- TF-M - lists.trustedfirmware.org

Updated invitation: TF-M Tech forum @ Every 4 weeks from 3pm to 4pm on Thursday from Thu Jan 20, 2022 to Thu Aug 31 (GMT) (tf-m@lists.trustedfirmware.org)

by joanna.farley＠arm.com

This event has been updated Changed: time TF-M Tech forum Every 4 weeks from 3pm to 4pm on Thursday from Thursday Jan 20, 2022 to Thursday Aug 31 United Kingdom Time Location https://linaro-org.zoom.us/j/95570795742?pwd=N21YWHJpUjZyS3Fzd0tkOG9hanpidz… https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9557079… This is an open forum for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC.Feel free to forward it to colleagues.Details of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/==… Info====Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: TF-M Tech forum - US Time Zone FriendlyTime: Oct 29, 2020 03:00 PM Greenwich Mean Time        Every 4 weeks on Thu, until Mar 18, 2021, 6 occurrence(s)        Oct 29, 2020 03:00 PM        Nov 26, 2020 03:00 PM        Dec 24, 2020 03:00 PM        Jan 21, 2021 03:00 PM        Feb 18, 2021 03:00 PM        Mar 18, 2021 03:00 PMPlease download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJEocOmvpz4tHtYu0Wvn2fOsG91u0kv_ECPd/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/95570795742?pwd=N21YWHJpUjZyS3Fzd0tkOG9hanpidz09Meeting ID: 955 7079 5742Passcode: 177658One tap mobile+12532158782,,95570795742# US (Tacoma)+13462487799,,95570795742# US (Houston)Dial by your location        +1 253 215 8782 US (Tacoma)        +1 346 248 7799 US (Houston)        +1 669 900 9128 US (San Jose)        +1 301 715 8592 US (Germantown)        +1 312 626 6799 US (Chicago)        +1 646 558 8656 US (New York)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 955 7079 5742Find your local number: https://linaro-org.zoom.us/u/abx3I7IoRq Guests Don Harbin - creator anton.komlev(a)arm.com abdelmalek.omar1(a)gmail.com kevin.townsend(a)linaro.org seth(a)nxmlabs.com leonardo.sandoval(a)linaro.org tf-m(a)lists.trustedfirmware.org View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=djczYWZqa3ZmMW5n… Reply for tf-m(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=djczYWZqa3ZmMW5n… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 years

1
0
0 0

CRYPTO_BUILTIN_KEYS

by Quach, Brian

Hi, I see "CRYPTO_TFM_BUILTIN_KEYS_DRIVER" mentioned in the documentation but where is "CRYPTO_BUILTIN_KEYS" defined? And should those target props be formatted as "${prop}"? target_compile_definitions(tfm_psa_rot_partition_crypto PUBLIC MBEDTLS_PSA_CRYPTO_DRIVERS MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS $<$<BOOL:CRYPTO_BUILTIN_KEYS>:PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY> PRIVATE $<$<STREQUAL:${CRYPTO_HW_ACCELERATOR_TYPE},cc312>:CRYPTO_HW_ACCELERATOR_CC312> MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER ) https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/… Regards, Brian Quach SimpleLink MCU Texas Instruments Inc.

2 years

2
2
0 0

PSA Crypto headers for v8-M TrustZone Solution - feedback gathering

by Antonio De Angelis

Hi all, following up on the presentation I gave on last tech forum (https://www.trustedfirmware.org/docs/PSACryptoHeader_June23_Antonio_shareab…) and related discussion (https://linaro-org.zoom.us/rec/share/1bBb9d06OWPACMtT_wC6C336k2Y0oeAtbM5REG… , passcode: *%RuR8Q8), I'd like to start this thread to collect feedback on TF-M's current solution as a candidate for this effort. TF-M's headers: psa « include « interface - trusted-firmware-m.git - Trusted Firmware for M profile Arm CPUs<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/interface/…> I plan to discuss the feedback received in one of the coming tech-forums (but likely not next week's). Thanks, Antonio

2 years, 1 month

2
1
0 0

S/MIME email certificate usage in Mbed TLS library

by nagarajan.rak＠gmail.com

Our requirement is to send email securely from our embedded device running on STM32H7 processor. There's an SMTP client application (implemented using Mbed TLS library) running on this device, which will send emails to the recipient via custom/public email server such as smtp.gmail.com. We are planning to use S/MIME email certificate from the one of the Trusted CA, for encryption of the email message and authentication of the client/server. We learnt that each S/MIME email certificate support only one email address, but we will be having multiple devices running on the field and each device will have unique email address from which email will be sent. Getting S/MIME email certificate for device will not be feasible, is there any better way we can handle this scenario effectively. Your response to this problem is greatly appreciated. Thank you, Nagaraj

2 years, 1 month

2
1
0 0

Hybrid platforms discussion follow up.

by Anton Komlev

Hi, On the last tech forum (June 22) we started discussion on multicore hybrid platforms. By this mail I’d like to follow up and continue offline analyses on new use-cases and requirements for TF-M design update. The recorded session is available here: https://linaro-org.zoom.us/rec/share/yseF-mYwUTtHHPkQJQO6IEv72xCd0Lz1pQQecc…, Passcode: 5s=Npv=w and slides: https://www.trustedfirmware.org/docs/tech_forum_20230622_Hybrid_platforms.p… The current plan is to take time, think on the use-cases and map them on requirements. With more thought and materials, we will have another session about September time to define our needs in the support of new type of platform. Please share your thoughts in reply. Thanks, Anton

2 years, 1 month

3
3
0 0

Design update: Choose ABI for partition interfaces by checking boundaries

by Xinyu Zhang

Hi, We are planning to update the mechanism on partition interface ABI selection in IPC model. In current Implementation, cross call ABI is chosen in Isolation Level 1, and SVC call ABI is chosen in Isolation Level 2&3. However, interfaces are actually the bridge between SPM and caller partitions. If one partition shares the same boundary with SPM, cross call ABI is the choice; while if one partition does not share the same boundary with SPM, a SVC ABI is the proper choice. But, a simple comparison between two boundary values cannot be used for checking if the two boundaries are the same one - these values might be encoded with bit fields and contains more info than memory regions. Hence the comparison should be done by who generated them - the isolation HAL implementation in platform sources. So here comes to the following design: 1. In HAL function tfm_hal_bind_boundary, encode p_ldinf into boundary value, so that there is no need to pass both p_ldinf and boundary value to switch boundary. 1. Implement a HAL function to compare boundaries and switch boundary if needed. tfm_hal_status_t tfm_hal_switch_boundary( uintptr_t target_boundary, uintptr _t current_boundary, uint32_t compare_only, /* 0: Switch boundary if they are different, 1: Only compare whether the boundaries are different and do not switch */ uint32_t* compare_result); /* Tell the caller whether the boundaries are different */ 1. Select correct type of ABI when processing metadata of partition based on boundary. void prv_process_metadata(struct partition_t *p_pt) { ... tfm_hal_switch_boundary(SPM_BOUNDARY, p_pt->boundary, 1, *compare_result); if (compare_result == 1) { p_rt_meta->psa_fns = &psa_api_svc; } else { p_rt_meta->psa_fns = &psa_api_cross; } ... } Please let us know if you have any suggestion. Thanks, Xinyu

2 years, 1 month

1
0
0 0

FYI: Session on OpenCI and MISRA

by Don Harbin

Hi All, I wanted to let you know that next Thursday, July 27th, the TF-A Tech Forum will be hosting a presentation on OpenCI and MISRA presented by Paul Sokolovski of Linaro and Roberto Bagnara from Bugseng. MISRA is being enabled on both TF-A and TF-M in OpenCI, so sending this out to both lists since users in both domains may be interested in the session. Meeting time and dial up info can be found in the TF community calendar located here: https://www.trustedfirmware.org/meetings/ Best Regards, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org

2 years, 1 month

1
0
0 0

Why client API is built with tfm_sprt target?

by Roman.Mazurak＠infineon.com

Hi all, I'm wondering why client API is build with tfm_sprt target (Secure Partition Runtime Library)? Client API is used by non-secure clients and secure clients. It means that static library is built once, but used with two different images. And it's expected that such images can use different types of cores, compilation settings, etc... Probably it make sense to build this target in scope of psa_interface. Regards, Roman.

2 years, 1 month

3
3
0 0

mbedtls_platform_setup/teardown in TF-M ?

by Rehan Malak

Dear TF-M developers, I am currently adapting a basic MbedTLS / PSA Crypto example such that it would run on the NS side with TF-M doing the crypto. At the end, this is very similar to this psa_sign_verify_message_test from the NS crypto test suite : https://git.trustedfirmware.org/TF-M/tf-m-tests.git/tree/test/secure_fw/sui… But my build config of MbedTLS has MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT enabled because I have a custom mbedtls_platform_setup / mbedtls_platform_teardown. And I can't see any place in TF-M where mbedtls_platform_setup/mbedtls_platform_teardown are called : ? -> mbedtls_platform_setup ? -> mbedtls_platform_teardown At first, I tried to put this code into the psa_driver_wrapper_init/psa_driver_wrapper_free but I have a similar problem : tfm_crypto_engine_init -> psa_crypto_init -> psa_driver_wrapper_init ? -> mbedtls_psa_crypto_free -> psa_driver_wrapper_free Is there any cmake/Kconfig option or any C macros to hook TF-M initialization/shutdown with mbedtls_platform_setup/mbedtls_platform_teardown without patching TF-M ? If not, could mbedtls_platform_setup be called here ? https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/… or is there a nicer way of doing this ? (btw, I am currently experimenting on qemu mps2-an521) Thanks for any advice ! 🙂 Best regards, Rehan MALAK Intrinsic ID

2 years, 2 months

4
4
0 0

Configuration order

by Roman.Mazurak＠infineon.com

Hi Andrey, Patch 21339<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/21339> introduced changes of configuration order: 1. Platform configuration via TARGET_CONFIG_HEADER_FILE. 2. Project configuration via PROJECT_CONFIG_HEADER_FILE 3. config_base.h It means that target can't change configuration that is expected to be changed by project. Example: 1. Platform must redefine ITS_STACK_SIZE to satisfy driver requirements. The good way for this is to set ITS_STACK_SIZE in config_tfm_target.h. 2. Project developer need to perform some additional debugging or profiling of the product, so the TF-M must be built with extra code that require additional stack size. It means that project developer need to #undef ITS_STACK_SIZE and then redefine it using #define ITS_STACK_SIZE. But this #undef/#define approach is not safe, because it's possible to calculate some other settings using configuration variable in config_tfm_target.h or perform additional configuration validation by config_tfm_target.h. It looks like the new changes created another bunch of problems for TF-M configuration. Regards, Roman.

2 years, 2 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M