Hi all,
We would like to remove PSA_IOT_PROFILE_1https://review.trustedfirmware.org/q/topic:%22remove-psa_iot_1%22 which is an early attestation token profile (used for the original implementation of the PSA Initial Attestation service) and has been superseded by profile PSA 2.0.0 (https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html#name...).
The above patches include:
* Change the default token profile configuration to: ATTEST_TOKEN_PROFILE_PSA_2_0_0, * Remove support for PSA_IOT_PROFILE_1.
Please let us know if you have any concerns, suggestions.
Best regards, David Vincze
Hi,
Is there a patch to set INITIAL_ATTESTATION_PROFILE_FORMAT to correct value so that Attest Token format v2 will be used by psa arch tests?
Regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
From: David Vincze via TF-M tf-m@lists.trustedfirmware.org Sent: Friday, February 21, 2025 19:15 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Removing PSA_IOT_PROFILE_1 attestation token profile
Caution: This e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet guidehttps://intranet-content.infineon.com/explore/aboutinfineon/rules/informationsecurity/ug/SocialEngineering/Pages/SocialEngineeringElements_en.aspx to help you identify Phishing email.
Hi all,
We would like to remove PSA_IOT_PROFILE_1https://review.trustedfirmware.org/q/topic:%22remove-psa_iot_1%22 which is an early attestation token profile (used for the original implementation of the PSA Initial Attestation service) and has been superseded by profile PSA 2.0.0 (https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html#name...).
The above patches include:
* Change the default token profile configuration to: ATTEST_TOKEN_PROFILE_PSA_2_0_0, * Remove support for PSA_IOT_PROFILE_1.
Please let us know if you have any concerns, suggestions.
Best regards, David Vincze
Hi,
Additionally it looks like profile definition string needs to be updated in token verifier - see https://git.trustedfirmware.org/plugins/gitiles/TF-M/tf-m-tools/+/refs/heads...
Regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
From: Bohdan.Hunko--- via TF-M tf-m@lists.trustedfirmware.org Sent: Monday, February 24, 2025 20:00 To: David.Vincze@arm.com; tf-m@lists.trustedfirmware.org Subject: [TF-M] Re: Removing PSA_IOT_PROFILE_1 attestation token profile
Caution: This e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet guidehttps://intranet-content.infineon.com/explore/aboutinfineon/rules/informationsecurity/ug/SocialEngineering/Pages/SocialEngineeringElements_en.aspx to help you identify Phishing email.
Hi,
Is there a patch to set INITIAL_ATTESTATION_PROFILE_FORMAT to correct value so that Attest Token format v2 will be used by psa arch tests?
Regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
From: David Vincze via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Friday, February 21, 2025 19:15 To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] Removing PSA_IOT_PROFILE_1 attestation token profile
Caution: This e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet guidehttps://intranet-content.infineon.com/explore/aboutinfineon/rules/informationsecurity/ug/SocialEngineering/Pages/SocialEngineeringElements_en.aspx to help you identify Phishing email.
Hi all,
We would like to remove PSA_IOT_PROFILE_1https://review.trustedfirmware.org/q/topic:%22remove-psa_iot_1%22 which is an early attestation token profile (used for the original implementation of the PSA Initial Attestation service) and has been superseded by profile PSA 2.0.0 (https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html#name...).
The above patches include:
* Change the default token profile configuration to: ATTEST_TOKEN_PROFILE_PSA_2_0_0, * Remove support for PSA_IOT_PROFILE_1.
Please let us know if you have any concerns, suggestions.
Best regards, David Vincze
Hi,
We will wait with these changes until some alignment work is finished for both MbedTLS tests and CI. This is needed to bump the v23.06_API1.5_ADAC_EAC psa-arch-tests release tag to a more recent one that supports the INITIAL_ATTESTATION_PROFILE_FORMAT option.
I’ll also rework the patches to change the default profile setting, but keep the outdated PSA_IOT_PROFILE_1. This approach will also give more time to react. The iat-verifier will also need to be updated, thank you for spotting it.
Regards, David Vincze
From: Bohdan.Hunko@infineon.com Bohdan.Hunko@infineon.com Date: Tuesday, 2025. February 25. at 16:56 To: David Vincze David.Vincze@arm.com, tf-m@lists.trustedfirmware.org tf-m@lists.trustedfirmware.org Subject: RE: Removing PSA_IOT_PROFILE_1 attestation token profile Hi,
Additionally it looks like profile definition string needs to be updated in token verifier – see https://git.trustedfirmware.org/plugins/gitiles/TF-M/tf-m-tools/+/refs/heads...
Regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
From: Bohdan.Hunko--- via TF-M tf-m@lists.trustedfirmware.org Sent: Monday, February 24, 2025 20:00 To: David.Vincze@arm.com; tf-m@lists.trustedfirmware.org Subject: [TF-M] Re: Removing PSA_IOT_PROFILE_1 attestation token profile
Caution: This e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet guidehttps://intranet-content.infineon.com/explore/aboutinfineon/rules/informationsecurity/ug/SocialEngineering/Pages/SocialEngineeringElements_en.aspx to help you identify Phishing email.
Hi,
Is there a patch to set INITIAL_ATTESTATION_PROFILE_FORMAT to correct value so that Attest Token format v2 will be used by psa arch tests?
Regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
From: David Vincze via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Friday, February 21, 2025 19:15 To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] Removing PSA_IOT_PROFILE_1 attestation token profile
Caution: This e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet guidehttps://intranet-content.infineon.com/explore/aboutinfineon/rules/informationsecurity/ug/SocialEngineering/Pages/SocialEngineeringElements_en.aspx to help you identify Phishing email.
Hi all,
We would like to remove PSA_IOT_PROFILE_1https://review.trustedfirmware.org/q/topic:%22remove-psa_iot_1%22 which is an early attestation token profile (used for the original implementation of the PSA Initial Attestation service) and has been superseded by profile PSA 2.0.0 (https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html#name...).
The above patches include:
* Change the default token profile configuration to: ATTEST_TOKEN_PROFILE_PSA_2_0_0, * Remove support for PSA_IOT_PROFILE_1.
Please let us know if you have any concerns, suggestions.
Best regards, David Vincze
tf-m@lists.trustedfirmware.org
-
Bohdan.Hunko@infineon.com -
David Vincze