March 2021 - TF-M - lists.trustedfirmware.org

Re: [TF-M] Profile Large design document for review

by David Hu

Hi all, I'd like to merge Profile Large design this Thursday if no further comment. Since there are other TF-M major features under development in parallel, Profile Large design will be updated later when other major features are available. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M Sent: Monday, March 1, 2021 10:30 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] Profile Large design document for review Hi all, Can I ask for your comments on the TF-M Profile Large design document? TF-M Profile Large is one of TF-M Profiles. Profile Medium and Profile Small have been supported in TF-M. The document can be reviewed via https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8546/1/docs/…. Any comment is welcome! Best regards, Hu Ziji

3 years, 1 month

1
0
0 0

Re: [TF-M] Security vulnerability notice - SVC handler fetches incorrect caller stack pointer under specific cases.

by Kumar Gala

Agreed, I think it's a great thing for the SC to take up and make a policy on. Will add 2 cents: * Being a security focused project, I think its import that at least there is a patch release for the most recent officially released version, regardless of when the next release of TFM might be released. * Maybe looking at what policy a project like mbedtls has as a starting point. - k > On Mar 5, 2021, at 12:34 PM, Anton Komlev via TF-M <tf-m(a)lists.trustedfirmware.org> wrote: > > Hi Kumar, All, > > Thanks for bringing this topic up. > At the moment there is no plan for issuing the release v1.2.1 because of lack of policy for such hot fix releases. The release policy upgrade proposal shall be reviewed and agreed in the Steering Committee with the main questions: > 1. What is the hot fix baseline? > 2. What is the testing scope of the fix? > 3. On which platform(s) the fix shall be tested? > > The policy is under discussion and the community input is welcome. Please share your thoughts on the topic. > > The release v1.3.0 is expected by end of March-beginning of April, which will include the fix. > > Thanks, > Anton > > > -----Original Message----- > From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kumar Gala via TF-M > Sent: Friday, March 5, 2021 5:36 PM > To: Ken Liu <Ken.Liu(a)arm.com> > Cc: nd <nd(a)arm.com>; tf-m(a)lists.trustedfirmware.org > Subject: Re: [TF-M] Security vulnerability notice - SVC handler fetches incorrect caller stack pointer under specific cases. > > > >> On Mar 5, 2021, at 9:28 AM, Ken Liu via TF-M <tf-m(a)lists.trustedfirmware.org> wrote: >> >> Hi Everyone, >> >> There is a new security vulnerability reported about the SVC handler fetches a wrong caller stack pointer under specific cases, which impacts the subsequent execution. >> >> Please find the security advisory specific to TF-M and patches that have been developed as per the TrustedFirmware.org security process[1] below : >> >> 1. TF-M Security advisory: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9005 >> 2. Fix based on the latest master has been merged into TF-M repo. The patch also can be found in Gerrit:https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8575 and https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8576. >> >> Please let us know if you have any comments. >> >> BR >> >> /Ken Liu >> >> [1] https://developer.trustedfirmware.org/w/collaboration/security_center/repor… >> -- >> TF-M mailing list >> TF-M(a)lists.trustedfirmware.org >> https://lists.trustedfirmware.org/mailman/listinfo/tf-m > > Is there plans for a security release of TFM v1.2 with this fix? > > - k > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m

3 years, 1 month

1
0
0 0

Re: [TF-M] Security vulnerability notice - SVC handler fetches incorrect caller stack pointer under specific cases.

by Anton Komlev

Hi Kumar, All, Thanks for bringing this topic up. At the moment there is no plan for issuing the release v1.2.1 because of lack of policy for such hot fix releases. The release policy upgrade proposal shall be reviewed and agreed in the Steering Committee with the main questions: 1. What is the hot fix baseline? 2. What is the testing scope of the fix? 3. On which platform(s) the fix shall be tested? The policy is under discussion and the community input is welcome. Please share your thoughts on the topic. The release v1.3.0 is expected by end of March-beginning of April, which will include the fix. Thanks, Anton -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kumar Gala via TF-M Sent: Friday, March 5, 2021 5:36 PM To: Ken Liu <Ken.Liu(a)arm.com> Cc: nd <nd(a)arm.com>; tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] Security vulnerability notice - SVC handler fetches incorrect caller stack pointer under specific cases. > On Mar 5, 2021, at 9:28 AM, Ken Liu via TF-M <tf-m(a)lists.trustedfirmware.org> wrote: > > Hi Everyone, > > There is a new security vulnerability reported about the SVC handler fetches a wrong caller stack pointer under specific cases, which impacts the subsequent execution. > > Please find the security advisory specific to TF-M and patches that have been developed as per the TrustedFirmware.org security process[1] below : > > 1. TF-M Security advisory: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9005 > 2. Fix based on the latest master has been merged into TF-M repo. The patch also can be found in Gerrit:https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8575 and https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8576. > > Please let us know if you have any comments. > > BR > > /Ken Liu > > [1] https://developer.trustedfirmware.org/w/collaboration/security_center/repor… > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m Is there plans for a security release of TFM v1.2 with this fix? - k -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m

3 years, 1 month

1
0
0 0

Re: [TF-M] Security vulnerability notice - SVC handler fetches incorrect caller stack pointer under specific cases.

by Kumar Gala

> On Mar 5, 2021, at 9:28 AM, Ken Liu via TF-M <tf-m(a)lists.trustedfirmware.org> wrote: > > Hi Everyone, > > There is a new security vulnerability reported about the SVC handler fetches a wrong caller stack pointer under specific cases, which impacts the subsequent execution. > > Please find the security advisory specific to TF-M and patches that have been developed as per the TrustedFirmware.org security process[1] below : > > 1. TF-M Security advisory: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9005 > 2. Fix based on the latest master has been merged into TF-M repo. The patch also can be found in Gerrit:https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8575 and https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8576. > > Please let us know if you have any comments. > > BR > > /Ken Liu > > [1] https://developer.trustedfirmware.org/w/collaboration/security_center/repor… > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m Is there plans for a security release of TFM v1.2 with this fix? - k

3 years, 1 month

1
0
0 0

Security vulnerability notice - SVC handler fetches incorrect caller stack pointer under specific cases.

by Ken Liu

Hi Everyone, There is a new security vulnerability reported about the SVC handler fetches a wrong caller stack pointer under specific cases, which impacts the subsequent execution. Please find the security advisory specific to TF-M and patches that have been developed as per the TrustedFirmware.org security process[1] below : 1. TF-M Security advisory: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9005 2. Fix based on the latest master has been merged into TF-M repo. The patch also can be found in Gerrit: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8575 and https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8576. Please let us know if you have any comments. BR /Ken Liu [1] https://developer.trustedfirmware.org/w/collaboration/security_center/repor…

3 years, 1 month

1
0
0 0

Re: [TF-M] Technical Forum call - March 4

by Anton Komlev

The agenda for the forum tomorrow: 1. CMSIS Pack for TF-M v1.2 presentation 2. AOB Thanks, Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Monday, March 1, 2021 11:58 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] Technical Forum call - March 4 Hi, The next Technical Forum is planned on Thursday, March 4, 07:00-08:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

3 years, 1 month

1
0
0 0

Re: [TF-M] Review on Firmware Update service in TF-M

by Sherry Zhang

Hi, Add some technical details. The newly added Firmware Update service provides the functionality of updating firmware images. It provides a standard interface for updating firmware and it is designed as platform/bootloader independent. The nonsecure application can call this service to achieve the firmware update by integrating TF-M with, for example, OTA library in the nonsecure side. The implementation provides a shim layer between the bootloader and the firmware update partition. Other bootloaders besides MCUboot should be easily ported with this partition. Any comment is very welcomed! Regards, Sherry Zhang From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Sherry Zhang via TF-M Sent: Monday, January 18, 2021 1:52 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] Review on Firmware Update service in TF-M Hi, I created the patchset of adding the Firmware Update service in TF-M feature branch. I would like to ask you to review this patchset if you are interested in it. Top of the patchset: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/7883 Regards, Sherry Zhang

3 years, 1 month

1
1
0 0

Deprecation of the nRF5340 PDK platform

by Głąbek, Andrzej

Hello, I would like to propose the deprecation of the nRF5340 PDK platform (nordic_nrf/nrf5340pdk_nrf5340_cpuapp) and the removal of this platform after the v1.3.0 release. The nRF5340 PDK is a preview development kit with an early revision (Engineering A) of the nRF5340 SoC and it has been replaced by the nRF5340 DK (as indicated here: https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF5340-PDK), which is also supported by TF-M. As per the process, should you have any objections to this deprecation, please respond to this proposal within 4 weeks. Best regards, Andrzej Głąbek

3 years, 1 month

1
0
0 0

Re: [TF-M] Please update TFM_TEST_REPO_VERSION

by David Hu

Hi Thomas, Sorry for the trouble. Could you let me know whether this change brought some problems or it fixed something? Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Thomas Törnblom via TF-M Sent: Friday, February 26, 2021 6:03 PM To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] Please update TFM_TEST_REPO_VERSION For some reason it seems that IAR is the only toolchain affected by: https://git.trustedfirmware.org/TF-M/tf-m-tests.git/commit/app/main_ns.c?id… Can we please update update the version to at least 4ae00fe? Cheers, Thomas -- Thomas Törnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems>

3 years, 1 month

2
7
0 0

Technical Forum call - March 4

by Anton Komlev

Hi, The next Technical Forum is planned on Thursday, March 4, 07:00-08:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

3 years, 1 month

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

TF-M March 2021