Hi Andrej/Kevin,
Pasting the ;Secure Storage' Security Function Requirement below from the PSA Certified Level2 Protection Profile* It doesn’t specifically mention Protected Storage and Internal Trusted Storage Service as a requirement. As long as the Target of Evaluation can prove that the confidentiality and integrity of assets in Secure Storage can be maintained, the requirement can be met.
PSA defines Protected Storage (PS)** and Internal Trusted Storage (ITS)**. PS is meant to store larger data sets stored on external flash and ITS for device intimate data stored on chip flash storage. If the device doesn’t have an on chip flash storage, maybe it is still possible to just use PS implementation using external flash to ensure confidentiality and integrity of the secret assets on the platform.
@Marcus Streetsmailto:Marcus.Streets@arm.com – Could you please share your thought on this
5.3 F.SECURE_STORAGE The TOE protects the confidentiality and integrity of assets in a secure storage. The secure storage is bound to the platform. Only the TOE can retrieve and modify assets from this secure storage. This security function mitigates T.STORAGE by preventing direct and unprotected access to assets.
Regards, Shebu
* https://www.psacertified.org/app/uploads/2019/02/JSADEN002-PSA_Certified_Lev... ** https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Imp...
-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Andrej Butok via TF-M Sent: Thursday, November 28, 2019 7:50 AM To: Kevin Peng (Arm Technology China) Kevin.Peng@arm.com Cc: tf-m@lists.trustedfirmware.org Subject: Re: [TF-M] PSA Certification without PS?
Hi Kevin,
So, platforms without internal flash memory, required by Internal Trusted Storage, may apply only for PSA L1. Right?
Thank you for your clarification, Andrej Butok
-----Original Message----- From: Kevin Peng (Arm Technology China) <Kevin.Peng@arm.commailto:Kevin.Peng@arm.com> Sent: Thursday, November 28, 2019 5:14 AM To: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com>; tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Cc: nd <nd@arm.commailto:nd@arm.com> Subject: RE: [TF-M] PSA Certification without PS?
A quick information: Internal Trusted Storage is mandatory by PSA for isolation level 2 and 3.
Best Regards, Kevin
-----Original Message----- From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: Wednesday, November 27, 2019 7:32 PM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] PSA Certification without PS?
Hello,
Most probably, we will port TFM to a platform with TZ and external flash, BUT without internal flash. Is it possible to certify it for PSA L1 & L2 & Dev API, without Internal Trusted Storage service and its API? Do you see any issue?
Thanks Andrej Butok
-- TF-M mailing list TF-M@lists.trustedfirmware.orgmailto:TF-M@lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus... -- TF-M mailing list TF-M@lists.trustedfirmware.orgmailto:TF-M@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Thanks Shebu for the clarification. Looks like I misunderstood. Really sorry for misleading.
Best Regards, Kevin
_____________________________________________ From: Shebu Varghese Kuriakose Shebu.VargheseKuriakose@arm.com Sent: Thursday, November 28, 2019 4:39 PM To: Andrej Butok andrey.butok@nxp.com; Kevin Peng (Arm Technology China) Kevin.Peng@arm.com; tf-m@lists.trustedfirmware.org; Marcus Streets Marcus.Streets@arm.com; Rob Coombs Rob.Coombs@arm.com Subject: RE: [TF-M] PSA Certification without PS?
Hi Andrej/Kevin,
Pasting the ;Secure Storage' Security Function Requirement below from the PSA Certified Level2 Protection Profile* It doesn’t specifically mention Protected Storage and Internal Trusted Storage Service as a requirement. As long as the Target of Evaluation can prove that the confidentiality and integrity of assets in Secure Storage can be maintained, the requirement can be met.
PSA defines Protected Storage (PS)** and Internal Trusted Storage (ITS)**. PS is meant to store larger data sets stored on external flash and ITS for device intimate data stored on chip flash storage. If the device doesn’t have an on chip flash storage, maybe it is still possible to just use PS implementation using external flash to ensure confidentiality and integrity of the secret assets on the platform.
@Marcus Streetsmailto:Marcus.Streets@arm.com – Could you please share your thought on this
5.3 F.SECURE_STORAGE The TOE protects the confidentiality and integrity of assets in a secure storage. The secure storage is bound to the platform. Only the TOE can retrieve and modify assets from this secure storage. This security function mitigates T.STORAGE by preventing direct and unprotected access to assets.
Regards, Shebu
* https://www.psacertified.org/app/uploads/2019/02/JSADEN002-PSA_Certified_Lev... ** https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Imp...
-----Original Message----- From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: Thursday, November 28, 2019 7:50 AM To: Kevin Peng (Arm Technology China) <Kevin.Peng@arm.commailto:Kevin.Peng@arm.com> Cc: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: Re: [TF-M] PSA Certification without PS?
Hi Kevin,
So, platforms without internal flash memory, required by Internal Trusted Storage, may apply only for PSA L1. Right?
Thank you for your clarification, Andrej Butok
-----Original Message----- From: Kevin Peng (Arm Technology China) <Kevin.Peng@arm.commailto:Kevin.Peng@arm.com> Sent: Thursday, November 28, 2019 5:14 AM To: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com>; tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Cc: nd <nd@arm.commailto:nd@arm.com> Subject: RE: [TF-M] PSA Certification without PS?
A quick information: Internal Trusted Storage is mandatory by PSA for isolation level 2 and 3.
Best Regards, Kevin
-----Original Message----- From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: Wednesday, November 27, 2019 7:32 PM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] PSA Certification without PS?
Hello,
Most probably, we will port TFM to a platform with TZ and external flash, BUT without internal flash. Is it possible to certify it for PSA L1 & L2 & Dev API, without Internal Trusted Storage service and its API? Do you see any issue?
Thanks Andrej Butok
-- TF-M mailing list TF-M@lists.trustedfirmware.orgmailto:TF-M@lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus... -- TF-M mailing list TF-M@lists.trustedfirmware.orgmailto:TF-M@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Hi,
So, we need your final conclusion if TFM (as it is now) may be certified for L2 without ITS Service API and other TFM features which require an on-chip Flash. If not, it may create a conflict for your future plan to extend PSA to MPUs.
Thank you, Andrej Butok
From: Kevin Peng (Arm Technology China) Kevin.Peng@arm.com Sent: Thursday, November 28, 2019 9:58 AM To: Shebu Varghese Kuriakose Shebu.VargheseKuriakose@arm.com; Andrej Butok andrey.butok@nxp.com; tf-m@lists.trustedfirmware.org; Marcus Streets Marcus.Streets@arm.com; Rob Coombs Rob.Coombs@arm.com Cc: nd nd@arm.com Subject: RE: [TF-M] PSA Certification without PS?
Thanks Shebu for the clarification. Looks like I misunderstood. Really sorry for misleading.
Best Regards, Kevin
_____________________________________________ From: Shebu Varghese Kuriakose <Shebu.VargheseKuriakose@arm.commailto:Shebu.VargheseKuriakose@arm.com> Sent: Thursday, November 28, 2019 4:39 PM To: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com>; Kevin Peng (Arm Technology China) <Kevin.Peng@arm.commailto:Kevin.Peng@arm.com>; tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Marcus Streets <Marcus.Streets@arm.commailto:Marcus.Streets@arm.com>; Rob Coombs <Rob.Coombs@arm.commailto:Rob.Coombs@arm.com> Subject: RE: [TF-M] PSA Certification without PS?
Hi Andrej/Kevin,
Pasting the ;Secure Storage' Security Function Requirement below from the PSA Certified Level2 Protection Profile* It doesn’t specifically mention Protected Storage and Internal Trusted Storage Service as a requirement. As long as the Target of Evaluation can prove that the confidentiality and integrity of assets in Secure Storage can be maintained, the requirement can be met.
PSA defines Protected Storage (PS)** and Internal Trusted Storage (ITS)**. PS is meant to store larger data sets stored on external flash and ITS for device intimate data stored on chip flash storage. If the device doesn’t have an on chip flash storage, maybe it is still possible to just use PS implementation using external flash to ensure confidentiality and integrity of the secret assets on the platform.
@Marcus Streets – Could you please share your thought on this
5.3 F.SECURE_STORAGE The TOE protects the confidentiality and integrity of assets in a secure storage. The secure storage is bound to the platform. Only the TOE can retrieve and modify assets from this secure storage. This security function mitigates T.STORAGE by preventing direct and unprotected access to assets.
Regards, Shebu
* https://www.psacertified.org/app/uploads/2019/02/JSADEN002-PSA_Certified_Lev...https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.psacertified.org%2Fapp%2Fuploads%2F2019%2F02%2FJSADEN002-PSA_Certified_Level_2_PP-BET02Web.pdf&data=02%7C01%7Candrey.butok%40nxp.com%7C13da9b89c9fa434f341908d773e11baa%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C1%7C637105283050217306&sdata=CsT5kGQbytDapeBUECW1jOStfvLpaNMN4S9wLjBIOXo%3D&reserved=0 ** https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Imp...https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.arm.com%2F-%2Fmedia%2FFiles%2Fpdf%2FPlatformSecurityArchitecture%2FImplement%2FIHI0087-PSA_Storage_API-1.0.0.pdf%3Frevision%3D810a2412-bca0-46e1-a801-f48729a32e47%26la%3Den%26hash%3D6C88BDF8C74ACBAD0AED52CB4A6F6CF4117F3957&data=02%7C01%7Candrey.butok%40nxp.com%7C13da9b89c9fa434f341908d773e11baa%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C1%7C637105283050217306&sdata=IK%2FkIpz5FYBkQdJabM4ru98rkyLyPGYTAv3Xioz1Bb4%3D&reserved=0
-----Original Message----- From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: Thursday, November 28, 2019 7:50 AM To: Kevin Peng (Arm Technology China) <Kevin.Peng@arm.commailto:Kevin.Peng@arm.com> Cc: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: Re: [TF-M] PSA Certification without PS?
Hi Kevin,
So, platforms without internal flash memory, required by Internal Trusted Storage, may apply only for PSA L1. Right?
Thank you for your clarification, Andrej Butok
-----Original Message----- From: Kevin Peng (Arm Technology China) <Kevin.Peng@arm.commailto:Kevin.Peng@arm.com> Sent: Thursday, November 28, 2019 5:14 AM To: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com>; tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Cc: nd <nd@arm.commailto:nd@arm.com> Subject: RE: [TF-M] PSA Certification without PS?
A quick information: Internal Trusted Storage is mandatory by PSA for isolation level 2 and 3.
Best Regards, Kevin
-----Original Message----- From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: Wednesday, November 27, 2019 7:32 PM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] PSA Certification without PS?
Hello,
Most probably, we will port TFM to a platform with TZ and external flash, BUT without internal flash. Is it possible to certify it for PSA L1 & L2 & Dev API, without Internal Trusted Storage service and its API? Do you see any issue?
Thanks Andrej Butok
-- TF-M mailing list TF-M@lists.trustedfirmware.orgmailto:TF-M@lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus...https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trustedfirmware.org%2Fmailman%2Flistinfo%2Ftf-m&data=02%7C01%7Candrey.butok%40nxp.com%7C13da9b89c9fa434f341908d773e11baa%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C1%7C637105283050227306&sdata=JE%2BqR6AFIvvA5XN1vhY0soPFWv0GTpk%2FSy7YcxrTXYs%3D&reserved=0 -- TF-M mailing list TF-M@lists.trustedfirmware.orgmailto:TF-M@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-mhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trustedfirmware.org%2Fmailman%2Flistinfo%2Ftf-m&data=02%7C01%7Candrey.butok%40nxp.com%7C13da9b89c9fa434f341908d773e11baa%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C1%7C637105283050237302&sdata=JGg2%2FlYtx9yff2KEqgh2gPdrAMcSaqcZelOwsrj%2BiDg%3D&reserved=0
Hi Kevin, No problem at all. PSA Level2 certification is a relatively new scheme and TF-M/platforms are in the process of getting PSA Level2 certification for the first time. So such questions and clarifications are bound to happen.
Hi Andrej, I would probably wait for Marcus who has been involved in the PSA L2 cert. profile to comment and take the discussion from there.
Regards, Shebu
From: Andrej Butok andrey.butok@nxp.com Sent: Thursday, November 28, 2019 9:26 AM To: Kevin Peng (Arm Technology China) Kevin.Peng@arm.com; Shebu Varghese Kuriakose Shebu.VargheseKuriakose@arm.com; tf-m@lists.trustedfirmware.org; Marcus Streets Marcus.Streets@arm.com; Rob Coombs Rob.Coombs@arm.com Subject: RE: [TF-M] PSA Certification without PS?
Hi,
So, we need your final conclusion if TFM (as it is now) may be certified for L2 without ITS Service API and other TFM features which require an on-chip Flash. If not, it may create a conflict for your future plan to extend PSA to MPUs.
Thank you, Andrej Butok
From: Kevin Peng (Arm Technology China) <Kevin.Peng@arm.commailto:Kevin.Peng@arm.com> Sent: Thursday, November 28, 2019 9:58 AM To: Shebu Varghese Kuriakose <Shebu.VargheseKuriakose@arm.commailto:Shebu.VargheseKuriakose@arm.com>; Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com>; tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Marcus Streets <Marcus.Streets@arm.commailto:Marcus.Streets@arm.com>; Rob Coombs <Rob.Coombs@arm.commailto:Rob.Coombs@arm.com> Cc: nd <nd@arm.commailto:nd@arm.com> Subject: RE: [TF-M] PSA Certification without PS?
Thanks Shebu for the clarification. Looks like I misunderstood. Really sorry for misleading.
Best Regards, Kevin
_____________________________________________ From: Shebu Varghese Kuriakose <Shebu.VargheseKuriakose@arm.commailto:Shebu.VargheseKuriakose@arm.com> Sent: Thursday, November 28, 2019 4:39 PM To: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com>; Kevin Peng (Arm Technology China) <Kevin.Peng@arm.commailto:Kevin.Peng@arm.com>; tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Marcus Streets <Marcus.Streets@arm.commailto:Marcus.Streets@arm.com>; Rob Coombs <Rob.Coombs@arm.commailto:Rob.Coombs@arm.com> Subject: RE: [TF-M] PSA Certification without PS?
Hi Andrej/Kevin,
Pasting the ;Secure Storage' Security Function Requirement below from the PSA Certified Level2 Protection Profile* It doesn’t specifically mention Protected Storage and Internal Trusted Storage Service as a requirement. As long as the Target of Evaluation can prove that the confidentiality and integrity of assets in Secure Storage can be maintained, the requirement can be met.
PSA defines Protected Storage (PS)** and Internal Trusted Storage (ITS)**. PS is meant to store larger data sets stored on external flash and ITS for device intimate data stored on chip flash storage. If the device doesn’t have an on chip flash storage, maybe it is still possible to just use PS implementation using external flash to ensure confidentiality and integrity of the secret assets on the platform.
@Marcus Streets – Could you please share your thought on this
5.3 F.SECURE_STORAGE The TOE protects the confidentiality and integrity of assets in a secure storage. The secure storage is bound to the platform. Only the TOE can retrieve and modify assets from this secure storage. This security function mitigates T.STORAGE by preventing direct and unprotected access to assets.
Regards, Shebu
* https://www.psacertified.org/app/uploads/2019/02/JSADEN002-PSA_Certified_Lev...https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.psacertified.org%2Fapp%2Fuploads%2F2019%2F02%2FJSADEN002-PSA_Certified_Level_2_PP-BET02Web.pdf&data=02%7C01%7Candrey.butok%40nxp.com%7C13da9b89c9fa434f341908d773e11baa%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C1%7C637105283050217306&sdata=CsT5kGQbytDapeBUECW1jOStfvLpaNMN4S9wLjBIOXo%3D&reserved=0 ** https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Imp...https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.arm.com%2F-%2Fmedia%2FFiles%2Fpdf%2FPlatformSecurityArchitecture%2FImplement%2FIHI0087-PSA_Storage_API-1.0.0.pdf%3Frevision%3D810a2412-bca0-46e1-a801-f48729a32e47%26la%3Den%26hash%3D6C88BDF8C74ACBAD0AED52CB4A6F6CF4117F3957&data=02%7C01%7Candrey.butok%40nxp.com%7C13da9b89c9fa434f341908d773e11baa%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C1%7C637105283050217306&sdata=IK%2FkIpz5FYBkQdJabM4ru98rkyLyPGYTAv3Xioz1Bb4%3D&reserved=0
-----Original Message----- From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: Thursday, November 28, 2019 7:50 AM To: Kevin Peng (Arm Technology China) <Kevin.Peng@arm.commailto:Kevin.Peng@arm.com> Cc: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: Re: [TF-M] PSA Certification without PS?
Hi Kevin,
So, platforms without internal flash memory, required by Internal Trusted Storage, may apply only for PSA L1. Right?
Thank you for your clarification, Andrej Butok
-----Original Message----- From: Kevin Peng (Arm Technology China) <Kevin.Peng@arm.commailto:Kevin.Peng@arm.com> Sent: Thursday, November 28, 2019 5:14 AM To: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com>; tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Cc: nd <nd@arm.commailto:nd@arm.com> Subject: RE: [TF-M] PSA Certification without PS?
A quick information: Internal Trusted Storage is mandatory by PSA for isolation level 2 and 3.
Best Regards, Kevin
-----Original Message----- From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: Wednesday, November 27, 2019 7:32 PM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] PSA Certification without PS?
Hello,
Most probably, we will port TFM to a platform with TZ and external flash, BUT without internal flash. Is it possible to certify it for PSA L1 & L2 & Dev API, without Internal Trusted Storage service and its API? Do you see any issue?
Thanks Andrej Butok
-- TF-M mailing list TF-M@lists.trustedfirmware.orgmailto:TF-M@lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus...https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trustedfirmware.org%2Fmailman%2Flistinfo%2Ftf-m&data=02%7C01%7Candrey.butok%40nxp.com%7C13da9b89c9fa434f341908d773e11baa%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C1%7C637105283050227306&sdata=JE%2BqR6AFIvvA5XN1vhY0soPFWv0GTpk%2FSy7YcxrTXYs%3D&reserved=0 -- TF-M mailing list TF-M@lists.trustedfirmware.orgmailto:TF-M@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-mhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trustedfirmware.org%2Fmailman%2Flistinfo%2Ftf-m&data=02%7C01%7Candrey.butok%40nxp.com%7C13da9b89c9fa434f341908d773e11baa%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C1%7C637105283050237302&sdata=JGg2%2FlYtx9yff2KEqgh2gPdrAMcSaqcZelOwsrj%2BiDg%3D&reserved=0
tf-m@lists.trustedfirmware.org
-
Andrej Butok -
Kevin Peng (Arm Technology China) -
Shebu Varghese Kuriakose