Hi,
(On behalf of Anton)
The next Technical Forum is planned on Thursday, May 12, 15:00-16:00 UTC (West time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Hu Ziji
Hello,
I am pleased to announce the new v1.6.0 released of TF-M project.
New major features are:
* MCUboot updated to v1.9.0.
* Mbed TLS updated to v3.1.0 (Support all required PSA Crypto APIs).
* Enabled Secure Function (SFN) Model Partition compliance in IPC backend.
* Interrupt support (both SLIH/FLIH) for the SFN backend.
* MM-IOVEC Support for the SFN backend.
* The following Secure Partitions are converted to SFN model:
* Protected Storage
* Internal Trusted Storage
* Initial Attestation
* FF-M v1.1 SFN Model supported in Profile Small.
* HAL Separation of Library Model and IPC/SFN backend.
* FP support for Armv8.1-M Mainline for IPC backend.
* Simplified build output message and configurable output.
* Halting instead of rebooting on panic in debug build type.
* Automated testing of MCUboot BL2.
* A new driver interface for the CC-312 runtime library as specified in the PSA Unified Driver spec [1]_.
* Added reference bootloader stage 1 (BL1) bootloader for certain platforms.
* A new CC312 ROM library for the BL1.
* Updated documentation structure.
The changes tagged by TF-Mv1.6.0 and located in the release/v1.6.x<https://review.trustedfirmware.org/q/project:TF-M%252Ftrusted-firmware-m+br…> branch at the moment.
In short, they will be integrated with the main branch and be available from there.
Thanks everyone for contribution, review and support this milestone.
Anton
Hi,
The next Technical Forum is planned on Thursday, April 28, 7:00-8:00 UTC (East time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hi everyone,
We have discussed the design proposal of supporting secure Flash in tf-m
framework via this mailing list before,now the implementation code of this
external trusted secure storage partition has been uploaded to tf-m-extras
repo for review:
https://review.trustedfirmware.org/c/TF-M/tf-m-extras/+/14953
And the binary component of this patch has also been uploaded to
tf-binaries repo:
https://review.trustedfirmware.org/c/tf-binaries/+/14954
For easy understanding please refer to this document first:
https://review.trustedfirmware.org/c/TF-M/tf-m-extras/+/14953/1/partitions/…
Looking forward to your comments and suggestions.
Best Regards,
Poppy Wu
吴偏偏
Macronix Microelectronics (Suzhou) Co.,Ltd
旺宏微电子(苏州)有限公司
http://www.mxic.com.cn
============================================================================
CONFIDENTIALITY NOTE:
This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as it attachments from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation.
Macronix International Co., Ltd.
=====================================================================
Hello,
The branch release/1.6.x<https://git.trustedfirmware.org/TF-M%2Ftrusted-firmware-m.git/log/?h=refs%2…> has been created, indicating the project feature's freeze and beginning the release process. Expecting to place RC1 tag asap, after successful run of the basic tests.
Let me remind that the code is not frozen, and development can be continued on the main branch.
Thanks,
Anton
Hi All,
TF-M Open CI is back to normal now.
Please feel free to use it.
Thanks,
Xinyu
From: Xinyu Zhang via TF-M <tf-m(a)lists.trustedfirmware.org>
Sent: Monday, April 18, 2022 12:06 PM
To: TF-M mailing list <tf-m(a)lists.trustedfirmware.org>
Subject: [TF-M] TF-M Open CI Down
Hi All,
Sorry to inform you that TF-M Open CI is down for the time being because of Jenkins upgrade.
I'll let you know once it is back to normal.
Apologize for any inconvenience!
Thanks,
Xinyu
Hi All,
Sorry to inform you that TF-M Open CI is down for the time being because of Jenkins upgrade.
I'll let you know once it is back to normal.
Apologize for any inconvenience!
Thanks,
Xinyu
Hi,
The forum is cancelled because of the empty agenda and the assumption that many of us in the west time zone will have a long weekend this week.
Thanks,
Anton
From: Anton Komlev via TF-M <tf-m(a)lists.trustedfirmware.org>
Sent: Wednesday, April 6, 2022 12:43 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] Technical Forum call - April 14
Hi,
The next Technical Forum is planned on Thursday, April 14, 15:00-16:00 UTC (West time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hello!
My name is Oleg.
I'm working on TF-M Isolation Level 3 testing and I need to develop test cases list for it.
Could you be so kind to provide me the test cases list? May be you know where I can find it by myself?
Also I have test cases list for Isolation Leve 2. Am I right that it can be reused for Isolation Level 3 with some changes?
I will be very appreciate for any help.
Thank you so much,
Oleg Dokanov
Hi,
The next Technical Forum is planned on Thursday, April 14, 15:00-16:00 UTC (West time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hi all,
Please be advised that the Mbed TLS GitHub migration is complete. The new home for Mbed TLS is:
https://github.com/Mbed-TLS
We recommend updating your project, checkouts, etc to point at the new repository, but it's not urgent as everything will continue to work for some time via automatic redirection.
Also please note that our project boards, which we use for planning upcoming work via epics, and tracking current activity, have moved. They are now available here:
Epics board: https://github.com/orgs/Mbed-TLS/projects/1
Current activity: https://github.com/orgs/Mbed-TLS/projects/2
Thanks
Dave Rodgman
On 22/03/2022, 14:52, "Dave Rodgman via Mbed-tls-announce" <mbed-tls-announce(a)lists.trustedfirmware.org> wrote:
Hi all,
Please note that in the next couple of weeks, we will migrate Mbed TLS to a new GitHub organisation. Your existing scripts, links etc for accessing Mbed TLS on GitHub should not be affected.
This will change the url from https://github.com/ARMmbed/mbedtls to https://github.com/Mbed-TLS/mbedtls . GitHub will redirect any accesses to the old URL for the foreseeable future, but we would recommend updating your links once the migration is complete.
All of the Mbed TLS repositories will migrate to this new organisation, i.e.:
mbedtls
mbedtls-docs
mbedtls-test
Thanks
Dave Rodgman
--
Mbed-tls-announce mailing list -- mbed-tls-announce(a)lists.trustedfirmware.org
To unsubscribe send an email to mbed-tls-announce-leave(a)lists.trustedfirmware.org
Hi,
The next Technical Forum is planned on Thursday, March 31, 7:00-8:00 UTC (East time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hello,
Quite some time ago there was a proposal to move TF-M into GitHub. The main motivation is: more convenient review process, the Wiki for knowledge sharing and issue tracking facility.
This idea had been discussed multiple times in TSC. The following options were considered:
1. Hybrid: Add TF-M on GitHub with 2 ways synchronization between GitHub and existing Git/Gerrit
2. GitHub only: Move to GitHub completely and drop Gerrit.
3. Mirror: Create a read-only mirror on GitHub. TF-M review process stays in Gerrit but Wiki and issue tracking are on GitHub.
4. Nothing: Stay on Gerrit as good enough solution.
The options are ordered by complexity and cost each has pros and cons. The Mirror option (3) seeing as the best compromise and practically affordable in a short time.
Please share your opinion and comments on the topic with any dependencies or specific requirements to be considered.
Thanks,
Anton
Hi All,
Please find the link to the TrustedFirmware Community Code of Conduct here:
https://developer.trustedfirmware.org/w/collaboration/community_guidelines/…
Trusted Firmware has a very diverse and global developer community. It is
important that we adhere to the code of conduct in all our interactions.
For some of you all this may be new and for others just a gentle reminder.
In either case, if you have any questions, please feel free to reach out to
me directly.
And thanks to you all for your contributions to the TrustedFirmware
community!
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
Hi.
I've been working on making an example on how an application can use the secure interrupts in a secure partition in TF-M.
During this I've encountered an issue where the secure partition will not be scheduled to process the secure interrupt signal in certain conditions.
I've compared it to the current SLIH and FLIH test cases to my observed behaviour and I could see that they did not have this problem.
I've created a test-case that triggers the problem [0].
In the mailing list I can see that this was actually discussed recently [1]
The summary is that secure partitions will not be scheduled to process a secure interrupt signal when the interrupt is interrupting the NSPE.
I could not find that this was documented anyway, but maybe I have overlooked.
In any case I find this behaviour very unexpected and I would like to know if this is indeed a design decision and the behaviour has to be this way?
If I wanted to do some processing in the secure partition context it would now mean that I have to get the NSPE to trigger this through a secure partition call.
This seems like a limitation to me .
I'd like to know what would be the issue with scheduling the partition once it now has the signal asserted.
I've done a quick test with scheduling the partition at this point with [2] and this now works as I expect it to.
I'd be happy to follow up with submitting a change to schedule the partition as done in [2] if that is an acceptable solution.
[0] https://github.com/joerchan/tf-m-tests/commit/d9f0a3a7653b594d0fa797d9e0bca…
[1] https://lists.trustedfirmware.org/archives/list/tf-m@lists.trustedfirmware.…
[2] https://github.com/joerchan/sdk-trusted-firmware-m/commit/e5512c6e8b2bad95c…
Hi,
Just a reminder that the MCUboot version has been upgraded to v1.9.0<https://github.com/mcu-tools/mcuboot/releases/tag/v1.9.0> in TF-M. If you are using the local MCUboot repo, then you need to update it to that version to avoid build error.
Regards,
Sherry Zhang
Hi,
The next Technical Forum is planned on Thursday, March 17, 15:00-16:00 UTC (West time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hello,
TF-M release v1.6.0 will be shifted from April 15 to April 28. The main reason is Easter holiday and expected lack of availability from community and platform owners around that date. Feature freeze will be moved to April 6th when the release branch will be created.
Please update your plans accordingly.
Please let me know if this change make difficulty for you and better date is possible.
Thanks,
Anton
Hi all,
I want to simplify the flag TFM_PLATFORM in build system. TF-M now already supports two different ways to choose specific platform, for example AN521:
- Absolute path: '<tf-m path>/platform/ext/target/arm/mps2/an521'
- Relative path: 'arm/mps2/an21'
Recently I have uploaded a [tf-m patch]<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/14260> to support platform name:
- Platform name: 'an521'
I think it will be more convenient for developers to use:
- Users don't need to remember and type the absolute or relative path, only target platform name is enough.
- If the structure of certain platform is changed, the default build command of TFM_PLATFORM is same.
I'd be very grateful if you can give any suggestion or enhancement for me. Thanks.
Best Regards
Jianliang Shen
Dear All,
I view the tf-m source code for the first time, and many of the code
details can not be make clear. So ..,
where may I find the design documents of spm, for example:
trusted-firmware-m-TF-Mv1.5.0\secure_fw\spm\cmsis_func and cmsis_psa
software modules.
Best Regards
Wang Zhilei | Software
Beken Corporation
----------------------------------------------------------------------------
---------------------------------------------------------
Hi,
The next Technical Forum is planned on Thursday, March 3, 7:00-8:00 UTC (Asian time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hi colleagues!
Could we get a list of MISRA/CERT-C violations that were found by tf-m Coverity CI, as example from https://ci.trustedfirmware.org/job/tf-m-coverity/lastSuccessfulBuild/
Also (if it possible), could you provide Coverity configs to help align this tool setup on our side to CI and to check all changes before any pool requests?
Best regards,
Kostiantyn Tkachov
Cypress Semiconductor Ukraine
Firmware Security