June 2021 - TF-M - lists.trustedfirmware.org

Re: [TF-M] Firmware update API - MCUboot update

by Tamas Ban

Hi Suresh, I think still there is some misunderstanding here about the role of MCUboot in the update process. I try to clarify it: * MCUboot is the *bootloader* in the system, it does not care how the new images are getting installed on the device. * MCUboot defines a static allocation of the flash. There are the primary slot where the active runtime images are stored and executed from there (if upgrade startegy is XIP) and there are the secondary slot where the candidate image is written by the update client, which his part of the runtime firmware. * MCUboot is not involved at all in the process when new image is downloaded from the remote server and written to the flash (to secondary slot). * MCUboot jobs to recognize that there is a new image (magic value is set at the end of secondary slot), validates it (hash + signature) and move it (if valid) to the primary slot to make it executable (because image is XIP and linked to the address space of the primary slot) * When moving is done just jumps to the reset handler of the new image. TF-M expose a standard FWU API, which can be used by any cloud client: * FWU partition in the secure side is responsible to write the new image to the flash * Because TF-M relies on MCUBoot as a bootloader therefore the image must be placed to the right place in the flash (secondary slot) and some MCUboot specific flags must be set (magic value to indicate new image existence). Therefore in the FWU secure partition there is a MCUboot shim layer to handle these bootloader specific task * However, MCUBoot can replaced by any bootloader if one wants and then the shim layer also can be replaced to do other bootloader specific things. * In this architecture update client is responsible to download the image from the remote server and the FWU partition is responsible to write it to the right location. An implementer can choose: * Implement the FWU API on the non-secure side * Do not use FWU API, just writes the image to the right flash location and set certain flags in the flash that allows MCUboot to find the image * Replace MCUboot with custom bootloader if he wants I hope this helps! The call path in the previous mail was incorrect. The correct call path is: Update client application | | Function call V FWU API | | TF-M psa_call() etc. V FWU Partition | | Function call V MCUBoot Shim Layer | | Function call V MCUBoot user API ========================== RESTART ====================== MCUboot engine parse flash, validate new image, if there is any, and move it around to the primary slot | | V Function call, never returns Reset_Handler of new image BR, Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Suresh Marisetty via TF-M Sent: 2021. május 25., kedd 16:16 To: Andrew Thoelke <Andrew.Thoelke(a)arm.com>; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] Firmware update API - MCUboot update Hi Andrew, I am thinking of two paths for the update client application: one through MCUBoot and another direct to the FWU interface. MCUBoot path is for legacy application compatibility purpose. Longer term, I am wondering if MCUBoot is needed. In embedded there is always a challenge to optimize the code size as space in storage is limited and any optimization to remove redundancies will help. Update client application | | Function call V V MCUBoot user API | Shim layer | | | | Function call | V | FWU API <------------| | | TF-M psa_call() etc. V FWU Partition | | Function call V MCUBoot user API MCUBoot engine MCUBoot image size is around 60K and thanks Suresh Marisetty Infineon Semiconductor Corporation From: Andrew Thoelke <Andrew.Thoelke(a)arm.com<mailto:Andrew.Thoelke@arm.com>> Sent: Tuesday, May 25, 2021 1:39 AM To: Marisetty Suresh (CYSC CSS ICW SW SSE) <Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: Firmware update API - MCUboot update Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://goto.infineon.com/SocialEngineering>. Hi Suresh, > I am of the belief that MCUboot will be a very thin shim layer over the FWU API to provide the compatibility interface to legacy software and most of the work that was done earlier in MCUboot is pushed down into the FWU partition. Are you suggesting that the software stack might look like this: Update client application | | Function call V MCUBoot user API Shim layer | | Function call V FWU API | | TF-M psa_call() etc. V FWU Partition | | Function call V MCUBoot user API MCUBoot engine This looks like it has one more layer than it needs, as either: 1. The Update client application could Talk directly to the FWU API, or 2. The first MCUBoot user API could interact with an MCUBoot update partition (RoT Service), without having to tunnel the MCUBoot API over the FWU API. The latter might not be straightforward - I am not sure that anyone has reviewed the two APIs for this purpose. Are you only considering this software stack for a system where touching the update client application source code is not possible (needed for option #1 above)? - and you also cannot introduce a custom MCUBoot RoT Service partition (option #2 above) so you want to reuse TF-M's existing FWU API and partition? Regards, Andrew From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Suresh Marisetty via TF-M Sent: 25 May 2021 02:37 To: Sherry Zhang <Sherry.Zhang2(a)arm.com<mailto:Sherry.Zhang2@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] Firmware update API - MCUboot update Hi Sherry, Thanks for the info. Wondering if there is some documentation or powerpoint explaining how the MCUBoot is changed to accommodate the FWU API. Details that would help: 1. How the MCUboot works without the FWU API - natively 2. How the MCUBoot needs to be modified to leverage from FWU API 3. What components are retained in MCUBoot ex: image format, signing, metadata, tools I am of the belief that MCUboot will be a very thin shim layer over the FWU API to provide the compatibility interface to legacy software and most of the work that was done earlier in MCUboot is pushed down into the FWU partition. The other way to look at it is: If somebody wants to replace MCUboot with a simple BL to integrate it tightly into TFM, what would that look like? thanks Suresh Marisetty Infineon Semiconductor Corporation From: Sherry Zhang <Sherry.Zhang2(a)arm.com<mailto:Sherry.Zhang2@arm.com>> Sent: Thursday, May 13, 2021 7:51 PM To: Marisetty Suresh (CYSC CSS ICW SW SSE) <Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: Firmware update API - MCUboot update Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://goto.infineon.com/SocialEngineering>. Hi Suresh, The MCUboot update functionality is about validating the existing images on the device which is different from that of the firmware update service which follows mostly with the PSA Firmware Update API spec<https://developer.arm.com/documentation/ihi0093/latest/>. We designed a shim layer between the firmware update partition and bootloader. A specific bootloader can be ported into the firmware update partition via that shim layer. Please refer to the firmware update service document<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/techn…>. In the MCUboot based shim layer implementation, it calls some user/public APIs provided by MCUboot to achieve its functionality. For example, the Firmware Update API spec describes that psa_fwu_install() API should validate the image or defer the validation to a system reboot. In the MCUboot shim layer implementation, it calls the boot_write_magic() API to mark the image as a candidate image for MCUboot and defers the image validation to a system reboot. Please refer to this link<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/…>. Can you please provide more specific suggestion or questions? Regards, Sherry Zhang From: Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com> <Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>> Sent: Thursday, May 13, 2021 11:40 PM To: Sherry Zhang <Sherry.Zhang2(a)arm.com<mailto:Sherry.Zhang2@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: Firmware update API - MCUboot update Hi Sherry, Please take a closer look at the MCUboot and TFM might want to have a clear position/distinction between these two and how to transition from MCUboot update to this mechanism or it could be that they complement each other. thanks Suresh Marisetty Infineon Semiconductor Corporation From: Sherry Zhang <Sherry.Zhang2(a)arm.com<mailto:Sherry.Zhang2@arm.com>> Sent: Wednesday, May 12, 2021 8:55 PM To: Marisetty Suresh (CYSC CSS ICW SW SSE) <Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: Firmware update API - MCUboot update Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://goto.infineon.com/SocialEngineering>. Hi Suresh, The firmware update service APIs are for updating the firmware. The functionalities of these APIs includes loading the image into its target device(flash), verifying the image and installing it and so on. The user can call the these APIs to achieve update images. For example, in the integration of TF-M and the FreeRTOS OTA<https://github.com/Linaro/amazon-freertos/blob/tfm-fwu/libraries/abstractio…>, the OTA agent calls the firmware update service APIs to achieve an image update remotely. I guess that the "MCUboot update services" you mentioned refers to the functionality of MCUboot which acts as a bootloader. As a bootloader, it can verify the image which already exists on the device and chose the right image to start up. But it cannot, for example, load the image into device or control the image update process. The firmware update partition calls some user APIs provided by MCUboot to cooperate with it. You can refer to https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/techn…. Regards, Sherry Zhang From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Suresh Marisetty via TF-M Sent: Thursday, May 13, 2021 11:09 AM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] Firmware update API - MCUboot update Hi, I would like to see if there is any guidance/documentation on how to coordinate between the firmware update services API with that of MCUboot. Does the use of this API make the MCUboot update services redundant? thanks Suresh Marisetty Infineon Semiconductor Corporation Lead Member of Technical Staff CYSC CSS ICW SW SSE Mobile: +5103863997 Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>

4 years

2
4
0 0

[Doc]Update sphinx to 2.0.1

by Summer Qin

Hi, To better maintain tf-m documentation, we plan to enable 'turn warnings into errors' in documentation HTML generation. The patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/10424> is on review now. One note is that sphinx should be updated to 2.0.1, otherwise there will be some 'duplicate label' warnings, which will fail documentation generation. Best Regards, Summer

4 years, 1 month

1
0
0 0

Re: [TF-M] Static check framework for TF-M

by Gyorgy Szing

Hi, Please consider separating the configuration files from the scripts/tools. That would enable re-using the scripts in other projects. I.e. if the .clang-format file lives in the tf-m repo, then the script running clang-format could be used with multiple repositories. /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Salome Thirot via TF-M Sent: 28 June 2021 11:42 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] Static check framework for TF-M Hi all, Hugo L'Hostis and I have written a series of patches to enable various checks that can be done locally before committing the code, they will be added in the tf-m-tools repository. The patches are the following, any comment is welcome: cppcheck: https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/10009/8 clang-format: https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/10463/2 copyright headers: https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/10464/2 Regards, Salome

4 years, 1 month

1
0
0 0

Re: [TF-M] TFM psa-arch-tests using mbedtls

by Summer Qin

Hi Matt, Thanks for your nice feedback! Yes, your understanding is correct. We had discussed this issue in mbedtls github, you can refer the details here<https://github.com/ARMmbed/mbed-crypto/issues/175>. We also feedback it to psa arch test team, hope they can fix it soon. Again, thanks for pointing it out : ) BR, Summer ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Matt via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: Wednesday, June 30, 2021 10:33 AM To: tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org> Subject: [TF-M] TFM psa-arch-tests using mbedtls Hi all TFM experts, 近期我在移植psa-arch-tests到我们的板子上，想看下functional api的测试结果。 TFM用的是1.1的版本，psa-arch-tests 用的是master分支，代码取到 1f96094734897674fa907fba2050bc52e1b3d0fe 这个commit. mbedtls使用的分支是2.23.0。在测试crypto 的 c021 ，即psa_key_derivation_output_key的测试时，看结果是FAIL的，看了下c021下的test_data.h，check1数组前面两项的信息如下， static const test_data check1[] = { {"Test psa_key_derivation_output_key - Key\n", PSA_KEY_TYPE_DERIVE, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, 0x5F, 0xC9, 0x77}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)), PSA_KEY_DERIVATION_INPUT_SECRET, 32, {0}, 0, PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_SUCCESS }, {"Test psa_key_derivation_output_key - Info\n", PSA_KEY_TYPE_DERIVE, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, 0x5F, 0xC9, 0x77}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)), PSA_KEY_DERIVATION_INPUT_INFO, 32, "This is the info", 16, PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_SUCCESS }, 秘钥派生的算法使用的是PSA_ALG_HKDF(PSA_ALG_SHA_256)，在mbedtls库中，使用HKDF算法时，在读取输出即调用 psa_key_derivation_output_bytes或者psa_key_derivation_output_key时，内部调用到 psa_key_derivation_hkdf_read时会检查两个必要的条件，一个是是否已输入key，一个是是否已输入info，如果只输入一个，就返回BAD_STATE。但是上面 check1的前两项都是只输入一个项， check1的第一项是只输入key, 第二项是只输入info，所以应该返回 BAD_STATE，不应该是 PSA_SUCCESS。在psa arch tests crypto的 c020测试中早期的版本也有类似的问题，不过最新的代码已变化为输入key和info 这两个量后才去读取派生的结果。在网上也了解了下HKDF的介绍，也提到了key和info这两个必要的输入： [cid:20571824$1$17a5ac32875$Coremail$majun.china$126.com] 如果使用TFM默认的 mbedtls库，crypto的这个测试应该是通不过的，因为mbedtls最新的版本，在读取派生结果时，依然要检测key和info是否都已输入。请帮check下，是我理解的不对，还是crypto 的 c021 这个case不适合mbedtls软算法库。以上信息，感谢TFM的各位专家，期盼你们的回复谢谢！

4 years, 1 month

2
1
0 0

TFM psa-arch-tests using mbedtls

by Matt

Hi all TFM experts, 近期我在移植psa-arch-tests到我们的板子上，想看下functional api的测试结果。 TFM用的是1.1的版本，psa-arch-tests 用的是master分支，代码取到 1f96094734897674fa907fba2050bc52e1b3d0fe 这个commit. mbedtls使用的分支是2.23.0。在测试crypto 的 c021 ，即psa_key_derivation_output_key的测试时，看结果是FAIL的，看了下c021下的test_data.h，check1数组前面两项的信息如下， static const test_data check1[] = { {"Test psa_key_derivation_output_key - Key\n", PSA_KEY_TYPE_DERIVE, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, 0x5F, 0xC9, 0x77}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)), PSA_KEY_DERIVATION_INPUT_SECRET, 32, {0}, 0, PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_SUCCESS }, {"Test psa_key_derivation_output_key - Info\n", PSA_KEY_TYPE_DERIVE, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, 0x5F, 0xC9, 0x77}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)), PSA_KEY_DERIVATION_INPUT_INFO, 32, "This is the info", 16, PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_SUCCESS }, 秘钥派生的算法使用的是PSA_ALG_HKDF(PSA_ALG_SHA_256)，在mbedtls库中，使用HKDF算法时，在读取输出即调用 psa_key_derivation_output_bytes或者psa_key_derivation_output_key时，内部调用到 psa_key_derivation_hkdf_read时会检查两个必要的条件，一个是是否已输入key，一个是是否已输入info，如果只输入一个，就返回BAD_STATE。但是上面 check1的前两项都是只输入一个项， check1的第一项是只输入key, 第二项是只输入info，所以应该返回 BAD_STATE，不应该是 PSA_SUCCESS。在psa arch tests crypto的 c020测试中早期的版本也有类似的问题，不过最新的代码已变化为输入key和info 这两个量后才去读取派生的结果。在网上也了解了下HKDF的介绍，也提到了key和info这两个必要的输入：如果使用TFM默认的 mbedtls库，crypto的这个测试应该是通不过的，因为mbedtls最新的版本，在读取派生结果时，依然要检测key和info是否都已输入。请帮check下，是我理解的不对，还是crypto 的 c021 这个case不适合mbedtls软算法库。以上信息，感谢TFM的各位专家，期盼你们的回复谢谢！

4 years, 1 month

1
0
0 0

Static check framework for TF-M

by Salome Thirot

Hi all, Hugo L'Hostis and I have written a series of patches to enable various checks that can be done locally before committing the code, they will be added in the tf-m-tools repository. The patches are the following, any comment is welcome: cppcheck: https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/10009/8 clang-format: https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/10463/2 copyright headers: https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/10464/2 Regards, Salome

4 years, 1 month

1
0
0 0

Re: [TF-M] Remove Customized Region Name Prefix in Linker Scripts

by Andrej Butok

This is the "good practice" to add prefixes to global names. From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Xinyu Zhang via TF-M Sent: Thursday, June 24, 2021 12:00 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] Remove Customized Region Name Prefix in Linker Scripts Hi, The existing linker definitions abuse prefixes such as ER_ and TFM_. Some names do not have a clear scope, which reduces the readability. Here are some patches to address the problem: * Patch 10383 <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr ustedfirmware.org%2Fc%2FTF-M%2Ftrusted-firmware-m%2F%2B%2F10383&data=04%7C01 %7Candrey.butok%40nxp.com%7C8c57174d86d447802a4908d936f6d729%7C686ea1d3bc2b4 c6fa92cd99c5c301635%7C0%7C0%7C637601256068960339%7CUnknown%7CTWFpbGZsb3d8eyJ WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata =G8Jf5YT4mptpeBUw8U7YkVbSKGvgXXtC3G8wRBqbJvY%3D&reserved=0> : TFM_UNPRIV_CODE --> UNPRIV_CODE * Patch 10384 <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr ustedfirmware.org%2Fc%2FTF-M%2Ftrusted-firmware-m%2F%2B%2F10384&data=04%7C01 %7Candrey.butok%40nxp.com%7C8c57174d86d447802a4908d936f6d729%7C686ea1d3bc2b4 c6fa92cd99c5c301635%7C0%7C0%7C637601256068970289%7CUnknown%7CTWFpbGZsb3d8eyJ WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata =BSU1cXFeV61T48OO68FHJVFxD4tnSHz%2FmndTUSWjLOE%3D&reserved=0> : TFM_SP_LOAD_LIST --> SP_LOAD_LIST * Patch 10385 <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr ustedfirmware.org%2Fc%2FTF-M%2Ftrusted-firmware-m%2F%2B%2F10385&data=04%7C01 %7Candrey.butok%40nxp.com%7C8c57174d86d447802a4908d936f6d729%7C686ea1d3bc2b4 c6fa92cd99c5c301635%7C0%7C0%7C637601256068970289%7CUnknown%7CTWFpbGZsb3d8eyJ WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata =PYVkbSu05KgbqdUk%2FdCC7MAAg3KoNPKYXA4C1PrdnK0%3D&reserved=0> : TFM_SECURE_* --> SECURE_* Please help to put comments and inform us if your platforms couple tightly with the symbols defined in LD. Thanks, Xinyu

4 years, 2 months

2
1
0 0

Remove Customized Region Name Prefix in Linker Scripts

by Xinyu Zhang

Hi, The existing linker definitions abuse prefixes such as ER_ and TFM_. Some names do not have a clear scope, which reduces the readability. Here are some patches to address the problem: * Patch 10383<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/10383>: TFM_UNPRIV_CODE --> UNPRIV_CODE * Patch 10384<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/10384>: TFM_SP_LOAD_LIST --> SP_LOAD_LIST * Patch 10385<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/10385>: TFM_SECURE_* --> SECURE_* Please help to put comments and inform us if your platforms couple tightly with the symbols defined in LD. Thanks, Xinyu

4 years, 2 months

1
0
0 0

Re: [TF-M] Technical Forum call - June 24

by Anton Komlev

HI, Having no declared topics for the forum, let's discuss the PSA Audit and TF-M logs features and scope to avoid possible confusion. Thanks and best regards, Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Wednesday, June 16, 2021 4:07 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] Technical Forum call - June 24 Hi, The next Technical Forum is planned on Thursday, June 24 7:00-8:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

4 years, 2 months

1
0
0 0

Re: [TF-M] Deprecate 'partitions/audit_logging' and its related tests

by Reed Hinkel

Hello Team: Audit Logging is a requirement for a number of e2e security schemes including Microsoft Azure. The implementation may need a bit of use case specific or customer steering to get back on track to demonstrating it will fit the bill for e2e usage. I would think carefully about the strategy here because I fully expect that the moment it is deprecated a business need for it to exist will be raised. Please carefully consider how to add support back in quickly if it is deprecated now, though I would personally like to see it retained. All the best! Reed From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Andrej Butok via TF-M <tf-m(a)lists.trustedfirmware.org> Reply-To: Andrej Butok <andrey.butok(a)nxp.com> Date: Wednesday, June 16, 2021 at 5:56 AM To: Ken Liu <Ken.Liu(a)arm.com> Cc: "tf-m(a)lists.trustedfirmware.org" <tf-m(a)lists.trustedfirmware.org> Subject: Re: [TF-M] Deprecate 'partitions/audit_logging' and its related tests Hi Ken > Or any doubts about depreciating it? It is not used because its implementation is not finished, the current implementation is only for PSA L1 and not supported by IPC. This is not enough for certification. The Log service is optimally required by the PSA Certification. If you going to deprecate it, first delete the requirement from the PSA L2&L3 Certification profiles. Thanks, Andrej From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: Wednesday, June 16, 2021 10:46 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] Deprecate 'partitions/audit_logging' and its related tests Hi, The component name under this folder is ‘Audit logging’, and: * There is no explicit specification or requirements for it, and its functionality is as a simple log collector (and looks no one is using it). * It supported under the library model only. And it is meaningless to move to IPC because of this. * It costs extra maintenance effort in test cases and partition code. So a plan is to deprecate this folder and its related test cases; will create a new one when the specification or requirements are explicitly defined. Question here is: Anyone is using this service? Or any doubts about depreciating it? Will collect the response and broadcast it at 25th Jun. Thanks. /Ken

4 years, 2 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M June 2021