February 2020 - TF-M - lists.trustedfirmware.org

Slight update on design proposal process document

by Ken Liu

Hi, I have made a slight update on the design proposal process document, to simplify the design document drafting. The 'Author' and 'Organization' are not both mandatory, one of them can be optional depends on the contributor. And mark the 'status' optional since it can be covered by the document system. Feel free to comment on the patch: https://review.trustedfirmware.org/c/trusted-firmware-m/+/3407 And I prefer to comment on the issue link since there is more better for discussion: https://developer.trustedfirmware.org/T673 Reply here is an option, too. BR /Ken

4 years, 8 months

1
1
0 0

Re: [TF-M] PSA Test Suite - Attestation test

by Andrej Butok

Hi Tamas, I have noticed today, that the PSA test suite has done several merges to its master branch. Based the PSA test-suit readme, it has switched to newer versions of the PSA API. Should we try to update or better to wait for a right signal from the TFM team? Thanks, Andrej From: Tamas Ban <Tamas.Ban(a)arm.com<mailto:Tamas.Ban@arm.com>> Sent: Thursday, February 6, 2020 2:09 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: Andrej Butok <andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>> Subject: RE: PSA Test Suite - Attestation test Hi Andrej, The v19.08_TBSA0.9 version of psa-arch test suite is aligned with current TF-M master. I have executed the test suite and found that unfortunately the attestation test suite is currently broken: * It was introduced by the QCBOR library update in https://review.trustedfirmware.org/c/trusted-firmware-m/+/2679/6<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr…> * Currently there is a misalignment between psa-arch and tf-m in terms of QCBOR version. psa-arch still relies on older version of QCBOR. * The version mismatch lead some parsing error in CBOR that is the reason why the test suite is failing. * Other issue is that v19.08_TBSA0.9 version of psa-arch mandates the key-id in unprotected COSE header, however that field is optional according to the standard. In TF-M the inclusion of key-id was bind to ATTEST_INCLUDE_TEST_CODE_AND_KEY_ID, which was split to two compile time switch (https://review.trustedfirmware.org/c/trusted-firmware-m/+/3147<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr…>) ATTEST_INCLUDE_COSE_KEY_ID and ATTEST_ INCLUDE_TEST_CODE. Way forward: * I let the psa-arch test team to update QCBOR. * Fix will be put on master, but currently the tip of the psa-arch master is not aligned with TF-M master. They are supports different PSA API versions. * In TF-M there is a branch<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.trust…> where the PSA API update is happening. This branch is intended to be merged to master in Q1. Tamas From: Andrej Butok <andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>> Sent: 05 February 2020 14:21 To: Tamas Ban <Tamas.Ban(a)arm.com<mailto:Tamas.Ban@arm.com>> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: RE: PSA Test Suite - Attestation test Hi Tamas > Could you tell what was the values of these compile time switches in your test? For the previous TFM, we have used INCLUDE_TEST_CODE_AND_KEY_ID. For the current TFM it was renamed to INCLUDE_TEST_CODE. Other parameters are new, so I have tried different combinations of these parameters, but the PSA Test-Suite Attestation is still failed. > Further do you implemented the boot data sharing between bootloader and runtime firmware? It's used the TFM template code without change from tfm\platform\ext\common\template > Do you sign SPE and NPSE images together or they are signed separately? We do not use the secondary bootloader so far, so image is not signed. As the Attestation Regression tests are passed. It's good to know what combination of parameters have to be used to generate the same token as it was generated by the older TFM and accepted by the PSA Test Suite (last commit on master branch). Or the PSA Test Suite is obsolete. Thank you, Andrej From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Tamas Ban via TF-M Sent: Wednesday, February 5, 2020 1:13 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: Re: [TF-M] PSA Test Suite - Attestation test Hi Andrej, Could you tell what was the values of these compile time switches in your test? I assume you did the test on NXP board. Further do you implemented the boot data sharing between bootloader and runtime firmware? Do you sign SPE and NPSE images together or they are signed separately? Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Andrej Butok via TF-M Sent: 04 February 2020 17:33 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] PSA Test Suite - Attestation test Hello, After upgrade to the latest version of TFM, the Attestation test from the PSA Test Suite is failed (but the TFM Attestation regression tests are passed). What combination of configuration parameters must be used (INCLUDE_OPTIONAL_CLAIMS, INCLUDE_TEST_CODE, INCLUDE_COSE_KEY_ID, BOOT_DATA_AVAILABLE) to follow PSA Test Suite expectations? What commit of the PSA Test-suite must be used for the latest TFM? We are still on the 2019-07-25 (c80681ed7c7f3e2cbf02ded1ef2464ba2ca7ccd5) commit, which was OK with 2-month old TFM. Is the PSA Test Suite Attestation test valid for the latest TFM? Thank you, Andrej Butok IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

4 years, 9 months

2
3
0 0

Re: [TF-M] PSA-Test Suite, 23 Crypto Tests failed

by Andrej Butok

Hi Anton, OK. So this is the known issue. Is there any plan when it should be implemented? As the test-log is used for a PSA certification, may we disable the failed tests? BTW: As this is known issue, I did not notice it here https://github.com/ARMmbed/mbed-crypto/issues?page=1&q=is%3Aissue+is%3Aopen… Thanks, Andrej From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Friday, February 28, 2020 12:14 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] PSA-Test Suite, 23 Crypto Tests failed Hello Andrej, As you noted, the main reason of test failures is unimplemented PSA functions. Those functions are directly dependent on Embed-Crypto library where they are missed or API is not adjusted. Recently TF-M was upgraded Embed-Crypto library from v1.0.0 to v3.0.1 and will continue so, increasing test suite coverage. Best regards, Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Andrej Butok via TF-M Sent: 28 February 2020 09:46 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] PSA-Test Suite, 23 Crypto Tests failed Hello, After update to the latest TFM and to the latest PSA-Test Suite, 23 Crypto Tests are failed: ************ Crypto Suite Report ********** TOTAL TESTS : 61 TOTAL PASSED : 37 TOTAL SIM ERROR : 0 TOTAL FAILED : 23 TOTAL SKIPPED : 1 ****************************************** The main reason is that many of PSA Crypto functions are not implemented by TFM. Is there a plan to fix it? Thanks, Andrej

4 years, 9 months

1
0
0 0

Re: [TF-M] PSA-Test Suite, 23 Crypto Tests failed

by Anton Komlev

Hello Andrej, As you noted, the main reason of test failures is unimplemented PSA functions. Those functions are directly dependent on Embed-Crypto library where they are missed or API is not adjusted. Recently TF-M was upgraded Embed-Crypto library from v1.0.0 to v3.0.1 and will continue so, increasing test suite coverage. Best regards, Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: 28 February 2020 09:46 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] PSA-Test Suite, 23 Crypto Tests failed Hello, After update to the latest TFM and to the latest PSA-Test Suite, 23 Crypto Tests are failed: ************ Crypto Suite Report ********** TOTAL TESTS : 61 TOTAL PASSED : 37 TOTAL SIM ERROR : 0 TOTAL FAILED : 23 TOTAL SKIPPED : 1 ****************************************** The main reason is that many of PSA Crypto functions are not implemented by TFM. Is there a plan to fix it? Thanks, Andrej

4 years, 9 months

1
0
0 0

Re: [TF-M] Call for a feedback on TF-M adaptation experience

by Kevin Townsend

Hi Anton, One particular difficulty I've encountered working with TF-M for the Zephyr certification demo app, and with the LPC55S69 port to upstream TF-M is the debugging experience with GDB and the dual execution environments. GDB can be quite powerful if you are familiar with it, but there is a definite learning curve, and the S and NS separation and the dual binary images (three with BL2) adds an additional degree of complexity. I think having a dedicated debugging tutorial around GDB would be very useful to people adopting TF-M and perhaps new to GDB, just to show how some basic debugging might happen, how to debug across the NS/S boundary, etc. For example, the '--tui' option for GDB may not be very well known, and it may be useful to highlight (see screenshots at the bottom of this issue: https://github.com/microbuilder/trusted-firmware-m/issues/1) Practical, step-by-step debugging documentation just seems like a good investment to help flatten this inevitable learning curve developing real-world solutions with TF-M? Best regards, Kevin On Thu, 27 Feb 2020 at 13:13, Anton Komlev via TF-M < tf-m(a)lists.trustedfirmware.org> wrote: > A kind reminder. > Your feedback is valuable all the time with no deadline defined. > > > > *From:* TF-M <tf-m-bounces(a)lists.trustedfirmware.org> * On Behalf Of *Anton > Komlev via TF-M > *Sent:* 07 February 2020 13:13 > *To:* tf-m(a)lists.trustedfirmware.org > *Cc:* nd <nd(a)arm.com> > *Subject:* [TF-M] Call for a feedback on TF-M adaptation experience > > > > Dear All, > > > > As I mentioned on yesterday’s call, there is a concern on user experience > related to TF-M use. > > To In order to understand and potentially improve it I am looking for a > voice of partners who adopted TF-M project. > > Please share your experience and thoughts on parts which are good or might > be done better to simplify TF-M integration with your project. > > > > You feedback will be very appreciated in any form – as a response to this > mail or as a direct mail to me (anton.komlev(a)arm.com) if it’s more > comfortable for you. > > > > Thank you in advance, > > Anton > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m >

4 years, 9 months

2
1
0 0

PSA-Test Suite, 23 Crypto Tests failed

by Andrej Butok

Hello, After update to the latest TFM and to the latest PSA-Test Suite, 23 Crypto Tests are failed: ************ Crypto Suite Report ********** TOTAL TESTS : 61 TOTAL PASSED : 37 TOTAL SIM ERROR : 0 TOTAL FAILED : 23 TOTAL SKIPPED : 1 ****************************************** The main reason is that many of PSA Crypto functions are not implemented by TFM. Is there a plan to fix it? Thanks, Andrej

4 years, 9 months

1
0
0 0

Re: [TF-M] TF-M Technical Forum call - March 5

by David Hu

Hi Anton, I'd like to share about the current design and draft implementation of TF-M Profile 1. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Tuesday, February 25, 2020 1:11 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] TF-M Technical Forum call - March 5 Dear All, The next Technical Forum is planned on Thursday, March 5 at 7:00-8:00 UTC. Please reply on this email with your proposals for agenda topics. Best regards, Anton Komlev

4 years, 9 months

1
0
0 0

Re: [TF-M] Call for a feedback on TF-M adaptation experience

by Anton Komlev

A kind reminder. Your feedback is valuable all the time with no deadline defined. From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: 07 February 2020 13:13 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] Call for a feedback on TF-M adaptation experience Dear All, As I mentioned on yesterday's call, there is a concern on user experience related to TF-M use. To In order to understand and potentially improve it I am looking for a voice of partners who adopted TF-M project. Please share your experience and thoughts on parts which are good or might be done better to simplify TF-M integration with your project. You feedback will be very appreciated in any form - as a response to this mail or as a direct mail to me (anton.komlev(a)arm.com<mailto:anton.komlev@arm.com>) if it's more comfortable for you. Thank you in advance, Anton

4 years, 9 months

1
0
0 0

Re: [TF-M] Update Crypto, SST and Attestation services to the latest versions

by Soby Mathew

Hi Everyone The below mentioned patches have been merged to TF-M master. The Open CI is also updated to pull in the right version of mbed-crypto (3.0.1) and it should now show results as expected. You may to have rebase your existing patches currently in review if you need to run CI tests. Best Regards Soby Mathew > -----Original Message----- > From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Soby > Mathew via TF-M > Sent: 18 February 2020 11:38 > To: 'tf-m(a)lists.trustedfirmware.org' <tf-m(a)lists.trustedfirmware.org> > Cc: nd <nd(a)arm.com> > Subject: [TF-M] Update Crypto, SST and Attestation services to the latest > versions > > Hi Everyone, > This is a heads up that there are patches in review which update the Crypto, > SST and Attestation services to latest versions of their respective specifications : > > 1. Crypto-service migration to Mbed Crypto 3.0.1 > > The patches is available here : > https://review.trustedfirmware.org/q/topic:%22crypto_update%22+(status:ope > n%20OR%20status:merged) > > This migrates the crypto service to the latest implementation of PSA > specification as implemented by mbed-crypto. > > 2. SST: Implement PSA Protected Storage 1.0 > > https://review.trustedfirmware.org/q/topic:%22sst-1.0- > update%22+(status:open%20OR%20status:merged) > > 3. Initial Attestation: Align interface to PSA API 1.0 > > https://git.trustedfirmware.org/trusted-firmware-m.git/commit/?h=feature- > psa-dev-api-update&id=b8d88ce6fb7c8e7301f32ab7f6b36dd796692f98 > > and > > https://git.trustedfirmware.org/trusted-firmware-m.git/commit/?h=feature- > psa-dev-api-update&id=12c02d16958c9dbd57a6bebe6f29b7a207355831 > > These patches are expected to be reviewed and merged back to the master in > the next couple of weeks. > > Best Regards > Soby Mathew > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m

4 years, 10 months

1
0
0 0

TF-M Technical Forum call - March 5

by Anton Komlev

Dear All, The next Technical Forum is planned on Thursday, March 5 at 7:00-8:00 UTC. Please reply on this email with your proposals for agenda topics. Best regards, Anton Komlev

4 years, 10 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

TF-M February 2020