- TF-M - lists.trustedfirmware.org

Re: [TF-M] [RFC] Decoupling tf-m-tests from TF-M

by David Hu

Hi all, I'd like to merge the following patch set tomorrow, if there is no more major comment. * Decouple tf-m-tests specific config setting from trusted-firmware-m. [TF-M patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11167>][tf-m-tests patch<https://review.trustedfirmware.org/c/TF-M/tf-m-tests/+/11169>] * Decouple tf-m-tests secure log from non-secure log. Switch tf-m-tests secure log to TF-M SP log. [TF-M patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11153>][tf-m-tests patch<https://review.trustedfirmware.org/c/TF-M/tf-m-tests/+/11131/>] After the above patches are merged, there are two major changes: * tf-m-tests dedicated configuration setup process will be moved to tf-m-test repo, from TF-M. Therefore you can update tf-m-tests config setting, without modifying TF-M repo. * Tf-m-tests commit ID is specified in TF-M `lib\ext\tf-m-tests\repo_config_default.cmake`, rather than in TF-M main `config_default.cmake`. You can update tf-m-tests commit ID in TF-M without touching the large `config_default.cmake`. Any suggestion or comment is always welcome! Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M Sent: Tuesday, August 24, 2021 5:33 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] [RFC] Decoupling tf-m-tests from TF-M Hi all, As you may know, Jianliang and I are working to better decouple tf-m-tests from trusted-firmware-m repo. The purpose of the decoupling enhancement includes: * Making it more easier to integrate TF-M and port tf-m-tests * Making it more easier to develop TF-M tests, to minimize the changes to TF-M source code or build system. * Making it more flexible to re-structure tf-m-tests and minimize the impact to TF-M Previously Jianliang has decouple test case control and enable users to select single NS/S regression test case in build and test. Currently we are focusing on decoupling tf-m-tests specific config setting from TF-M. So far we have proposed the following major changes: * Decouple tf-m-tests specific config setting from trusted-firmware-m. [TF-M patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11167>][tf-m-tests patch<https://review.trustedfirmware.org/c/TF-M/tf-m-tests/+/11169/1>] * Move tf-m-tests specific configs to tf-m-tests repo from trusted-firmware-m [TF-M patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/10647>][tf-m-tests patch<https://review.trustedfirmware.org/c/TF-M/tf-m-tests/+/10556>] More patch sets for decoupling are under review as well. * Decouple tf-m-tests secure log from non-secure log. Switch tf-m-tests secure log to TF-M SP log. [TF-M patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11153>][tf-m-tests patch<https://review.trustedfirmware.org/c/TF-M/tf-m-tests/+/11131/3>] * Trigger secure regression tests in TF-M SPE in IPC model, to simplify multi-core development/tests [TF-M patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11181>][tf-m-tests patch<https://review.trustedfirmware.org/c/TF-M/tf-m-tests/+/11182>] I'd appreciate it if you can take a look at the patch sets above. Any suggestion or comment is welcome. If you have any specific requirement or suggestion of tf-m-tests enhancement, please feel free to contact Jianliang and me. Thanks in advance. Best regards, Hu Ziji

4 years, 1 month

2
4
0 0

Adding tfm_mailbox_config.h to .gitignore

by Bohdan.Hunko＠infineon.com

Hello everyone. After building the project interface/include/multi_core/tfm_mailbox_config.h is generated, but it is not in .gitignore I think this file should be in .gitignore because it is build artifact and is really annoying to deal with. Am I wrong somewhere? Best regards, Bohdan Hunko Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko(a)infineon.com<mailto:Bohdan.Hunko@infineon.com>

4 years, 1 month

2
4
0 0

Remove some platform specific test cases

by Shawn Shan

Hi all, We are going to remove some test cases in tfm_core_test. They are: * TFM_INTERACTIVE_TEST * TFM_PERIPH_ACCESS_TEST The main reasons is that these peripheral and interactive test cases are mainly platform specific(button and LEDs), rather than test the main features and secure functionalities of TF-M. Besides, it also a burden for flatform owner to support and maintain those test cases. Do you have any concerns for remove those test cases? Best Regards, Shawn

4 years, 1 month

1
0
0 0

Technical Forum call - Sep 16

by Anton Komlev

Hi, The next Technical Forum is planned on Thursday, Sep 16, 7:00-8:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

4 years, 1 month

3
2
0 0

Re: [TF-M] TF-M Digest, Vol 35, Issue 6

by Michael Thomas

Ken, Hu, I just saw this message now and wanted to give my perspective based on some of the code Renesas has developed. In general, the primary benefits of having enums are return codes are type checking and portability. So of you have a top level application using an API that always returns an error from a defined enum list, then the application can switch to using different implementations of the same API and does not have to change its error handling code etc. However, if you are returning uint32 instead then its likely that different implementations of the same API will have any possible return code making the application non-portable. I think the issue arises when the enum list is not sufficiently well defined so each enum entry ends up acting as a funnel for x number of lower level error code so there is loss of information etc. But w.r.t the line in the TFM coding guide : " Use enumeration for error codes to keep the code readable.", if the objective is just to make the code readable, then you don’t really need an enum for that... you can achieve readability by using #define XYZ_error. I think that will be much harder to maintain particularly in terms of preventing different error codes from being defined to the same value unless we have a common file where all error code are defined for a specific layer. -Michael -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of tf-m-request(a)lists.trustedfirmware.org Sent: Friday, September 3, 2021 4:38 AM To: tf-m(a)lists.trustedfirmware.org Subject: TF-M Digest, Vol 35, Issue 6 Send TF-M mailing list submissions to tf-m(a)lists.trustedfirmware.org To subscribe or unsubscribe via the World Wide Web, visit https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… or, via email, send a message with subject or body 'help' to tf-m-request(a)lists.trustedfirmware.org You can reach the person managing the list at tf-m-owner(a)lists.trustedfirmware.org When replying, please edit your Subject line so it is more specific than "Re: Contents of TF-M digest..." Today's Topics: 1. Re: [RFC] Can we remove the rule to use enum for error code? (Ken Liu) 2. Re: [RFC] Can we remove the rule to use enum for error code? (Andrew Thoelke) ---------------------------------------------------------------------- Message: 1 Date: Fri, 3 Sep 2021 07:54:41 +0000 From: Ken Liu <Ken.Liu(a)arm.com> To: "tf-m(a)lists.trustedfirmware.org" <tf-m(a)lists.trustedfirmware.org> Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] [RFC] Can we remove the rule to use enum for error code? Message-ID: <DBBPR08MB4741B0807FC4ACD9F4466520F5CF9(a)DBBPR08MB4741.eurprd08.prod.outlook.com> Content-Type: text/plain; charset="utf-8" I am okay to remove it. Even it can be used to check the error types, but some of the developers do typecast on enum which makes the rule no sense. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M Sent: Friday, September 3, 2021 3:45 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] [RFC] Can we remove the rule to use enum for error code? Hi all, Probably you didn’t know that there is such a rule in TF-M coding standard<https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftf-m-user…>: * Use enumeration for error codes to keep the code readable. Personally, I’d prefer macros to enum, for error codes. * The implicit type casting of enum can be an issue in coding. TF-M has a document<https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftf-m-user…> to solve this. * Using macros to define error codes aligns with PSA return code definitions. * Enum makes function and variable definitions longer * Enum may help developers skip writing specific error code values. But it becomes a trouble when you see an error number from log. You might need to count the enum fields one by one. * Error codes for errors are usually negative but enums are positive ones by default. I’d like to propose to remove this rule from TF-M coding standard. But it doesn’t mean that enum shall not be used anymore. I’m wondering if macros for error code in TF-M can be approved as well. 😊 May I know your opinions please? If it is a convention or a good practice to use enum for error codes in security/trusted software, please help point me to the reference. I don’t find one via google. Thanks a lot! Best regards, Hu Ziji -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://jpn01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.trus…> ------------------------------ Message: 2 Date: Fri, 3 Sep 2021 08:38:02 +0000 From: Andrew Thoelke <Andrew.Thoelke(a)arm.com> To: "tf-m(a)lists.trustedfirmware.org" <tf-m(a)lists.trustedfirmware.org> Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] [RFC] Can we remove the rule to use enum for error code? Message-ID: <DB7PR08MB38651B33CD7BAEB9BF05F0229ACF9(a)DB7PR08MB3865.eurprd08.prod.outlook.com> Content-Type: text/plain; charset="utf-8" Hi, In my experience, the only significant benefit of using enums is that some debuggers display the symbolic name for a value with the enum type. But, as already mentioned, using enums does not help in parsing logs, or decoding error values in integer variables/registers; particularly when the definition does not provide explicit values for each identifier. In addition, the rules for determining the implicit integer type for an enum type are non-trivial. This results in a lack of transparency when reading or reviewing code with respect to the size of the enum type in a data structure, or the behaviour when converting an enum value to an integer (or back again). This is why the PSA specifications use explicitly sized integer types for types like psa_status_t, and macros to define values of such types. Regards, Andrew From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M Sent: 03 September 2021 08:45 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] [RFC] Can we remove the rule to use enum for error code? Hi all, Probably you didn’t know that there is such a rule in TF-M coding standard<https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftf-m-user…>: * Use enumeration for error codes to keep the code readable. Personally, I’d prefer macros to enum, for error codes. * The implicit type casting of enum can be an issue in coding. TF-M has a document<https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftf-m-user…> to solve this. * Using macros to define error codes aligns with PSA return code definitions. * Enum makes function and variable definitions longer * Enum may help developers skip writing specific error code values. But it becomes a trouble when you see an error number from log. You might need to count the enum fields one by one. * Error codes for errors are usually negative but enums are positive ones by default. I’d like to propose to remove this rule from TF-M coding standard. But it doesn’t mean that enum shall not be used anymore. I’m wondering if macros for error code in TF-M can be approved as well. 😊 May I know your opinions please? If it is a convention or a good practice to use enum for error codes in security/trusted software, please help point me to the reference. I don’t find one via google. Thanks a lot! Best regards, Hu Ziji -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://jpn01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.trus…> ------------------------------ Subject: Digest Footer TF-M mailing list TF-M(a)lists.trustedfirmware.org https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… ------------------------------ End of TF-M Digest, Vol 35, Issue 6 *********************************** Disclaimer: This message and any files or text attached to it are intended only for the recipients named above and contain information that may be confidential or privileged. If you are not an intended recipient, you must not forward, copy, use or otherwise disclose this communication or the information contained herein. In the event you have received this message in error, please notify the sender immediately by replying to this message, and then delete all copies of it from your system. Thank you.

4 years, 1 month

2
1
0 0

Unaligned flash read/write is supported in Boot & FWU

by Sherry Zhang

Hi, The following patch enables the flash read/write with unaligned address/cnt for MCUboot and Firmware Update partition. https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/10947 This patch has been merged and thanks to all who have reviewed on this patch. As this patch can impact the MCUboot booting up on the platforms, if there is any booting up issue on your platform after this commit, do not hesitate to feedback to me. 😊 Thanks, Regards, Sherry Zhang

4 years, 1 month

1
0
0 0

BOOT_TFM_SHARED_DATA_* usage in arm/musca_b1

by Bohdan.Hunko＠infineon.com

Hi everyone! I see definitions of BOOT_TFM_SHARED_DATA_* in platform\ext\target\arm\musca_b1\sse_200\partition\region_defs.h but I don't see any real usage of that memory. I have found TF-M doc<https://tf-m-user-guide.trustedfirmware.org/docs/technical_references/desig…> that describe usage of shared memory for Firmware Update Service but once again I was not able to find any code that uses that. I would appreciate if someone could point to docs on this or to code that actually uses shared data between BL2 and TF-M SPE. Best regards, Bohdan Hunko Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko(a)infineon.com<mailto:Bohdan.Hunko@infineon.com>

4 years, 1 month

4
3
0 0

[RFC] Can we remove the rule to use enum for error code?

by David Hu

Hi all, Probably you didn’t know that there is such a rule in TF-M coding standard<https://tf-m-user-guide.trustedfirmware.org/docs/contributing/coding_guide.…>: * Use enumeration for error codes to keep the code readable. Personally, I’d prefer macros to enum, for error codes. * The implicit type casting of enum can be an issue in coding. TF-M has a document<https://tf-m-user-guide.trustedfirmware.org/docs/technical_references/desig…> to solve this. * Using macros to define error codes aligns with PSA return code definitions. * Enum makes function and variable definitions longer * Enum may help developers skip writing specific error code values. But it becomes a trouble when you see an error number from log. You might need to count the enum fields one by one. * Error codes for errors are usually negative but enums are positive ones by default. I’d like to propose to remove this rule from TF-M coding standard. But it doesn’t mean that enum shall not be used anymore. I’m wondering if macros for error code in TF-M can be approved as well. 😊 May I know your opinions please? If it is a convention or a good practice to use enum for error codes in security/trusted software, please help point me to the reference. I don’t find one via google. Thanks a lot! Best regards, Hu Ziji

4 years, 1 month

4
4
0 0

Re: [TF-M] TF-M v1.3.0 release - Fault Injection and DPA in line with PSA L3 Certification

by Reed Hinkel

Hello Suresh: How are you? I hope all is well with you! Virtual Linaro Connect Fall is next week and there is a presentation relevant to your question along with some others. As an online event, it is free registration and I am listing here below a few sessions that might be of interest to you related to security and AI inferencing for microcontrollers: https://connect.linaro.org/schedule LVC21F-116 Assessing the effectiveness of MCUBoot protections against fault injection attacks https://events.pinetool.ai/2231/#sessions/67139?referrer%5Bpathname%5D=%2Fs… LVC21F-112 Picolibc: A C Library for Smaller Systems https://events.pinetool.ai/2231/#sessions/67136?referrer%5Bpathname%5D=%2Fs… LVC21F-303 Secure Sensor Data Pipeline https://events.pinetool.ai/2231/#sessions/67174?referrer%5Bpathname%5D=%2Fs… LVC21F-312 TrustedFirmware.org panel discussion https://events.pinetool.ai/2231/#sessions/67183?referrer%5Bpathname%5D=%2Fs… LVC21F-319 TVM for micro targets https://events.pinetool.ai/2231/#sessions/67190?referrer%5Bpathname%5D=%2Fs… I thought you may be interested in the AI as well since there are security implications for trusted AI. All the best! Reed From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Suresh Marisetty via TF-M <tf-m(a)lists.trustedfirmware.org> Reply-To: "Suresh.Marisetty(a)infineon.com" <Suresh.Marisetty(a)infineon.com> Date: Thursday, September 2, 2021 at 8:23 AM To: Anton Komlev <Anton.Komlev(a)arm.com>, "tf-m(a)lists.trustedfirmware.org" <tf-m(a)lists.trustedfirmware.org> Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] TF-M v1.3.0 release - Fault Injection and DPA in line with PSA L3 Certification Hi, I have a question related to the PSA L3 certification and the requirement to support Side-channel and fault injection attacks. I have noted that TFM and MCUBoot does implement some software countermeasures for Fault Injection. However, I am wondering if there is similar implementation support for the Crypto Lib in TFM (or Mbed TLS) with software counter measures for side channel DPA. Needless to say, there are some known best practices for DPA software countermeasures. thanks Suresh Marisetty Infineon Semiconductor Corporation From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Friday, April 9, 2021 6:25 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] TF-M v1.3.0 release Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://goto.infineon.com/SocialEngineering>. Hello, TF-M project released version v1.3.0, tagged as TF-Mv1.3.0. Please take a look into the release notes for the new features and changes: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/refer… The major features: * Support stateless RoT Service defined in FF-M 1.1 * Support Second-Level Interrupt Handling (SLIH) defined in FF-M 1.1 * Add Firmware Update (FWU) secure service, following Platform Security Architecture Firmware Update API * Migrate to Mbed TLS v2.25.0 * Update MCUboot version to v1.7.2 * Add a TF-M generic threat model * Implement Fault Injection Handling library to mitigate physical attacks * Add Profile Large * Enable code sharing between boot loader and TF-M * Support Armv8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) feature * New platforms added * Add a TF-M security landing page * Enhance dual-cpu non-secure mailbox reference implementation This is the first release performed in the OpenCI infrastructure with no single issue encountered. Thanks to everyone who directly and indirectly contributed to this milestone. Anton Komlev TF-M technical lead Arm Ltd.

4 years, 1 month

1
0
0 0

Re: [TF-M] TF-M v1.3.0 release - Fault Injection and DPA in line with PSA L3 Certification

by Suresh.Marisetty＠infineon.com

Hi, I have a question related to the PSA L3 certification and the requirement to support Side-channel and fault injection attacks. I have noted that TFM and MCUBoot does implement some software countermeasures for Fault Injection. However, I am wondering if there is similar implementation support for the Crypto Lib in TFM (or Mbed TLS) with software counter measures for side channel DPA. Needless to say, there are some known best practices for DPA software countermeasures. thanks Suresh Marisetty Infineon Semiconductor Corporation From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Friday, April 9, 2021 6:25 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] TF-M v1.3.0 release Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://goto.infineon.com/SocialEngineering>. Hello, TF-M project released version v1.3.0, tagged as TF-Mv1.3.0. Please take a look into the release notes for the new features and changes: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/refer… The major features: * Support stateless RoT Service defined in FF-M 1.1 * Support Second-Level Interrupt Handling (SLIH) defined in FF-M 1.1 * Add Firmware Update (FWU) secure service, following Platform Security Architecture Firmware Update API * Migrate to Mbed TLS v2.25.0 * Update MCUboot version to v1.7.2 * Add a TF-M generic threat model * Implement Fault Injection Handling library to mitigate physical attacks * Add Profile Large * Enable code sharing between boot loader and TF-M * Support Armv8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) feature * New platforms added * Add a TF-M security landing page * Enhance dual-cpu non-secure mailbox reference implementation This is the first release performed in the OpenCI infrastructure with no single issue encountered. Thanks to everyone who directly and indirectly contributed to this milestone. Anton Komlev TF-M technical lead Arm Ltd.

4 years, 1 month

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M