Hi,

thank you for the reply.

I don't have a user scenario, I just need it for certification.

I saw that the audit log requirement was only optional for "resource-constrained" devices.

I thought that 1MB of flash would disqualify the nRF chips from opting out of this requirement,
but if someone on the mailing list knows otherwise I would appreciate it.

In any case, it is clear that certifying to level 2 is not an option with library mode, thank you.
From: David Hu <David.Hu@arm.com>
Sent: Thursday, December 2, 2021 7:48 AM
To: Bøe, Sebastian <Sebastian.Boe@nordicsemi.no>; tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>
Cc: nd <nd@arm.com>
Subject: RE: IPC mode support for Audit log service
 

Hi Sebastian,

 

F.Audit Security function requiring security events to be logged is optional as noted in the PSA L2 PP [1].

As it is optional and there isn’t PSA Functional APIs defined for Audit logging, the service hasn’t been updated with IPC model or crypto binding etc.

The secure logging service supported in Library model may not satisfy requirements of audit logging.

 

Considering PSA L2 PP requires isolation level2 (F.Software_Isolation) and isolation level2 is supported only in IPC model, TF-M is expected to be built in IPC model for PSA L2 cert.

 

May I know if you ask about Audit logging for PSA Certified, or for an actual use scenario?

 

[1] https://www.psacertified.org/app/uploads/2019/02/JSADEN002-PSA_Certified_Level_2_PP-1.1.pdf

 

Best regards,

Hu Ziji

   

 

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Bøe, Sebastian via TF-M
Sent: Wednesday, December 1, 2021 9:59 PM
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] IPC mode support for Audit log service

 

Hi,

 

for PSA Certification level 2 a log of significant security events is required. Which I assume

should be done with the Audit log service.

 

But the Audit log service does not support IPC mode.

 

Should PSA Certification level 2 be done with IPC mode or with library mode?