Hello Pankaj,
Hope you are doing well.
The initial email point to one change, but I see that as the tip of a patch series. I reviewed https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3370
and left some comments, but did not review the complete patch series.
Are you requesting a review of the entire patch series?
-Varun
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Joanna Farley via TF-A
Sent: Tuesday, March 31, 2020 9:37 AM
To: Pankaj Gupta <pankaj.gupta(a)nxp.com>; tf-a(a)lists.trustedfirmware.org
Subject: Re: [TF-A] [EXT] Patch-set review request: New NXP Platform LX2120ARDB support on TFA
External email: Use caution opening links or attachments
Hi Pankaj,
We will try, one of the arm team has done some +1 reviews and I have just kicked of a CI+2 run on the top of the patch stack. As you can imagine the Arm team is pressed for time the closer to the freeze date.
Other TF-A contributors you all have +1 rights so if folks have time assistance with further +1 reviews would be appreciated as that would help in accelerating confidence is getting +2 and merging.
Traditionally the project has relied on Arm folks but for some time now all contributors have had +1 rights on each other patches and the new project maintenance proposal is set up to take us in the direction of enabling all contributors helping each other.
Thanks
Joanna
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org<mailto:tf-a-bounces@lists.trustedfirmware.org>> on behalf of Pankaj Gupta via TF-A <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>
Reply to: Pankaj Gupta <pankaj.gupta(a)nxp.com<mailto:pankaj.gupta@nxp.com>>
Date: Monday, 30 March 2020 at 20:48
To: "tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>" <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>
Subject: Re: [TF-A] [EXT] Patch-set review request: New NXP Platform LX2120ARDB support on TFA
Please find the link to the review request.
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3370
Regards
Pankaj
From: Pankaj Gupta via TF-A
Sent: Monday, 30 March, 22:57
Subject: [EXT] [TF-A] Patch-set review request: New NXP Platform LX2120ARDB support on TFA
To: tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>
Caution: EXT Email
Hi All,
Please pick this review request so that code changes can be merged before code freeze.
Thanks.
Regards
Pankaj
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information. Any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
Hello team,
Please help review and merge the following bug fixes before v2.3 is released.
* https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3819: include: context_mgmt: include ep_info.h
* https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3820: Tegra: enable EHF for watchdog timer interrupts
* https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3818: Tegra: remove ENABLE_SVE_FOR_NS = 0
Thanks.
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Varun Wadekar via TF-A
Sent: Monday, March 30, 2020 10:02 AM
To: tf-a(a)lists.trustedfirmware.org
Subject: [TF-A] RFR: Tegra fixes for v2.3
External email: Use caution opening links or attachments
Hello team,
Please help review and merge the following bug fixes before v2.3 is released.
* https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3731: Tegra: fixup GIC init from the 'on_finish' handler
* https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3770: Tegra186: increase memory mapped regions
Thanks.
________________________________
This email message is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
________________________________
Hello Alexei,
Just curious, the patch is huge and will take some time to review. Do you expect this change to be merged before the v2.3 release?
-Varun
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Alexei Fedorov via TF-A
Sent: Tuesday, March 31, 2020 7:19 AM
To: tf-a(a)lists.trustedfirmware.org
Subject: [TF-A] Event Log for Measured Boot
External email: Use caution opening links or attachments
Hi,
Please review and provide your comments for the patch which adds
Event Log generation for the Measured Boot.
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3806
Thanks.
Alexei
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information. Any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
Hi Pankaj,
We will try, one of the arm team has done some +1 reviews and I have just kicked of a CI+2 run on the top of the patch stack. As you can imagine the Arm team is pressed for time the closer to the freeze date.
Other TF-A contributors you all have +1 rights so if folks have time assistance with further +1 reviews would be appreciated as that would help in accelerating confidence is getting +2 and merging.
Traditionally the project has relied on Arm folks but for some time now all contributors have had +1 rights on each other patches and the new project maintenance proposal is set up to take us in the direction of enabling all contributors helping each other.
Thanks
Joanna
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Pankaj Gupta via TF-A <tf-a(a)lists.trustedfirmware.org>
Reply to: Pankaj Gupta <pankaj.gupta(a)nxp.com>
Date: Monday, 30 March 2020 at 20:48
To: "tf-a(a)lists.trustedfirmware.org" <tf-a(a)lists.trustedfirmware.org>
Subject: Re: [TF-A] [EXT] Patch-set review request: New NXP Platform LX2120ARDB support on TFA
Please find the link to the review request.
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3370
Regards
Pankaj
From: Pankaj Gupta via TF-A
Sent: Monday, 30 March, 22:57
Subject: [EXT] [TF-A] Patch-set review request: New NXP Platform LX2120ARDB support on TFA
To: tf-a(a)lists.trustedfirmware.org
Caution: EXT Email
Hi All,
Please pick this review request so that code changes can be merged before code freeze.
Thanks.
Regards
Pankaj
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi,
Please review and provide your comments for the patch which adds
Event Log generation for the Measured Boot.
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3806
Thanks.
Alexei
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Please find the link to the review request.
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3370
Regards
Pankaj
From: Pankaj Gupta via TF-A
Sent: Monday, 30 March, 22:57
Subject: [EXT] [TF-A] Patch-set review request: New NXP Platform LX2120ARDB support on TFA
To: tf-a(a)lists.trustedfirmware.org
Caution: EXT Email
Hi All,
Please pick this review request so that code changes can be merged before code freeze.
Thanks.
Regards
Pankaj
Hello team,
Please help review and merge the following bug fixes before v2.3 is released.
* https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3731: Tegra: fixup GIC init from the 'on_finish' handler
* https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3770: Tegra186: increase memory mapped regions
Thanks.
-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information. Any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
Hello,
As the prepartion for the series of patches for adding GICv3.1 and GICv4 support,
please review and provide your comments for the patch which introduces GICv3 makefile
and adds configuration options for the driver.
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3754
Regards.
Alexei
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi Raghu,
Thanks for reviewing the proposal. Please find my answers below.
1) The idea was to use the same hash algorithm throughout all TF-A
code for consistency and not introduce any new build flags. One of the
initial implementations even didn't calculate the hash itself but was
reading verified data provided by the Chain of Trust (CoT) for the
purpose of optimisation.
Existing definition of TF_MBEDTLS_HASH_ALG_ID in
'drivers\auth\mbedtls\mbedtls_common.mk' at line #76:
ifeq (${HASH_ALG}, sha384)
TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA384
else ifeq (${HASH_ALG}, sha512)
TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA512
else
TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA256
endif
passed to 'include\drivers\auth\mbedtls\mbedtls_config.h', line #72
#define MBEDTLS_SHA256_C
#if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256)
#define MBEDTLS_SHA512_C
#endif
and used in Mbed TLS to define MBEDTLS_MD_MAX_SIZE in 'include\mbedtls\md.h':
#if defined(MBEDTLS_SHA512_C)
#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
#else
#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
#endif
makes impossible usage HASH_ALG=sha256 for TF-A and sha512 for Measured Boot
calculations, because the following chain of function calls
arm_bl1_set_bl2_hash() ->
crypto_mod_calc_hash() ->
crypto_lib_desc.calc_hash() ->
calc_hash() ->
mbedtls_md_info_from_type()
returns CRYPTO_ERR_HASH error caused by insufficient space in internal Mbed TLS
buffers and fixing this issue needs extra modifications in make and header files.
Upgrading/changing the hash algorithm will require re-building of TF-A and
re-flashing BL1 in ROM, so please explain what you mean by
"potentially break measured boot on old devices in case a hash algorithm is broken"
The functionality for getting the hash algorithm from the platform (e.g. eFuses)
can be added later as a platform build option and requires fixing the issue described
above.
2) Yes, Measured Boot requires TF-A built with TRUSTED_BOARD_BOOT option enabled,
and as BL2 image is a part of CoT it is verified by BL1.
3) Yes. Event Log implementation is based on TCG Specifications.
BL2 loads images, calculates their hashes and writes data into Event Log stored
in Secure memory.
4) It is planned to add fTPM service implementation to TF-A, see Javier's message:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-March/000339.html
Stuart could also comment on the naming convention.
5) N/A
6) Event Log is a complex structure with entries of different lengths, and
TFTF test checks the length of each field against the remaining size of the Event Log's
data to be processed before accessing and printing the actual data.
Thanks.
Alexei.
________________________________
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Raghu Krishnamurthy via TF-A <tf-a(a)lists.trustedfirmware.org>
Sent: 21 March 2020 05:53
To: tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org>
Subject: Re: [TF-A] Proposal for Measured Boot Implementation
Hi Alexei,
Thanks. This looks good at first glance. However, i do have some
questions that aren't obvious to me by reading the description below and
looking at code. Questions are numbered based on your original email.
Perhaps these can be discussed in the TF-A forum if it is inconvenient
over email.
1) Would be good if the hash alg comes from the config file. This will
make the implementation "crypto agile" from the very beginning. It is
common to want to upgrade/change the hash algorithm and since BL1 is in
ROM, you potentially break measured boot on old devices in case a hash
algorithm is broken. The other option is to get the hash algorithm from
the platform, perhaps a platform gets it from eFuses as opposed to
config files.
2) It looks like you are using memory allocated in the loaded DTB as the
equivalent of a TPM "PCR". How is this protected from direct
modification by BL2? Or is it not protected because BL2 forms a part of
the Root-of-Trust for Measurement(RTM)?(since it's signature is verified
by BL1?)
3) What does "Event Log" refer to? Is it the same event log proposed by
TCG in the platform firmware profile ? As a general question, how close
is the measured boot in TF-A/PSA going to be to TCG ? Will BL2 extend
measurements for other images ?
4) Would be great not to refer to "TPM" in the measured boot
implementation. Here we are implementing measured boot without a TPM,
but it could be implemented with a TPM. Maybe it should be tcg event log?
5) OK.
6) What does validate event log mean here? More details ?
Thanks
-Raghu
On 3/20/20 7:15 AM, Alexei Fedorov via TF-A wrote:
> Hello,
>
> I'm preparing the next set of patches for Measured Boot support in TF-A,
> please find some details on design and implementation below.
>
> 1. SHA256/384/512 hash algorithm for Measured Boot related hash calculations
> is passed as an existing build 'HASH_ALG' build parameter.
>
> 2. BL1 calculates BL2 image hash and passes these data to BL2 via
> FW_CONFIG/TB_FW_CONFIG device tree in new 'bl2_hash_data' byte array
> added
> in 'fvp_fw_config.dts'.
>
> These changes are part of the patch under review, please see
> https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3555
>
> 3. Event Log is calculated by BL2 in Secure Memory and copied to
> Non-secure memory. Address in Non-secure memory is calculated as:
>
> "nt_fw_config_addr + nt_fw_config_max_size"
>
> with values obtained from 'tb_fw_config':
>
> nt_fw_config_addr = <0x0 0x80000000>;
> nt_fw_config_max_size = <0x200>;
>
> 4. Event Log address and size is passed by TOS_FW_CONFIG and NT_FW_CONFIG
> device tree in 2 new added properties:
>
> Property name: 'tpm_event_log_addr'
> Value type is an unsigned 64-bit integer specifying the physical address
> of the Event Log.
>
> Property name: 'tpm_event_log_size'
> Value type is an unsigned 32-bit integer specifying the size of the
> Event Log.
>
> /* TPM Event Log Config */
> tpm_event_log {
> compatible = "arm,nt_fw";
> tpm_event_log_addr = <0x0 0x0>;
> tpm_event_log_size = <0x0>;
> };
>
> 5. TF-A provides Event Log to the BL33 (TFTF/UEFI/U-boot) in 'nt_fw_config'
> device tree, which address is passed by BL31 as 'arg0' parameter,
> see TFTF patch:
>
> https://review.trustedfirmware.org/c/TF-A/tf-a-tests/+/3327
>
> 6. A new test which validates and prints Event Log data passed
> in 'nt_fw_config' to BL33 will be added to TFTF.
>
> Please review and provide your comments on the proposed design.
>
> Regards.
> Alexei.
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy
> the information in any medium. Thank you.
>
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.