I recently switched to a new MBP that ships with OS X Monterey, and on both
12.0 and 12.1 (released this week) git clone seems to be broken when you're
using HTTP rather than SSH:
digital envelope routines:CRYPTO_internal:bad key length
In order to clone TF-M, I had to make the following changes.
1. Add these details to $HOME/.ssh/config (microbuilder being my github
username, associated with my TF-M account):
Host trustedfirmware.org
User microbuilder
Hostname review.trustedfirmware.org
Port 29418
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
2. Then try to clone with:
$ git clone trustedfirmware.org:/TF-M/trusted-firmware-m.git
This fails, however, since it tries to clone tf-m-tests.git, so:
3. Edit lib/ext/tf-m-tests/fetch_repo.cmake, changing:
FetchContent_Declare(tfm_test_repo
GIT_REPOSITORY trustedfirmware.org:TF-M/tf-m-tests.git
# GIT_REPOSITORY https://git.trustedfirmware.org/TF-M/tf-m-tests.git
GIT_TAG ${TFM_TEST_REPO_VERSION}
GIT_PROGRESS TRUE
)
This let me at least clone TF-M until the issues with HTTP-based cloning
are fixed.
Hope this is useful to someone else working on OS X natively.
Kevin
Hi,
The next Technical Forum is planned on Thursday, Dec 9, 7:00-8:00 UTC (Asia time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hi,
for PSA Certification level 2 a log of significant security events is required. Which I assume
should be done with the Audit log service.
But the Audit log service does not support IPC mode.
Should PSA Certification level 2 be done with IPC mode or with library mode?
