February 2022 - TF-M - lists.trustedfirmware.org

by Bøe, Sebastian

Hi, the performance improvement presentation[0] reports a FF PSA API overhead of 20 000 CPU cycles for the psa_call. Which is 300 us for a 64MHz CPU. This is quite a lot of instructions and I am concerned about whether real world embedded application's will have time to call these secure services. I'm interested in isolation level 2. I understand that it is not possible to have isolation level 2 with library mode. But what about SFN mode, could that eventually support isolation level 2? If not, what is the current status of optimizing the service call overhead for IPC. Is it considered to be as optimized as it can be or is there still hope for optimizing further? [0] https://www.trustedfirmware.org/docs/tf-m_forum_20211209-TF-M_Performance-I…

2 years, 10 months

2
1
0 0

Technical Forum call - Feb 17

by Anton Komlev

Hi, The next Technical Forum is planned on Thursday, February 17, 15:00-16:00 UTC (US time zone). Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

2 years, 10 months

2
2
0 0

[FYI] Tiny update in level 3 ld/sct files

by Ken Liu

Hi, We got a tiny update merged in level 3 ld/sct files to support partition runtime: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/13925 Platforms with level 3 support please have a test and report issue here if spotted. We have internally tested MPS2 and MUSCA_B1. Thanks. /Ken

2 years, 10 months

1
0
0 0

halting or rebooting on faults

by Bøe, Sebastian

Hi, it seems we could try to be more consistent with fault handling. The current default behaviour is: Error code returned from an SPE function? Reboot. MemFault/HardFault/SecureFault in the SPE? Halt. Null-pointer dereference from the NSPE? (results in a secure fault for cortex-m) Halt. Should we perhaps consistently halt or consistently reboot for these three cases and allow this to be configurable? It is not clear to me why an error returned from a function results in a reboot, whereas a Hardfault does not. They both indicate a fault in the SPE. At the very least the behaviour should be configurable, which this PR is a step towards: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/13839

2 years, 10 months

5
4
0 0

Security vulnerability notice - Firmware Update psa_fwu_write service vulnerability

by Sherry Zhang

Hi all, This email is a notification of a new security vulnerability reported to TF-M. In TF-M version between 3e7129f<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=3e71…> and 921d0ea<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=921d…>, the caller of ``psa_fwu_write()`` from SPE or NSPE can overwrite the stack memory outside of the local buffer in Firmware Update partition in IPC model. Please check the details in the security advisory doc<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/13873/5/docs…>. The advisory has been merged in master branch today. The fix<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=78f7…> has been merged into master branch before TF-Mv1.5.0. Regards, Sherry Zhang

2 years, 10 months

1
0
0 0

Dual core broken

by Chris.Brand＠infineon.com

Commit 27f9a49508547320c50056a52a372674c27771eb seems to have missed changing ns_agent_mailbox, breaking dual core. I'd send a patch, but I's not immediately obvious what it should look like... Seems like a good change, but inadequately reviewed? Chris Brand Cypress Semiconductor (Canada), Inc. An Infineon Technologies Company Sr Prin Software Engr CSCA CSS ICW SW PSW 1 Office: +1 778 234 0515 Chris.Brand(a)infineon.com<mailto:Chris.Brand@infineon.com> International Place 13700 V6V 2X8 Richmond Canada www.infineon.com<www.cypress.com> www.cypress.com<http://www.cypress.com> Discoveries<http://www.infineon.com/discoveries> Facebook<http://www.facebook.com/infineon> Twitter<http://www.twitter.com/Infineon> LinkedIn<http://www.linkedin.com/company/infineon-technologies> Part of your life. Part of tomorrow. NOTICE: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material of Infineon Technologies AG and its affiliated entities which is for the exclusive use of the individual designated above as the recipient. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact immediately the sender by returning e-mail and delete the material from any computer. If you are not the specified recipient, you are hereby notified that all disclosure, reproduction, distribution or action taken on the basis of this message is prohibited.

2 years, 10 months

2
1
0 0

Why ARM_FLASH_STATUS is volatile in flash driver?

by Roman Mazurak

Hi all, Why ARM_FLASH_STATUS was declared volatile in https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/platform… commit ? I believe it's much better to declare volatile variable when there is such need instead of forcing all variables to become volatile through typedef. Thanks, Roman.

2 years, 10 months

2
2
0 0

[CANCELLED] Technical Forum call - Feb 3

by Anton Komlev

Hi, Let's cancel the forum tomorrow due to the empty agenda and the holiday time in Asia. Best regards, Anton From: Anton Komlev via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: Thursday, January 27, 2022 4:36 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] Technical Forum call - Feb 3 Hi, The next Technical Forum is planned on Thursday, Feb 3, 7:00-8:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. This slot is in Chinese New Year celebration period so we can expect fewer participants from Asia. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

2 years, 10 months

1
0
0 0

Custom implementation of of tfm_hal_system_reset

by Bohdan.Hunko＠infineon.com

Hi everyone, I have a few questions related to TF-M code: 1. Default implementation of tfm_hal_system_reset(void) from platform/ext/common/tfm_platform.c<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e…> just calls NVIC_SystemReset(), but some ARM platform, take musca_b1 for example, reimplement it (platform/ext/target/arm/musca_b1/sse_200/tfm_hal_platform.c<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e…> ). Custom implementations tend to also disable and clean IRQ and call mpc_revert_non_secure_to_secure_cfg(); Is there any benefits of doing that??? If so then what those benefits are? 1. tfm_core_panic() (secure_fw/spm/ffm/utilities.c<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/…>) when TFM_FIH_PROFILE_ON is defined calls fih_delay() and tfm_hal_system_reset() twice. Is this done to ensure that tfm_hal_system_reset() will be called (even if first one was skipped there is second one)? And if so, can a comment be added there to highlight that intention? Regards, Bohdan Hunko Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko(a)infineon.com<mailto:Bohdan.Hunko@infineon.com>

2 years, 10 months

3
2
0 0

2024

2023

2022

2021

2020

2019

2018

TF-M February 2022