- TF-M - lists.trustedfirmware.org

by Anton Komlev

Hi, The next Technical Forum is planned on Thursday, July 8 at 15:00-16:00 UTC (US time zone). Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

3 years, 9 months

1
0
0 0

Questions on Musca-B1 SE implementation - code size analysis

by Suresh.Marisetty＠infineon.com

Hi Mark, Wondering if someone can provide more visibility in the following in regards to the SE build with profile medium and large: 1. What ciphers are supported in medium vs. large (I see the size of the code bloats up almost twice from 30 to 60K approx) – observation from size of libmbedcrypto and libcrypto_service_cc312 – any clear documentation on this or a link would be helpful (besides code review) 2. When the SE is built for the large profile, assume it also includes “Software countermeasures against physical attacks” since it is offloading to the CC-312 * Is there a way to build the large profile without physical attack counter-measures? * While library are these countermeasures implemented in (libmbed or lib_cc312)? 3. On our initial analysis, for a medium profile these two libraries appears to be 30K-33K in size each and is this in the right ballpark? (with minsizerel) I assume the code size increase is due to additional cipher support + physical attack countermeasures. Correct me otherwise. thanks Suresh Marisetty Infineon Semiconductor Corporation From: Mark Horvath <Mark.Horvath(a)arm.com> Sent: Friday, May 14, 2021 5:30 AM To: Marisetty Suresh (CYSC CSS ICW SW SSE) <Suresh.Marisetty(a)infineon.com>; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: Questions on Musca-B1 SE implementation Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://goto.infineon.com/SocialEngineering>. Hi Suresh, Yes, by default the cc312 acceleration is turned on at build time for SE, and the algorithms will be handled by HW instead of the SW implementation. If you would like to use SW crypto instead you can pass the HW_ACCELERATOR="OFF" flag to cmake when building the SE TF-M instance. And here are the TF-M image sizes as of now with GCC in release mode: SE: ~185 KiB code flash and ~63 KiB RAM Host: ~22 KiB code flash and ~16 KiB RAM (a few more KiB needed for the images in flash for image header and trailer if loaded by mcuboot) Best regards, Mark ________________________________ From: David Hu <David.Hu(a)arm.com<mailto:David.Hu@arm.com>> Sent: Thursday, May 13, 2021 5:26 AM To: Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com> <Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>>; Tamas Ban <Tamas.Ban(a)arm.com<mailto:Tamas.Ban@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> <tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>>; Mark Horvath <Mark.Horvath(a)arm.com<mailto:Mark.Horvath@arm.com>> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: Questions on Musca-B1 SE implementation Hi @Mark Horvath<mailto:Mark.Horvath@arm.com>, Could you please help take a look at the following questions about Musca-B1 SE? Thanks 😊 Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Suresh Marisetty via TF-M Sent: Thursday, May 13, 2021 6:04 AM To: Tamas Ban <Tamas.Ban(a)arm.com<mailto:Tamas.Ban@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] Questions on Musca-B1 SE implementation Hi Tamas, The following is good information. A few questions: 1. Is it correct to state that for the SE, the PSA RoT services do not have any software Crypto implementation, but leverage from CC-312? 2. What is the size of the TFM on the host (M33) with only PSA RoT service proxy with redirection to SE 3. Just trying to understand the TFM image size requirements on M33 vs. SE 4. How much of the Flash region/code Executed In Place vs. execution out of SRAM (XIP) thanks Suresh Marisetty Infineon Semiconductor Corporation From: Tamas Ban <Tamas.Ban(a)arm.com<mailto:Tamas.Ban@arm.com>> Sent: Friday, April 30, 2021 12:40 AM To: Marisetty Suresh (CYSC CSS ICW SW SSE) <Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: Questions on Musca-B1 SE implementation Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://goto.infineon.com/SocialEngineering>. Hi Suresh, Here is a link how to build images to Musca-B1 SE: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e… I have built with GCC and MinSizeRel build type: Profile Medium: Memory region Used Size Region Size %age Used FLASH: 101464 B 381 KB 26.01% RAM: 61304 B 64 KB 93.54% [100%] Built target tfm_s Profile Large: Memory region Used Size Region Size %age Used FLASH: 170448 B 381 KB 43.69% RAM: 62980 B 64 KB 96.10% [ 97%] Built target tfm_s The profiles means different capabilities of TF-M, they were introduced to support constrained devices as well, with limited capability. There is a detailed description about the profiles here: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/techn… BR, Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Suresh Marisetty via TF-M Sent: 2021. április 29., csütörtök 21:49 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] Questions on Musca-B1 SE implementation I am following up on a question that came up on the TFM Core and MCUBoot image sizes that is built for SE on Musca-B1. We are trying to figure out the resource requirements for SE, to be able to host the TF-M as suggested in the slides below. Wondering if anyone throw more light on the RAM/FLASH requirements for it. Also, does the TFM profile small/medium/large map to this at all or is it different from them. Also, what’s are the estimated latencies of boot on SE with all the Flash accesses, etc. https://www.trustedfirmware.org/docs/Musca-B1-Secure-Enclave-Solution.pdf https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e… Any info on this would be appreciated. thanks Suresh Marisetty Infineon Semiconductor Corporation

3 years, 9 months

1
0
0 0

Re: [TF-M] How to build psa-arch-tests to debug mode with debug symbols

by Summer Qin

Hi Matt, Do you want to just build psa-arch tests alone? I check the psa-arch-tests build command documentation (api-tests/dev_apis/README.md), it doesn't mention '-DCMAKE_BUILD_TYPE'. Usually, we build it from TF-M side. It has debug symbols if you build from TF-M with '-DCMAKE_BUILD_TYPE=Debug'. Also, you can build debug variant through the DS-5 environment. It also works. BR, Summer ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Matt via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: Thursday, July 1, 2021 9:11 AM To: tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org> Subject: [TF-M] How to build psa-arch-tests to debug mode with debug symbols Hi All experts, I want to build psa-arch-tests to debug mode with debug symbols. I have tried the following command, but it does not take effect. cmake ../ -G"<generator_name>" -DTARGET=<platform_name> -DCPU_ARCH=<cpu_architecture_version> -DCMAKE_BUILD_TYPE=Debug -DSUITE=<suite_name> -DPSA_INCLUDE_PATHS="<include_path1>;<include_path2>;...;<include_pathn>" cmake --build . How can I build psa-arch-tests to debug mode with debug symbols? Thanks, Matt

3 years, 9 months

2
2
0 0

How to build psa-arch-tests to debug mode with debug symbols

by Matt

Hi All experts, I want to build psa-arch-tests to debug mode with debug symbols. I have tried the following command, but it does not take effect. cmake ../ -G"<generator_name>" -DTARGET=<platform_name> -DCPU_ARCH=<cpu_architecture_version> -DCMAKE_BUILD_TYPE=Debug -DSUITE=<suite_name> -DPSA_INCLUDE_PATHS="<include_path1>;<include_path2>;...;<include_pathn>" cmake --build . How can I build psa-arch-tests to debug mode with debug symbols? Thanks, Matt

3 years, 9 months

1
0
0 0

[Doc]Update sphinx to 2.0.1

by Summer Qin

Hi, To better maintain tf-m documentation, we plan to enable 'turn warnings into errors' in documentation HTML generation. The patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/10424> is on review now. One note is that sphinx should be updated to 2.0.1, otherwise there will be some 'duplicate label' warnings, which will fail documentation generation. Best Regards, Summer

3 years, 9 months

1
0
0 0

Re: [TF-M] Static check framework for TF-M

by Gyorgy Szing

Hi, Please consider separating the configuration files from the scripts/tools. That would enable re-using the scripts in other projects. I.e. if the .clang-format file lives in the tf-m repo, then the script running clang-format could be used with multiple repositories. /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Salome Thirot via TF-M Sent: 28 June 2021 11:42 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] Static check framework for TF-M Hi all, Hugo L'Hostis and I have written a series of patches to enable various checks that can be done locally before committing the code, they will be added in the tf-m-tools repository. The patches are the following, any comment is welcome: cppcheck: https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/10009/8 clang-format: https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/10463/2 copyright headers: https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/10464/2 Regards, Salome

3 years, 9 months

1
0
0 0

Re: [TF-M] TFM psa-arch-tests using mbedtls

by Summer Qin

Hi Matt, Thanks for your nice feedback! Yes, your understanding is correct. We had discussed this issue in mbedtls github, you can refer the details here<https://github.com/ARMmbed/mbed-crypto/issues/175>. We also feedback it to psa arch test team, hope they can fix it soon. Again, thanks for pointing it out : ) BR, Summer ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Matt via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: Wednesday, June 30, 2021 10:33 AM To: tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org> Subject: [TF-M] TFM psa-arch-tests using mbedtls Hi all TFM experts, 近期我在移植psa-arch-tests到我们的板子上，想看下functional api的测试结果。 TFM用的是1.1的版本，psa-arch-tests 用的是master分支，代码取到 1f96094734897674fa907fba2050bc52e1b3d0fe 这个commit. mbedtls使用的分支是2.23.0。在测试crypto 的 c021 ，即psa_key_derivation_output_key的测试时，看结果是FAIL的，看了下c021下的test_data.h，check1数组前面两项的信息如下， static const test_data check1[] = { {"Test psa_key_derivation_output_key - Key\n", PSA_KEY_TYPE_DERIVE, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, 0x5F, 0xC9, 0x77}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)), PSA_KEY_DERIVATION_INPUT_SECRET, 32, {0}, 0, PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_SUCCESS }, {"Test psa_key_derivation_output_key - Info\n", PSA_KEY_TYPE_DERIVE, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, 0x5F, 0xC9, 0x77}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)), PSA_KEY_DERIVATION_INPUT_INFO, 32, "This is the info", 16, PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_SUCCESS }, 秘钥派生的算法使用的是PSA_ALG_HKDF(PSA_ALG_SHA_256)，在mbedtls库中，使用HKDF算法时，在读取输出即调用 psa_key_derivation_output_bytes或者psa_key_derivation_output_key时，内部调用到 psa_key_derivation_hkdf_read时会检查两个必要的条件，一个是是否已输入key，一个是是否已输入info，如果只输入一个，就返回BAD_STATE。但是上面 check1的前两项都是只输入一个项， check1的第一项是只输入key, 第二项是只输入info，所以应该返回 BAD_STATE，不应该是 PSA_SUCCESS。在psa arch tests crypto的 c020测试中早期的版本也有类似的问题，不过最新的代码已变化为输入key和info 这两个量后才去读取派生的结果。在网上也了解了下HKDF的介绍，也提到了key和info这两个必要的输入： [cid:20571824$1$17a5ac32875$Coremail$majun.china$126.com] 如果使用TFM默认的 mbedtls库，crypto的这个测试应该是通不过的，因为mbedtls最新的版本，在读取派生结果时，依然要检测key和info是否都已输入。请帮check下，是我理解的不对，还是crypto 的 c021 这个case不适合mbedtls软算法库。以上信息，感谢TFM的各位专家，期盼你们的回复谢谢！

3 years, 9 months

2
1
0 0

TFM psa-arch-tests using mbedtls

by Matt

Hi all TFM experts, 近期我在移植psa-arch-tests到我们的板子上，想看下functional api的测试结果。 TFM用的是1.1的版本，psa-arch-tests 用的是master分支，代码取到 1f96094734897674fa907fba2050bc52e1b3d0fe 这个commit. mbedtls使用的分支是2.23.0。在测试crypto 的 c021 ，即psa_key_derivation_output_key的测试时，看结果是FAIL的，看了下c021下的test_data.h，check1数组前面两项的信息如下， static const test_data check1[] = { {"Test psa_key_derivation_output_key - Key\n", PSA_KEY_TYPE_DERIVE, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, 0x5F, 0xC9, 0x77}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)), PSA_KEY_DERIVATION_INPUT_SECRET, 32, {0}, 0, PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_SUCCESS }, {"Test psa_key_derivation_output_key - Info\n", PSA_KEY_TYPE_DERIVE, {0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99, 0x5F, 0xC9, 0x77}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)), PSA_KEY_DERIVATION_INPUT_INFO, 32, "This is the info", 16, PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_SUCCESS }, 秘钥派生的算法使用的是PSA_ALG_HKDF(PSA_ALG_SHA_256)，在mbedtls库中，使用HKDF算法时，在读取输出即调用 psa_key_derivation_output_bytes或者psa_key_derivation_output_key时，内部调用到 psa_key_derivation_hkdf_read时会检查两个必要的条件，一个是是否已输入key，一个是是否已输入info，如果只输入一个，就返回BAD_STATE。但是上面 check1的前两项都是只输入一个项， check1的第一项是只输入key, 第二项是只输入info，所以应该返回 BAD_STATE，不应该是 PSA_SUCCESS。在psa arch tests crypto的 c020测试中早期的版本也有类似的问题，不过最新的代码已变化为输入key和info 这两个量后才去读取派生的结果。在网上也了解了下HKDF的介绍，也提到了key和info这两个必要的输入：如果使用TFM默认的 mbedtls库，crypto的这个测试应该是通不过的，因为mbedtls最新的版本，在读取派生结果时，依然要检测key和info是否都已输入。请帮check下，是我理解的不对，还是crypto 的 c021 这个case不适合mbedtls软算法库。以上信息，感谢TFM的各位专家，期盼你们的回复谢谢！

3 years, 9 months

1
0
0 0

Static check framework for TF-M

by Salome Thirot

Hi all, Hugo L'Hostis and I have written a series of patches to enable various checks that can be done locally before committing the code, they will be added in the tf-m-tools repository. The patches are the following, any comment is welcome: cppcheck: https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/10009/8 clang-format: https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/10463/2 copyright headers: https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/10464/2 Regards, Salome

3 years, 9 months

1
0
0 0

Re: [TF-M] Remove Customized Region Name Prefix in Linker Scripts

by Andrej Butok

This is the "good practice" to add prefixes to global names. From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Xinyu Zhang via TF-M Sent: Thursday, June 24, 2021 12:00 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] Remove Customized Region Name Prefix in Linker Scripts Hi, The existing linker definitions abuse prefixes such as ER_ and TFM_. Some names do not have a clear scope, which reduces the readability. Here are some patches to address the problem: * Patch 10383 <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr ustedfirmware.org%2Fc%2FTF-M%2Ftrusted-firmware-m%2F%2B%2F10383&data=04%7C01 %7Candrey.butok%40nxp.com%7C8c57174d86d447802a4908d936f6d729%7C686ea1d3bc2b4 c6fa92cd99c5c301635%7C0%7C0%7C637601256068960339%7CUnknown%7CTWFpbGZsb3d8eyJ WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata =G8Jf5YT4mptpeBUw8U7YkVbSKGvgXXtC3G8wRBqbJvY%3D&reserved=0> : TFM_UNPRIV_CODE --> UNPRIV_CODE * Patch 10384 <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr ustedfirmware.org%2Fc%2FTF-M%2Ftrusted-firmware-m%2F%2B%2F10384&data=04%7C01 %7Candrey.butok%40nxp.com%7C8c57174d86d447802a4908d936f6d729%7C686ea1d3bc2b4 c6fa92cd99c5c301635%7C0%7C0%7C637601256068970289%7CUnknown%7CTWFpbGZsb3d8eyJ WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata =BSU1cXFeV61T48OO68FHJVFxD4tnSHz%2FmndTUSWjLOE%3D&reserved=0> : TFM_SP_LOAD_LIST --> SP_LOAD_LIST * Patch 10385 <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.tr ustedfirmware.org%2Fc%2FTF-M%2Ftrusted-firmware-m%2F%2B%2F10385&data=04%7C01 %7Candrey.butok%40nxp.com%7C8c57174d86d447802a4908d936f6d729%7C686ea1d3bc2b4 c6fa92cd99c5c301635%7C0%7C0%7C637601256068970289%7CUnknown%7CTWFpbGZsb3d8eyJ WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata =PYVkbSu05KgbqdUk%2FdCC7MAAg3KoNPKYXA4C1PrdnK0%3D&reserved=0> : TFM_SECURE_* --> SECURE_* Please help to put comments and inform us if your platforms couple tightly with the symbols defined in LD. Thanks, Xinyu

3 years, 10 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M