Hi,
We will wait with these changes until some alignment work is finished for both MbedTLS tests and CI. This is needed to bump the v23.06_API1.5_ADAC_EAC psa-arch-tests release tag to a more recent one that supports the INITIAL_ATTESTATION_PROFILE_FORMAT option.
I’ll also rework the patches to change the default profile setting, but keep the outdated PSA_IOT_PROFILE_1. This approach will also give more time to react. The iat-verifier will also need to be updated, thank you for spotting it.
Regards, David Vincze
From: Bohdan.Hunko@infineon.com Bohdan.Hunko@infineon.com Date: Tuesday, 2025. February 25. at 16:56 To: David Vincze David.Vincze@arm.com, tf-m@lists.trustedfirmware.org tf-m@lists.trustedfirmware.org Subject: RE: Removing PSA_IOT_PROFILE_1 attestation token profile Hi,
Additionally it looks like profile definition string needs to be updated in token verifier – see https://git.trustedfirmware.org/plugins/gitiles/TF-M/tf-m-tools/+/refs/heads...
Regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
From: Bohdan.Hunko--- via TF-M tf-m@lists.trustedfirmware.org Sent: Monday, February 24, 2025 20:00 To: David.Vincze@arm.com; tf-m@lists.trustedfirmware.org Subject: [TF-M] Re: Removing PSA_IOT_PROFILE_1 attestation token profile
Caution: This e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet guidehttps://intranet-content.infineon.com/explore/aboutinfineon/rules/informationsecurity/ug/SocialEngineering/Pages/SocialEngineeringElements_en.aspx to help you identify Phishing email.
Hi,
Is there a patch to set INITIAL_ATTESTATION_PROFILE_FORMAT to correct value so that Attest Token format v2 will be used by psa arch tests?
Regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
From: David Vincze via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Friday, February 21, 2025 19:15 To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] Removing PSA_IOT_PROFILE_1 attestation token profile
Caution: This e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet guidehttps://intranet-content.infineon.com/explore/aboutinfineon/rules/informationsecurity/ug/SocialEngineering/Pages/SocialEngineeringElements_en.aspx to help you identify Phishing email.
Hi all,
We would like to remove PSA_IOT_PROFILE_1https://review.trustedfirmware.org/q/topic:%22remove-psa_iot_1%22 which is an early attestation token profile (used for the original implementation of the PSA Initial Attestation service) and has been superseded by profile PSA 2.0.0 (https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html#name...).
The above patches include:
* Change the default token profile configuration to: ATTEST_TOKEN_PROFILE_PSA_2_0_0, * Remove support for PSA_IOT_PROFILE_1.
Please let us know if you have any concerns, suggestions.
Best regards, David Vincze