- TF-M - lists.trustedfirmware.org

by David Hu

Hi all, TF-M Profile Small patches are merged in TF-M master branch. Thanks a lot for all your review, comments and support. I'd appreciate it if you could feedback and share ideas while enabling Profile Small in your actual use cases. If there is any issue, please feel free to let us know. Thank you. The next step will bring in symmetric key algorithm based Initial Attestation and then Profile Small can have a full set of features. Best regards, Hu Ziji

5 years, 5 months

1
0
0 0

Correction - MMIO region is not sharable between partitions

by Ken Liu

Hi, In the tech forum I mentioned a potential way of sharing MMIO regions - this is not correct. Double checked the PSA FF and it is defined explicitly in the spec page 43: "A Secure Partition always has exclusive access to an MMIO region. Secure Partitions are not allowed to share MMIO regions with other Secure Partitions and MMIO regions are not allowed to overlap." Sorry for the confusion. BR /Ken

5 years, 5 months

1
0
0 0

Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM

by Jonatan Antoni

Hi Gyorgy, Ken, Let me add one statement to Gyorgy's > It became a de-facto standard and most compilers support it. Compilers not yet supported can be easily added, if required. Cheers, Jonatan From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Gyorgy Szing via TF-M Sent: 27 May 2020 10:45 To: Ken Liu <Ken.Liu(a)arm.com>; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Ken, One of the most well working part of CMSIS is the compiler abstraction layer: * It does wat is needed. * Most functionality can not be coded in a different way (i.e. intrinsics). * It became a de-facto standard and most compilers support it. What are the benefits driving re-implementation? /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: 27 May 2020 02:39 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Jamie, At the current stage: * The CMSIS headers dependency has been moved into HAL, the SPM native code would not rely on specific system provided definitions. * These usages are quite TF-M specific and small so there is less significance to upstream back, we can revisit if need to do this after extended the header content - but this extending is out of original design expectation. BR /Ken From: Jamie Fox <Jamie.Fox(a)arm.com<mailto:Jamie.Fox@arm.com>> Sent: Tuesday, May 26, 2020 10:52 PM To: Ken Liu <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Ken, Many similar abstractions for compiler C language extensions are provided by cmsis_compiler.h, already copied into the TF-M code base. If it does not meet all of our needs, should we consider proposing improvements to the upstream CMSIS project? Kind regards, Jamie From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: 25 May 2020 05:02 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi, We created a proposal to define a minimal set of compiler specific-definitions for SPM. The reason is to avoid many #ifdef inside SPM code. Only limited definitions are defined. Platform sources need to use platform defined headers for these definitions, such as CMSIS headers. Special usage such as 'weak' or 'noreturn' are forbidden inside SPM. Please put comments for this change: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4211 Or reply here. This is just an example patch, the follow up would apply this defined headers to all SPM sources. Thanks /Ken

5 years, 5 months

1
0
0 0

Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM

by Gyorgy Szing

Hi Ken, One of the most well working part of CMSIS is the compiler abstraction layer: * It does wat is needed. * Most functionality can not be coded in a different way (i.e. intrinsics). * It became a de-facto standard and most compilers support it. What are the benefits driving re-implementation? /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: 27 May 2020 02:39 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Jamie, At the current stage: * The CMSIS headers dependency has been moved into HAL, the SPM native code would not rely on specific system provided definitions. * These usages are quite TF-M specific and small so there is less significance to upstream back, we can revisit if need to do this after extended the header content - but this extending is out of original design expectation. BR /Ken From: Jamie Fox <Jamie.Fox(a)arm.com<mailto:Jamie.Fox@arm.com>> Sent: Tuesday, May 26, 2020 10:52 PM To: Ken Liu <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Ken, Many similar abstractions for compiler C language extensions are provided by cmsis_compiler.h, already copied into the TF-M code base. If it does not meet all of our needs, should we consider proposing improvements to the upstream CMSIS project? Kind regards, Jamie From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: 25 May 2020 05:02 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi, We created a proposal to define a minimal set of compiler specific-definitions for SPM. The reason is to avoid many #ifdef inside SPM code. Only limited definitions are defined. Platform sources need to use platform defined headers for these definitions, such as CMSIS headers. Special usage such as 'weak' or 'noreturn' are forbidden inside SPM. Please put comments for this change: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4211 Or reply here. This is just an example patch, the follow up would apply this defined headers to all SPM sources. Thanks /Ken

5 years, 5 months

2
1
0 0

Re: [TF-M] Pre-provisioned keys

by Tamas Ban

Hi Brian, The pre-provisioned keys are highly platform dependent. TF-M just provide an API to access them, but currently we have no standard/general solution to storing them. There was question a few weeks ago related to same topic. I just copied Shebu's past answer here: "Provisioning was added as a future roadmap item in anticipation of a PSA Provisioning Specification. The Specification (Factory or application specific) hasn't happened so far. There is no active work ongoing in TF-M around provisioning. TF-M using provisioned keys in CC-312 on MuscaB1 platform is available as an example. See details here<https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…> under CC312 heading. In TrustedFirmware TSC, provisioning has been a discussion topic sometime back. Search for provisioning in the minutes below. https://github.com/microbuilder/certificate_chains/blob/master/rfc_tfm.md is an RFC that Kevin prepared during those discussions for TF-M devices to use certificate chain. " I hope this helps! Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: 27 May 2020 03:41 To: tf-m(a)lists.trustedfirmware.org; Quach, Brian <brian(a)ti.com> Cc: nd <nd(a)arm.com> Subject: [TF-M] FW: Pre-provisioned keys Hi Folks, Brian got one question about pre-provisioned keys, anyone could reply? Hi Brian, you can subscribe the mailing list here: https://lists.trustedfirmware.org/mailman/listinfo/tf-m Thanks. /Ken From: Quach, Brian <brian(a)ti.com<mailto:brian@ti.com>> Sent: Wednesday, May 27, 2020 6:36 AM Subject: Pre-provisioned keys Hi Ken, Does TF-M have a plan for storing and accessing persistent keys (such as HUK) installed to flash at the factory prior to provisioning of the device? I had seen these as being stored outside of ITS flash in some compile time defined location and being read-only. Regards, Brian

5 years, 5 months

1
0
0 0

FW: Pre-provisioned keys

by Ken Liu

Hi Folks, Brian got one question about pre-provisioned keys, anyone could reply? Hi Brian, you can subscribe the mailing list here: https://lists.trustedfirmware.org/mailman/listinfo/tf-m Thanks. /Ken From: Quach, Brian <brian(a)ti.com> Sent: Wednesday, May 27, 2020 6:36 AM Subject: Pre-provisioned keys Hi Ken, Does TF-M have a plan for storing and accessing persistent keys (such as HUK) installed to flash at the factory prior to provisioning of the device? I had seen these as being stored outside of ITS flash in some compile time defined location and being read-only. Regards, Brian

5 years, 5 months

1
0
0 0

Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM

by Jamie Fox

Hi Ken, Many similar abstractions for compiler C language extensions are provided by cmsis_compiler.h, already copied into the TF-M code base. If it does not meet all of our needs, should we consider proposing improvements to the upstream CMSIS project? Kind regards, Jamie From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: 25 May 2020 05:02 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi, We created a proposal to define a minimal set of compiler specific-definitions for SPM. The reason is to avoid many #ifdef inside SPM code. Only limited definitions are defined. Platform sources need to use platform defined headers for these definitions, such as CMSIS headers. Special usage such as 'weak' or 'noreturn' are forbidden inside SPM. Please put comments for this change: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4211 Or reply here. This is just an example patch, the follow up would apply this defined headers to all SPM sources. Thanks /Ken

5 years, 5 months

2
1
0 0

Re: [TF-M] TF-M Technical Forum call - May 28

by Edison Ai

Hi Anton, I want to give an introduction about the HAL for TF-M core, about 30 mins. Thanks, Edison From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Tuesday, May 19, 2020 9:46 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] TF-M Technical Forum call - May 28 Hello, The next Technical Forum is planned on Thursday, May 28 at 6:00-7:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Here are some local time examples: Location Local Time Time Zone UTC Offset Vancouver<https://www.timeanddate.com/worldclock/canada/vancouver> (Canada - British Columbia) Wednesday, 27 May 2020, 23:00:00 PDT<https://www.timeanddate.com/time/zones/pdt> UTC-7 hours Chicago<https://www.timeanddate.com/worldclock/usa/chicago> (USA - Illinois) Thursday, 28 May 2020, 01:00:00 CDT<https://www.timeanddate.com/time/zones/cdt> UTC-5 hours Cambridge<https://www.timeanddate.com/worldclock/uk/cambridge> (United Kingdom - England) Thursday, 28 May 2020, 07:00:00 BST<https://www.timeanddate.com/time/zones/bst> UTC+1 hour Shanghai<https://www.timeanddate.com/worldclock/china/shanghai> (China - Shanghai Municipality) Thursday, 28 May 2020, 14:00:00 CST<https://www.timeanddate.com/time/zones/cst-china> UTC+8 hours Corresponding UTC (GMT) Thursday, 28 May 2020, 06:00:00<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20200528T0600> Best regards, Anton Komlev

5 years, 5 months

1
0
0 0

by Ken Liu

Hi, We created a proposal to define a minimal set of compiler specific-definitions for SPM. The reason is to avoid many #ifdef inside SPM code. Only limited definitions are defined. Platform sources need to use platform defined headers for these definitions, such as CMSIS headers. Special usage such as 'weak' or 'noreturn' are forbidden inside SPM. Please put comments for this change: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4211 Or reply here. This is just an example patch, the follow up would apply this defined headers to all SPM sources. Thanks /Ken

5 years, 5 months

1
0
0 0

Simplify the veneers of library model

by Mingyang Sun

Hi all, In the current implementation, every secure function has an associated veneer function. Therefore, there are so many veneer functions in ‘tfm_veneers.c’, which have a similar prototype. This would lead to: * Waste of the veneer and secure function size – these APIs have a similar prototype, and they have unified NS dispatcher already. * More secure functions lead to more veneers and potential re-configuration of the non-secure callable area. This patch tries to unify the service entry so that: * Similar function codes do not need to be duplicated. * Keeping almost the same performance. This is also an experiment patch to start the journey to the SFN model Andrew proposed. Let’s see the feedbacks and decide what to do in the next step. https://review.trustedfirmware.org/c/trusted-firmware-m/+/4115 Please do feedback, especially the library model users – please check what kinds of the inconvenience it brings so that we can discuss the correct shape. Here are some details in the patch: Prototype of the unified veneer function: psa_status_t tfm_sfc_call(uint32_t ctrl, psa_invec *in_vec, psa_outvec *out_vec); where: the uint32_t type parameter ‘ctrl’ is a pack of parameters - psa invec length, psa outvec length, and function identifier. [8 bits for inlen][8 bits for outlen][16 bits for function identifier] This is to avoid the condition that 5 parameters will cause re-wrapping of parameters. Time cost and code size measurement: github-tracking Use the unified veneer cost of a veneer call is 1264 cost of an interrupt is 941 veneer used 832B, region size 832B, 100% cost of a veneer call is 1274 cost of an interrupt is 941 veneer used 64B, region size 832B, 7.69% Thanks, Mingyang

5 years, 5 months

1
0
0 0

Re: [TF-M] TF-M and provisioning

by Shebu Varghese Kuriakose

Hi Gernot, Provisioning was added as a future roadmap item in anticipation of a PSA Provisioning Specification. The Specification (Factory or application specific) hasn't happened so far. There is no active work ongoing in TF-M around provisioning. TF-M using provisioned keys in CC-312 on MuscaB1 platform is available as an example. See details here<https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…> under CC312 heading. In TrustedFirmware TSC, provisioning has been a discussion topic sometime back. Search for provisioning in the minutes below. https://github.com/microbuilder/certificate_chains/blob/master/rfc_tfm.md is an RFC that Kevin prepared during those discussions for TF-M devices to use certificate chain. Regards, Shebu https://lists.trustedfirmware.org/pipermail/tsc/2019-September/000044.html https://lists.trustedfirmware.org/pipermail/tsc/2019-October/000048.html https://lists.trustedfirmware.org/pipermail/tsc/2019-November/000052.html https://lists.trustedfirmware.org/pipermail/tsc/2019-December/000068.html https://lists.trustedfirmware.org/pipermail/tsc/2020-January/000072.html https://lists.trustedfirmware.org/pipermail/tsc/2020-February/000076.html -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Gernot Kvas via TF-M Sent: Tuesday, May 19, 2020 10:03 PM To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] TF-M and provisioning Hello, I would like to understand the background behind roadmap item "Provisioning" that is mentioned here [1] (Slide 31) and here [2]. What provisioning functionality would we be talking here, is it provisioning as in "RoT provisioning", so more towards manufacturing as defined in the PSA security lifecycle, or provisioning when the device is in state "Secured", so more towards application specific-data? I would assume the latter, but couldn't find any more information on this subject. Any pointers would be highly appreciated. Thanks for your help & kind regards, Gernot [1] https://static.linaro.org/connect/san19/presentations/san19-203.pdf [2] https://developer.trustedfirmware.org/w/tf_m/planning/ -- TF-M mailing list TF-M(a)lists.trustedfirmware.org<mailto:TF-M@lists.trustedfirmware.org> https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 5 months

1
0
0 0

TF-M and provisioning

by Gernot Kvas

Hello, I would like to understand the background behind roadmap item "Provisioning" that is mentioned here [1] (Slide 31) and here [2]. What provisioning functionality would we be talking here, is it provisioning as in "RoT provisioning", so more towards manufacturing as defined in the PSA security lifecycle, or provisioning when the device is in state "Secured", so more towards application specific-data? I would assume the latter, but couldn't find any more information on this subject. Any pointers would be highly appreciated. Thanks for your help & kind regards, Gernot [1] https://static.linaro.org/connect/san19/presentations/san19-203.pdf [2] https://developer.trustedfirmware.org/w/tf_m/planning/

5 years, 5 months

1
0
0 0

Re: [TF-M] TF-M Technical Forum call - May 14

by Anton Komlev

Ups, please ignore this invitation with outdated subject. I have sent a better one. Sorry for confusion. Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: 19 May 2020 13:58 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] TF-M Technical Forum call - May 14 Hello, The next Technical Forum is planned on Thursday, May 28 at 6:00-7:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Here are some local time examples: Location Local Time Time Zone UTC Offset Vancouver<https://www.timeanddate.com/worldclock/canada/vancouver> (Canada - British Columbia) Wednesday, 27 May 2020, 23:00:00 PDT<https://www.timeanddate.com/time/zones/pdt> UTC-7 hours Chicago<https://www.timeanddate.com/worldclock/usa/chicago> (USA - Illinois) Thursday, 28 May 2020, 01:00:00 CDT<https://www.timeanddate.com/time/zones/cdt> UTC-5 hours Cambridge<https://www.timeanddate.com/worldclock/uk/cambridge> (United Kingdom - England) Thursday, 28 May 2020, 07:00:00 BST<https://www.timeanddate.com/time/zones/bst> UTC+1 hour Shanghai<https://www.timeanddate.com/worldclock/china/shanghai> (China - Shanghai Municipality) Thursday, 28 May 2020, 14:00:00 CST<https://www.timeanddate.com/time/zones/cst-china> UTC+8 hours Corresponding UTC (GMT) Thursday, 28 May 2020, 06:00:00<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20200528T0600> Best regards, Anton Komlev

5 years, 5 months

1
0
0 0

TF-M Technical Forum call - May 28

by Anton Komlev

Hello, The next Technical Forum is planned on Thursday, May 28 at 6:00-7:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Here are some local time examples: Location Local Time Time Zone UTC Offset Vancouver<https://www.timeanddate.com/worldclock/canada/vancouver> (Canada - British Columbia) Wednesday, 27 May 2020, 23:00:00 PDT<https://www.timeanddate.com/time/zones/pdt> UTC-7 hours Chicago<https://www.timeanddate.com/worldclock/usa/chicago> (USA - Illinois) Thursday, 28 May 2020, 01:00:00 CDT<https://www.timeanddate.com/time/zones/cdt> UTC-5 hours Cambridge<https://www.timeanddate.com/worldclock/uk/cambridge> (United Kingdom - England) Thursday, 28 May 2020, 07:00:00 BST<https://www.timeanddate.com/time/zones/bst> UTC+1 hour Shanghai<https://www.timeanddate.com/worldclock/china/shanghai> (China - Shanghai Municipality) Thursday, 28 May 2020, 14:00:00 CST<https://www.timeanddate.com/time/zones/cst-china> UTC+8 hours Corresponding UTC (GMT) Thursday, 28 May 2020, 06:00:00<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20200528T0600> Best regards, Anton Komlev

5 years, 5 months

1
0
0 0

TF-M Technical Forum call - May 14

by Anton Komlev

Hello, The next Technical Forum is planned on Thursday, May 28 at 6:00-7:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Here are some local time examples: Location Local Time Time Zone UTC Offset Vancouver<https://www.timeanddate.com/worldclock/canada/vancouver> (Canada - British Columbia) Wednesday, 27 May 2020, 23:00:00 PDT<https://www.timeanddate.com/time/zones/pdt> UTC-7 hours Chicago<https://www.timeanddate.com/worldclock/usa/chicago> (USA - Illinois) Thursday, 28 May 2020, 01:00:00 CDT<https://www.timeanddate.com/time/zones/cdt> UTC-5 hours Cambridge<https://www.timeanddate.com/worldclock/uk/cambridge> (United Kingdom - England) Thursday, 28 May 2020, 07:00:00 BST<https://www.timeanddate.com/time/zones/bst> UTC+1 hour Shanghai<https://www.timeanddate.com/worldclock/china/shanghai> (China - Shanghai Municipality) Thursday, 28 May 2020, 14:00:00 CST<https://www.timeanddate.com/time/zones/cst-china> UTC+8 hours Corresponding UTC (GMT) Thursday, 28 May 2020, 06:00:00<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20200528T0600> Best regards, Anton Komlev

5 years, 5 months

1
0
0 0

Re: [TF-M] PSA documentation page

by Ken Liu

Now we linked the home page (https://developer.arm.com/architectures/security-architectures/platform-sec…) of PSA in the readme (https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…), are you proposing to update to this documentation link? /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Adrian Shaw via TF-M Sent: Monday, May 18, 2020 6:12 PM To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] PSA documentation page For anyone who is interested in a more comprehensive list of the PSA documents, the following page is now available on developer.arm.com that lists the documents, the latest specification versions and their current quality status. https://developer.arm.com/architectures/security-architectures/platform-sec… Best, Adrian

5 years, 5 months

1
0
0 0

[RFC] Compiler-specific configurations and architecture registers

by Summer Qin

Hi, Even the ongoing HAL design abstracts all platform-specific operations, there are still some operations that need to be performed directly in TF-M, such as architecture-related operations. These operations are common for all platforms, such as: * generic assembler code for AAPCS based context management. * assign attributes to specific functions. These operations rely on compiler and architecture much instead of the platform. So, define a CORE-specific compiler configuration header file would be a straight requirement. With these unified headers, writing the architecture-specific code would be much safer because it won't involve hardcode compiler related changes. The minimal set of mandatory architecture registers is also planned to be defined. Here send out a mail to collect for the feedbacks - is it worthy of doing this to decouple the architecture from the platform, or we can just re-use the platform provided headers? Any comments are welcome:) Best Regards, Summer

5 years, 5 months

1
0
0 0

PSA documentation page

by Adrian Shaw

For anyone who is interested in a more comprehensive list of the PSA documents, the following page is now available on developer.arm.com that lists the documents, the latest specification versions and their current quality status. https://developer.arm.com/architectures/security-architectures/platform-sec… Best, Adrian

5 years, 5 months

1
0
0 0

Proposal to add sub-folders to collect documents under design_documents folder

by David Hu

Hi all, I'd like to propose to add sub-folders under docs/design_documents to collect the documents on the same topic. Currently, there are already 21 documents in total under docs/design_documents and the number may grow rapidly. It can be more clear if we can organize the documents on the same topic into a dedicated sub-folder under docs/design_documents. Please help review the patch set https://review.trustedfirmware.org/q/topic:%22design-doc-subdir%22+(status:… if the proposal sound interesting. I move dual-cpu and TF-M Profiles related documents to their dedicated folder respectively in the patches. Any comment is welcome! In current patches, the html pages are still put in the same level during Sphinx build. It is because design documents are grouped by document status, instead of document hierarchy. The html pages can be further organized as well if we switch to group html according to folder structures. Best regards, Hu Ziji

5 years, 5 months

1
0
0 0

Ask for final review of symmetric based initial attestation design

by David Hu

Hi all, May I ask for a final round of review on symmetric initial attestation design document on https://review.trustedfirmware.org/c/trusted-firmware-m/+/3898? The document has been reviewed for a long time and received many valuable comments. Thanks a lot. If there is no further critical comment, I'd like to merge this design this Friday. Best regards, Hu Ziji

5 years, 5 months

1
0
0 0

[RFC] [Source Structure] Design document is availiable.

by Ken Liu

Hi, There is an upcoming source structure adjustment for TF-M. The basic idea is to make the structure simple and easy to be understood by users. The significant change would be a long term goal so no worry. In the beginning, there would be changes in core and platform to align with HAL changes. Please help to put comments on the design documents - after aligned, this document would be a user guide document to describe the source structure of TF-M. The patch is here: https://review.trustedfirmware.org/c/trusted-firmware-m/+/4112 And the issue link: https://developer.trustedfirmware.org/T751 Feel free to put any comments or ask questions. Thanks. /Ken

5 years, 5 months

1
0
0 0

IRQ testing tool available for review

by Mate Toth-Pal

Hi All, The IRQ testing tool proposed for TF-M earlier, and presented in one of the TF-M tech forum is available for code review: https://review.trustedfirmware.org/c/trusted-firmware-m/+/4078/1 https://review.trustedfirmware.org/c/trusted-firmware-m/+/4079/1 The presentation can be viewed here: https://zoom.us/rec/share/3epSNYjX519Oeony5HH8WIgqXb7peaa82iYf_vZYmBuPbFktC… (Extended) Slides: https://www.trustedfirmware.org/docs/Automated_testing_of_interrupt_handlin… Please give feedback in gerrit review comments. Thanks, Mate

5 years, 5 months

1
0
0 0

Re: [TF-M] Attestation: is there an usage example for that somewhere

by Adrian Shaw

Hi Reinhard, Attestation is implemented in TF-M. There is a whitepaper here explaining attestation use cases and usage models https://www.psacertified.org/app/uploads/2020/02/PSA-Certified-Entity-Attes… The API is documented in the specification ARM IHI 0085, which you can find here https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Im… Best, Adrian On 14 May 2020, at 15:55, Reinhard Keil via TF-M <tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>> wrote: Is Attestation already implemented? Is there somewhere information on how Attestation is used. I’m looking for user oriented information. Thanks for your help. Reinhard -- TF-M mailing list TF-M(a)lists.trustedfirmware.org<mailto:TF-M@lists.trustedfirmware.org> https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 5 months

1
0
0 0

Attestation: is there an usage example for that somewhere

by Reinhard Keil

Is Attestation already implemented? Is there somewhere information on how Attestation is used. I'm looking for user oriented information. Thanks for your help. Reinhard

5 years, 5 months

1
0
0 0

Re: [TF-M] Boot seed in TFM Attestation tests

by Andrej Butok

Hi Tamas, The patch has eliminated the test fail. Thank you, Andrej From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Tamas Ban via TF-M Sent: Thursday, May 14, 2020 2:32 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] Boot seed in TFM Attestation tests Hi Andrej, The value of boot_seed is compared against a hard coded value. This behaviour can be turned off in test/suites/attestation/attest_token_test_values.h. Then only the presence of boot_seed claim will be checked but its value not. Could you test this patch: diff --git a/test/suites/attestation/attest_token_test_values.h b/test/suites/attestation/attest_token_test_values.h index 5910524..fe2b9d4 100644 --- a/test/suites/attestation/attest_token_test_values.h +++ b/test/suites/attestation/attest_token_test_values.h @@ -110,6 +110,8 @@ /* A 32 byte mostly random value. Binary. * platform/ext/common/template/attest_hal.c */ +#define TOKEN_TEST_VALUE_BOOT_SEED NULL_Q_USEFUL_BUF_C +/* #define TOKEN_TEST_VALUE_BOOT_SEED \ (struct q_useful_buf_c) {\ (uint8_t[]){ \ @@ -120,6 +122,7 @@ },\ 32\ } +*/ #define TOKEN_TEST_REQUIRE_BOOT_SEED true /* Mandatory claim */ /* A text string in EAN 13 format Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Andrej Butok via TF-M Sent: 14 May 2020 12:06 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] Boot seed in TFM Attestation tests Hello, Using a real boot seed instead of the dummy one is causing a Attestation Service regression fail. The log: Running Test Suite Initial Attestation Service non-secure interface tests(TFM_ATTEST_TEST_2XXX)... > Executing 'TFM_ATTEST_TEST_2004' Description: 'ECDSA signature test of attest token' decode_test_normal_sig() returned: -55 Attest token decode_test_normal_sig() has failed (Failed at ../../../../../../middleware/tfm/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c:136) TEST FAILED! Is it know issue? Probably, it's better to use a real boot seed by the Attestation tests, returned by tfm_plat_get_initial_attest_key()? Thank you, Andrej Butok

5 years, 5 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M