- TF-M - lists.trustedfirmware.org

Any existing efforts on enabling X.509 certificate support inside TF-M

by Li, Jun R

Hi everyone, I’m wondering if there is any existing effort on enabling X.509 CSR generation and certificate verification inside TF-M? Our project has some custom secure partitions which need to generate the CSR and verify the issued certificates by themselves. The current TF-M implementation hasn’t added X.509’s support. So, I’m wondering if any open source project already does that which we can leverage? Regards, Jun Li Intel Corporation, CA

3 years, 4 months

3
3
0 0

Technical Forum call - Dec 23 CANCELLED

by Anton Komlev

Hello, In the light of the end of the year celebrations expecting not many joiners on Dec 23, specially for US time zone, hence let's cancel the forum at the next week. Thanks and wish you the great holidays, Anton

3 years, 4 months

1
0
0 0

Tip on cloning TF-M on OS X Monterey

by Kevin Townsend

I recently switched to a new MBP that ships with OS X Monterey, and on both 12.0 and 12.1 (released this week) git clone seems to be broken when you're using HTTP rather than SSH: digital envelope routines:CRYPTO_internal:bad key length In order to clone TF-M, I had to make the following changes. 1. Add these details to $HOME/.ssh/config (microbuilder being my github username, associated with my TF-M account): Host trustedfirmware.org User microbuilder Hostname review.trustedfirmware.org Port 29418 IdentityFile ~/.ssh/id_rsa IdentitiesOnly yes 2. Then try to clone with: $ git clone trustedfirmware.org:/TF-M/trusted-firmware-m.git This fails, however, since it tries to clone tf-m-tests.git, so: 3. Edit lib/ext/tf-m-tests/fetch_repo.cmake, changing: FetchContent_Declare(tfm_test_repo GIT_REPOSITORY trustedfirmware.org:TF-M/tf-m-tests.git # GIT_REPOSITORY https://git.trustedfirmware.org/TF-M/tf-m-tests.git GIT_TAG ${TFM_TEST_REPO_VERSION} GIT_PROGRESS TRUE ) This let me at least clone TF-M until the issues with HTTP-based cloning are fixed. Hope this is useful to someone else working on OS X natively. Kevin

3 years, 4 months

2
1
0 0

Technical Forum call - Dec 9

by Anton Komlev

Hi, The next Technical Forum is planned on Thursday, Dec 9, 7:00-8:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

3 years, 4 months

2
3
0 0

Commit 65064c56 causes cmake errors for AN547 for all toolchains

by Thomas Törnblom

While working on IAR support for AN547 (M55) I notice that this commit causes cmake errors for all toolchains. cmake -GNinja -S .. -B . -DTFM_PLATFORM=arm/mps3/an547 "-DTFM_TOOLCHAIN_FILE=..\toolchain_ARMCLANG.cmake" -DTEST_NS=ON -DTEST_S=ON -DCMAKE_BUILD_TYPE=Debug -DBL2=ON ... CMake Error at tools/CMakeLists.txt:65 (file): file STRINGS file "D:/Projects/tf-m1/trusted-firmware-m/tools" cannot be read. Call Stack (most recent call first): tools/CMakeLists.txt:84 (parse_field_from_yaml) CMake Error at tools/CMakeLists.txt:65 (file): file STRINGS file "D:/Projects/tf-m1/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/test_services" cannot be read. Call Stack (most recent call first): tools/CMakeLists.txt:84 (parse_field_from_yaml) Thomas -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

3 years, 4 months

5
7
0 0

IPC mode support for Audit log service

by Bøe, Sebastian

Hi, for PSA Certification level 2 a log of significant security events is required. Which I assume should be done with the Audit log service. But the Audit log service does not support IPC mode. Should PSA Certification level 2 be done with IPC mode or with library mode?

3 years, 4 months

2
2
0 0

TF-M v1.5.0 release

by Anton Komlev

Hello, TF-M project released v1.5.0 in release/v1.5.x<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/log/?h=release/…> branch and tagged as TF-Mv1.5.0. In the following days the changes from the release branch will be integrated with the main branch. Please take a look into the release notes for the new features and changes: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/relea… The HTML version will be available after the main branch update. New major features are: * MCUboot updated to v1.8.0. * Thread mode SPM. * Add Non-secure Client Extension (NSCE) for non-secure client ID management support. * Secure Function model support in framework. * Support Memory-mapped IOVECs. * Decouple documentation and binary builds. * Manifest tool skips disabled Secure Partitions. * Provisioning and OTP are supported. * PSA Protected Storage, Internal Trusted Storage, Initial Attestation services are converted to Stateless services. * Support out-of-tree build of Secure Partitions. * Support out-of-tree build of platform specific test suites. * Introduce platform binding HAL. * ITS enhancement for harden ITS module against invalid data in Flash. * Support to select/deselect single or multiple TF-M regression test cases. * Decouple regression test flag configuration from TF-M. * New platforms added. Thank you, everyone who contributed to this milestone. Anton Komlev

3 years, 4 months

1
0
0 0

Re: [TF-M] Technical Forum call - Nov-25 CANCELLED

by Anton Komlev

Hello, Having no items to discuss - let's cancel the forum today. Have a happy Thanksgiving day and enjoy your turkey if you celebrate it. Thanks, Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Monday, November 22, 2021 12:04 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] Technical Forum call - Nov-25 Hi, The next Technical Forum is planned on Thursday, Nov 25, 15:00-16:00 UTC (US time zone). This is Thanksgiving day and public holiday in US so we might want to cancel the forum expecting fewer participants unless we have a good topic to discuss. Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

3 years, 4 months

1
0
0 0

TF-M v1.5.0 release started

by Anton Komlev

Hello, Let me inform you that release branch "release/1.5.0" is created and tagged with TF-Mv1.5.0-RC1 in these repositories: 1. tf-m-tests<https://git.trustedfirmware.org/TF-M/tf-m-tests.git/> 2. trusted-firmware-m<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/> 3. tf-m-ci-scripts<https://git.trustedfirmware.org/ci/tf-m-ci-scripts.git/> 4. tf-m-job-configs<https://git.trustedfirmware.org/ci/tf-m-job-configs.git/> Normal development can be continued in the main branch as described in the updated release process https://tf-m-user-guide.trustedfirmware.org/docs/releases/release_process.h… Thanks and good luck, Anton

3 years, 4 months

1
2
0 0

Security vulnerability notice - Profile Small Key ID encoding vulnerability

by David Hu

Hi all, This email is a notification of a new security vulnerability reported to TF-M. In TF-M v1.4.0, NSPE may access secure keys stored in TF-M Crypto service in Profile Small with Crypto key ID encoding disabled. This vulnerability impacts Profile Small in TF-M v1.4.0. Please check the details in the security advisory<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12608/1/docs…>. The advisory has been merged in v1.5.0 release and will be port back to master branch. The fix has been merged on the master branch<https://review.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m/…> and patch release v1.4.1<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?h=TF-Mv…>. Thanks. Best regards, Hu Ziji

3 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M