Hi,
It appears that ITS encryption would be required for PSA Certified Level 3. I'm seeing that this would required a platform specific HAL implementation. Is there some reason PSA Crypto APIs were not used like they were for attestation?
Encryption in ITS
=================
The ITS can optionally be configured to encrypt the internal trusted storage
data.
To support encryption in ITS the target platform must provide an
implementation of the APIs defined in ``platform/include/tfm_hal_its_encryption.h``::
enum tfm_hal_status_t tfm_hal_its_aead_generate_nonce(uint8_t *nonce,
const size_t nonce_size);
enum tfm_hal_status_t tfm_hal_its_aead_encrypt(
struct tfm_hal_its_auth_crypt_ctx *ctx,
const uint8_t *plaintext,
const size_t plaintext_size,
uint8_t *ciphertext,
const size_t ciphertext_size,
uint8_t *tag,
const size_t tag_size);
enum tfm_hal_status_t tfm_hal_its_aead_decrypt(
struct tfm_hal_its_auth_crypt_ctx *ctx,
const uint8_t *ciphertext,
const size_t ciphertext_size,
uint8_t *tag,
const size_t tag_size,
uint8_t *plaintext,
const size_t plaintext_size);
Regards,
Brian Quach
SimpleLink MCU
Texas Instruments Inc.
12500 TI Blvd, MS F-4000
Dallas, TX 75243
214-479-4076
Hi All,
Since ST platform seems to be supported only passively, I try to adapt tf-m
for the new ST U5Axx and U5Gxx MPUs with 4MB flash on my own.
It does not come easy since some things are hardcoded and new HAL version is
required while breaking HAL changes have been introduced, but this is not
the reason why I make this post.
Is there any easy way, I mean, some cmake switch, which would allow for a
full rebuild without redownloading the required packages?
Since clean rebuild from scratch takes time and I need to do it frequently
while my Internet connection currently is not super-fast and stable such
option would be the most helpful.
Kind regards,
Tomasz
Hello Bohdan
The PSA token spec v2.0 is still in draft and hence is not yet supported by the psa-arch-tests.
I am not aware of the specific plan/timelines, but could you please contact psa-arch-tests team to know details?
Best Regards,
Maulik
________________________________
From: tf-m-request(a)lists.trustedfirmware.org <tf-m-request(a)lists.trustedfirmware.org>
Sent: 27 February 2024 12:00 AM
To: tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org>
Subject: TF-M Digest, Vol 64, Issue 12
Send TF-M mailing list submissions to
tf-m(a)lists.trustedfirmware.org
To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
tf-m-request(a)lists.trustedfirmware.org
You can reach the person managing the list at
tf-m-owner(a)lists.trustedfirmware.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of TF-M digest..."
Today's Topics:
1. Re: Attest token v2.0 in psa-arch-tests
(Bohdan.Hunko(a)infineon.com)
----------------------------------------------------------------------
Message: 1
Date: Mon, 26 Feb 2024 10:50:38 +0000
From: <Bohdan.Hunko(a)infineon.com>
Subject: [TF-M] Re: Attest token v2.0 in psa-arch-tests
To: <tf-m(a)lists.trustedfirmware.org>
Cc: Kostiantyn.Tkachov(a)infineon.com, Roman.Mazurak(a)infineon.com,
Hennadiy.Kytsun(a)infineon.com
Message-ID: <be7dcff9aa504e3f894b7f4fd263512d(a)infineon.com>
Content-Type: multipart/alternative;
boundary="_000_be7dcff9aa504e3f894b7f4fd263512dinfineoncom_"
Hi all,
Any updates on this?
Regards,
Bohdan Hunko
Cypress Semiconductor Ukraine
Engineer
CSUKR CSS ICW SW FW
Mobile: +38099 50 19 714
Bohdan.Hunko(a)infineon.com<mailto:Bohdan.Hunko@infineon.com>
From: Bohdan.Hunko--- via TF-M <tf-m(a)lists.trustedfirmware.org>
Sent: Monday, February 19, 2024 15:24
To: tf-m(a)lists.trustedfirmware.org
Cc: Tkachov Kostiantyn (CSS ICW SW FW) <Kostiantyn.Tkachov(a)infineon.com>; Mazurak Roman (CSS ICW SW FW 3) <Roman.Mazurak(a)infineon.com>; Kytsun Hennadiy (CSS ICW SW FW 3) <Hennadiy.Kytsun(a)infineon.com>
Subject: [TF-M] Attest token v2.0 in psa-arch-tests
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://intranet-content.infineon.com/explore/aboutinfineon/rules/informati…>.
Hi all,
I was trying to run PSA arch tests for INITIAL_ATTESTATION and have some problems with them.
Our platform uses version 2.0 of PSA token spec (ATTEST_TOKEN_PROFILE_PSA_2_0_0) - https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-20.txt but psa arch tests does not seem to support it.
Am I correct that psa-arch-tests does not support v2.0 of attest token?
If yes, then how do I select v2.0 of attest token?
If no, then is there a plan to support v2.0 of attest token in psa-arch-tests? If so then what is a release date for that?
Regards,
Bohdan Hunko
Cypress Semiconductor Ukraine
Engineer
CSUKR CSS ICW SW FW
Mobile: +38099 50 19 714
Bohdan.Hunko(a)infineon.com<mailto:Bohdan.Hunko@infineon.com>
Hi all,
I was trying to run PSA arch tests for INITIAL_ATTESTATION and have some problems with them.
Our platform uses version 2.0 of PSA token spec (ATTEST_TOKEN_PROFILE_PSA_2_0_0) - https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-20.txt but psa arch tests does not seem to support it.
Am I correct that psa-arch-tests does not support v2.0 of attest token?
If yes, then how do I select v2.0 of attest token?
If no, then is there a plan to support v2.0 of attest token in psa-arch-tests? If so then what is a release date for that?
Regards,
Bohdan Hunko
Cypress Semiconductor Ukraine
Engineer
CSUKR CSS ICW SW FW
Mobile: +38099 50 19 714
Bohdan.Hunko(a)infineon.com<mailto:Bohdan.Hunko@infineon.com>
Hi,
I'm seeing this warning when running cmake from a conan pkg: `/home/brian/.conan/data/cmake/3.21.3-0/library-msp/ga/package/be241241e9d4718e5bab4eb33935bbb69606bb0c/bin/cmake -S . -B build -DTFM_PLATFORM=arm/mps2/an521`. Does anyone know how to fix it? I see the language is set by `project("Trusted Firmware M" VERSION ${TFM_VERSION} LANGUAGES C CXX ASM)`.
Per-partition files done:
CMake Warning (dev) at /home/brian/.conan/data/cmake/3.21.3-0/library-msp/ga/package/be241241e9d4718e5bab4eb33935bbb69606bb0c/share/cmake-3.21/Modules/GNUInstallDirs.cmake:236 (message):
Unable to determine default CMAKE_INSTALL_LIBDIR directory because no
target architecture is known. Please enable at least one language before
including GNUInstallDirs.
Call Stack (most recent call first):
build/lib/ext/mbedcrypto-src/CMakeLists.txt:42 (include)
This warning is for project developers. Use -Wno-dev to suppress it.
Regards,
Brian Quach
SimpleLink MCU
Texas Instruments Inc.
12500 TI Blvd, MS F-4000
Dallas, TX 75243
214-479-4076
Car Mishaps is often harrowing experiences, leaving victims addressing physical injuries, emotional trauma, and financial burdens. In this sort of demanding occasions, owning the right lawful representation might make all the primary difference. When you are in Austin, Texas, and end up wanting legal support following a car accident,
https://www.canadatopescorts.com
Hello,
STM32l562e dk platform is timing out in LAVA tests which fails all TF-M builds. The platform was excluded from tests temporarily to enable normal development progress.
Best regards,
Anton
Hi Ahmad,
Thank you for the confirmation. To be honest, I did not expect good news.
Kind regards,
Tomasz
From: Ahmad EL JOUAID <ahmad.eljouaid(a)st.com>
Sent: Wednesday, February 7, 2024 3:04 PM
To: Tomasz Jastrzębski <tdjastrzebski(a)wp.pl>
Cc: tf-m-request(a)lists.trustedfirmware.org; Stephane LE ROY
<stephane.leroy(a)st.com>
Subject: RE: STM target - HAL version upgrade?
Hi Tomasz,
In our objectives, we have included the update of the STM HAL version.
However, an exact date for its implementation has not been determined yet.
Nevertheless, I anticipate that the timeline for its execution will not be
significantly prolonged.
Kind regards,
Ahmad STM
ST Restricted
From: Tomasz Jastrzębski < <mailto:tdjastrzebski@wp.pl> tdjastrzebski(a)wp.pl>
Sent: Tuesday, February 6, 2024 2:49 PM
To: <mailto:tf-m@lists.trustedfirmware.org> tf-m(a)lists.trustedfirmware.org
Cc: Ahmad EL JOUAID < <mailto:ahmad.eljouaid@st.com> ahmad.eljouaid(a)st.com>;
Stephane LE ROY < <mailto:stephane.leroy@st.com> stephane.leroy(a)st.com>
Subject: STM target - HAL version upgrade?
Hi All,
Are there currently any plans to update STM HAL version? HAL is a common
component shared by all the STM boards.
The currently used, relatively old version 1.0.0 does not support ST MCUs
like STM32U5A9 and STM32U5G9 - the first one released a year ago.
I need to decide where I should go ahead and do the update myself and since
then probably maintain private TF-M version or maybe I should just wait
because update is just on the way.
Needless to say, an HAL update will probably take me way more effort than if
it were done by someone who already knows the ropes.
Kind regards,
Tomasz Jastrzębski
Hi All,
Are there currently any plans to update STM HAL version? HAL is a common
component shared by all the STM boards.
The currently used, relatively old version 1.0.0 does not support ST MCUs
like STM32U5A9 and STM32U5G9 - the first one released a year ago.
I need to decide where I should go ahead and do the update myself and since
then probably maintain private TF-M version or maybe I should just wait
because update is just on the way.
Needless to say, an HAL update will probably take me way more effort than if
it were done by someone who already knows the ropes.
Kind regards,
Tomasz Jastrzębski
Hi All,
I think I am ready to try TF-M on B-U585I-IOT02A board.
However, before doing so I want to make sure I know how to remove it when
tests are done.
Please advise.
Tomasz
