- TF-M - lists.trustedfirmware.org

Rollback protection in Internal Trusted Storage

by Bojan Simoneta

Dear TF-M Community, I have a question regarding rollback protection in Internal Trusted Storage. Scenario: Recently we are seeing an increasing number of products which will come to market without internal Flash; together with this, there is also the requirement to store permanent keys using PSA key management APIs as psa_import_key, which will then in turn use Internal Trusted Storage as place where keys will be written. Considering these requirements there is a necessity to implement the Internal Trusted Storage in external Flash, which brings with it security challenges: the keys stored in external Flash would require confidentiality but also rollback protection. The encryption of ITS encryption was recently enabled as you can see in the following Pull request https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/15096, but rollback protection is not yet implemented. Proposal: Our proposal would be to: - Add ITS rollback protection as optional feature, since it is not desired feature for product where the ITS storage is internal - Add rollback protection mechanism to Internal Trusted Storage functions relying on the NV counters APIs called from the platform layer, similar as is already done for Protected Storage Also, we are open to discuss any other proposal which would help us to fulfill the above requests (ITS in external Flash with still providing confidentiality and rollback protection). Thanks in advance for the answer and further guidance on the topic. KR, Bojan Simoneta Bojan Simoneta (He / Him / His) Principal Embedded SW Engineer Phone: +433124 299160 Email: bojan.simoneta(a)nxp.com<mailto:bojan.simoneta@nxp.com> [cid:image006.png@01DC347E.50852920] NXP Semiconductors Austria GmbH & Co KG | Mikronweg 1, 8101 Gratkorn | Austria | Sitz: Gratkorn, Österreich | Firmenbuchgericht: Landesgericht für ZRS Graz | Firmenbuchnummer: FN 541474 k | VAT: ATU76231908 Unless otherwise recorded in a signed, written agreement, all sales transactions by NXP are exclusively subject to NXP's Terms and Conditions of Commercial Sale ("NXP Terms") published at: www.nxp.com/profile/terms/index.html<http://www.nxp.com/profile/terms/index.html>. NXP explicitly rejects and disregards any terms and conditions of customer that add to, or differ from, NXP's Terms irrespective of when customer raises its terms. The information contained in this message is confidential. The message is intended solely for the addressee(s). If you are not the intended recipient, any use, dissemination, or reproduction is strictly prohibited and may be unlawful and you are asked to please contact the sender by return e-mail and destroy all copies of the original message.

7 months, 2 weeks

2
1
0 0

TF-M CI Coverity changes

by Matt Dalzell

Hi all, We are considering moving the TF-M Coverity scan (the results from https://ci.trustedfirmware.org/view/TF-M/job/tf-m-coverity/) to a private instance. I am sending this out to find out if anyone who is external to Arm uses these results, or would like to see the results in the future. If there is interest in keeping the public one working then we can have both the private and public ones running alongside each other to keep the results visible. Please let me know if you are a user of the current Coverity system, or wish to be able to view the results in the future so the jobs can be configured accordingly. If no interest is shown then the Coverity scan will be switched over to only the private instance. Thanks, Matt Dalzell - Arm

7 months, 3 weeks

1
0
0 0

GNU compiler update

by Matt Dalzell

Hello all, Today we have upgraded the version of Arm GNU Toolchain on the TF-M OpenCI to version 14.3rel1. We ask that you please update your local version to match this to allow for ongoing compatibility. If you have any questions or issues, please do not hesitate to let me know. Thanks, Matt Dalzell - Arm

7 months, 3 weeks

1
0
0 0

Re: CI infrastructure scheduled maintenance: 12th Sep 2025

by saheer.babu＠arm.com

The content of this message was lost. It was probably cross-posted to multiple lists and previously handled on another list.

8 months, 1 week

1
0
0 0

FW: CI infrastructure scheduled maintenance: 12th Sep 2025

by Joanna Farley

FYI From: Saheer Babu via Tf-openci <tf-openci(a)lists.trustedfirmware.org> Date: Wednesday, 10 September 2025 at 15:17 To: tf-openci(a)lists.trustedfirmware.org <tf-openci(a)lists.trustedfirmware.org> Subject: [Tf-openci] CI infrastructure scheduled maintenance: 12th Sep 2025 Hi all, We will be performing upgrade of the clusters hosting review.trustedfirmware.org and ci.trustedfirmware.org on Friday, 12th Sep 2025 at 16:00 GMT+1. During this maintenance window, both services will be unavailable for approximately 4 hours. A follow-up email will be sent once the services are fully restored. Best regards, Saheer IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- Tf-openci mailing list -- tf-openci(a)lists.trustedfirmware.org To unsubscribe send an email to tf-openci-leave(a)lists.trustedfirmware.org

8 months, 1 week

1
0
0 0

TF-M version reporting issue

by Anton Komlev

Hello, We've identified an issue with the TF-M versioning: it reports the wrong version from Git tags (showing v2.1.3 instead of the correct v2.2.1). As a temporary workaround, please set the version manually. We're working on a fix and will share updates as soon as possible. Best regards, Anton Komlev

8 months, 1 week

1
1
0 0

libpsaadac-populate build Tag error (PLATFORM_PSA_ADAC_SECURE_DEBUG)

by 박진국

Hello, I’m trying to enable the secure debug feature and configured TF-M as follows: 1) Configuration # ./config/config_base.cmake set(PLATFORM_PSA_ADAC_SECURE_DEBUG TRUE CACHE BOOL "Whether to use psa-adac secure debug.") set(PLATFORM_PSA_ADAC_SOURCE_PATH "DOWNLOAD" CACHE PATH "Path to source dir of psa-adac.") set(PLATFORM_PSA_ADAC_VERSION "819a254" CACHE STRING "The version of psa-adac to use.") 2) Build result (error) -- Populating libpsaadac -- Configuring done (0.0s) -- Generating done (0.0s) -- Build files have been written to: /home/jkpark/ADP620/tf-m/cmake_build/rdv3r1/0/lib/ext/libpsaadac-subbuild [1/9] Creating directories for 'libpsaadac-populate' [1/9] Performing download step (git clone) for 'libpsaadac-populate' Cloning into 'libpsaadac-src'... HEAD is now at 819a254 ADAC: Check return value of psa_adac_generate_challenge [2/9] Performing update step for 'libpsaadac-populate' e*rror: pathspec '819a254;;' did not match any file(s) known to git * *CMake Error at .../libpsaadac-populate-gitupdate.cmake:188 (execute_process): * * execute_process failed command indexes: * * 1: "Child return code: 1" * 3) Generated ExternalProject invocation /cmake_build/rdv3r1/0/lib/ext/libpsaadac-subbuild/CMakeLists.txt include(ExternalProject) ExternalProject_Add(libpsaadac-populate "UPDATE_DISCONNECTED" "False" "GIT_REPOSITORY" "https://git.trustedfirmware.org/shared/psa-adac.git" "EXTERNALPROJECT_INTERNAL_ARGUMENT_SEPARATOR" "GIT_TAG" "819a254" "" "" SOURCE_DIR "/home/jkpark/ADP620/tf-m/cmake_build/rdv3r1/0/lib/ext/libpsaadac-src" BINARY_DIR "/home/jkpark/ADP620/tf-m/cmake_build/rdv3r1/0/lib/ext/libpsaadac-build" CONFIGURE_COMMAND "" BUILD_COMMAND "" INSTALL_COMMAND "" TEST_COMMAND "" USES_TERMINAL_DOWNLOAD YES USES_TERMINAL_UPDATE YES USES_TERMINAL_PATCH YES ) *Questions * *https://git.trustedfirmware.org/shared/psa-adac.git <https://git.trustedfirmware.org/shared/psa-adac.git> * *What is causing the tag-related error when using the repository at https://git.trustedfirmware.org/shared/psa-adac.git <https://git.trustedfirmware.org/shared/psa-adac.git> * ? Environment Path: /home/jkpark/ADP620/tf-m/cmake_build/rdv3r1/0/... Platform: RDV3R1 I would be grateful for any advice or pointers from anyone familiar with this. Thank you!

8 months, 2 weeks

2
3
0 0

Update: TF-M now uses Python packaging for modules and scripts

by Mudit Sharma

Hi all, TF-M has recently introduced Python packaging for its modules and scripts. If you’re building the latest TF-M mainline, you’ll need to install them by running the following command from the root of the TF-M repository (using a virtual environment is recommended): ``` pip install . ``` or ``` # `-e` installs modules and scripts in editable/development mode i.e. source edits are automatically reflected in your dev environment pip install -e . ``` NOTE: You'll have to re-run the above command every time a new module is added, module is renamed or a new dependency is added. The documentation [1] has been updated with more details. In addition, new guidelines are now available [2] for adding new scripts and modules. Thank you. Best regards, Mudit Sharma [1]: https://trustedfirmware-m.readthedocs.io/en/latest/getting_started/index.ht… [2]: https://trustedfirmware-m.readthedocs.io/en/latest/contributing/python_scri…

8 months, 2 weeks

1
0
0 0

Re: [CANCELLED] 28/08 TF-M Tech forum

by Antonio De Angelis

Hi, TF-M's tech forum of today is cancelled due to unforeseen circumstances. Talks that were scheduled for today are postponed. Will confirm in which one of the upcoming occurrences. Apologies for the short notice. Thanks, Antonio ________________________________ From: Trusted Firmware Public Meetings Sent: Friday, June 6, 2025 10:03:13 AM To: Trusted Firmware Public Meetings <linaro.org_havjv2figrh5egaiurb229pd8c(a)group.calendar.google.com>; Anton Komlev <Anton.Komlev(a)arm.com>; Don Harbin <don.harbin(a)linaro.org>; abdelmalek.omar1(a)gmail.com <abdelmalek.omar1(a)gmail.com>; Kevin Townsend (kevin.townsend(a)linaro.org) <kevin.townsend(a)linaro.org>; seth(a)nxmlabs.com <seth(a)nxmlabs.com>; leonardo.sandoval(a)linaro.org <leonardo.sandoval(a)linaro.org>; Joanna Farley <Joanna.Farley(a)arm.com>; tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org> Subject: TF-M Tech forum When: Thursday, August 28, 2025 4:00 PM-5:00 PM. Where: https://linaro-org.zoom.us/j/95570795742?pwd=N21YWHJpUjZyS3Fzd0tkOG9hanpidz… This email keeps the event up to date in your calendar. Set up inbox filters to hide this and similar calendar sync emails. Learn more about calendar sync emails and setting up filters<https://support.google.com/calendar?p=filter_invitations> This is an open forum for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward it to colleagues. Details of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/<https://www.google.com/url?q=https%3A%2F%2Fwww.trustedfirmware.org%2Fmeetin…> ===Zoom Info==== Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: TF-M Tech forum - US Time Zone Friendly Time: Oct 29, 2020 03:00 PM Greenwich Mean Time Every 4 weeks on Thu, until Mar 18, 2021, 6 occurrence(s) Oct 29, 2020 03:00 PM Nov 26, 2020 03:00 PM Dec 24, 2020 03:00 PM Jan 21, 2021 03:00 PM Feb 18, 2021 03:00 PM Mar 18, 2021 03:00 PM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJEocOmvpz4tHtYu0Wvn2fOsG91u0kv_ECPd/ics…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fmeeting%2Ft…> Join Zoom Meeting https://linaro-org.zoom.us/j/95570795742?pwd=N21YWHJpUjZyS3Fzd0tkOG9hanpidz…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9557079…> Meeting ID: 955 7079 5742 Passcode: 177658 One tap mobile +12532158782,,95570795742# US (Tacoma) +13462487799,,95570795742# US (Houston) Dial by your location +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 301 715 8592 US (Germantown) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 955 7079 5742 Find your local number: https://linaro-org.zoom.us/u/abx3I7IoRq<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fu%2Fabx3I7I…> When Every 4 weeks from 8am to 9am on Thursday (Mountain Standard Time - Phoenix) Location https://linaro-org.zoom.us/j/95570795742?pwd=N21YWHJpUjZyS3Fzd0tkOG9hanpidz… View map<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9557079…> Guests Don Harbin<mailto:don.harbin@linaro.org> - creator anton.komlev(a)arm.com<mailto:anton.komlev@arm.com> abdelmalek.omar1(a)gmail.com<mailto:abdelmalek.omar1@gmail.com> kevin.townsend(a)linaro.org<mailto:kevin.townsend@linaro.org> seth(a)nxmlabs.com<mailto:seth@nxmlabs.com> leonardo.sandoval(a)linaro.org<mailto:leonardo.sandoval@linaro.org> Joanna Farley<mailto:joanna.farley@arm.com> tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Invitation from Google Calendar<https://calendar.google.com/calendar/> You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more<https://support.google.com/calendar/answer/37135#forwarding>

8 months, 3 weeks

1
0
0 0

by Takekazu Tabata (Fujitsu)

Dear TF-M Team, I'm Takekazu Tabata, a director and architect from the Fujitsu processor team. We are currently developing FUJITSU-MONAKA, which supports the CCA feature. We have three questions regarding the TF-M documents and TF-M implementations. We would greatly appreciate it if you could provide answers. Question 1) In the TF-M document “RSE provisioning”, The CM provisioning Key is used to encrypt DM Provisioning Bundle. https://trustedfirmware-m.readthedocs.io/en/latest/platform/arm/rse/rse_pro… After the cold reset, the RSE will automatically transition to Device Manufacturer provisioning state “DM” as the LCM hardware state-machine reads the values of the cm_config_1 and cm_config_2 fields as non-zero. This state is designed to provision the DM provisioning key, the DM code-encryption key and the DM config. The procedure follows the same steps as the CM provisioning flow, with the exception that the bundle will now be encrypted and signed using the CM provisioning key and must be placed at the base of VM1. However, the purpose of the data provided in the DM is not described in this document. These data are not used in the source code of TF-M v2.2.0. DM provisioning is probably assumed to be done during device manufacturing, but could you explain the purpose in more detail? Also, What are the DM provisioning key, the DM code-encryption key and the DM config used for? Question 2) In the TF-M document “RSE integration guide”, attestation key(CPAK) is derived by GUK. https://trustedfirmware-m.readthedocs.io/en/latest/platform/arm/rse/rse_int…<https://trustedfirmware-m.readthedocs.io/en/latest/platform/arm/rse/rse_int…> The GUK is a key unique to a group of chips that have identical security properties, used to derive the attestation key. However, CPAK is derived from HUK in the source code of TF-M. GUK in the specification is a typo. https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git…<https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git…> /* This derives from HUK, there is a typo in the spec, not from GUK. * FixMe: this should be configurable per platform */ return setup_key_from_derivation(KMU_HW_SLOT_HUK, NULL, iak_seed_label, sizeof(iak_seed_label), NULL, 0, RSE_KMU_SLOT_CPAK_SEED, /* FixMe: The slot needs rename to IAK_SEED */ &aes_key0_export_config, NULL, false, boot_state_config); Which is right, GUK or HUK? If it‘s HUK (not Virtual HUK), is it no problem that multiple CPAKs are generated in Multi-socket systems? Question 3) In the CM/DM lifecycle state, is it no problem to create an original provisioning bundle to run chip or device verification programs in PE? Thank you for your time and assistance. Best regards, TABATA

9 months, 1 week

2
6
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

TF-M