TF-A Tech Forum @ Thu Jan 26, 2023 4pm - 5pm (GMT) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been updated Changed: description TF-A Tech Forum Thursday Jan 26, 2023 ⋅ 4pm – 5pm United Kingdom Time Apologies the LTS Update is for this week on 26th January at 4pm GMT Not February session.=====Just a reminder that this week the TF-A Tech Forum is covering a LTS Release update session from the primary maintainers of the TF-A v2.8 LTS branch:Varun WadekarOkash Khawaja Bipin Ravi Thanks AllJoanna========We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org bpeckham(a)google.com mayurvg(a)gmail.com View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Reply for tf-a(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 years, 4 months

1
0
0 0

Updated invitation: TF-A Tech Forum @ Thu Feb 23, 2023 4pm - 5pm (GMT) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been updated Changed: description TF-A Tech Forum Thursday Feb 23, 2023 ⋅ 4pm – 5pm United Kingdom Time Just a reminder that this week the TF-A Tech Forum is covering a LTS Release update session from the primary maintainers of the TF-A v2.8 LTS branch:Varun Wadekar <vwadekar(a)nvidia.com> Okash Khawaja <okash(a)google.com> Bipin Ravi <Bipin.Ravi(a)arm.com>Thanks AllJoanna===============================We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests marek.bykowski(a)gmail.com okash.khawaja(a)gmail.com tf-a(a)lists.trustedfirmware.org View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Reply for tf-a(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 years, 4 months

1
0
0 0

[TF-A]: Deprecating mbedtls-2.28 support for TF-A 3.0 release

by Govindraj Raja

Hi All, We are in the process of migrating from mbedtls-2.28 support to 3.3 support we plan to deprecate mbedtls-2.28 support for TF-A 3.0 Release but would retain support for both 2.28 and 3.3 for TF-A 2.9 lifetime. There is draft implementation available[1] for code review which cleanups and prepares for mbedtls-3.3 support but retaining backward compatibility for mbedtls-2.28. Please let us know if there any objections to deprecation of mbedtls-2.28 in TF-A 3.0. -- Thanks Govindraj [1]: https://review.trustedfirmware.org/q/topic:%2522mbedtls3.3_support%2522 <https://review.trustedfirmware.org/q/topic:%2522mbedtls3.3_support%2522>

2 years, 4 months

1
0
0 0

Query BL31 version from NWd

by Varun Wadekar

Hi, Happy new year! For NVIDIA Tegra platforms, we need the capability to query the BL31 version (e.g. 2.7, 2.8, 2.8.x) from the NWd at runtime. I could not find an FID that returns this value. I propose we introduce a new runtime service in bl31 that returns the version_string to the NWd to support this requirement. Thoughts? -Varun

2 years, 4 months

8
18
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 382954: Concurrent data access violations (MISSING_LOCK) /plat/mediatek/drivers/spm/mt8188/constraints/mt_spm_rc_cpu_buck_ldo.c: 173 in spm_get_status_rc_cpu_buck_ldo() ________________________________________________________________________________________________________ *** CID 382954: Concurrent data access violations (MISSING_LOCK) /plat/mediatek/drivers/spm/mt8188/constraints/mt_spm_rc_cpu_buck_ldo.c: 173 in spm_get_status_rc_cpu_buck_ldo() 167 dest = (struct constraint_status *)st->value; 168 do { 169 if (dest == NULL) { 170 break; 171 } 172 if (st->type == CONSTRAINT_GET_VALID) { >>> CID 382954: Concurrent data access violations (MISSING_LOCK) >>> Accessing "dest->is_valid" without holding lock "spm_lock". Elsewhere, "constraint_status.is_valid" is accessed with "spm_lock" held 5 out of 6 times. 173 dest->is_valid = cpubuckldo_status; 174 } else if (st->type == CONSTRAINT_COND_BLOCK) { 175 dest->is_cond_block = 0; 176 } else if (st->type == CONSTRAINT_GET_ENTER_CNT) { 177 if (st->id == MT_RM_CONSTRAINT_ID_ALL) { 178 dest->enter_cnt += cpubuckldo_enter_cnt; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…

2 years, 4 months

1
0
0 0

Post-boot loading of OP-TEE

by Jens Wiklander

Hi, The recent patch [1] for the OP-TEE Dispatcher in TF-A proposes a way of post-boot loading OP-TEE by the Linux kernel with signature verification in the normal world only. This has previously been discussed in this mail thread [2] about half a year ago. Ultimately, it was concluded that this should in principle be accepted upstream as a platform choice to allow this or not. There are concerns that what we have in upstream TF-A should serve as good examples, and trusting the normal world to verify secure world software might not meet that criterion. There are also concerns about adding signature verification to BL31 Leaving the secure world wide open until the Linux kernel has been able to successfully load and verify an OP-TEE binary seems very risky. Even if it's claimed that the normal world can be trusted at this point, we're still giving up a critical level of defense without a good reason. I've started to review [1], but it should not be accepted for merging without support and approval from other maintainers. I would like to explore other options in this mail thread. In [2] it was suggested that a remnant of bl2 could be kept to verify OP-TEE before starting to execute it. This could be taken one step further and load a limited OP-TEE at boot which later is updated live, almost like what's discussed in [3]. This should minimize the impact on TF-A and also leave OP-TEE in charge of accepting an update instead of a divided responsibility between the normal world and TF-A. [1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18635 [2] https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.… [3] https://github.com/OP-TEE/optee_os/issues/5699 Thanks, Jens

2 years, 4 months

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-A