Dear All,

I would like to merge the Secure Enclave topic at about middle of next week, feel free to give any feedback. https://review.trustedfirmware.org/q/topic:%22Secure+Enclave%22+(status:open...)

Best regards, Mark

From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Mark Horvath via TF-M Sent: 14 September 2020 21:00 To: 'tf-m@lists.trustedfirmware.org' tf-m@lists.trustedfirmware.org Subject: [TF-M] Secure Enclave solution in TF-M

Dear All,

Following the tech forum presentation (back in 6th August) I uploaded the draft design document for the Secure Enclave topic: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/5653

I also updated the first implementation of the proposed solution for the Musca-B1 board with minimal features, marked as WIP: https://review.trustedfirmware.org/q/topic:%22Secure+Enclave%22+(status:open...) Limitations, missing features, notes:

* No support for isolation level2 on SSE-200 * Protected Storage is an Application RoT partition, but PS also moved to Secure Enclave * Some regression tests running on secure side of SSE-200 fail as all messages are forwarded with the same client ID to Secure Enclave * All IPC message forwarding is a blocking call * Only one message is put into the mailbox at a time * Musca-B1 related documentation is not complete yet * Generated files are not committed, manifest parser should be run before build. * The BL0 component mentioned in the tech forum presentation is not uploaded, as it is based on the new cmake system, and not so interesting right now * Cmake changes are rudimentary, will be rebased to new cmake system.

Any feedback very welcomed!

Best regards, Márk Horváth Senior Software Engineer Mark.Horvath@arm.commailto:Mark.Horvath@arm.com Arm Hungary Kft., Corvin Offices II, Crystal Tower, Budapest, Futó u. 45. H-1082 Hungary www.arm.comhttp://www.arm.com/