Hi All,
In case you missed a session of interest at Linaro Connect, the recorded
sessions and accompanying presentations are now posted on line
<https://connect.linaro.org/resources/lvc21f/lvc21f-212>.
I've attached a Session Resource List to this email as well that has been
created to quickly find sessions of interest based upon topics.
Best regards,
Don
Attendees:
Dan Handley (Arm, chair)
Joanna Farley (Arm)
Shebu Varghese Kuriakose (Arm)
Matteo Carlini (Arm)
Joakim Bech (Linaro)
David Brown (Linaro)
Don Harbin (Linaro)
Eric Finco (ST)
Lionel Debieve (ST)
KangKang Shen (Futurewei)
Michael Thomas (Renesas)
Julius Werner (Google)
Kevin Oerton (NXMLabs)
Andrey Butok (NXP)
Shebu presented Mbed TLS roadmap (attached)
KO: How will the Crypto Driver API be used.
SK: This is a back-end HAL interface for crypto-processors to plug in to. The front-end interface will always be the PSA Crypto API.
KO: Will this driver API help add support for certs that Mbed TLS doesn't support yet?
Shebu: No, the fron- end interface will always be via the Mbed TLS and PSA Crypto APIs. Adding new cert support would be a separate work item. Currently we're more focussed on new crypto algorithm support.
KO: For A-profile, is there a dependency on the Trusted Services (TS) project?
SVK: TS uses PSA Crypto, as does TF-A. There is some plumbing still to do with FF-A if you want to call PSA Crypto APIs from the normal world and route that through to TS or a Secure Element backend.
MT: When will there be a 3.x LTS branch?
SVK: Will consider the next LTS in 2022. The last 2.x branch will be an LTS. We don't have firm plans for a 3.x LTS branch yet.
MT: Even if you update Mbed TLS to use the PSA Crypto API, some partners will continue to use the legacy Mbed TLS crypto APIs (via Mbed TLS) since they will only use LTS branches. They will not move until there is an LTS that uses the PSA Crypto APIs.
DH: The strategy is to clean up the dependencies on the legacy crypto APIs through the 3.x series of releases. Eventually Mbed TLS will not have a dependency on the legacy APIs. Even then, backwards compatibility will be maintained in the legacy APIs. Support for the legacy APIs would not be removed until a (TBD) 4.0 release.
KO: Is there any overhead to using PSA Crypto API.
SVK: We haven't actually measured this.
DH: There will be a small overhead in the current implementation as these effectively wrap the legacy API implementations. There's no overhead due to the APIs themselves. Through the 3.x series of releases, the implementation will be inverted so that the legacy APIs will wrap the PSA Crypto API implementations. Then the overhead will be in the legacy implementation instead.
Matteo presented the TF-A roadmap: https://developer.trustedfirmware.org/w/tf_a/roadmap/
EF: What is firmware transparency? Is it a device side or server side technology?
MC: It's related to firmware attestation, which is about collecting firmware measurements and providing them to a relying party in the form of an attestation token.
DH: Actually, it’s a bit orthogonal to attestation. Attestation is about providing evidence to a (possibly remote) relying party in order enable functionality (e.g. provisioning of secrets).
DH: Firmware transparency is about making that evidence (in the form of certificates) available to anyone in a verifiable data store, so they can trust the firmware on a device is what it says it is
JB: So it's similar to TPM?
DH: Hmm, not exactly but the measurements may be stored in a TPM on the device.
DH: The project we’re interested in here is Google Trillian: https://opensource.google/projects/trillian
DH: This is really a server side technology but there may be some alignment activities to do on the device side
EF: What is the 32-bit support about in the roadmap?
SVK: This is related to Trusted Services (TS). It's about running legacy 32-bit TAs within TS, which is extra work
MC: Phabricator page for this: https://developer.trustedfirmware.org/w/tf_a/roadmap/
MC: Plan is to create a common landing page with Don for all roadmaps
AOB:
DH: Someone in Arm pointed out that the tagline on the tf.org website is not strictly accurate:
"OPEN SOURCE SECURE WORLD SOFTWARE"
DH: Some of the software does not necessarily reside in the secure world (e.g. Mbed TLS, Trusted Services, Future CCA support)
DH: Proposal is to just remove the word "World".
JK: Makes sense. I thought that too.
(No-one disagreed)
SVK: There's another reference on that page too.
DH: Yes, we may need to remove this in several places on the website.
ACTION: Dan to work with Don on changing "secure world" to "secure" on the website
JB: Board wanted more visibility into the security process, e.g. how fast are we to respond, what issues are in flight, etc...
DH: OK, as long as this isn't leaking security critical info to people who are not necessarily part of the security teams.
JB: Yes, of course. This is just about seeing how well the process is working, not the issues themselves
DH: My other concern is not putting too much extra process on the security teams.
JB: I have an action to propose something that is workable here.
DonH: Would like more of the tech people on the teams to propose topics at future conferences, e.g. the OSFC
DH: Arm folk have quite a few presentations at last week's LVC but perhaps not OSFC.
DonH: Yes, I was looking for more than just Arm people.
Regards
Dan.
-----Original Appointment-----
From: Don Harbin <don.harbin(a)linaro.org<mailto:don.harbin@linaro.org>>
Sent: 14 April 2021 15:08
To: Don Harbin; Joakim Bech; Bill Fletcher (bill.fletcher(a)linaro.org<mailto:bill.fletcher@linaro.org>); lionel.debieve(a)st.com<mailto:lionel.debieve@st.com>; andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>; Nicusor Penisoara; Abhishek Pandit; Eric Finco (eric.finco(a)st.com<mailto:eric.finco@st.com>); k.karasev(a)omprussia.ru<mailto:k.karasev@omprussia.ru>; kevin(a)nxmlabs.com<mailto:kevin@nxmlabs.com>; David Brown; David Cocca; kangkang.shen(a)futurewei.com<mailto:kangkang.shen@futurewei.com>; Dan Handley; roman.baker(a)cypress.com<mailto:roman.baker@cypress.com>; Kevin Townsend (kevin.townsend(a)linaro.org<mailto:kevin.townsend@linaro.org>); reinauer(a)google.com<mailto:reinauer@google.com>; Serban Constantinescu; a.rybakov(a)omprussia.ru<mailto:a.rybakov@omprussia.ru>; Julius Werner; roman.baker(a)infineon.com<mailto:roman.baker@infineon.com>
Subject: Trusted Firmware TSC
When: 16 September 2021 09:00-09:55 America/Los_Angeles.
Where: https://linaro-org.zoom.us/j/96393644990?pwd=VXlGeFF1Z2U3UTlwbmNhRTZYeE5lZz…
This event has been changed with this note:
"Adjusting due to time zone changes"
Trusted Firmware TSC
When
Changed: Monthly from 9am to 9:55am on the third Thursday 9 times Mountain Standard Time - Phoenix
Where
https://linaro-org.zoom.us/j/96393644990?pwd=VXlGeFF1Z2U3UTlwbmNhRTZYeE5lZz… (map<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9639364…>)
Calendar
dan.handley(a)arm.com<mailto:dan.handley@arm.com>
Who
•
Don Harbin - organizer
•
Joakim Bech
•
Bill Fletcher
•
lionel.debieve(a)st.com<mailto:lionel.debieve@st.com>
•
andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>
•
nicusor.penisoara(a)nxp.com<mailto:nicusor.penisoara@nxp.com>
•
abhishek.pandit(a)arm.com<mailto:abhishek.pandit@arm.com>
•
eric.finco(a)st.com<mailto:eric.finco@st.com>
•
k.karasev(a)omprussia.ru<mailto:k.karasev@omprussia.ru>
•
kevin(a)nxmlabs.com<mailto:kevin@nxmlabs.com>
•
David Brown
•
david.cocca(a)renesas.com<mailto:david.cocca@renesas.com>
•
kangkang.shen(a)futurewei.com<mailto:kangkang.shen@futurewei.com>
•
dan.handley(a)arm.com<mailto:dan.handley@arm.com>
•
roman.baker(a)cypress.com<mailto:roman.baker@cypress.com>
•
kevin.townsend(a)linaro.org<mailto:kevin.townsend@linaro.org>
•
reinauer(a)google.com<mailto:reinauer@google.com>
•
Serban Constantinescu
•
a.rybakov(a)omprussia.ru<mailto:a.rybakov@omprussia.ru>
•
Julius Werner
•
roman.baker(a)infineon.com<mailto:roman.baker@infineon.com>
more details »<https://calendar.google.com/calendar/event?action=VIEW&eid=c2NxdnQzczZubWpt…>
Trusted Firmware is inviting you to a scheduled Zoom meeting.
Topic: TrustedFirmware TSC
Time: Dec 17, 2020 05:00 PM London
Every month on the Third Thu, 12 occurrence(s)
Dec 17, 2020 05:00 PM
Jan 21, 2021 05:00 PM
Feb 18, 2021 05:00 PM
Mar 18, 2021 05:00 PM
Apr 15, 2021 05:00 PM
May 20, 2021 05:00 PM
Jun 17, 2021 05:00 PM
Jul 15, 2021 05:00 PM
Aug 19, 2021 05:00 PM
Sep 16, 2021 05:00 PM
Oct 21, 2021 05:00 PM
Nov 18, 2021 05:00 PM
Please download and import the following iCalendar (.ics) files to your calendar system.
Monthly: https://linaro-org.zoom.us/meeting/tJIufuquqj8jE9QUXZNeFMnKKzozNj9SWM72/ics…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fmeeting%2Ft…>
Join Zoom Meeting
https://linaro-org.zoom.us/j/96393644990?pwd=VXlGeFF1Z2U3UTlwbmNhRTZYeE5lZz…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9639364…>
Meeting ID: 963 9364 4990
Passcode: roadRunner
One tap mobile
+13462487799,,96393644990# US (Houston)
+16699009128,,96393644990# US (San Jose)
Dial by your location
+1 346 248 7799 US (Houston)
+1 669 900 9128 US (San Jose)
+1 253 215 8782 US (Tacoma)
+1 312 626 6799 US (Chicago)
+1 646 558 8656 US (New York)
+1 301 715 8592 US (Washington D.C)
877 853 5247 US Toll-free
888 788 0099 US Toll-free
Meeting ID: 963 9364 4990
Find your local number: https://linaro-org.zoom.us/u/aegtEd7Roj<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fu%2FaegtEd7…>
Going (dan.handley(a)arm.com<mailto:dan.handley@arm.com>)? All events in this series: Yes<https://calendar.google.com/calendar/event?action=RESPOND&eid=c2NxdnQzczZub…> - Maybe<https://calendar.google.com/calendar/event?action=RESPOND&eid=c2NxdnQzczZub…> - No<https://calendar.google.com/calendar/event?action=RESPOND&eid=c2NxdnQzczZub…> more options »<https://calendar.google.com/calendar/event?action=VIEW&eid=c2NxdnQzczZubWpt…>
Invitation from Google Calendar<https://calendar.google.com/calendar/>
You are receiving this courtesy email at the account dan.handley(a)arm.com<mailto:dan.handley@arm.com> because you are an attendee of this event.
To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.
Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More<https://support.google.com/calendar/answer/37135#forwarding>.
Abhishek, all
referring to the minutes of our July meeting - see point highlighted in yellow below, TF-A was foreseen as the focus topic of the next TSC meeting. It was expected to take place in August but the August meeting has been cancelled so is TF-A slot postponed accordingly meaning is it the main topic of this week TSC ?
Regards,
Eric
[Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: logo_big5]
Eric FINCO | Tel: +33 (0)2 4402 7154
MDG | Technical Specialist
Fellow, Technical Staff College (TSC) France Board Chairman
From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Don Harbin via TSC
Sent: mardi 3 août 2021 17:07
To: tsc(a)lists.trustedfirmware.org
Subject: [TF-TSC] July 20 Trusted Firmware TSC Meeting minutes
Hi,
Please find the minutes from the last call below
Attendees: Don, Abhishek, Anton Komlev<mailto:Anton.Komlev@arm.com>, Dave Cocca, David Brown, Shebu, Julius, Andrej Bujok, Eric Finco, Michael Thomas, Kevin Oerton, Kevin Townsend
Minutes:
* TF-M release / roadmap update - Shebu
* See slides
* 1.4.0 - 4 months release cadence
* Docs deficiencies have been a focus.
* Need MCU update to Mbed TLS 3.0 - getting support from David Brown.
* Asure RTOS work within Linaro - a couple of Pull Requests are queued
* EF: Patches limited to TF-M?
* SK: In Azure RTOS and Threadx
* MT: Jump to 3.0 pretty big?
* MT: Calls only to PSA crypto?
* SK: Ongoing, uses a mix of legacy and later API's
* SK: Community push for clean-ups before migration is completed. Not a completion point for PSA crypto.
* SK: A new LTS will happen this quarter
* Public Roadmap Slide
* Anton provided overview
* SK: Looking at profiling to understand context switching overhead when go from Normal to Secure World
* Authentication Debug Access Control (ADAC) development being looked at and how to migrate to TF-M
* MT: PSA ADAC Spec: Location?
* SK: In the PSA specification page
* EF: Concerning F/W Update, some services enhancements in 1.4 - duration?
* SK: Picked up f/w update service. So as spec evolves so will work.
* SK: Listed a couple of others...
* AK: Protocol update of Flash w/ progress line. Minor
* TF-M Security Patch Release Proposal
* See WIki
* AK: Walked thru https://developer.trustedfirmware.org/w/collaboration/tf_m_security_patch_r…
* DC: Will review this and provide feedback.
* MT: Some wording seems like could be updated, but the intent is fine.
* MT/AK agree on the wording and raise a vote (if required). Will do a "No objection" next meeting
* Discussion about TSC feedback - AP
* Shebu/Matteo/Abhishek/Dan have had syncs. Lots done by Arm teams. A need for something from TSC to discuss. Suggesting to put all roadmaps on the wiki. Frequency TBD (release cycles?)
* Would like 2 weeks notice on technical topic requests.
* Once public roadmap, will make discussions easier.
* TF-M today, next up will be other projects
* Next TF-A, MBed TLS, Hafnium, Trusted Services.
* EF: Date for next meeting?
* AP: Only time to skip is when meetings are not available.
* Team: Agrees this flow is useful and gives good visibility.
* Details can be found _in the comments_ on: https://developer.trustedfirmware.org/w/collaboration/community_development…
§ Don: Action to Board on TSC needs?
· Shebu: Have TSC reps joined the board to share?
· AP: Will come up w/ questions posed to the board over the next month. September may be the appropriate time to have Board attendance. In TSC, can then formulate and make it more specific.
ACTION: AP come up with a list of topics/questions for the September joint TSC/Board meeting.
Best regards,
Don Harbin - Sent on behalf of the TSC Chair
ST Restricted