- TF-M - lists.trustedfirmware.org

by Andrej Butok

Hello, I use absolutely the latest TF-M (SHA-1: 81fb08cd66c1037a5e6c57e46ad5946bfc8a0d0e) I am trying to run the regression-test application using IPC API (TFM_PSA_API is defined) The application is compliable with errors: Error: L6218E: Undefined symbol tfm_spm_request_reset_vote (referred from platform_sp.o). Error: L6218E: Undefined symbol tfm_core_get_caller_client_id (referred from audit_core.o). Not enough information to list image symbols. It is caused by the fact that the platform and audit log services are using the functions (printed in the log) which are not available/disabled when TFM_PSA_API is defined. Is it known issue? Any suggestions? Should the Log and Platform services be disabled for IPC? Thanks, Andrej

5 years, 10 months

1
0
0 0

Feature request

by Thomas Törnblom

While working on porting TF-M to the IAR toolchain, I've run into a couple of issues I'd like to discuss. 1) The duplicated REGION/REGION_NAME/REGION_DECLARE macros. Why are these not defined in an include file instead of being defined in eight different c files? I see that they are also defined in spm_db.h, but that is only included in spm related files. 2) I suggest adding a toolchain related include file that should be included in every source file that is part of TF-M. This could be something similar to cmsis_compiler.h, where a toolchain vendor could add stuff that only relates to a specific toolchain. In our case that could include things like: --- #ifdef __ICCARM__ #define $$ZI$$Limit $$Limit #define $$ZI$$Base $$Base #define Image$$ #endif --- Ideas? /Thomas -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

5 years, 10 months

1
0
0 0

[RFC] Move configuration files into specified directory

by Ken Liu (Arm Technology China)

Hi, Since the number of configuration files is increasing, let’s move the configuration files (ConfigXXXX.cmake) into specified directory. This would reduces the files under root directory and makes the structure more clearer. I have created the issue and patch for it: https://developer.trustedfirmware.org/T394 https://review.trustedfirmware.org/c/trusted-firmware-m/+/1234 IMPORTANT NOTES: To be compatible with the existing building configurations, the existing configuration files have been forwarded into the corresponded configuration file under ./configs. Which means there are two set of configuration files under sources tree at current – but this will change soon. There is a warning while you are building with root configurations files: “Please use the configs available in the ./config sub-directory.” So please: - If you are planning to create new configuration, create it under ./configs instead of root directory - The reference of configuration files under root directory will be removed soon, please change your build system setting to reference the configuration files put under ./configs Any feedbacks please reply this mail or put comments under the issue, thanks 😉 -Ken

5 years, 10 months

1
0
0 0

PSA Developer API compliance tests

by Antonio De Angelis

Dear all, The new tag which has just been made available from the psa-arch-tests, available here: https://github.com/ARM-software/psa-arch-tests/releases/tag/v19.06_API0.9 is the one that has to be used to be able to verify PSA Developer API compliance with the latest TF-M. The procedure to follow to build and run the tests remains the same. Thanks, Antonio

5 years, 10 months

1
0
0 0

Supported versions of the Armclang compiler in the TF-M build

by Antonio De Angelis

Dear all, We are considering to drop support for older versions of the Armclang compiler (i.e. 6.7 and 6.9) to focus support on newer releases (thus increasing the requirement on Armclang version to 6.10 or higher). https://developer.trustedfirmware.org/T392 https://review.trustedfirmware.org/c/trusted-firmware-m/+/1223 If you have any specific requirement to use Armclang 6.7 or 6.9, please get in touch here or on the review. Thanks, Antonio

5 years, 10 months

1
0
0 0

Two changes merged by mistake

by Miklos Balint

Hi all, Two changes that have underwent multiple rounds of review and test were accidentally merged instead of being pushed for review and final approval. I was at fault, apologies for that. Additional tests of the changes flagged up no regression. Let me know if you have any concerns or questions, Thanks and regards Miklos

5 years, 11 months

1
0
0 0

Re: [TF-M] Old Mbed-Crypto library?

by Andrej Butok

Hi Antonio, > For the newer API version, the psa-arch-test team will provide a new tag on the master branch in the coming days (this is still not available yet). Please ping me when this tag will appear. Thank you, Andrej -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Antonio De Angelis via TF-M Sent: Tuesday, May 28, 2019 2:19 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] Old Mbed-Crypto library? Hi Andrej, please find my replies inline in red. ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Andrej Butok via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: 28 May 2019 07:38 To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] Old Mbed-Crypto library? Hi Antonio, > TF-M Crypto has moved to use the same API as the latest available *release* of Mbed Crypto which is Mbed Crypto 1.0.0 If to follow the latest development branch of Mbed-Crypto, actually it has started using of "handles" instead of "slots" (the obsolete version is using handles). So by using the old mbed-Crypto release, you have downgraded the Crypto API. [Antonio] Not sure exactly what you mean here. This is the latest Crypto API header used in the development branch: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co… And it uses handles instead of slots as I have explained earlier, handles being a newer concept. Also, please bear in mind that the PSA Crypto API development happens on this branch: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co… , Mbed Crypto being a reference implementation of the API, which means that the API itself can have new concepts which are not part of the reference implementation yet. Please use the latest available mbed-Crypto (do not afraid - it is functional, checked) and avoid this created mess and desynchronization between all PSA related projects. [Antonio] TF-M Crypto service is indeed aligned to latest available release of Mbed Crypto, which is Mbed Crypto 1.0.0 (dated 1st April 2019): https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co… As soon as there will be new releases, TF-M Crypto will align to those. The TF-M Crypto service is not aligned to the development branch because, as mentioned, that branch undergoes active daily development and would be too difficult to track. > The psa-arch-test team is in the process of providing an update on the master branch The master branch, as was declared by PSA Test Suite team, is not used for PSA Functional API certification. Instead, as was declared by PSA Test Suite team, it have to be used the ew_beta0 branch. Please clarify what PSA-TestSuite branch must be used with TFM now? [Antonio] The ew_beta0 branch was used as a temporary milestone which was using the old 0.1.0beta API. For the newer API version, the psa-arch-test team will provide a new tag on the master branch in the coming days (this is still not available yet). Best regards, Antonio Thanks, Andrej -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Antonio De Angelis via TF-M Sent: Monday, May 27, 2019 6:22 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] Old Mbed-Crypto library? Hi Andrej, TF-M Crypto has moved to use the same API as the latest available *release* of Mbed Crypto which is Mbed Crypto 1.0.0 . Mbed Crypto is a reference implementation of the PSA Crypto API, which are under active development. TF-M Crypto will align to newest release of Mbed Crypto when they will become available; these new releases will incorporate the new features which are developed as part of the PSA Crypto API, and there will be cases where the new features will break legacy code (i.e. API changes). Regarding the change that you mention, i.e. psa_key_slot_t vs psa_key_handle_t . The concept of psa_key_handle_t that TF-M Crypto is using now is indeed a newer (updated) concept introduced with later versions of the PSA Crypto API to replace the outdated concept of psa_key_slot_t. For example, if you look at the current latest development version of the PSA Crypto API, you will see that psa_key_handle_t is used to handle keys. This is an example of a breaking change in the API that has been introduced by newer releases of the PSA Crypto API. You are right, this change will break regression / PSA API compliance tests, in fact as part of the latest set of patches you can see that the Regression tests are upgraded to use the new concept of psa_key_handle_t instead of psa_key_slot_t. From these updated tests, you can get an idea of how to use the psa_key_handle_t. After this update, TF-M Crypto can't support the PSA API compliance tests (ACK) which were run previously (i.e. the ew_beta0 branch). The psa-arch-test team is in the process of providing an update on the master branch which will enable TF-M Crypto to run compliance tests from there. This should happen in the next couple of weeks. Please let me know in case you need any more clarification. Best regards, Antonio ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Andrej Butok via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: 27 May 2019 12:52 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] Old Mbed-Crypto library? Hello, tfm_build_instruction.rst tells to use mbed-Crypto instead of mbedTLS: git clone https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co… -b mbedcrypto-1.0<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co…>.0 But the issue is that it references to the obsolete (3 month old) Mbed-Crypto library. Also, it looks like this old MbedCrypto has downgraded TFM/PSA Crypto API (from key-slot to key-handle) => this is step back in PSA TFM API, which should break crypto regression and PSA tests. We do not want to downgrade our SDK MbedCrypto, better to freeze TFM. Any plans to use the last Crypto Lib and to revert the PSA API degradation? Thanks, Andrej Butok -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru…

5 years, 11 months

1
0
0 0

Re: [TF-M] Old Mbed-Crypto library?

by Antonio De Angelis

Hi Andrej, please find my replies inline in red. ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Andrej Butok via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: 28 May 2019 07:38 To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] Old Mbed-Crypto library? Hi Antonio, > TF-M Crypto has moved to use the same API as the latest available *release* of Mbed Crypto which is Mbed Crypto 1.0.0 If to follow the latest development branch of Mbed-Crypto, actually it has started using of "handles" instead of "slots" (the obsolete version is using handles). So by using the old mbed-Crypto release, you have downgraded the Crypto API. [Antonio] Not sure exactly what you mean here. This is the latest Crypto API header used in the development branch: https://github.com/ARMmbed/mbed-crypto/blob/development/include/psa/crypto.h And it uses handles instead of slots as I have explained earlier, handles being a newer concept. Also, please bear in mind that the PSA Crypto API development happens on this branch: https://github.com/ARMmbed/mbed-crypto/tree/psa-api-1.0-beta , Mbed Crypto being a reference implementation of the API, which means that the API itself can have new concepts which are not part of the reference implementation yet. Please use the latest available mbed-Crypto (do not afraid - it is functional, checked) and avoid this created mess and desynchronization between all PSA related projects. [Antonio] TF-M Crypto service is indeed aligned to latest available release of Mbed Crypto, which is Mbed Crypto 1.0.0 (dated 1st April 2019): https://github.com/ARMmbed/mbed-crypto/releases As soon as there will be new releases, TF-M Crypto will align to those. The TF-M Crypto service is not aligned to the development branch because, as mentioned, that branch undergoes active daily development and would be too difficult to track. > The psa-arch-test team is in the process of providing an update on the master branch The master branch, as was declared by PSA Test Suite team, is not used for PSA Functional API certification. Instead, as was declared by PSA Test Suite team, it have to be used the ew_beta0 branch. Please clarify what PSA-TestSuite branch must be used with TFM now? [Antonio] The ew_beta0 branch was used as a temporary milestone which was using the old 0.1.0beta API. For the newer API version, the psa-arch-test team will provide a new tag on the master branch in the coming days (this is still not available yet). Best regards, Antonio Thanks, Andrej -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Antonio De Angelis via TF-M Sent: Monday, May 27, 2019 6:22 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] Old Mbed-Crypto library? Hi Andrej, TF-M Crypto has moved to use the same API as the latest available *release* of Mbed Crypto which is Mbed Crypto 1.0.0 . Mbed Crypto is a reference implementation of the PSA Crypto API, which are under active development. TF-M Crypto will align to newest release of Mbed Crypto when they will become available; these new releases will incorporate the new features which are developed as part of the PSA Crypto API, and there will be cases where the new features will break legacy code (i.e. API changes). Regarding the change that you mention, i.e. psa_key_slot_t vs psa_key_handle_t . The concept of psa_key_handle_t that TF-M Crypto is using now is indeed a newer (updated) concept introduced with later versions of the PSA Crypto API to replace the outdated concept of psa_key_slot_t. For example, if you look at the current latest development version of the PSA Crypto API, you will see that psa_key_handle_t is used to handle keys. This is an example of a breaking change in the API that has been introduced by newer releases of the PSA Crypto API. You are right, this change will break regression / PSA API compliance tests, in fact as part of the latest set of patches you can see that the Regression tests are upgraded to use the new concept of psa_key_handle_t instead of psa_key_slot_t. From these updated tests, you can get an idea of how to use the psa_key_handle_t. After this update, TF-M Crypto can't support the PSA API compliance tests (ACK) which were run previously (i.e. the ew_beta0 branch). The psa-arch-test team is in the process of providing an update on the master branch which will enable TF-M Crypto to run compliance tests from there. This should happen in the next couple of weeks. Please let me know in case you need any more clarification. Best regards, Antonio ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Andrej Butok via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: 27 May 2019 12:52 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] Old Mbed-Crypto library? Hello, tfm_build_instruction.rst tells to use mbed-Crypto instead of mbedTLS: git clone https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co… -b mbedcrypto-1.0<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co…>.0 But the issue is that it references to the obsolete (3 month old) Mbed-Crypto library. Also, it looks like this old MbedCrypto has downgraded TFM/PSA Crypto API (from key-slot to key-handle) => this is step back in PSA TFM API, which should break crypto regression and PSA tests. We do not want to downgrade our SDK MbedCrypto, better to freeze TFM. Any plans to use the last Crypto Lib and to revert the PSA API degradation? Thanks, Andrej Butok -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 11 months

1
0
0 0

Re: [TF-M] Old Mbed-Crypto library?

by Andrej Butok

Hi Antonio, > TF-M Crypto has moved to use the same API as the latest available *release* of Mbed Crypto which is Mbed Crypto 1.0.0 If to follow the latest development branch of Mbed-Crypto, actually it has started using of "handles" instead of "slots" (the obsolete version is using handles). So by using the old mbed-Crypto release, you have downgraded the Crypto API. Please use the latest available mbed-Crypto (do not afraid - it is functional, checked) and avoid this created mess and desynchronization between all PSA related projects. > The psa-arch-test team is in the process of providing an update on the master branch The master branch, as was declared by PSA Test Suite team, is not used for PSA Functional API certification. Instead, as was declared by PSA Test Suite team, it have to be used the ew_beta0 branch. Please clarify what PSA-TestSuite branch must be used with TFM now? Thanks, Andrej -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Antonio De Angelis via TF-M Sent: Monday, May 27, 2019 6:22 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] Old Mbed-Crypto library? Hi Andrej, TF-M Crypto has moved to use the same API as the latest available *release* of Mbed Crypto which is Mbed Crypto 1.0.0 . Mbed Crypto is a reference implementation of the PSA Crypto API, which are under active development. TF-M Crypto will align to newest release of Mbed Crypto when they will become available; these new releases will incorporate the new features which are developed as part of the PSA Crypto API, and there will be cases where the new features will break legacy code (i.e. API changes). Regarding the change that you mention, i.e. psa_key_slot_t vs psa_key_handle_t . The concept of psa_key_handle_t that TF-M Crypto is using now is indeed a newer (updated) concept introduced with later versions of the PSA Crypto API to replace the outdated concept of psa_key_slot_t. For example, if you look at the current latest development version of the PSA Crypto API, you will see that psa_key_handle_t is used to handle keys. This is an example of a breaking change in the API that has been introduced by newer releases of the PSA Crypto API. You are right, this change will break regression / PSA API compliance tests, in fact as part of the latest set of patches you can see that the Regression tests are upgraded to use the new concept of psa_key_handle_t instead of psa_key_slot_t. From these updated tests, you can get an idea of how to use the psa_key_handle_t. After this update, TF-M Crypto can't support the PSA API compliance tests (ACK) which were run previously (i.e. the ew_beta0 branch). The psa-arch-test team is in the process of providing an update on the master branch which will enable TF-M Crypto to run compliance tests from there. This should happen in the next couple of weeks. Please let me know in case you need any more clarification. Best regards, Antonio ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Andrej Butok via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: 27 May 2019 12:52 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] Old Mbed-Crypto library? Hello, tfm_build_instruction.rst tells to use mbed-Crypto instead of mbedTLS: git clone https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co… -b mbedcrypto-1.0<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co…>.0 But the issue is that it references to the obsolete (3 month old) Mbed-Crypto library. Also, it looks like this old MbedCrypto has downgraded TFM/PSA Crypto API (from key-slot to key-handle) => this is step back in PSA TFM API, which should break crypto regression and PSA tests. We do not want to downgrade our SDK MbedCrypto, better to freeze TFM. Any plans to use the last Crypto Lib and to revert the PSA API degradation? Thanks, Andrej Butok -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru…

5 years, 11 months

1
0
0 0

Re: [TF-M] Old Mbed-Crypto library?

by Antonio De Angelis

Hi Andrej, TF-M Crypto has moved to use the same API as the latest available *release* of Mbed Crypto which is Mbed Crypto 1.0.0 . Mbed Crypto is a reference implementation of the PSA Crypto API, which are under active development. TF-M Crypto will align to newest release of Mbed Crypto when they will become available; these new releases will incorporate the new features which are developed as part of the PSA Crypto API, and there will be cases where the new features will break legacy code (i.e. API changes). Regarding the change that you mention, i.e. psa_key_slot_t vs psa_key_handle_t . The concept of psa_key_handle_t that TF-M Crypto is using now is indeed a newer (updated) concept introduced with later versions of the PSA Crypto API to replace the outdated concept of psa_key_slot_t. For example, if you look at the current latest development version of the PSA Crypto API, you will see that psa_key_handle_t is used to handle keys. This is an example of a breaking change in the API that has been introduced by newer releases of the PSA Crypto API. You are right, this change will break regression / PSA API compliance tests, in fact as part of the latest set of patches you can see that the Regression tests are upgraded to use the new concept of psa_key_handle_t instead of psa_key_slot_t. From these updated tests, you can get an idea of how to use the psa_key_handle_t. After this update, TF-M Crypto can't support the PSA API compliance tests (ACK) which were run previously (i.e. the ew_beta0 branch). The psa-arch-test team is in the process of providing an update on the master branch which will enable TF-M Crypto to run compliance tests from there. This should happen in the next couple of weeks. Please let me know in case you need any more clarification. Best regards, Antonio ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Andrej Butok via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: 27 May 2019 12:52 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] Old Mbed-Crypto library? Hello, tfm_build_instruction.rst tells to use mbed-Crypto instead of mbedTLS: git clone https://github.com/ARMmbed/mbed-crypto.git -b mbedcrypto-1.0<https://github.com/ARMmbed/mbed-crypto.git%20-b%20mbedcrypto-1.0>.0 But the issue is that it references to the obsolete (3 month old) Mbed-Crypto library. Also, it looks like this old MbedCrypto has downgraded TFM/PSA Crypto API (from key-slot to key-handle) => this is step back in PSA TFM API, which should break crypto regression and PSA tests. We do not want to downgrade our SDK MbedCrypto, better to freeze TFM. Any plans to use the last Crypto Lib and to revert the PSA API degradation? Thanks, Andrej Butok -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 11 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M