- TF-M - lists.trustedfirmware.org

by Adrian Shaw

For anyone who is interested in a more comprehensive list of the PSA documents, the following page is now available on developer.arm.com that lists the documents, the latest specification versions and their current quality status. https://developer.arm.com/architectures/security-architectures/platform-sec… Best, Adrian

4 years, 4 months

1
0
0 0

Proposal to add sub-folders to collect documents under design_documents folder

by David Hu

Hi all, I'd like to propose to add sub-folders under docs/design_documents to collect the documents on the same topic. Currently, there are already 21 documents in total under docs/design_documents and the number may grow rapidly. It can be more clear if we can organize the documents on the same topic into a dedicated sub-folder under docs/design_documents. Please help review the patch set https://review.trustedfirmware.org/q/topic:%22design-doc-subdir%22+(status:… if the proposal sound interesting. I move dual-cpu and TF-M Profiles related documents to their dedicated folder respectively in the patches. Any comment is welcome! In current patches, the html pages are still put in the same level during Sphinx build. It is because design documents are grouped by document status, instead of document hierarchy. The html pages can be further organized as well if we switch to group html according to folder structures. Best regards, Hu Ziji

4 years, 4 months

1
0
0 0

Ask for final review of symmetric based initial attestation design

by David Hu

Hi all, May I ask for a final round of review on symmetric initial attestation design document on https://review.trustedfirmware.org/c/trusted-firmware-m/+/3898? The document has been reviewed for a long time and received many valuable comments. Thanks a lot. If there is no further critical comment, I'd like to merge this design this Friday. Best regards, Hu Ziji

4 years, 4 months

1
0
0 0

[RFC] [Source Structure] Design document is availiable.

by Ken Liu

Hi, There is an upcoming source structure adjustment for TF-M. The basic idea is to make the structure simple and easy to be understood by users. The significant change would be a long term goal so no worry. In the beginning, there would be changes in core and platform to align with HAL changes. Please help to put comments on the design documents - after aligned, this document would be a user guide document to describe the source structure of TF-M. The patch is here: https://review.trustedfirmware.org/c/trusted-firmware-m/+/4112 And the issue link: https://developer.trustedfirmware.org/T751 Feel free to put any comments or ask questions. Thanks. /Ken

4 years, 4 months

1
0
0 0

IRQ testing tool available for review

by Mate Toth-Pal

Hi All, The IRQ testing tool proposed for TF-M earlier, and presented in one of the TF-M tech forum is available for code review: https://review.trustedfirmware.org/c/trusted-firmware-m/+/4078/1 https://review.trustedfirmware.org/c/trusted-firmware-m/+/4079/1 The presentation can be viewed here: https://zoom.us/rec/share/3epSNYjX519Oeony5HH8WIgqXb7peaa82iYf_vZYmBuPbFktC… (Extended) Slides: https://www.trustedfirmware.org/docs/Automated_testing_of_interrupt_handlin… Please give feedback in gerrit review comments. Thanks, Mate

4 years, 4 months

1
0
0 0

Re: [TF-M] Attestation: is there an usage example for that somewhere

by Adrian Shaw

Hi Reinhard, Attestation is implemented in TF-M. There is a whitepaper here explaining attestation use cases and usage models https://www.psacertified.org/app/uploads/2020/02/PSA-Certified-Entity-Attes… The API is documented in the specification ARM IHI 0085, which you can find here https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Im… Best, Adrian On 14 May 2020, at 15:55, Reinhard Keil via TF-M <tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>> wrote: Is Attestation already implemented? Is there somewhere information on how Attestation is used. I’m looking for user oriented information. Thanks for your help. Reinhard -- TF-M mailing list TF-M(a)lists.trustedfirmware.org<mailto:TF-M@lists.trustedfirmware.org> https://lists.trustedfirmware.org/mailman/listinfo/tf-m

4 years, 4 months

1
0
0 0

Attestation: is there an usage example for that somewhere

by Reinhard Keil

Is Attestation already implemented? Is there somewhere information on how Attestation is used. I'm looking for user oriented information. Thanks for your help. Reinhard

4 years, 4 months

1
0
0 0

Re: [TF-M] Boot seed in TFM Attestation tests

by Andrej Butok

Hi Tamas, The patch has eliminated the test fail. Thank you, Andrej From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Tamas Ban via TF-M Sent: Thursday, May 14, 2020 2:32 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] Boot seed in TFM Attestation tests Hi Andrej, The value of boot_seed is compared against a hard coded value. This behaviour can be turned off in test/suites/attestation/attest_token_test_values.h. Then only the presence of boot_seed claim will be checked but its value not. Could you test this patch: diff --git a/test/suites/attestation/attest_token_test_values.h b/test/suites/attestation/attest_token_test_values.h index 5910524..fe2b9d4 100644 --- a/test/suites/attestation/attest_token_test_values.h +++ b/test/suites/attestation/attest_token_test_values.h @@ -110,6 +110,8 @@ /* A 32 byte mostly random value. Binary. * platform/ext/common/template/attest_hal.c */ +#define TOKEN_TEST_VALUE_BOOT_SEED NULL_Q_USEFUL_BUF_C +/* #define TOKEN_TEST_VALUE_BOOT_SEED \ (struct q_useful_buf_c) {\ (uint8_t[]){ \ @@ -120,6 +122,7 @@ },\ 32\ } +*/ #define TOKEN_TEST_REQUIRE_BOOT_SEED true /* Mandatory claim */ /* A text string in EAN 13 format Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Andrej Butok via TF-M Sent: 14 May 2020 12:06 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] Boot seed in TFM Attestation tests Hello, Using a real boot seed instead of the dummy one is causing a Attestation Service regression fail. The log: Running Test Suite Initial Attestation Service non-secure interface tests(TFM_ATTEST_TEST_2XXX)... > Executing 'TFM_ATTEST_TEST_2004' Description: 'ECDSA signature test of attest token' decode_test_normal_sig() returned: -55 Attest token decode_test_normal_sig() has failed (Failed at ../../../../../../middleware/tfm/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c:136) TEST FAILED! Is it know issue? Probably, it's better to use a real boot seed by the Attestation tests, returned by tfm_plat_get_initial_attest_key()? Thank you, Andrej Butok

4 years, 4 months

2
1
0 0

TF-M repository restructure

by Anton Komlev

Hello, Let me announce the changes in TF-M project repository structure. To allow project grow up in a more organized way the existing codebase will be split on multiple repositories and placed under TF-M folder. This is the similar structure as all other projects have in git.trustedfirmware.org<https://git.trustedfirmware.org>. This weekend TF-M git repository will be moved from https://git.trustedfirmware.org/trusted-firmware-m.git to https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git The original URL will be supported for some time (as a link to the new one) giving time for adjustment. Current plan is to keep the redirection for 6 months but let me know please, if it makes any conflict and another depreciation period is better. Best regards, Anton Komlev

4 years, 4 months

1
0
0 0

Re: [TF-M] Boot seed in TFM Attestation tests

by Tamas Ban

Hi Andrej, The value of boot_seed is compared against a hard coded value. This behaviour can be turned off in test/suites/attestation/attest_token_test_values.h. Then only the presence of boot_seed claim will be checked but its value not. Could you test this patch: diff --git a/test/suites/attestation/attest_token_test_values.h b/test/suites/attestation/attest_token_test_values.h index 5910524..fe2b9d4 100644 --- a/test/suites/attestation/attest_token_test_values.h +++ b/test/suites/attestation/attest_token_test_values.h @@ -110,6 +110,8 @@ /* A 32 byte mostly random value. Binary. * platform/ext/common/template/attest_hal.c */ +#define TOKEN_TEST_VALUE_BOOT_SEED NULL_Q_USEFUL_BUF_C +/* #define TOKEN_TEST_VALUE_BOOT_SEED \ (struct q_useful_buf_c) {\ (uint8_t[]){ \ @@ -120,6 +122,7 @@ },\ 32\ } +*/ #define TOKEN_TEST_REQUIRE_BOOT_SEED true /* Mandatory claim */ /* A text string in EAN 13 format Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: 14 May 2020 12:06 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] Boot seed in TFM Attestation tests Hello, Using a real boot seed instead of the dummy one is causing a Attestation Service regression fail. The log: Running Test Suite Initial Attestation Service non-secure interface tests(TFM_ATTEST_TEST_2XXX)... > Executing 'TFM_ATTEST_TEST_2004' Description: 'ECDSA signature test of attest token' decode_test_normal_sig() returned: -55 Attest token decode_test_normal_sig() has failed (Failed at ../../../../../../middleware/tfm/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c:136) TEST FAILED! Is it know issue? Probably, it's better to use a real boot seed by the Attestation tests, returned by tfm_plat_get_initial_attest_key()? Thank you, Andrej Butok

4 years, 4 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

TF-M