- TF-M - lists.trustedfirmware.org

Unaligned flash read/write is supported in Boot & FWU

by Sherry Zhang

Hi, The following patch enables the flash read/write with unaligned address/cnt for MCUboot and Firmware Update partition. https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/10947 This patch has been merged and thanks to all who have reviewed on this patch. As this patch can impact the MCUboot booting up on the platforms, if there is any booting up issue on your platform after this commit, do not hesitate to feedback to me. 😊 Thanks, Regards, Sherry Zhang

4 years

1
0
0 0

BOOT_TFM_SHARED_DATA_* usage in arm/musca_b1

by Bohdan.Hunko＠infineon.com

Hi everyone! I see definitions of BOOT_TFM_SHARED_DATA_* in platform\ext\target\arm\musca_b1\sse_200\partition\region_defs.h but I don't see any real usage of that memory. I have found TF-M doc<https://tf-m-user-guide.trustedfirmware.org/docs/technical_references/desig…> that describe usage of shared memory for Firmware Update Service but once again I was not able to find any code that uses that. I would appreciate if someone could point to docs on this or to code that actually uses shared data between BL2 and TF-M SPE. Best regards, Bohdan Hunko Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko(a)infineon.com<mailto:Bohdan.Hunko@infineon.com>

4 years

4
3
0 0

[RFC] Can we remove the rule to use enum for error code?

by David Hu

Hi all, Probably you didn’t know that there is such a rule in TF-M coding standard<https://tf-m-user-guide.trustedfirmware.org/docs/contributing/coding_guide.…>: * Use enumeration for error codes to keep the code readable. Personally, I’d prefer macros to enum, for error codes. * The implicit type casting of enum can be an issue in coding. TF-M has a document<https://tf-m-user-guide.trustedfirmware.org/docs/technical_references/desig…> to solve this. * Using macros to define error codes aligns with PSA return code definitions. * Enum makes function and variable definitions longer * Enum may help developers skip writing specific error code values. But it becomes a trouble when you see an error number from log. You might need to count the enum fields one by one. * Error codes for errors are usually negative but enums are positive ones by default. I’d like to propose to remove this rule from TF-M coding standard. But it doesn’t mean that enum shall not be used anymore. I’m wondering if macros for error code in TF-M can be approved as well. 😊 May I know your opinions please? If it is a convention or a good practice to use enum for error codes in security/trusted software, please help point me to the reference. I don’t find one via google. Thanks a lot! Best regards, Hu Ziji

4 years

4
4
0 0

Re: [TF-M] TF-M v1.3.0 release - Fault Injection and DPA in line with PSA L3 Certification

by Reed Hinkel

Hello Suresh: How are you? I hope all is well with you! Virtual Linaro Connect Fall is next week and there is a presentation relevant to your question along with some others. As an online event, it is free registration and I am listing here below a few sessions that might be of interest to you related to security and AI inferencing for microcontrollers: https://connect.linaro.org/schedule LVC21F-116 Assessing the effectiveness of MCUBoot protections against fault injection attacks https://events.pinetool.ai/2231/#sessions/67139?referrer%5Bpathname%5D=%2Fs… LVC21F-112 Picolibc: A C Library for Smaller Systems https://events.pinetool.ai/2231/#sessions/67136?referrer%5Bpathname%5D=%2Fs… LVC21F-303 Secure Sensor Data Pipeline https://events.pinetool.ai/2231/#sessions/67174?referrer%5Bpathname%5D=%2Fs… LVC21F-312 TrustedFirmware.org panel discussion https://events.pinetool.ai/2231/#sessions/67183?referrer%5Bpathname%5D=%2Fs… LVC21F-319 TVM for micro targets https://events.pinetool.ai/2231/#sessions/67190?referrer%5Bpathname%5D=%2Fs… I thought you may be interested in the AI as well since there are security implications for trusted AI. All the best! Reed From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Suresh Marisetty via TF-M <tf-m(a)lists.trustedfirmware.org> Reply-To: "Suresh.Marisetty(a)infineon.com" <Suresh.Marisetty(a)infineon.com> Date: Thursday, September 2, 2021 at 8:23 AM To: Anton Komlev <Anton.Komlev(a)arm.com>, "tf-m(a)lists.trustedfirmware.org" <tf-m(a)lists.trustedfirmware.org> Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] TF-M v1.3.0 release - Fault Injection and DPA in line with PSA L3 Certification Hi, I have a question related to the PSA L3 certification and the requirement to support Side-channel and fault injection attacks. I have noted that TFM and MCUBoot does implement some software countermeasures for Fault Injection. However, I am wondering if there is similar implementation support for the Crypto Lib in TFM (or Mbed TLS) with software counter measures for side channel DPA. Needless to say, there are some known best practices for DPA software countermeasures. thanks Suresh Marisetty Infineon Semiconductor Corporation From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Friday, April 9, 2021 6:25 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] TF-M v1.3.0 release Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://goto.infineon.com/SocialEngineering>. Hello, TF-M project released version v1.3.0, tagged as TF-Mv1.3.0. Please take a look into the release notes for the new features and changes: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/refer… The major features: * Support stateless RoT Service defined in FF-M 1.1 * Support Second-Level Interrupt Handling (SLIH) defined in FF-M 1.1 * Add Firmware Update (FWU) secure service, following Platform Security Architecture Firmware Update API * Migrate to Mbed TLS v2.25.0 * Update MCUboot version to v1.7.2 * Add a TF-M generic threat model * Implement Fault Injection Handling library to mitigate physical attacks * Add Profile Large * Enable code sharing between boot loader and TF-M * Support Armv8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) feature * New platforms added * Add a TF-M security landing page * Enhance dual-cpu non-secure mailbox reference implementation This is the first release performed in the OpenCI infrastructure with no single issue encountered. Thanks to everyone who directly and indirectly contributed to this milestone. Anton Komlev TF-M technical lead Arm Ltd.

4 years

1
0
0 0

Re: [TF-M] TF-M v1.3.0 release - Fault Injection and DPA in line with PSA L3 Certification

by Suresh.Marisetty＠infineon.com

Hi, I have a question related to the PSA L3 certification and the requirement to support Side-channel and fault injection attacks. I have noted that TFM and MCUBoot does implement some software countermeasures for Fault Injection. However, I am wondering if there is similar implementation support for the Crypto Lib in TFM (or Mbed TLS) with software counter measures for side channel DPA. Needless to say, there are some known best practices for DPA software countermeasures. thanks Suresh Marisetty Infineon Semiconductor Corporation From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Friday, April 9, 2021 6:25 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] TF-M v1.3.0 release Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://goto.infineon.com/SocialEngineering>. Hello, TF-M project released version v1.3.0, tagged as TF-Mv1.3.0. Please take a look into the release notes for the new features and changes: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/refer… The major features: * Support stateless RoT Service defined in FF-M 1.1 * Support Second-Level Interrupt Handling (SLIH) defined in FF-M 1.1 * Add Firmware Update (FWU) secure service, following Platform Security Architecture Firmware Update API * Migrate to Mbed TLS v2.25.0 * Update MCUboot version to v1.7.2 * Add a TF-M generic threat model * Implement Fault Injection Handling library to mitigate physical attacks * Add Profile Large * Enable code sharing between boot loader and TF-M * Support Armv8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) feature * New platforms added * Add a TF-M security landing page * Enhance dual-cpu non-secure mailbox reference implementation This is the first release performed in the OpenCI infrastructure with no single issue encountered. Thanks to everyone who directly and indirectly contributed to this milestone. Anton Komlev TF-M technical lead Arm Ltd.

4 years

2
1
0 0

Re: [TF-M] Technical Forum call - Sep 2

by Anton Komlev

Hi, The agenda for the forum tomorrow: 1. "Summary of the proposed changes in FF-M v1.1 beta" by Andrew Thoelke 2. "Summary of upcoming significant changes in SPM" by Ken Liu containing: * MMIO and interrupt binding. * Remove unformal symbols such as ARM_LIB_STACK_MSP. Thanks, Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: Saturday, August 28, 2021 9:36 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] Technical Forum call - Sep 2 Hi, There are some significant changes happen in SPM and I want to introduce them in a summary, contains: * MMIO and interrupt binding. * Remove unformal symbols such as ARM_LIB_STACK_MSP. Assuming 30 mins should be good enough. BR /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Anton Komlev via TF-M Sent: Wednesday, August 25, 2021 7:13 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] Technical Forum call - Sep 2 Hi, The next Technical Forum is planned on Thursday, September 2, 15:00-16:00 UTC (US time zone). Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

4 years

1
0
0 0

Re: [TF-M] [RFC] Changing initialization Stack from PSP to MSP

by Kevin Peng

Hi all, We plan to merge the below patch on next Monday. We will not be able to verify on all platforms. Please do have a test on your platforms. Best Regards, Kevin From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kevin Peng via TF-M Sent: Tuesday, August 24, 2021 11:02 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] [RFC] Changing initialization Stack from PSP to MSP Hi dear platform maintainers, I'd like to draw your attention on this patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11165>. It changes the initialization stack from PSP to MSP. Would you please check if this change breaks your platform? Hi Thomas@IAR, would you please check the changes for IAR? Thanks. For the details of the change, please refer to the patch. Best Regards, Kevin

4 years

1
0
0 0

Re: [TF-M] [Request Platform Support] Abstracted MMIO HAL

by Ken Liu

The patchset has updated and now CI passed okay: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11187 BR /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: Thursday, August 19, 2021 2:16 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] [Request Platform Support] Abstracted MMIO HAL Hi everyone, The existing HAL interface for isolation hardware is not unified, we have to call several interfaces to setup isolation boundaries. Hence, a deeper abstracted interface are provided. Here are the details: - It assumes the hardware resources usages are decided by system designer. Hence there are couple of listed hardware data in the platform code, now most of them are defined in C sources. - When a partition is referencing peripheral (represented as MMIO in FFM), the manifest tooling would link specified resources with the data defined in platform. Now it is using a naming pattern, to let the partition found the resources defined above (now it uses linker to do this). - A HAL API 'tfm_hal_bind_partition' is called when a partition runtime structure is created. This API tells partition info to platform, let platform return an encoded 'p_boundaries' for SPM binding partition with platform. - When boundaries related operations happen in future, SPM would delivery this 'p_boundaries' back to platform, let platform perform boundary setup and check, such as boundary switch or memory check. SPM won't care about the hardware specific settings any more, such as privilged, non-secure/secure and how many MMIO the partition claimed, even the MPU/MPC/PPC things. - Resources defined in platform sources but not referenced would be stripped by toolchain flag. Resources not defined but referenced by partition would generate a linker error, as symbol can't be resolved. We created a patch to showcase the usage on AN521: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11036 This patch applies a simple encoding for all isolation levels. You can check how the p_boundaries is used under different isolation levels. Platform can use other encoding mechanism if applicable. Now come to the request: Please review this patch, and port similar HAL API into your platform. We are maintaining the default platforms such as AN521, AN519 and MUSCA_B1, but it need so much effort on port to all the platforms. Current CI cannot pass on this patch (as it contains modification for one platform only), our first goal is to let CI pass build on all checked platforms, and then please platform owner ensures it works on your platform. Any feedbacks are welcome. Thank you very much! /Ken

4 years

1
0
0 0

Re: [TF-M] Technical Forum call - Sep 2

by Ken Liu

Hi, There are some significant changes happen in SPM and I want to introduce them in a summary, contains: * MMIO and interrupt binding. * Remove unformal symbols such as ARM_LIB_STACK_MSP. Assuming 30 mins should be good enough. BR /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Wednesday, August 25, 2021 7:13 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] Technical Forum call - Sep 2 Hi, The next Technical Forum is planned on Thursday, September 2, 15:00-16:00 UTC (US time zone). Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

4 years

1
0
0 0

Re: [TF-M] [RFC] Decoupling tf-m-tests from TF-M

by David Hu

Hi Chris, It is an excellent suggestion. Out-of-tree Secure Partition build can help integrate secure test service. Non-secure tests are a bit limited due to current tf-m-tests framework right now. Do you prefer to run platform-specific tests alone or still integrate platform-specific tests into TF-M regression tests? Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of chris.brand--- via TF-M Sent: Tuesday, August 24, 2021 11:46 PM To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] [RFC] Decoupling tf-m-tests from TF-M Just wondering if any though has been given to supporting platform-specific tests? Chris From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of David Hu via TF-M Sent: Tuesday, August 24, 2021 3:21 AM To: Andrej Butok <andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: Re: [TF-M] [RFC] Decoupling tf-m-tests from TF-M Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://intranet-content.infineon.com/explore/aboutinfineon/rules/informati…>. Hi Andrej, Thanks for the suggestion. Sure. I will track it in the backlog. Currently Jianliang and I are more focusing on the structure level enhancement. But definitely later we will take more effort in the detailed optimizations. Please let us know any time if any other potential issue shall be optimized. Best regards, Hu Ziji From: Andrej Butok <andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>> Sent: Tuesday, August 24, 2021 6:15 PM To: David Hu <David.Hu(a)arm.com<mailto:David.Hu@arm.com>> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: RE: [RFC] Decoupling tf-m-tests from TF-M Hi Hu Zij, Thank you for adding possibility to select test cases flexibly. Also, there are about 10 "test" services/partitions in addition to the core PSA ones. But every instance allocates own resources, which can be shared. Guess, merging these 10 test services, which have a common structure, can save some memory. Thank you, Andrej From: David Hu <David.Hu(a)arm.com<mailto:David.Hu@arm.com>> Sent: Tuesday, August 24, 2021 11:54 AM To: Andrej Butok <andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: RE: [RFC] Decoupling tf-m-tests from TF-M Hi Andrej, Sorry for the trouble. It does be an issue when TF-M features and test cases are growing faster. So now TF-M support to select a single test case or a subset of test cases to build and run. If running all the tests together costs too much memory, you can select some test cases or just a single one in one time. It is also helpful when you focus on a specific test in debug or development. We are also considering other additional mechanisms to select test case flexibly. Regarding "merging existing ones", do you mean that some test cases shall be disabled by default or combining the similar test cases? May I ask for some examples? Best regards, Hu Ziji From: Andrej Butok <andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>> Sent: Tuesday, August 24, 2021 5:44 PM To: David Hu <David.Hu(a)arm.com<mailto:David.Hu@arm.com>> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: RE: [RFC] Decoupling tf-m-tests from TF-M Hi Hu Ziji, BTW: The number of the testing partitions and services is growing consuming memory resources. So, we have to disable some tests for our memory constrained devices. Please think about minimizing number of "testing" partitions/services, by merging existing ones, when it is possible. Thank you, Andrej Butok SW Tech Lead Edge Processing NXP Semiconductors From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of David Hu via TF-M Sent: Tuesday, August 24, 2021 11:33 AM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] [RFC] Decoupling tf-m-tests from TF-M Hi all, As you may know, Jianliang and I are working to better decouple tf-m-tests from trusted-firmware-m repo. The purpose of the decoupling enhancement includes: * Making it more easier to integrate TF-M and port tf-m-tests * Making it more easier to develop TF-M tests, to minimize the changes to TF-M source code or build system. * Making it more flexible to re-structure tf-m-tests and minimize the impact to TF-M Previously Jianliang has decouple test case control and enable users to select single NS/S regression test case in build and test. Currently we are focusing on decoupling tf-m-tests specific config setting from TF-M. So far we have proposed the following major changes: * Decouple tf-m-tests specific config setting from trusted-firmware-m. [TF-M patch<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr…>][tf-m-tests patch<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr…>] * Move tf-m-tests specific configs to tf-m-tests repo from trusted-firmware-m [TF-M patch<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr…>][tf-m-tests patch<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr…>] More patch sets for decoupling are under review as well. * Decouple tf-m-tests secure log from non-secure log. Switch tf-m-tests secure log to TF-M SP log. [TF-M patch<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr…>][tf-m-tests patch<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr…>] * Trigger secure regression tests in TF-M SPE in IPC model, to simplify multi-core development/tests [TF-M patch<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr…>][tf-m-tests patch<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr…>] I'd appreciate it if you can take a look at the patch sets above. Any suggestion or comment is welcome. If you have any specific requirement or suggestion of tf-m-tests enhancement, please feel free to contact Jianliang and me. Thanks in advance. Best regards, Hu Ziji

4 years, 1 month

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M