Hi all,
I'd like to merge Profile Large design this Thursday if no further comment.
Since there are other TF-M major features under development in parallel, Profile Large design will be updated later when other major features are available.
Best regards,
Hu Ziji
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M
Sent: Monday, March 1, 2021 10:30 AM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] Profile Large design document for review
Hi all,
Can I ask for your comments on the TF-M Profile Large design document?
TF-M Profile Large is one of TF-M Profiles. Profile Medium and Profile Small have been supported in TF-M.
The document can be reviewed via https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8546/1/docs/….
Any comment is welcome!
Best regards,
Hu Ziji
Agreed, I think it's a great thing for the SC to take up and make a policy on.
Will add 2 cents:
* Being a security focused project, I think its import that at least there is a patch release for the most recent officially released version, regardless of when the next release of TFM might be released.
* Maybe looking at what policy a project like mbedtls has as a starting point.
- k
> On Mar 5, 2021, at 12:34 PM, Anton Komlev via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> Hi Kumar, All,
>
> Thanks for bringing this topic up.
> At the moment there is no plan for issuing the release v1.2.1 because of lack of policy for such hot fix releases. The release policy upgrade proposal shall be reviewed and agreed in the Steering Committee with the main questions:
> 1. What is the hot fix baseline?
> 2. What is the testing scope of the fix?
> 3. On which platform(s) the fix shall be tested?
>
> The policy is under discussion and the community input is welcome. Please share your thoughts on the topic.
>
> The release v1.3.0 is expected by end of March-beginning of April, which will include the fix.
>
> Thanks,
> Anton
>
>
> -----Original Message-----
> From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kumar Gala via TF-M
> Sent: Friday, March 5, 2021 5:36 PM
> To: Ken Liu <Ken.Liu(a)arm.com>
> Cc: nd <nd(a)arm.com>; tf-m(a)lists.trustedfirmware.org
> Subject: Re: [TF-M] Security vulnerability notice - SVC handler fetches incorrect caller stack pointer under specific cases.
>
>
>
>> On Mar 5, 2021, at 9:28 AM, Ken Liu via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>>
>> Hi Everyone,
>>
>> There is a new security vulnerability reported about the SVC handler fetches a wrong caller stack pointer under specific cases, which impacts the subsequent execution.
>>
>> Please find the security advisory specific to TF-M and patches that have been developed as per the TrustedFirmware.org security process[1] below :
>>
>> 1. TF-M Security advisory: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9005
>> 2. Fix based on the latest master has been merged into TF-M repo. The patch also can be found in Gerrit:https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8575 and https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8576.
>>
>> Please let us know if you have any comments.
>>
>> BR
>>
>> /Ken Liu
>>
>> [1] https://developer.trustedfirmware.org/w/collaboration/security_center/repor…
>> --
>> TF-M mailing list
>> TF-M(a)lists.trustedfirmware.org
>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
>
> Is there plans for a security release of TFM v1.2 with this fix?
>
> - k
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Hi Kumar, All,
Thanks for bringing this topic up.
At the moment there is no plan for issuing the release v1.2.1 because of lack of policy for such hot fix releases. The release policy upgrade proposal shall be reviewed and agreed in the Steering Committee with the main questions:
1. What is the hot fix baseline?
2. What is the testing scope of the fix?
3. On which platform(s) the fix shall be tested?
The policy is under discussion and the community input is welcome. Please share your thoughts on the topic.
The release v1.3.0 is expected by end of March-beginning of April, which will include the fix.
Thanks,
Anton
-----Original Message-----
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kumar Gala via TF-M
Sent: Friday, March 5, 2021 5:36 PM
To: Ken Liu <Ken.Liu(a)arm.com>
Cc: nd <nd(a)arm.com>; tf-m(a)lists.trustedfirmware.org
Subject: Re: [TF-M] Security vulnerability notice - SVC handler fetches incorrect caller stack pointer under specific cases.
> On Mar 5, 2021, at 9:28 AM, Ken Liu via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> Hi Everyone,
>
> There is a new security vulnerability reported about the SVC handler fetches a wrong caller stack pointer under specific cases, which impacts the subsequent execution.
>
> Please find the security advisory specific to TF-M and patches that have been developed as per the TrustedFirmware.org security process[1] below :
>
> 1. TF-M Security advisory: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9005
> 2. Fix based on the latest master has been merged into TF-M repo. The patch also can be found in Gerrit:https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8575 and https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8576.
>
> Please let us know if you have any comments.
>
> BR
>
> /Ken Liu
>
> [1] https://developer.trustedfirmware.org/w/collaboration/security_center/repor…
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Is there plans for a security release of TFM v1.2 with this fix?
- k
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
The agenda for the forum tomorrow:
1. CMSIS Pack for TF-M v1.2 presentation
2. AOB
Thanks,
Anton
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M
Sent: Monday, March 1, 2021 11:58 AM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] Technical Forum call - March 4
Hi,
The next Technical Forum is planned on Thursday, March 4, 07:00-08:00 UTC (Asia time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hi,
Add some technical details.
The newly added Firmware Update service provides the functionality of updating firmware images. It provides a standard interface for updating firmware and it is designed as platform/bootloader independent. The nonsecure application can call this service to achieve the firmware update by integrating TF-M with, for example, OTA library in the nonsecure side.
The implementation provides a shim layer between the bootloader and the firmware update partition. Other bootloaders besides MCUboot should be easily ported with this partition.
Any comment is very welcomed!
Regards,
Sherry Zhang
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Sherry Zhang via TF-M
Sent: Monday, January 18, 2021 1:52 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] Review on Firmware Update service in TF-M
Hi,
I created the patchset of adding the Firmware Update service in TF-M feature branch. I would like to ask you to review this patchset if you are interested in it.
Top of the patchset:
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/7883
Regards,
Sherry Zhang
Hello,
I would like to propose the deprecation of the nRF5340 PDK platform (nordic_nrf/nrf5340pdk_nrf5340_cpuapp) and the removal of this platform after the v1.3.0 release. The nRF5340 PDK is a preview development kit with an early revision (Engineering A) of the nRF5340 SoC and it has been replaced by the nRF5340 DK (as indicated here: https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF5340-PDK), which is also supported by TF-M.
As per the process, should you have any objections to this deprecation, please respond to this proposal within 4 weeks.
Best regards,
Andrzej Głąbek
Hi Thomas,
Sorry for the trouble.
Could you let me know whether this change brought some problems or it fixed something?
Best regards,
Hu Ziji
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Thomas Törnblom via TF-M
Sent: Friday, February 26, 2021 6:03 PM
To: tf-m(a)lists.trustedfirmware.org
Subject: [TF-M] Please update TFM_TEST_REPO_VERSION
For some reason it seems that IAR is the only toolchain affected by:
https://git.trustedfirmware.org/TF-M/tf-m-tests.git/commit/app/main_ns.c?id…
Can we please update update the version to at least 4ae00fe?
Cheers,
Thomas
--
Thomas Törnblom, Product Engineer
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com>
Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems>
Hi,
The next Technical Forum is planned on Thursday, March 4, 07:00-08:00 UTC (Asia time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
