- TF-M - lists.trustedfirmware.org

Re: [TF-M] Timeframe on release/approval

by Minos Galanakis

Hi Jamie, Thank you very much for your interest in supporting for TF-M in your platform. Since you are contributing a new platform, I would recommend that you read the Trusted Firmware maintenance process<https://developer.trustedfirmware.org/w/collaboration/project-maintenance-p…>, for further details on the process. To answer your questions about the timeframe, that really depends on various factors, such as how busy the maintainers of this code are, weather there is a release pending which would follow a code freeze, and how complicated the changes are. I don't believe it is easy to estimate a figure. Regards, Minos ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Jamie Mccrae via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: 12 April 2021 09:40 To: tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org> Subject: [TF-M] Timeframe on release/approval Hi, I submitted a patch to add our board to the Trusted Firmware-M repository under https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9508 and was wondering on timeframes for receiving comments or having the pull request accepted? We want to have our board added to Zephyr RTOS and for that, we need the board in TF-M and pulled into the Zephyr version of this repository (I’m not sure if they can pull any version of the code or if they only pull full release versions e.g. 1.3.0), are there any comments on this and does anyone have any idea of a rough estimate the time required from now to get the base files into the zephyr version of the repository so we can submit our boards file? Thanks, Jamie THIS MESSAGE, ANY ATTACHMENT(S), AND THE INFORMATION CONTAINED HEREIN MAY BE PROPRIETARY TO LAIRD CONNECTIVITY, INC. AND/OR ANOTHER PARTY, AND MAY FURTHER BE INTENDED TO BE KEPT CONFIDENTIAL. IF YOU ARE NOT THE INTENDED RECIPIENT, PLEASE DELETE THE EMAIL AND ANY ATTACHMENTS, AND IMMEDIATELY NOTIFY THE SENDER BY RETURN EMAIL. THIS MESSAGE AND ITS CONTENTS ARE THE PROPERTY OF LAIRD CONNECTIVITY, INC. AND MAY NOT BE REPRODUCED OR USED WITHOUT THE EXPRESS WRITTEN CONSENT OF LAIRD CONNECTIVITY, INC.

4 years, 6 months

1
0
0 0

Timeframe on release/approval

by Jamie Mccrae

Hi, I submitted a patch to add our board to the Trusted Firmware-M repository under https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9508 and was wondering on timeframes for receiving comments or having the pull request accepted? We want to have our board added to Zephyr RTOS and for that, we need the board in TF-M and pulled into the Zephyr version of this repository (I'm not sure if they can pull any version of the code or if they only pull full release versions e.g. 1.3.0), are there any comments on this and does anyone have any idea of a rough estimate the time required from now to get the base files into the zephyr version of the repository so we can submit our boards file? Thanks, Jamie THIS MESSAGE, ANY ATTACHMENT(S), AND THE INFORMATION CONTAINED HEREIN MAY BE PROPRIETARY TO LAIRD CONNECTIVITY, INC. AND/OR ANOTHER PARTY, AND MAY FURTHER BE INTENDED TO BE KEPT CONFIDENTIAL. IF YOU ARE NOT THE INTENDED RECIPIENT, PLEASE DELETE THE EMAIL AND ANY ATTACHMENTS, AND IMMEDIATELY NOTIFY THE SENDER BY RETURN EMAIL. THIS MESSAGE AND ITS CONTENTS ARE THE PROPERTY OF LAIRD CONNECTIVITY, INC. AND MAY NOT BE REPRODUCED OR USED WITHOUT THE EXPRESS WRITTEN CONSENT OF LAIRD CONNECTIVITY, INC.

4 years, 6 months

1
0
0 0

TF-M v1.3.0 release

by Anton Komlev

Hello, TF-M project released version v1.3.0, tagged as TF-Mv1.3.0. Please take a look into the release notes for the new features and changes: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/refer… The major features: * Support stateless RoT Service defined in FF-M 1.1 * Support Second-Level Interrupt Handling (SLIH) defined in FF-M 1.1 * Add Firmware Update (FWU) secure service, following Platform Security Architecture Firmware Update API * Migrate to Mbed TLS v2.25.0 * Update MCUboot version to v1.7.2 * Add a TF-M generic threat model * Implement Fault Injection Handling library to mitigate physical attacks * Add Profile Large * Enable code sharing between boot loader and TF-M * Support Armv8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) feature * New platforms added * Add a TF-M security landing page * Enhance dual-cpu non-secure mailbox reference implementation This is the first release performed in the OpenCI infrastructure with no single issue encountered. Thanks to everyone who directly and indirectly contributed to this milestone. Anton Komlev TF-M technical lead Arm Ltd.

4 years, 7 months

1
0
0 0

Technical Forum call - April 15

by Anton Komlev

Hi, The next Technical Forum is planned on Thursday, April 15, 15:00-16:00 UTC (US time zone). Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

4 years, 7 months

1
0
0 0

Re: [TF-M] Issues with alignment and buffer locations

by Ken Liu

Hi Jamie, Thanks for your reply. Looks like it is mostly flash related. I have created one task for tracking this: https://developer.trustedfirmware.org/T918 We need some time to analyze this, so the response may be not short and we would keep updating. Feel free to provide your done solutions on the task. Thanks. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Jamie Mccrae via TF-M Sent: Thursday, April 1, 2021 4:59 PM To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] Issues with alignment and buffer locations Hi Ken, > Could help to provide the details so that we can see what the problem is? Looks like you mentioned two problems here, one for the un-aligned memory accessing and another is the FLASH read/write. Sure. This is being based on the nRF5340 (Cortex-M33) chipset, it uses image swapping rather than overwriting, the primary image is located in the on-chip flash and the secondary slot is located in QSPI flash, the scratch slot is also located in QSPI flash, this is the trailing part of the log when the issue with trying to write to QSPI from a non-RAM buffer occurs (GCC build): [ERR] Qerase 0xfe000 [ERR] Qerase 0xff000 [ERR] read area=3, off=0x9fff0, len=0x10 [ERR] Qread 0x9fff0 10 to 0x20005ad8 [ERR] read area=3, off=0x9ffd8, len=0x1 [ERR] Qread 0x9ffd8 1 to 0x20005ad7 [ERR] read area=3, off=0x9ffe0, len=0x1 [ERR] Qread 0x9ffe0 1 to 0x20005b22 [ERR] read area=3, off=0x9ffe8, len=0x1 [ERR] Qread 0x9ffe8 1 to 0x20005b23 [ERR] write area=5, off=0x1ffd8, len=0x4 [ERR] Qwrite 0xfffd8 4 from 0x20005ae0 [ERR] write area=5, off=0x1ffd0, len=0x4 [ERR] Qwrite 0xfffd0 4 from 0x20005ae0 [ERR] write area=5, off=0x1fff0, len=0x10 [ERR] Qwrite 0xffff0 10 from 0xcfdc [ERR] QSPI write failed -400 assertion "rc == 0" failed: file "lib/ext/mcuboot-src/boot/bootutil/src/swap_misc.c", line 125, function: swap_status_init The final write fails because it is attempting to write to QSPI from a non-RAM address, 0xcfdc is an address in the internal flash. Unless this is possibly an issue with the buffer address being overwritten somehow? > For the memory alignment, to ensure the isolation setting all sections should be 32-bytes aligned; and the stack-alignment is 8 bytes. Other contents are set as default, the toolchain should have handled them correctly. This is the error in the trailing part of the log I am getting with it reading 1 byte at a time to an invalid buffer: [ERR] read area=1, off=0, len=0x20 [ERR] Fread 0x10000 0x20 to 0x20002530 [ERR] read area=3, off=0, len=0x20 [ERR] Qread 0x0 0x20 to 0x2000255c [ERR] read area=1, off=0x9fff0, len=0x10 [ERR] Fread 0xafff0 10 to 0x20005b60 [ERR] read area=1, off=0x9ffd8, len=0x1 [ERR] Fread 0xaffd8 1 to 0x20005b5f [ERR] read area=1, off=0x9ffe0, len=0x1 [ERR] Fread 0xaffe0 1 to 0x20005baa [ERR] read area=1, off=0x9ffe8, len=0x1 [ERR] Fread 0xaffe8 1 to 0x20005bab [ERR] read area=5, off=0x1fff0, len=0x10 [ERR] Qread 0xffff0 10 to 0x20005b60 [ERR] read area=5, off=0x1ffd8, len=0x1 [ERR] Qread 0xfffd8 1 to 0x20005b5f [ERR] Qread QSPI failed assertion "rc == 0" failed: file "lib/ext/mcuboot-src/boot/bootutil/src/swap_scratch.c", line 384, function: swap_status_source The 2 issues are QSPI reads must be multiples of 4 bytes, it cannot read just 1 byte, and secondly the 0x20005b5f buffer is not 4-byte aligned so it cannot be used to store the data anyway. The same GCC linker .ld files are being used as are currently in the TF-M repository for the nRF5340-DK which is 4-byte aligned for data and bss and 8-byte aligned for heap. Qread/Qwrite = QSPI, Fread/Write = internal flash, area 5 is the scratch partition. This is TF-M built with separate secure and non-secure image slots. > Please provide the details, thank you! > > /Ken > > From: TF-M <tf-m-bounces at lists.trustedfirmware.org> On Behalf Of Jamie Mccrae via TF-M > Sent: Monday, March 29, 2021 10:19 PM > To: tf-m at lists.trustedfirmware.org > Subject: [TF-M] Issues with alignment and buffer locations > > Hi, > There seems to be a large oversight in the TF-M codeline relating to buffer alignment and locations of buffers, in terms of buffer alignment, some ARM-based silicon has restrictions on buffer alignment, generally 4-byte boundaries, this means that if a non-4 byte boundary address, buffer or data size is provided, the operation cannot be completed. Another issue is that some ARM-based silicon has restrictions on where data can be located, e.g. in RAM only for writing and not from other address spaces. > I am currently trying to get TF-M working on a Nordic nRF53-based designed and have encountered these issues many times, and can see no way to set an alignment, data size or address space limitation in the whole code line which I find to be quite displeasing given that both the silicon and software are ARM-based, I would expect the software you give for silicon based on your reference designs to actually work with it out of the box rather than need lots of work to have these limitations supported. On Nordic silicon, data can only be written and read from RAM e.g. you cannot write to flash from a flash offset, and writes must be 4-byte aligned and 4-byte sized (the QSPI functionality is being used here). > > So I am emailing here to ask: what is the suggestion for dealing with this? Why does the baseline project not (from what I can see) have any sort of support for this? > Thanks, > Jamie THIS MESSAGE, ANY ATTACHMENT(S), AND THE INFORMATION CONTAINED HEREIN MAY BE PROPRIETARY TO LAIRD CONNECTIVITY, INC. AND/OR ANOTHER PARTY, AND MAY FURTHER BE INTENDED TO BE KEPT CONFIDENTIAL. IF YOU ARE NOT THE INTENDED RECIPIENT, PLEASE DELETE THE EMAIL AND ANY ATTACHMENTS, AND IMMEDIATELY NOTIFY THE SENDER BY RETURN EMAIL. THIS MESSAGE AND ITS CONTENTS ARE THE PROPERTY OF LAIRD CONNECTIVITY, INC. AND MAY NOT BE REPRODUCED OR USED WITHOUT THE EXPRESS WRITTEN CONSENT OF LAIRD CONNECTIVITY, INC.

4 years, 7 months

1
0
0 0

Updated invitation: TF-M Tech forum @ Every 4 weeks from 10am to 11am on Thursday (CDT) (tf-m@lists.trustedfirmware.org)

by Don Harbin

This event has been changed. Title: TF-M Tech forum This is an open forum for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC.Feel free to forward it to colleagues.Details of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/==… Info====Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: TF-M Tech forum - US Time Zone FriendlyTime: Oct 29, 2020 03:00 PM Greenwich Mean Time        Every 4 weeks on Thu, until Mar 18, 2021, 6 occurrence(s)        Oct 29, 2020 03:00 PM        Nov 26, 2020 03:00 PM        Dec 24, 2020 03:00 PM        Jan 21, 2021 03:00 PM        Feb 18, 2021 03:00 PM        Mar 18, 2021 03:00 PMPlease download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJEocOmvpz4tHtYu0Wvn2fOsG91u0kv_ECPd/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/95570795742?pwd=N21YWHJpUjZyS3Fzd0tkOG9hanpidz09Meeting ID: 955 7079 5742Passcode: 177658One tap mobile+12532158782,,95570795742# US (Tacoma)+13462487799,,95570795742# US (Houston)Dial by your location        +1 253 215 8782 US (Tacoma)        +1 346 248 7799 US (Houston)        +1 669 900 9128 US (San Jose)        +1 301 715 8592 US (Germantown)        +1 312 626 6799 US (Chicago)        +1 646 558 8656 US (New York)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 955 7079 5742Find your local number: https://linaro-org.zoom.us/u/abx3I7IoRq When: Every 4 weeks from 10am to 11am on Thursday Central Time - Chicago (changed) Where: https://linaro-org.zoom.us/j/95570795742?pwd=N21YWHJpUjZyS3Fzd0tkOG9hanpidz… Calendar: tf-m(a)lists.trustedfirmware.org Who: * Don Harbin - creator * tf-m(a)lists.trustedfirmware.org * anton.komlev(a)arm.com * abdelmalek.omar1(a)gmail.com * kevin.townsend(a)linaro.org * seth(a)nxmlabs.com Event details: https://calendar.google.com/calendar/event?action=VIEW&eid=djczYWZqa3ZmMW5n… Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this courtesy email at the account tf-m(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

4 years, 7 months

1
0
0 0

Issues with alignment and buffer locations

by Jamie Mccrae

Hi, There seems to be a large oversight in the TF-M codeline relating to buffer alignment and locations of buffers, in terms of buffer alignment, some ARM-based silicon has restrictions on buffer alignment, generally 4-byte boundaries, this means that if a non-4 byte boundary address, buffer or data size is provided, the operation cannot be completed. Another issue is that some ARM-based silicon has restrictions on where data can be located, e.g. in RAM only for writing and not from other address spaces. I am currently trying to get TF-M working on a Nordic nRF53-based designed and have encountered these issues many times, and can see no way to set an alignment, data size or address space limitation in the whole code line which I find to be quite displeasing given that both the silicon and software are ARM-based, I would expect the software you give for silicon based on your reference designs to actually work with it out of the box rather than need lots of work to have these limitations supported. On Nordic silicon, data can only be written and read from RAM e.g. you cannot write to flash from a flash offset, and writes must be 4-byte aligned and 4-byte sized (the QSPI functionality is being used here). So I am emailing here to ask: what is the suggestion for dealing with this? Why does the baseline project not (from what I can see) have any sort of support for this? Thanks, Jamie THIS MESSAGE, ANY ATTACHMENT(S), AND THE INFORMATION CONTAINED HEREIN MAY BE PROPRIETARY TO LAIRD CONNECTIVITY, INC. AND/OR ANOTHER PARTY, AND MAY FURTHER BE INTENDED TO BE KEPT CONFIDENTIAL. IF YOU ARE NOT THE INTENDED RECIPIENT, PLEASE DELETE THE EMAIL AND ANY ATTACHMENTS, AND IMMEDIATELY NOTIFY THE SENDER BY RETURN EMAIL. THIS MESSAGE AND ITS CONTENTS ARE THE PROPERTY OF LAIRD CONNECTIVITY, INC. AND MAY NOT BE REPRODUCED OR USED WITHOUT THE EXPRESS WRITTEN CONSENT OF LAIRD CONNECTIVITY, INC.

4 years, 7 months

1
1
0 0

Re: [TF-M] Technical Forum call - April 1 (not a joke :)

by Anton Komlev

Hi, the agenda for the forum tomorrow : 1. News and update by Anton Komlev 2. Open discussion on TF-M documentation structure by David Wang 3. Stateless handle and service in TF-M by Mingyang Sun 4. AOB Regards, Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Wang via TF-M Sent: Tuesday, March 30, 2021 3:20 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] Technical Forum call - April 1 (not a joke :) Hi Anton, If we still have slot, I'd like to share some thoughts and have a discussion for the TF-M documentation structure. It should be less than 20 mins. Thanks. Regards, David Wang From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Mingyang Sun via TF-M Sent: Monday, March 29, 2021 11:15 AM To: Anton Komlev <Anton.Komlev(a)arm.com<mailto:Anton.Komlev@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] Technical Forum call - April 1 (not a joke :) Hi Anton, I'd like give a short session on "stateless handle and service in TF-M", about 20min. Regards, Mingyang From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Anton Komlev via TF-M Sent: Friday, March 26, 2021 6:57 AM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] Technical Forum call - April 1 (not a joke :) Hi, The next Technical Forum is planned on Thursday, April 1 , 07:00-08:00 UTC (Asia time zone). Please mine the gap of the time change in Europe! Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

4 years, 7 months

1
0
0 0

TF-M v1.3.0 Release Candidate 3

by Anton Komlev

Hi, New TF-M Release Candidate 3 is tagged by TF-Mv1.3.0-RC3. Please update your repositories and report all issues you encountered. Best regards, Anton

4 years, 7 months

1
0
0 0

Announcement: New TF-M maintainers

by Anton Komlev

Hi Everyone, Let me announce the new maintainers of TF-M project: * Chris Brand aka UEWBot <chris.brand(a)cypress.com<mailto:chris.brand@cypress.com>> * Ken Liu aka KenLSoft <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>> * David Hu aka davidhuziji <David.Hu(a)arm.com<mailto:David.Hu@arm.com>> Previous maintainers convinced in your ability to push it forward thanks to your contribution and active involvement to the project development. At the same time, these maintainers are leaving the club: * Abhishek Pandit aka abhishek-pandit <abhishek.pandit(a)arm.com<mailto:abhishek.pandit@arm.com>> * Ashutosh Singh aka ashutoshksingh <ashutosh.singh(a)arm.com<mailto:ashutosh.singh@arm.com>> * Miklos Balint ara wmnt <miklos.balint(a)arm.com<mailto:miklos.balint@arm.com>> Huge thanks for your Blood, sweat and tears in bringing TF-M to the way it is now. Cheers, Anton

4 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M