What is the URL to push patches to this repo?
I attempted to push the IAR RTX libraries but it failed.
Cheers,
Thomas
Den 2020-06-19 kl. 12:29, skrev Anton Komlev via TF-M:
>
> Hi,
>
> Following TF-M project restructuring, let me bring your attention to
> the new repository: *tf-m-tests* repo
> <https://git.trustedfirmware.org/TF-M/tf-m-tests.git/>
>
> The intention is to migrate testing related code/libraries/tools there
> and clean the main repository.
>
> Patches have been made. Please be aware of the change.
>
> At this moment it does not affect the project development but in the
> future to test TF-M you will need to use this tf-m-tests repo.
>
> Thanks,
>
> Anton Komlev
>
>
--
*Thomas Törnblom*, /Product Engineer/
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com>
Website: www.iar.com <http://www.iar.com>
Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>
Hi all,
Symmetric initial attestation patches are merged. Symmetric initial attestation now is enabled in TF-M Profile Small.
Thanks a lot for the review and support.
Best regards,
Hu Ziji
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M
Sent: Monday, May 18, 2020 3:34 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] Ask for final review of symmetric based initial attestation design
Hi all,
May I ask for a final round of review on symmetric initial attestation design document on https://review.trustedfirmware.org/c/trusted-firmware-m/+/3898?
The document has been reviewed for a long time and received many valuable comments. Thanks a lot.
If there is no further critical comment, I'd like to merge this design this Friday.
Best regards,
Hu Ziji
Thanks Anton.
As you may have noticed, the CMSIS RTX libraries have been added to the tf-m-tests.
There are also patches<https://review.trustedfirmware.org/q/topic:%22CMSIS_5_to_tfm_tests%22+(stat…> for TF-M to reference the libraries from tf-m-tests.
The plan is to merge them before TF-M 1.1 release code freeze (around end of June).
You would need to clone the tf-m-tests repo to build TF-M when these patches were merged.
Best Regards,
Kevin
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M
Sent: Friday, June 19, 2020 6:30 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] new tf-m-test repository
Hi,
Following TF-M project restructuring, let me bring your attention to the new repository: tf-m-tests repo<https://git.trustedfirmware.org/TF-M/tf-m-tests.git/>
The intention is to migrate testing related code/libraries/tools there and clean the main repository.
Patches have been made. Please be aware of the change.
At this moment it does not affect the project development but in the future to test TF-M you will need to use this tf-m-tests repo.
Thanks,
Anton Komlev
Hi,
Following TF-M project restructuring, let me bring your attention to the new repository: tf-m-tests repo<https://git.trustedfirmware.org/TF-M/tf-m-tests.git/>
The intention is to migrate testing related code/libraries/tools there and clean the main repository.
Patches have been made. Please be aware of the change.
At this moment it does not affect the project development but in the future to test TF-M you will need to use this tf-m-tests repo.
Thanks,
Anton Komlev
Hi Everyone
I have pushed the proposal for release cadence and process for here : https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4635
This mainly follows the TF-A release process. The release cadence period is set to be 4 months with a code freeze of up to 3 weeks.
Best Regards
Soby Mathew
Hi Andrej,
The PSA Storage spec (available here https://developer.arm.com/architectures/security-architectures/platform-sec…) states that the Protected Storage service should be implemented inside the Application Root of Trust.
The principle is that the PSA Root of Trust should be kept as small as possible, to reduce the attack surface of the most privileged part of the system. As Protected Storage neither needs the privileges of the PSA Root of Trust nor is used by any PSA Root of Trust service, it should be implemented inside the Application Root of Trust.
Kind regards,
Jamie
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M
Sent: 18 June 2020 09:16
To: tf-m(a)lists.trustedfirmware.org
Subject: [TF-M] PS => AP ROT
Hello,
I have just notices that the TFM Protected Storage service partition has been changed from PSA ROT to APP ROT.
Just curious, what is a reason?
May it stay PSA ROT?
Thank you in advance,
Andrej Butok
Hello,
I have just notices that the TFM Protected Storage service partition has been changed from PSA ROT to APP ROT.
Just curious, what is a reason?
May it stay PSA ROT?
Thank you in advance,
Andrej Butok
Hello,
The next Technical Forum is planned on Thursday, June 25 at 15:00-16:00 UTC (US time zone).
This is exceptional time zone change because of a public holiday in China that day.
Please reply on this email with your proposals for agenda topics.
Best regards,
Anton Komlev
Hi Tamas,
> I do not know whether the this two phase setting of MSP_LIMIT is still in use or not. If not the no need for S_MSP_STACK_SIZE_INIT.
The only place where it's used is the GCC linker file:
__msp_init_stack_size__ = S_MSP_STACK_SIZE_INIT
So for GCC __msp_init_stack_size__ is in 2 times less (0x400) than for Keil and IAR (0x800) "__msp_init_stack_size__ = S_MSP_STACK_SIZE".
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Tamas Ban via TF-M
Sent: Tuesday, June 16, 2020 10:17 AM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: Re: [TF-M] S_MSP_STACK_SIZE_INIT vs S_MSP_STACK_SIZE
Hi Andrej,
The BOOT_TFM_SHARED_DATA and the MSP_STACK area are overlapping on purpose. The partitions which are expecting to receive data from bootloader is intended to get their own data during the partition init phase with calling tfm_core_get_boot_data() with the partition's major_type. Then the data will be copied from shared area to partition's memory.
So after all partition's init is executed then the data from the shared buffer is distributed to the owning partitions and resides in their memory. At this point the shared_data area can be overwritten by growing MSP, without destroying shared data.
Originally there was an S_MSP_STACK_SIZE_INIT size which was used to setup the MSP_LIMIT for the init phase to avoid overwriting the shared data area. After the init phase the MSP_LIMIT was set again with its full size S_MSP_STACK_SIZE.
I do not know whether the this two phase setting of MSP_LIMIT is still in use or not. If not the no need for S_MSP_STACK_SIZE_INIT.
+-> +-> +--------------+ <- Shared boot data base, S_MSP_STACK_SIZE
| Shared| | |
M | Data | | |
S | | | |
P | +-> +--------------+ <- S_MSP_STACK_SIZE_INIT
| | |
| | |
| | |
+-> +--------------+ <- Top of MSP
Tamas
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Andrej Butok via TF-M
Sent: 16 June 2020 09:52
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Subject: [TF-M] S_MSP_STACK_SIZE_INIT vs S_MSP_STACK_SIZE
Hello,
What is a difference between S_MSP_STACK_SIZE_INIT and S_MSP_STACK_SIZE defined in partition\region_defs.h:
#define S_MSP_STACK_SIZE_INIT (0x0000400)
#define S_MSP_STACK_SIZE (0x0000800)
S_MSP_STACK_SIZE_INIT is used only for gcc.
S_MSP_STACK_SIZE is used for armclang and iar.
Guess, it should be used only one definition. So in our platform code we are going to use only S_MSP_STACK_SIZE.
Should you fix it for all platforms in the original TFM?
Thanks,
Andrej Butok
SW Tech Lead
Security & Connectivity, Microcontrollers
NXP Semiconductors
Hi Andrej,
The BOOT_TFM_SHARED_DATA and the MSP_STACK area are overlapping on purpose. The partitions which are expecting to receive data from bootloader is intended to get their own data during the partition init phase with calling tfm_core_get_boot_data() with the partition's major_type. Then the data will be copied from shared area to partition's memory.
So after all partition's init is executed then the data from the shared buffer is distributed to the owning partitions and resides in their memory. At this point the shared_data area can be overwritten by growing MSP, without destroying shared data.
Originally there was an S_MSP_STACK_SIZE_INIT size which was used to setup the MSP_LIMIT for the init phase to avoid overwriting the shared data area. After the init phase the MSP_LIMIT was set again with its full size S_MSP_STACK_SIZE.
I do not know whether the this two phase setting of MSP_LIMIT is still in use or not. If not the no need for S_MSP_STACK_SIZE_INIT.
+-> +-> +--------------+ <- Shared boot data base, S_MSP_STACK_SIZE
| Shared| | |
M | Data | | |
S | | | |
P | +-> +--------------+ <- S_MSP_STACK_SIZE_INIT
| | |
| | |
| | |
+-> +--------------+ <- Top of MSP
Tamas
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M
Sent: 16 June 2020 09:52
To: tf-m(a)lists.trustedfirmware.org
Subject: [TF-M] S_MSP_STACK_SIZE_INIT vs S_MSP_STACK_SIZE
Hello,
What is a difference between S_MSP_STACK_SIZE_INIT and S_MSP_STACK_SIZE defined in partition\region_defs.h:
#define S_MSP_STACK_SIZE_INIT (0x0000400)
#define S_MSP_STACK_SIZE (0x0000800)
S_MSP_STACK_SIZE_INIT is used only for gcc.
S_MSP_STACK_SIZE is used for armclang and iar.
Guess, it should be used only one definition. So in our platform code we are going to use only S_MSP_STACK_SIZE.
Should you fix it for all platforms in the original TFM?
Thanks,
Andrej Butok
SW Tech Lead
Security & Connectivity, Microcontrollers
NXP Semiconductors