- TF-A - lists.trustedfirmware.org

Re: [TF-A] ATF F/w image Decryption support

by Sumit Garg

+ TF-A ML (for the benefit of other trying to use firmware encryption feature) Hi Promod, On Fri, 8 Oct 2021 at 00:09, pramod kumar <pramod.jnumca04(a)gmail.com> wrote: > Hi Sumit, > > This is Pramod, Presently working in Amazon Lab126. I'm working in ATF and > was going through your patch which provides f/w image encryption/decryption > support. > > commit 7cda17bb0f92db39d123a4f2a1732c9978556453 > Author: Sumit Garg <sumit.garg(a)linaro.org> > Date: Fri Nov 15 10:43:00 2019 +0530 > > drivers: crypto: Add authenticated decryption framework > > Add framework for autheticated decryption of data. Currently this > patch optionally imports mbedtls library as a backend if build option > "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated > decryption > using AES-GCM algorithm. > > Signed-off-by: Sumit Garg <sumit.garg(a)linaro.org> > Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271 > > I see that this support comes under DECRYPTION_SUPPORT macro hence can't > be used dynamically. I see the TBBR spec provides a flag for this which > could be used to exercise this feature dynamically- > [image: image.png] > > > Just wanted to understand that did you see any limitation to use this flag > for making this feature support dynamically? Or do you have any plan to > push follow up patches for this? > > Actually there are security concerns associated if we use an unsigned encryption flag in the header (see earlier discussions [1]). > If this feature is made available, with the help of "disable_auth" flag, > BL1 would be able to boot plane images even when TRUSTED_BOARD_BOOT is > enabled in development mode. > I agree here that it would be useful to have such a flag in development mode. For TRUSTED_BOARD_BOOT in development mode, I guess you are referring to DYN_DISABLE_AUTH. If yes then I think such a macro makes sense for encryption as well in order to disable decryption at runtime in development mode, patches are very much welcome. [1] https://lists.trustedfirmware.org/pipermail/tf-a/2020-February/000288.html -Sumit > Regards, > Pramod >

3 years, 2 months

1
0
0 0

[RFC]: Refactor measured boot patches

by Manish Badarkhe

Hi All, We have refactored/redesigned the existing measured boot driver present in the TF-A repo to support it with multiple backend driver(s) (for example, TCG Event Log, physical TPM, etc) instead of it being strongly coupled with the TCG Event Log driver. Proposed refactored patches are posted here: https://review.trustedfirmware.org/q/topic:%22refactor-mb%22+(status:open%2… Any feedback/comments on these patches are much appreciated. These patches mainly consist of the below changes: 1. Move image measurement in the generic layer, just after loading and authentication of the image. Previously, the platform layer was responsible for the measurement. For example, the Arm FVP platform layer was doing it as part of the post-load hook operation. 2. Measurement and recording of the images loaded by BL1. Previously, DTB config files loaded by BL1 were not part of measured at all. Also, it looks safer and cleaner approach to record the measurement taken by BL1 straightaway in TCG Event log buffer/physical TPM/any other TPM backend instead of deferring these recordings to BL2. 3. Pass Event Log buffer information from BL1 to BL2 so that the TCG Event Log buffer initialised by BL1 extended further with the measurements taken by BL2. Note: These patches neither add any new functional backend driver for measured boot nor update any existing backend driver functionality (i.e. TCG Event Log driver). These changes only structured the measured boot code to provide a space to plug in any new backend driver(s) in future for the measured boot. Thanks, Manish Badarkhe

3 years, 2 months

2
1
0 0

Canceled event with note: TF-A Tech Forum @ Thu Oct 7, 2021 4pm - 5pm (BST) (tf-a@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been canceled with this note: "Cancelling this weeks TF-A Tech Forum as we have no subjects/topics to present for this meeting. The TF-A project community is always looking for subjects/topics so if you have something to present/discuss please do reach out to me and we can schedule a session. Thanks all." Title: TF-A Tech Forum We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   When: Thu Oct 7, 2021 4pm – 5pm United Kingdom Time Calendar: tf-a(a)lists.trustedfirmware.org Who: * Bill Fletcher - creator * marek.bykowski(a)gmail.com * okash.khawaja(a)gmail.com * tf-a(a)lists.trustedfirmware.org Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this courtesy email at the account tf-a(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

3 years, 2 months

1
0
0 0

Issue submitting changes for review at https://review.trustedfirmware.org

by Jorge Troncoso

Hi all, I tried submitting a change for review at https://review.trustedfirmware.org, but I ran into authentication issues. 1. First try (https): $ git push origin HEAD:refs/for/integration Username for 'https://review.trustedfirmware.org': jatron Password for 'https://jatron@review.trustedfirmware.org': remote: Unauthorized fatal: Authentication failed for ' https://review.trustedfirmware.org/TF-A/trusted-firmware-a/' I tried clicking "GENERATE NEW PASSWORD" in https://review.trustedfirmware.org/settings/, but I got the following error message: An error occurred Error 500 (Server Error): Internal server error Endpoint: /accounts/self/password.http 2. Second try (ssh): I got the following error message when I tried registering a new SSH key for use with Gerrit. This happened when I clicked "ADD NEW SSH KEY" in https://review.trustedfirmware.org/settings/. An error occurred Error 500 (Server Error): Internal server error Endpoint: /accounts/self/sshkeys The error message didn't stop the GUI from recording my key though. My new key was listed under "SSH keys" after the change. When I ran a git push command using ssh, I got the following error. $ git push ssh://jatron@review.trustedfirmware.org/TF-A/trusted-firmware-a HEAD:refs/for/integration jatron(a)review.trustedfirmware.org: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. Am I doing something incorrectly? Any help would be much appreciated. If this is not the mailing list for these types of questions, please let me know so I can reroute my email to the proper destination. Thanks, Jorge Troncoso

3 years, 2 months

2
3
0 0

: Forthcoming UFS driver patches

by Jorge Troncoso

Hi all, I'm planning to submit a series of patches that aim to improve the robustness and reusability of the UFS code. The impacted files are drivers/ufs/ufs.c and include/drivers/ufs.h. The patches mainly consist of the below changes: 1. Delete asserts. Return error values instead. 2. Add retry logic and timeouts. 3. Remove infinite loops. 4. Reuse ufshc_send_uic_cmd() for DME_GET and DME_SET commands. 5. Add a function ufs_send_cmd() that can be reused in other places. ufs_send_cmd() calls four functions in sequence: get_utrd(&utrd), ufs_prepare_cmd(&utrd, ...), ufs_send_request(utrd.task_tag), and ufs_check_resp(&utrd, RESPONSE_UPIU). I wanted to give everyone visibility of what is coming up and hopefully start a discussion around this work. Any early input to help shape the design would be much appreciated. Thanks, Jorge Troncoso

3 years, 3 months

1
0
0 0

How to write a Trsuted Application?

by Chenxu Wang

Hi all, I want to write a TA which will be called from the Normal World and be handled by a specific Trusted OS. Currently, I am using 3 Cactus OS (provided by TF-A-Tests) in SEL1, and a Hafnium in SEL2. Here is my partial building cmd make CROSS_COMPILE=aarch64-none-elf- SPD=spmd CTX_INCLUDE_EL2_REGS=1 ARM_ARCH_MINOR=4 PLAT=fvp DEBUG=1 BL33=../tf-a-tests/build/fvp/debug/tftf.bin BL32=../hafnium/out/reference/secure_aem_v8a_fvp_clang/hafnium.bin SP_LAYOUT_FILE=../tf-a-tests/build/fvp/debug/sp_layout.json all fip I have created some EL3 services at services/std_svc, but have not created a TA. In my view, to call the TA, I think I should pass (1) the ID of the TA (but I am not sure how to get the ID) (2) several parameters, which may be loaded into registers. Here may be a calling process. ldr x0,=0xdeadbeef // loading ID ldr x1,=0x11111 // input parameters ldr x2,=0x22222 // input parameters smc #0 Then I think I should write a corresponding handler (of the TA) in Cactus OS. When we call "smc #0", EL3 will trap it, and route it to a specific TA. However, I don't know how to do it. Can you provide some useful examples? Sincerely, Wang Chenxu

3 years, 3 months

3
4
0 0

TF-A Tech Forum Agenda: Thu 23rd September 2021 16:00 – 17:00 (BST)

by Joanna Farley

Hi All, The next TF-A Tech Forum is scheduled for 23rd September 2021 16:00 – 17:00 (BST). Agenda: * Title: Realm Management Extension (RME) Support in TF-A * Presented by: Zelalem Aweke * Summary: RME is an Armv9-A extension and is one component of the Arm Confidential Compute Architecture (Arm CCA). In this talk I will give a brief introduction to Arm CCA and RME. Then I will talk about the changes in TF-A to support RME that are expected to be part of the TF-A v2.6 release. If TF-A contributors have anything they wish to present at any future TF-A tech forum please contact me to have that scheduled. Previous sessions, both recording and presentation material can be found on the trustedfirmware.org TF-A Technical meeting webpage: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ A scheduling tracking page is also available to help track sessions suggested: https://developer.trustedfirmware.org/w/tf_a/tf-a-tech-forum-scheduling/ Final decisions on what will be presented will be shared a few days before the next meeting on the TF-A mailing list. You have been invited to the following event. TF-A Tech Forum When Every 2 weeks from 16:00 to 17:00 on Thursday United Kingdom Time Calendar tf-a(a)lists.trustedfirmware.org Who • Bill Fletcher- creator • tf-a(a)lists.trustedfirmware.org more details »<https://www.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1cTJrM…> We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/<https://www.google.com/url?q=https%3A%2F%2Fwww.trustedfirmware.org%2Fmeetin…> Trusted Firmware is inviting you to a scheduled Zoom meeting. Join Zoom Meeting https://zoom.us/j/9159704974<https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fj%2F9159704974&sa=D&us…> Meeting ID: 915 970 4974 One tap mobile +16465588656,,9159704974# US (New York) +16699009128,,9159704974# US (San Jose) Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 915 970 4974 Find your local number: https://zoom.us/u/ad27hc6t7h<https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fu%2Fad27hc6t7h&sa=D&us…> Going (tf-a(a)lists.trustedfirmware.org)? All events in this series: Yes<https://www.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tMmk1cT…> - Maybe<https://www.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tMmk1cT…> - No<https://www.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tMmk1cT…> more options »<https://www.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1cTJrM…> Invitation from Google Calendar<https://www.google.com/calendar/> You are receiving this courtesy email at the account tf-a(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively, you can sign up for a Google Account at https://www.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organiser and be added to the guest list, invite others regardless of their own invitation status or to modify your RSVP. Learn more<https://support.google.com/calendar/answer/37135#forwarding>. Thanks Joanna

3 years, 3 months

1
0
0 0

Issue with @foss.st.com e-mail address

by Yann Gautier

Hello, Last Thursday we got an issue on our @foss.st.com mail server, preventing us from receiving mails. The issue was corrected, and I can now correctly receive mails, except the ones from trustedfirmware.org. Is there some kind of filtering on trustedfirmware.org side, as those addresses got error replies? I've tried to delete my yann.gautier(a)foss.st.com in the trusted firmware gerrit settings, to re-enter it again, but I cannot receive the verification e-mail. Could you check if @foss.st.com addresses are rejected somewhere? Thanks, Yann

3 years, 3 months

1
0
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 3 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 373165: Code maintainability issues (UNUSED_VALUE) /plat/mediatek/mt8195/drivers/spm/mt_spm_vcorefs.c: 467 in spm_vcorefs_get_vcore() ________________________________________________________________________________________________________ *** CID 373165: Code maintainability issues (UNUSED_VALUE) /plat/mediatek/mt8195/drivers/spm/mt_spm_vcorefs.c: 467 in spm_vcorefs_get_vcore() 461 int spm_vcorefs_get_vcore(unsigned int gear) 462 { 463 int ret_val; 464 465 switch (gear) { 466 case 3: >>> CID 373165: Code maintainability issues (UNUSED_VALUE) >>> Assigning value from "vcore_opp_0_uv" to "ret_val" here, but that stored value is overwritten before it can be used. 467 ret_val = vcore_opp_0_uv; 468 case 2: 469 ret_val = vcore_opp_1_uv; 470 case 1: 471 ret_val = vcore_opp_2_uv; 472 case 0: ** CID 373164: Code maintainability issues (UNUSED_VALUE) /plat/mediatek/mt8195/drivers/spm/mt_spm_vcorefs.c: 471 in spm_vcorefs_get_vcore() ________________________________________________________________________________________________________ *** CID 373164: Code maintainability issues (UNUSED_VALUE) /plat/mediatek/mt8195/drivers/spm/mt_spm_vcorefs.c: 471 in spm_vcorefs_get_vcore() 465 switch (gear) { 466 case 3: 467 ret_val = vcore_opp_0_uv; 468 case 2: 469 ret_val = vcore_opp_1_uv; 470 case 1: >>> CID 373164: Code maintainability issues (UNUSED_VALUE) >>> Assigning value from "vcore_opp_2_uv" to "ret_val" here, but that stored value is overwritten before it can be used. 471 ret_val = vcore_opp_2_uv; 472 case 0: 473 default: 474 ret_val = vcore_opp_3_uv; 475 } 476 return ret_val; ** CID 373163: Code maintainability issues (UNUSED_VALUE) /plat/mediatek/mt8195/drivers/spm/mt_spm_vcorefs.c: 469 in spm_vcorefs_get_vcore() ________________________________________________________________________________________________________ *** CID 373163: Code maintainability issues (UNUSED_VALUE) /plat/mediatek/mt8195/drivers/spm/mt_spm_vcorefs.c: 469 in spm_vcorefs_get_vcore() 463 int ret_val; 464 465 switch (gear) { 466 case 3: 467 ret_val = vcore_opp_0_uv; 468 case 2: >>> CID 373163: Code maintainability issues (UNUSED_VALUE) >>> Assigning value from "vcore_opp_1_uv" to "ret_val" here, but that stored value is overwritten before it can be used. 469 ret_val = vcore_opp_1_uv; 470 case 1: 471 ret_val = vcore_opp_2_uv; 472 case 0: 473 default: 474 ret_val = vcore_opp_3_uv; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…

3 years, 3 months

1
0
0 0

Disable the EL2 hypervisor mode

by IS20 Boaz Baron

Hi all, I have a little question, how can I disable the hypervisor mode so EL2 will be just bridge to EL1 ns? (I mean without touching common ARM code only the platform-oriented code) Thanks, Boaz. ________________________________ The privileged confidential information contained in this email is intended for use only by the addressees as indicated by the original sender of this email. If you are not the addressee indicated in this email or are not responsible for delivery of the email to such a person, please kindly reply to the sender indicating this fact and delete all copies of it from your computer and network server immediately. Your cooperation is highly appreciated. It is advised that any unauthorized use of confidential information of Nuvoton is strictly prohibited; and any information in this email irrelevant to the official business of Nuvoton shall be deemed as neither given nor endorsed by Nuvoton.

3 years, 3 months

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

TF-A