Hi,

We will wait with these changes until some alignment work is finished for both MbedTLS tests and CI. This is needed to bump the

v23.06_API1.5_ADAC_EAC psa-arch-tests release tag to a more recent one that supports the INITIAL_ATTESTATION_PROFILE_FORMAT

option.

 

I’ll also rework the patches to change the default profile setting, but keep the outdated PSA_IOT_PROFILE_1. This approach will also

give more time to react. The iat-verifier will also need to be updated, thank you for spotting it.

 

Regards,
David Vincze

 

From: Bohdan.Hunko@infineon.com <Bohdan.Hunko@infineon.com>
Date: Tuesday, 2025. February 25. at 16:56
To: David Vincze <David.Vincze@arm.com>, tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>
Subject: RE: Removing PSA_IOT_PROFILE_1 attestation token profile

Hi,

 

Additionally it looks like profile definition string needs to be updated in token verifier – see https://git.trustedfirmware.org/plugins/gitiles/TF-M/tf-m-tools/+/refs/heads/main/iat-verifier/iatverifier/psa_2_0_0_token_claims.py#152

 

 

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com

 

 

From: Bohdan.Hunko--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Monday, February 24, 2025 20:00
To: David.Vincze@arm.com; tf-m@lists.trustedfirmware.org
Subject: [TF-M] Re: Removing PSA_IOT_PROFILE_1 attestation token profile

 

CautionThis e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet guide to help you identify Phishing email.

 

Hi,

 

Is there a patch to set INITIAL_ATTESTATION_PROFILE_FORMAT to correct value so that Attest Token format v2 will be used by psa arch tests?

 

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com

 

 

From: David Vincze via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Friday, February 21, 2025 19:15
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] Removing PSA_IOT_PROFILE_1 attestation token profile

 

CautionThis e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet guide to help you identify Phishing email.

 

Hi all,

 

We would like to remove PSA_IOT_PROFILE_1 which is an early attestation token profile (used for the original

implementation of the PSA Initial Attestation service) and has been superseded by profile PSA 2.0.0

(https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html#name-backwards-compatibility-con).

 

The above patches include:

  • Change the default token profile configuration to: ATTEST_TOKEN_PROFILE_PSA_2_0_0,
  • Remove support for PSA_IOT_PROFILE_1.

 

Please let us know if you have any concerns, suggestions.

Best regards,
David Vincze