To += op-tee@lists.trustedfirmware.orgmailto:op-tee@lists.trustedfirmware.org

From: TF-A tf-a-bounces@lists.trustedfirmware.org On Behalf Of François Ozog via TF-A Sent: 26 March 2021 19:08 To: Heinrich Schuchardt xypron.glpk@gmx.de Cc: tf-a@lists.trustedfirmware.org; Boot Architecture Mailman List boot-architecture@lists.linaro.org; Ilias Apalodimas ilias.apalodimas@linaro.org Subject: Re: [TF-A] Firmware FuSa workshop

Le ven. 26 mars 2021 à 18:42, Heinrich Schuchardt <xypron.glpk@gmx.demailto:xypron.glpk@gmx.de> a écrit : On 26.03.21 16:05, François Ozog wrote:

Hi,

Linaro is conducting an opportunity assessment to make OP-TEE ready for functional safety sensitive environments. The goal is to present a plan to Linaro members by the end of July 2021.

The scope of the research is somewhat bigger because we can’t think of OP-TEE without thinking of Trusted Firmware and Hafnium. The plan will though not address those (unless we recognize we have to). We don’t think U-Boot shall be part of the picture but we are welcoming contradictory points of views.

Hello François,

Some boards boot via SPL->TF-A->U-Boot. Here U-Boot's SPL is relevant for OP-TEE's security.

U-Boot can save variables via OP-TEE (implemented by Ilias). In this case OP-TEE has an implication on secure boot.

I fully understand that these scenarios are not in the focus of the workshop. it may if companies have this particular flow in mind for safety certification. Our goal is not to make all boot flows safety ready but to identify which ones we need to consider. And the workshop may help in this identification.

Best regards

Heinrich

We are organizing a 2 hours workshop on April 15th 9am CET to mostly hear about use cases and ideas about Long Term Support requirements . We will present the state of the research.

The first use case is booting a safety certified type-1 hypervisor (open source or commercial is irrelevant).

But we know there are many more: please be ready to contribute.

We think of more radical use cases: a safety payload is actually loaded as a Secure Partition on top of Hafnium with OP-TEE or Zephyr used as a device backends. In other words, Trust Zone hosts both safety and security worlds , EL3 being the « software root of trust » pivot world. In those cases, some cores never go out of secure state…

Agenda (to be refined)

Vision

State of the research https://docs.google.com/presentation/u/0/d/1jWqu39gCF-5XzbFkodXsiVNJJLUN88BgkiBu__D5KeE/edit

Use cases discussion

What is the right scope?

“Who do what” discussion (LTS, archiving...)

Safety personnel (Linaro and contractors) discussion

Other considerations from participants?

Community organizations and funding?

Closing and next steps

Should you want to participate and have not yet received an invite, please contact me directly.

Cordially,

François-Frédéric

PS: Please reach out should you want another date with a time compatible with more time zones. This alternate date is not guaranteed though.

-- [https://drive.google.com/a/linaro.org/uc?id=0BxTAygkus3RgQVhuNHMwUi1mYWc&...] François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group T: +33.67221.6485 francois.ozog@linaro.orgmailto:francois.ozog@linaro.org | Skype: ffozog