Hi Antonio,
TF-M Crypto will align to newest release of Mbed Crypto when they will become available
Just FYI: The newest official release of Mbed Crypto is v1.1.0: https://github.com/ARMmbed/mbed-crypto/releases
Thanks, Andrej
-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Antonio De Angelis via TF-M Sent: Monday, May 27, 2019 6:22 PM To: tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: Re: [TF-M] Old Mbed-Crypto library?
Hi Andrej,
TF-M Crypto has moved to use the same API as the latest available *release* of Mbed Crypto which is Mbed Crypto 1.0.0 . Mbed Crypto is a reference implementation of the PSA Crypto API, which are under active development. TF-M Crypto will align to newest release of Mbed Crypto when they will become available; these new releases will incorporate the new features which are developed as part of the PSA Crypto API, and there will be cases where the new features will break legacy code (i.e. API changes).
Regarding the change that you mention, i.e. psa_key_slot_t vs psa_key_handle_t . The concept of psa_key_handle_t that TF-M Crypto is using now is indeed a newer (updated) concept introduced with later versions of the PSA Crypto API to replace the outdated concept of psa_key_slot_t. For example, if you look at the current latest development version of the PSA Crypto API, you will see that psa_key_handle_t is used to handle keys.
This is an example of a breaking change in the API that has been introduced by newer releases of the PSA Crypto API. You are right, this change will break regression / PSA API compliance tests, in fact as part of the latest set of patches you can see that the Regression tests are upgraded to use the new concept of psa_key_handle_t instead of psa_key_slot_t. From these updated tests, you can get an idea of how to use the psa_key_handle_t.
After this update, TF-M Crypto can't support the PSA API compliance tests (ACK) which were run previously (i.e. the ew_beta0 branch). The psa-arch-test team is in the process of providing an update on the master branch which will enable TF-M Crypto to run compliance tests from there. This should happen in the next couple of weeks.
Please let me know in case you need any more clarification.
Best regards, Antonio
________________________________ From: TF-M tf-m-bounces@lists.trustedfirmware.org on behalf of Andrej Butok via TF-M tf-m@lists.trustedfirmware.org Sent: 27 May 2019 12:52 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Old Mbed-Crypto library?
Hello,
tfm_build_instruction.rst tells to use mbed-Crypto instead of mbedTLS: git clone https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com... -b mbedcrypto-1.0https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FARMmbed%2Fmbed-crypto.git%2520-b%2520mbedcrypto-1.0&data=02%7C01%7Candrey.butok%40nxp.com%7C0c6450dbd9fc4071781f08d6e2bf6702%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C636945709033507118&sdata=3hUJIhagy6NI33a%2B8q9Oq%2BjdEEAaPcoF0oYaIpBRc2E%3D&reserved=0.0 But the issue is that it references to the obsolete (3 month old) Mbed-Crypto library. Also, it looks like this old MbedCrypto has downgraded TFM/PSA Crypto API (from key-slot to key-handle) => this is step back in PSA TFM API, which should break crypto regression and PSA tests. We do not want to downgrade our SDK MbedCrypto, better to freeze TFM.
Any plans to use the last Crypto Lib and to revert the PSA API degradation?
Thanks, Andrej Butok
-- TF-M mailing list TF-M@lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus...
Hi Andrej,
I will schedule the alignment on the next iteration available.
Thanks, Antonio
-----Original Message----- From: Andrej Butok andrey.butok@nxp.com Sent: 24 June 2019 09:17 To: Antonio De Angelis Antonio.DeAngelis@arm.com Cc: tf-m@lists.trustedfirmware.org Subject: RE: Old Mbed-Crypto library?
Hi Antonio,
TF-M Crypto will align to newest release of Mbed Crypto when they will become available
Just FYI: The newest official release of Mbed Crypto is v1.1.0: https://github.com/ARMmbed/mbed-crypto/releases
Thanks, Andrej
-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Antonio De Angelis via TF-M Sent: Monday, May 27, 2019 6:22 PM To: tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: Re: [TF-M] Old Mbed-Crypto library?
Hi Andrej,
TF-M Crypto has moved to use the same API as the latest available *release* of Mbed Crypto which is Mbed Crypto 1.0.0 . Mbed Crypto is a reference implementation of the PSA Crypto API, which are under active development. TF-M Crypto will align to newest release of Mbed Crypto when they will become available; these new releases will incorporate the new features which are developed as part of the PSA Crypto API, and there will be cases where the new features will break legacy code (i.e. API changes).
Regarding the change that you mention, i.e. psa_key_slot_t vs psa_key_handle_t . The concept of psa_key_handle_t that TF-M Crypto is using now is indeed a newer (updated) concept introduced with later versions of the PSA Crypto API to replace the outdated concept of psa_key_slot_t. For example, if you look at the current latest development version of the PSA Crypto API, you will see that psa_key_handle_t is used to handle keys.
This is an example of a breaking change in the API that has been introduced by newer releases of the PSA Crypto API. You are right, this change will break regression / PSA API compliance tests, in fact as part of the latest set of patches you can see that the Regression tests are upgraded to use the new concept of psa_key_handle_t instead of psa_key_slot_t. From these updated tests, you can get an idea of how to use the psa_key_handle_t.
After this update, TF-M Crypto can't support the PSA API compliance tests (ACK) which were run previously (i.e. the ew_beta0 branch). The psa-arch-test team is in the process of providing an update on the master branch which will enable TF-M Crypto to run compliance tests from there. This should happen in the next couple of weeks.
Please let me know in case you need any more clarification.
Best regards, Antonio
________________________________ From: TF-M tf-m-bounces@lists.trustedfirmware.org on behalf of Andrej Butok via TF-M tf-m@lists.trustedfirmware.org Sent: 27 May 2019 12:52 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Old Mbed-Crypto library?
Hello,
tfm_build_instruction.rst tells to use mbed-Crypto instead of mbedTLS: git clone https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com... -b mbedcrypto-1.0https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FARMmbed%2Fmbed-crypto.git%2520-b%2520mbedcrypto-1.0&data=02%7C01%7Candrey.butok%40nxp.com%7C0c6450dbd9fc4071781f08d6e2bf6702%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C636945709033507118&sdata=3hUJIhagy6NI33a%2B8q9Oq%2BjdEEAaPcoF0oYaIpBRc2E%3D&reserved=0.0 But the issue is that it references to the obsolete (3 month old) Mbed-Crypto library. Also, it looks like this old MbedCrypto has downgraded TFM/PSA Crypto API (from key-slot to key-handle) => this is step back in PSA TFM API, which should break crypto regression and PSA tests. We do not want to downgrade our SDK MbedCrypto, better to freeze TFM.
Any plans to use the last Crypto Lib and to revert the PSA API degradation?
Thanks, Andrej Butok
-- TF-M mailing list TF-M@lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus...
Ticket opened to align to the latest version of Mbed Crypto at the moment (1.1.0):
https://developer.trustedfirmware.org/T428
Associated patch:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/1562
Thanks, Antonio
-----Original Message----- From: Antonio De Angelis Sent: 24 June 2019 09:33 To: tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: RE: Old Mbed-Crypto library?
Hi Andrej,
I will schedule the alignment on the next iteration available.
Thanks, Antonio
-----Original Message----- From: Andrej Butok andrey.butok@nxp.com Sent: 24 June 2019 09:17 To: Antonio De Angelis Antonio.DeAngelis@arm.com Cc: tf-m@lists.trustedfirmware.org Subject: RE: Old Mbed-Crypto library?
Hi Antonio,
TF-M Crypto will align to newest release of Mbed Crypto when they will become available
Just FYI: The newest official release of Mbed Crypto is v1.1.0: https://github.com/ARMmbed/mbed-crypto/releases
Thanks, Andrej
-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Antonio De Angelis via TF-M Sent: Monday, May 27, 2019 6:22 PM To: tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: Re: [TF-M] Old Mbed-Crypto library?
Hi Andrej,
TF-M Crypto has moved to use the same API as the latest available *release* of Mbed Crypto which is Mbed Crypto 1.0.0 . Mbed Crypto is a reference implementation of the PSA Crypto API, which are under active development. TF-M Crypto will align to newest release of Mbed Crypto when they will become available; these new releases will incorporate the new features which are developed as part of the PSA Crypto API, and there will be cases where the new features will break legacy code (i.e. API changes).
Regarding the change that you mention, i.e. psa_key_slot_t vs psa_key_handle_t . The concept of psa_key_handle_t that TF-M Crypto is using now is indeed a newer (updated) concept introduced with later versions of the PSA Crypto API to replace the outdated concept of psa_key_slot_t. For example, if you look at the current latest development version of the PSA Crypto API, you will see that psa_key_handle_t is used to handle keys.
This is an example of a breaking change in the API that has been introduced by newer releases of the PSA Crypto API. You are right, this change will break regression / PSA API compliance tests, in fact as part of the latest set of patches you can see that the Regression tests are upgraded to use the new concept of psa_key_handle_t instead of psa_key_slot_t. From these updated tests, you can get an idea of how to use the psa_key_handle_t.
After this update, TF-M Crypto can't support the PSA API compliance tests (ACK) which were run previously (i.e. the ew_beta0 branch). The psa-arch-test team is in the process of providing an update on the master branch which will enable TF-M Crypto to run compliance tests from there. This should happen in the next couple of weeks.
Please let me know in case you need any more clarification.
Best regards, Antonio
________________________________ From: TF-M tf-m-bounces@lists.trustedfirmware.org on behalf of Andrej Butok via TF-M tf-m@lists.trustedfirmware.org Sent: 27 May 2019 12:52 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Old Mbed-Crypto library?
Hello,
tfm_build_instruction.rst tells to use mbed-Crypto instead of mbedTLS: git clone https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com... -b mbedcrypto-1.0https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FARMmbed%2Fmbed-crypto.git%2520-b%2520mbedcrypto-1.0&data=02%7C01%7Candrey.butok%40nxp.com%7C0c6450dbd9fc4071781f08d6e2bf6702%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C636945709033507118&sdata=3hUJIhagy6NI33a%2B8q9Oq%2BjdEEAaPcoF0oYaIpBRc2E%3D&reserved=0.0 But the issue is that it references to the obsolete (3 month old) Mbed-Crypto library. Also, it looks like this old MbedCrypto has downgraded TFM/PSA Crypto API (from key-slot to key-handle) => this is step back in PSA TFM API, which should break crypto regression and PSA tests. We do not want to downgrade our SDK MbedCrypto, better to freeze TFM.
Any plans to use the last Crypto Lib and to revert the PSA API degradation?
Thanks, Andrej Butok
-- TF-M mailing list TF-M@lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus...
tf-m@lists.trustedfirmware.org