TSC March 2019

tsc@lists.trustedfirmware.org

5 participants
6 discussions

Trusted Firmware TSC meeting minutes - 14th March

by Bill Fletcher

Attendees David Brown - Linaro Bill Fletcher - Linaro Joakim Bech - Linaro Bill Mills - TI Matteo Carlini - Arm Eric Finco - ST Mark Groesen - TI Shebu Kirakose - Arm Abhishek Pandit - Arm Julius Werner - Google Christian Daudt - Cypress Andrew Davis - TI Dean Arnold - Arm Actions noted Binary repository implementation proposal (name, path, mechanism) - Dan Propose slot for TSC call co-timed with Connect - Abhishek Proposal on incident handling list - Dan Reconcile mailing lists with attendees - Bill Attestation script home - Abhishek to talk with David Dean to send test cases running on MPS2 to Christian Agenda 1. CI system discussion. 2. Security Incident Process. 3. Binary Contribution Policy. Draft has already been circulated. 4. Attestation Token Validation script Arm team has created a validation script for checking the initial attestation token (CBOR/COSE). We would like to open source this script as it helps TF-M users. Would it make sense to have this in tf.org? 5. TF-M Documentation Proposal We have been working on a better documentation proposal for TF-M. I can briefly introduce this to TSC then it can be followed by mailing list discussion. 6. Next meeting – BKK19 F2F? 7. Mailing list subscription status. 8. If time permits we can discus major work items for the next quarter. 9. AOB Minutes Binary Contribution Policy JW: Circulated via Board. Already have some instances. Will have separate repository for TF Binaries. Policy describes rules that need to be followed to upload to the repository. We review case-by-case. Policy describes the process where they discuss with the TSC. How to technically implement this - propose it should be a git submodule. Board has already approved the policy. AP: Expect to send some questions by email. Any other questions? JW: Can we start implementing - creating the repository? DH: All we need is a location and a name for the repo. Do we have a generic (non TF-A, TF-M) namespace? Unified repo. JW: Need someone from Arm to create the submodule repo. Action: Dan to suggest path/name Incident Handling DH: TF-A has an incident handling process. So does OP-TEE (different). TF-M doesn’t have one. Need to have (need from hyperscalers) a very restricted list for who can contribute to the fix before publicizing it. Similar to kernel. MC: In the kernel - restricted to non-disclosed list of security experts. Second list of people for controlled disclosure that are under a linux distro mailing alias. CD: Not quite clear on the distinction. Board discussion was a single entry point. Think the grand goal was to make it simpler reporting. Don’t create artificial separation. Should be obvious to submitter. If could have 2-3 triagers forwarding to TF-A and TF-M. Who are those 2-3 people? DH: Arm looking for them to be Arm people. MC: Distinction is based on individual merit rather than specific companies. Core developers for A & M are currently Arm. Disclosure comes afterwards. CD: 3rd level - an inform list? DH: Yes. Currently would be people with an NDA with Arm. CD: If there’s an embargo don’t want it going to even a semi-open list. Action: Dan to come up with a proposal MC: cf Linux kernel policy. Aim is to push the fix as soon as possible but acknowledge the needs of hyperscalers JB: For OPTEE initial proposal was seen as too tight. Google has 90 days. Difference is if the problem is out in the wild and then fix as quickly as possible. DH: Feedback from hyperscaler vendors that they only need 2 weeks. Even Linux distros only ask for another 2 weeks on top. For TF-A, 4 weeks after initial disclosure it goes public. In kernel process don’t get involved in CVE and severity scoring. Leave that to reports. Anyone have any initial thoughts JB: Not saying TF should use same policy as OPTEE but if there are no other ideas. DH: Reason OPTEE doesn’t use CVSS? JB: Not really. Needed to tweak it with OPTEE wording. JW: Propose to follow Linux policy of releasing the patch as soon as possible. Some project, patching is public Mailing list subscription service AP: Please can everyone check their subscription status. BF: If any issues with lists.trustedfirmware.org then mail BillF Action: Bill to reconcile the mailing lists vs attendees CD: Should maybe consider TSC to be TSC “announce”. BF: TSC was aimed to be as open/transparent as possible Attestation token: AP: Team in Arm has been working on a script. Team have asked if it can be upstreamed somewhere. TF-M generates this token. Does it make sense to create a repo to host this script. Would be someone assigned as maintainer from Arm side. CD: Already a tools directory in TF-M with some Python scripts. Why not there? AP: Might apply to other projects SK: It’s an ITF standard. Just happens that TF-M uses that format DB: Suggest to put it in the repo CD: What open source project do you want it to live under, or does it need it’s own project? Don’t see why it would be in TF. Can import it into TF for use. DB: Cbor implementations tend to be for specific uses. Not sure it’s the trend we want to follow. CD: But if not, someone needs to make sure it’s generic enough. Level of ownership needed. Otherwise throw it in TF-M. DB: Question - who is going to work on generalising it. Will only be when someone has the resources AP: Propose to take input from David [action] CI DA: Have a set up of Jenkins/Build Slaves and LAVA. Will meet with Linaro next week to see how to move that onto their infrastructure. CD: Test cycle is via a LAVA instance testing DA: Yes via MPS2 CD: Is just boot? DA: Have a couple of test cases. Can find out. [action] CD: Is the plan to move this to the LAVA lab? BF: There are a few options, as well as physical location in the lab we have a federated/distributed lab instance concept. Builds and results are central but board farm has instances at vendor sites. Helps avoid lab bottlenecks and shipping boards. CD: Like kernel CI? BF: Yes. Will look at putting together a deck with some more information MG: Does the CI use simulation? i.e. qemu or fast model? DA: TF-A use fast models. Qemu - not done anything at the moment. BF: Does TF-A Test support qemu? DH: Can check MG: Recently has been some more support pushed. CD: LAVA supports qemu. EF: Distributed instance supports TF-A and TF-M? BF: For LAVA infrastructure - yes AP: Next meeting. Board is meeting at Linaro Connect. Any interest in a TSC meeting? (confirmed several TSC members will be there) EF: Yes. Welcome opportunity to discuss work items for the next quarter AP: Documentation - brief overview. Slides to be circulated by email. JB: Done same activity for OPTEE and done same activity. Nice think with Sphinx - interlinking within the documentation is very easy. Like this idea. CD: If RFC discussed in gerrit code review then that could get lost. AP: Should still say in draft folder in the doc. CD: Basically the history of thingks that were discussed by not accepted. AP: review happens on the mailing list CD: So there is history in git if something is turned down AP: And mailing list has the discussion. DB: Reference: https://github.com/rust-lang/rfcs -- EMEA Field Engineering Linaro Ltd Harston Mill CB22 7GG Cambridge UK +44 7833 498336 <+44%207833%20498336>

6 years

Re: [TF-TSC] Trusted Firmware TSC - meeting proposal - Friday 5th April 01:00 UTC

by Joakim Bech

Den mån 18 mars 2019 17:38Abhishek Pandit via TSC < tsc(a)lists.trustedfirmware.org> skrev: > 8 am Friday should be okay for me. > Thanks, Abhishek > +1 // Joakim > -----Original Message----- > From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Bill > Fletcher via TSC > Sent: 15 March 2019 16:14 > To: tsc(a)lists.trustedfirmware.org > Subject: [TF-TSC] Trusted Firmware TSC - meeting proposal - Friday 5th > April 01:00 UTC > > Hi all, > > There was a discussion about scheduling a F2F TSC session (with remote > access) during the week of Linaro Connect BKK19 1st-5th April. The agenda > topic is work items for the next quarter. > > We could do 08:00 Bangkok time on Fri 5th April. This equates to 18:00 > Pacific time on 4th April. Dial in from Europe is unfortunately difficult > (UTC 01:00). > > Please let me know if you'd like me to set it up. > > Full details: > > - Bangkok (Thailand) Friday, 5 April 2019, 08:00:00 ICT UTC+7 hours > - San Francisco (USA - California) Thursday, 4 April 2019, 18:00:00 PDT > UTC-7 > hours > - London (United Kingdom - England) Friday, 5 April 2019, 02:00:00 BST > UTC+1 > hour > - Corresponding UTC (GMT) Friday, 5 April 2019, 01:00:00 > > Regards > > Bill > > -- > > > EMEA Field Engineering > Linaro Ltd > Harston Mill CB22 7GG > Cambridge UK > +44 7833 498336 <+44%207833%20498336> > -- > TSC mailing list > TSC(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tsc > -- > TSC mailing list > TSC(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tsc >

6 years

Re: [TF-TSC] Trusted Firmware TSC - meeting proposal - Friday 5th April 01:00 UTC

by Abhishek Pandit

8 am Friday should be okay for me. Thanks, Abhishek -----Original Message----- From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Bill Fletcher via TSC Sent: 15 March 2019 16:14 To: tsc(a)lists.trustedfirmware.org Subject: [TF-TSC] Trusted Firmware TSC - meeting proposal - Friday 5th April 01:00 UTC Hi all, There was a discussion about scheduling a F2F TSC session (with remote access) during the week of Linaro Connect BKK19 1st-5th April. The agenda topic is work items for the next quarter. We could do 08:00 Bangkok time on Fri 5th April. This equates to 18:00 Pacific time on 4th April. Dial in from Europe is unfortunately difficult (UTC 01:00). Please let me know if you'd like me to set it up. Full details: - Bangkok (Thailand) Friday, 5 April 2019, 08:00:00 ICT UTC+7 hours - San Francisco (USA - California) Thursday, 4 April 2019, 18:00:00 PDT UTC-7 hours - London (United Kingdom - England) Friday, 5 April 2019, 02:00:00 BST UTC+1 hour - Corresponding UTC (GMT) Friday, 5 April 2019, 01:00:00 Regards Bill -- EMEA Field Engineering Linaro Ltd Harston Mill CB22 7GG Cambridge UK +44 7833 498336 <+44%207833%20498336> -- TSC mailing list TSC(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tsc

6 years

Re: [TF-TSC] Trusted Firmware TSC - meeting proposal - Friday 5th April 01:00 UTC

by Christian Daudt

That timeslot works for me. Thanks Christian. ________________________________ From: TSC <tsc-bounces(a)lists.trustedfirmware.org> on behalf of Julius Werner via TSC <tsc(a)lists.trustedfirmware.org> Sent: Friday, March 15, 2019 10:55 AM To: Bill Fletcher Cc: tsc(a)lists.trustedfirmware.org Subject: Re: [TF-TSC] Trusted Firmware TSC - meeting proposal - Friday 5th April 01:00 UTC CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. That would work for me in PDT. On Fri, Mar 15, 2019 at 9:13 AM Bill Fletcher via TSC <tsc(a)lists.trustedfirmware.org> wrote: > > Hi all, > > There was a discussion about scheduling a F2F TSC session (with remote > access) during the week of Linaro Connect BKK19 1st-5th April. The agenda > topic is work items for the next quarter. > > We could do 08:00 Bangkok time on Fri 5th April. This equates to 18:00 > Pacific time on 4th April. Dial in from Europe is unfortunately difficult > (UTC 01:00). > > Please let me know if you'd like me to set it up. > > Full details: > > - Bangkok (Thailand) Friday, 5 April 2019, 08:00:00 ICT UTC+7 hours > - San Francisco (USA - California) Thursday, 4 April 2019, 18:00:00 > PDT UTC-7 > hours > - London (United Kingdom - England) Friday, 5 April 2019, 02:00:00 BST UTC+1 > hour > - Corresponding UTC (GMT) Friday, 5 April 2019, 01:00:00 > > Regards > > Bill > > -- > > > EMEA Field Engineering > Linaro Ltd > Harston Mill CB22 7GG > Cambridge UK > +44 7833 498336 <+44%207833%20498336> > -- > TSC mailing list > TSC(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tsc This message and any attachments may contain confidential information from Cypress or its subsidiaries. If it has been received in error, please advise the sender and immediately delete this message.

6 years

Re: [TF-TSC] Trusted Firmware TSC - meeting proposal - Friday 5th April 01:00 UTC

by Julius Werner

That would work for me in PDT. On Fri, Mar 15, 2019 at 9:13 AM Bill Fletcher via TSC <tsc(a)lists.trustedfirmware.org> wrote: > > Hi all, > > There was a discussion about scheduling a F2F TSC session (with remote > access) during the week of Linaro Connect BKK19 1st-5th April. The agenda > topic is work items for the next quarter. > > We could do 08:00 Bangkok time on Fri 5th April. This equates to 18:00 > Pacific time on 4th April. Dial in from Europe is unfortunately difficult > (UTC 01:00). > > Please let me know if you'd like me to set it up. > > Full details: > > - Bangkok (Thailand) Friday, 5 April 2019, 08:00:00 ICT UTC+7 hours > - San Francisco (USA - California) Thursday, 4 April 2019, 18:00:00 > PDT UTC-7 > hours > - London (United Kingdom - England) Friday, 5 April 2019, 02:00:00 BST UTC+1 > hour > - Corresponding UTC (GMT) Friday, 5 April 2019, 01:00:00 > > Regards > > Bill > > -- > > > EMEA Field Engineering > Linaro Ltd > Harston Mill CB22 7GG > Cambridge UK > +44 7833 498336 <+44%207833%20498336> > -- > TSC mailing list > TSC(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tsc

6 years

Trusted Firmware TSC - meeting proposal - Friday 5th April 01:00 UTC

by Bill Fletcher

Hi all, There was a discussion about scheduling a F2F TSC session (with remote access) during the week of Linaro Connect BKK19 1st-5th April. The agenda topic is work items for the next quarter. We could do 08:00 Bangkok time on Fri 5th April. This equates to 18:00 Pacific time on 4th April. Dial in from Europe is unfortunately difficult (UTC 01:00). Please let me know if you'd like me to set it up. Full details: - Bangkok (Thailand) Friday, 5 April 2019, 08:00:00 ICT UTC+7 hours - San Francisco (USA - California) Thursday, 4 April 2019, 18:00:00 PDT UTC-7 hours - London (United Kingdom - England) Friday, 5 April 2019, 02:00:00 BST UTC+1 hour - Corresponding UTC (GMT) Friday, 5 April 2019, 01:00:00 Regards Bill -- EMEA Field Engineering Linaro Ltd Harston Mill CB22 7GG Cambridge UK +44 7833 498336 <+44%207833%20498336>

6 years

2025

2024

2023

2022

2021

2020

2019

TSC March 2019