Hi,
We are refining the IRQ logic, and every time the new update pushed it needs to make the IRQ enabled test pass - as library model IRQ code is there, it needs efforts to create workarounds ensure the test pass every time.
Check if someone is using the library mode IRQ handling (Check if you need the library model 'tfm_secure_irq_handlers.inc' or 'TFM_SVC_DEPRIV_REQ' is a quick path). If there are no users are using this logic we would disable this feature for a while till the IRQ logic get updated, this would save us much effort to maintain the legacy logic. This means if someone set 'TFM_IRQ_TEST' as ON the build system still ignore it.
This action would happen after 1.3.0, we mention it now to give enough preparation for this. I would send another follow-up mail for chasing after the release.
Please help to provide your feedback, thank you very much!
/Ken
Hi,
The static check now enabled on openCI per the TF-M open tech forum discussion on 4th February 2021. The slides and video can be found from here<https://www.trustedfirmware.org/meetings/tf-m-technical-forum/>.
Please let us know if you have any further concerns about the checks after enabled.
A minor change to the slides is the cppcheck version has updated from 1.81 to 2.3.
Thanks
Karl
Hi,
TF-Mv1.3.0 release is approaching, planned for the end of March. TF-M code repository is to be freeze on March 18th, and tagged by TF-Mv1.3.0-RC1.
Please plan you work accordingly and push your changes before the date.
Thanks,
Anton
Hello,
The next Technical Forum is planned on Thursday, March 18 at 15:00-16:00 UTC (US time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hi all,
I'd like to merge Profile Large design this Thursday if no further comment.
Since there are other TF-M major features under development in parallel, Profile Large design will be updated later when other major features are available.
Best regards,
Hu Ziji
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M
Sent: Monday, March 1, 2021 10:30 AM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] Profile Large design document for review
Hi all,
Can I ask for your comments on the TF-M Profile Large design document?
TF-M Profile Large is one of TF-M Profiles. Profile Medium and Profile Small have been supported in TF-M.
The document can be reviewed via https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8546/1/docs/….
Any comment is welcome!
Best regards,
Hu Ziji
Agreed, I think it's a great thing for the SC to take up and make a policy on.
Will add 2 cents:
* Being a security focused project, I think its import that at least there is a patch release for the most recent officially released version, regardless of when the next release of TFM might be released.
* Maybe looking at what policy a project like mbedtls has as a starting point.
- k
> On Mar 5, 2021, at 12:34 PM, Anton Komlev via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> Hi Kumar, All,
>
> Thanks for bringing this topic up.
> At the moment there is no plan for issuing the release v1.2.1 because of lack of policy for such hot fix releases. The release policy upgrade proposal shall be reviewed and agreed in the Steering Committee with the main questions:
> 1. What is the hot fix baseline?
> 2. What is the testing scope of the fix?
> 3. On which platform(s) the fix shall be tested?
>
> The policy is under discussion and the community input is welcome. Please share your thoughts on the topic.
>
> The release v1.3.0 is expected by end of March-beginning of April, which will include the fix.
>
> Thanks,
> Anton
>
>
> -----Original Message-----
> From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kumar Gala via TF-M
> Sent: Friday, March 5, 2021 5:36 PM
> To: Ken Liu <Ken.Liu(a)arm.com>
> Cc: nd <nd(a)arm.com>; tf-m(a)lists.trustedfirmware.org
> Subject: Re: [TF-M] Security vulnerability notice - SVC handler fetches incorrect caller stack pointer under specific cases.
>
>
>
>> On Mar 5, 2021, at 9:28 AM, Ken Liu via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>>
>> Hi Everyone,
>>
>> There is a new security vulnerability reported about the SVC handler fetches a wrong caller stack pointer under specific cases, which impacts the subsequent execution.
>>
>> Please find the security advisory specific to TF-M and patches that have been developed as per the TrustedFirmware.org security process[1] below :
>>
>> 1. TF-M Security advisory: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9005
>> 2. Fix based on the latest master has been merged into TF-M repo. The patch also can be found in Gerrit:https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8575 and https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8576.
>>
>> Please let us know if you have any comments.
>>
>> BR
>>
>> /Ken Liu
>>
>> [1] https://developer.trustedfirmware.org/w/collaboration/security_center/repor…
>> --
>> TF-M mailing list
>> TF-M(a)lists.trustedfirmware.org
>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
>
> Is there plans for a security release of TFM v1.2 with this fix?
>
> - k
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Hi Kumar, All,
Thanks for bringing this topic up.
At the moment there is no plan for issuing the release v1.2.1 because of lack of policy for such hot fix releases. The release policy upgrade proposal shall be reviewed and agreed in the Steering Committee with the main questions:
1. What is the hot fix baseline?
2. What is the testing scope of the fix?
3. On which platform(s) the fix shall be tested?
The policy is under discussion and the community input is welcome. Please share your thoughts on the topic.
The release v1.3.0 is expected by end of March-beginning of April, which will include the fix.
Thanks,
Anton
-----Original Message-----
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kumar Gala via TF-M
Sent: Friday, March 5, 2021 5:36 PM
To: Ken Liu <Ken.Liu(a)arm.com>
Cc: nd <nd(a)arm.com>; tf-m(a)lists.trustedfirmware.org
Subject: Re: [TF-M] Security vulnerability notice - SVC handler fetches incorrect caller stack pointer under specific cases.
> On Mar 5, 2021, at 9:28 AM, Ken Liu via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> Hi Everyone,
>
> There is a new security vulnerability reported about the SVC handler fetches a wrong caller stack pointer under specific cases, which impacts the subsequent execution.
>
> Please find the security advisory specific to TF-M and patches that have been developed as per the TrustedFirmware.org security process[1] below :
>
> 1. TF-M Security advisory: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/9005
> 2. Fix based on the latest master has been merged into TF-M repo. The patch also can be found in Gerrit:https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8575 and https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8576.
>
> Please let us know if you have any comments.
>
> BR
>
> /Ken Liu
>
> [1] https://developer.trustedfirmware.org/w/collaboration/security_center/repor…
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Is there plans for a security release of TFM v1.2 with this fix?
- k
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
The agenda for the forum tomorrow:
1. CMSIS Pack for TF-M v1.2 presentation
2. AOB
Thanks,
Anton
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M
Sent: Monday, March 1, 2021 11:58 AM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] Technical Forum call - March 4
Hi,
The next Technical Forum is planned on Thursday, March 4, 07:00-08:00 UTC (Asia time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
