FYI in case you didn’t receive the earlier cancellation. Today’s TSC meeting is cancelled.
Regards
Dan.
-----Original Appointment-----
From: Karen Power via Tsc-private <tsc-private(a)lists.trustedfirmware.org<mailto:tsc-private@lists.trustedfirmware.org>> On Behalf Of Karen Power
Sent: Wednesday, January 15, 2025 2:18 PM
To: Karen Power; Dan Handley; Eric Finco (eric.finco(a)st.com<mailto:eric.finco@st.com>); lionel.debieve(a)st.com<mailto:lionel.debieve@st.com>; kangkang.shen(a)gmail.com<mailto:kangkang.shen@gmail.com>; Antonio De Angelis; Don Harbin; jwerner(a)google.com<mailto:jwerner@google.com>; David Brown (david.brown(a)linaro.org<mailto:david.brown@linaro.org>); davidb(a)quicinc.com<mailto:davidb@quicinc.com>; kangkang.shen(a)futurewei.com<mailto:kangkang.shen@futurewei.com>; frank.kvamtro(a)nordicsemi.no<mailto:frank.kvamtro@nordicsemi.no>; bpeckham(a)google.com<mailto:bpeckham@google.com>; brandon.hussey(a)renesas.com<mailto:brandon.hussey@renesas.com>; moritzf(a)google.com<mailto:moritzf@google.com>; palmer(a)google.com<mailto:palmer@google.com>; afd(a)ti.com<mailto:afd@ti.com>; praneeth(a)ti.com<mailto:praneeth@ti.com>; Ruchika Gupta; Camille Greusard; pierre-julien.bringer(a)provenrun.com<mailto:pierre-julien.bringer@provenrun.com>; dominik.ermel(a)nordicsemi.no<mailto:dominik.ermel@nordicsemi.no>; Andrej Butok; tsc-private(a)lists.trustedfirmware.org<mailto:tsc-private@lists.trustedfirmware.org>; Michael Thomas; kamlesh(a)ti.com<mailto:kamlesh@ti.com>
Cc: Shebu Varghese Kuriakose; Joanna Farley; Matteo Carlini
Subject: [Tsc-private] Cancelled event with note: TrustedFirmware TSC @ Thu 16 Jan 2025 12pm - 12:55pm (EST) (tsc-private(a)lists.trustedfirmware.org<mailto:tsc-private@lists.trustedfirmware.org>)
When: 16 January 2025 09:00-09:55 America/Los_Angeles.
Where: zoom see below
TrustedFirmware TSC
This event has been cancelled with a note:
"Meeting cancelled as not enough time has passed since everyone returned from the holidays. "
Trusted Firmware is inviting you to a scheduled Zoom meeting.
Topic: TrustedFirmware TSC
Time: Feb 15, 2024 05:00 PM London
Every month on the Third Thu, 20 occurrence(s)
Feb 15, 2024 05:00 PM
Mar 21, 2024 05:00 PM
Apr 18, 2024 05:00 PM
May 16, 2024 05:00 PM
Jun 20, 2024 05:00 PM
Jul 18, 2024 05:00 PM
Aug 15, 2024 05:00 PM
Sep 19, 2024 05:00 PM
Oct 17, 2024 05:00 PM
Nov 21, 2024 05:00 PM
Dec 19, 2024 05:00 PM
Jan 16, 2025 05:00 PM
Feb 20, 2025 05:00 PM
Mar 20, 2025 05:00 PM
Apr 17, 2025 05:00 PM
May 15, 2025 05:00 PM
Jun 19, 2025 05:00 PM
Jul 17, 2025 05:00 PM
Aug 21, 2025 05:00 PM
Sep 18, 2025 05:00 PM
Please download and import the following iCalendar (.ics) files to your calendar system.
Monthly: https://linaro-org.zoom.us/meeting/tJYpdO6pqjwtE9ItoYR_-W2AvXKbkkhzuUvg/ics…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fmeeting%2Ft…>
Join Zoom Meeting
https://linaro-org.zoom.us/j/92437147796?pwd=NXd1a1U2eGlnZkNiUTB1T0xnYzB5Zz…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9243714…>
Meeting ID: 924 3714 7796
Passcode: 100152
---
One tap mobile
+16699009128,,92437147796# US (San Jose)
+17193594580,,92437147796# US
---
Dial by your location
• +1 669 900 9128 US (San Jose)
• +1 719 359 4580 US
• +1 253 205 0468 US
• +1 253 215 8782 US (Tacoma)
• +1 346 248 7799 US (Houston)
• +1 669 444 9171 US
• +1 564 217 2000 US
• +1 646 558 8656 US (New York)
• +1 646 931 3860 US
• +1 689 278 1000 US
• +1 301 715 8592 US (Washington DC)
• +1 305 224 1968 US
• +1 309 205 3325 US
• +1 312 626 6799 US (Chicago)
• +1 360 209 5623 US
• +1 386 347 5053 US
• +1 507 473 4847 US
• 833 548 0276 US Toll-free
• 833 548 0282 US Toll-free
• 833 928 4608 US Toll-free
• 833 928 4609 US Toll-free
• 833 928 4610 US Toll-free
• 877 853 5247 US Toll-free
• 888 788 0099 US Toll-free
Meeting ID: 924 3714 7796
Find your local number: https://linaro-org.zoom.us/u/abwnK0XVLY<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fu%2FabwnK0X…>
When
Thursday 16 Jan 2025 ⋅ 12pm – 12:55pm (Eastern Time - Toronto)
Location
zoom see below
View map<https://www.google.com/maps/search/zoom+see+below?hl=en-GB>
Guests
Karen Power<mailto:karen.power@linaro.org>- organiser
Don Harbin<mailto:don.harbin@linaro.org>- creator
dan.handley(a)arm.com<mailto:dan.handley@arm.com>
eric.finco(a)st.com<mailto:eric.finco@st.com>
lionel.debieve(a)st.com<mailto:lionel.debieve@st.com>
kangkang.shen(a)gmail.com<mailto:kangkang.shen@gmail.com>
antonio.deangelis(a)arm.com<mailto:antonio.deangelis@arm.com>
jwerner(a)google.com<mailto:jwerner@google.com>
David Brown<mailto:david.brown@linaro.org>
davidb(a)quicinc.com<mailto:davidb@quicinc.com>
kangkang.shen(a)futurewei.com<mailto:kangkang.shen@futurewei.com>
frank.kvamtro(a)nordicsemi.no<mailto:frank.kvamtro@nordicsemi.no>
bpeckham(a)google.com<mailto:bpeckham@google.com>
brandon.hussey(a)renesas.com<mailto:brandon.hussey@renesas.com>
moritzf(a)google.com<mailto:moritzf@google.com>
palmer(a)google.com<mailto:palmer@google.com>
afd(a)ti.com<mailto:afd@ti.com>
praneeth(a)ti.com<mailto:praneeth@ti.com>
Ruchika Gupta<mailto:ruchika.gupta_1@nxp.com>
Camille Greusard<mailto:camille.greusard@provenrun.com>
pierre-julien.bringer(a)provenrun.com<mailto:pierre-julien.bringer@provenrun.com>
dominik.ermel(a)nordicsemi.no<mailto:dominik.ermel@nordicsemi.no>
Andrej Butok<mailto:andrey.butok@nxp.com>
tsc-private(a)lists.trustedfirmware.org<mailto:tsc-private@lists.trustedfirmware.org>
Michael Thomas<mailto:michael.thomas@renesas.com>
kamlesh(a)ti.com<mailto:kamlesh@ti.com>
shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com> - optional
joanna.farley(a)arm.com<mailto:joanna.farley@arm.com> - optional
matteo.carlini(a)arm.com<mailto:matteo.carlini@arm.com> - optional
Invitation from Google Calendar<https://calendar.google.com/calendar/>
You are receiving this email because you are an attendee of the event.
Forwarding this invitation could allow any recipient to send a response to the organiser, be added to the guest list, invite others regardless of their own invitation status or modify your RSVP. Learn more<https://support.google.com/calendar/answer/37135#forwarding>
Dear TSC members,
Find attached the slides presented by Ahmad for ST regarding TF-M binary hosting during December TSC meeting.
Regards,
Eric Finco
[Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: logo_big5]
Eric FINCO | Tel: +33 (0)2 4402 7500
MDG | Technical Specialist
From: Dan Handley <Dan.Handley(a)arm.com>
Sent: Monday, January 13, 2025 4:29 PM
To: Eric FINCO <eric.finco(a)st.com>; Ahmad EL JOUAID <ahmad.eljouaid(a)st.com>
Subject: RE: TSC minutes 2024-12-19
Hi Eric/Ahmad
I'd be grateful if you could send the (non-confidential version of the) slides you showed regarding binary hosting.
Regards
Dan.
From: Dan Handley via TSC <tsc(a)lists.trustedfirmware.org<mailto:tsc@lists.trustedfirmware.org>>
Sent: 13 January 2025 15:26
To: tsc(a)lists.trustedfirmware.org<mailto:tsc@lists.trustedfirmware.org>
Subject: [TF-TSC] TSC minutes 2024-12-19
Hi
My apologies for the lateness but here are the minutes for December's TSC meeting...
Dan.
Present:
* Ahmad El Jouaid (ST)
* Eric Finco (ST)
* Praneeth Bajjuri (TI)
* Andrew Davis (TI)
* Antonio De Angelis (Arm)
* Anton Komlev (Arm)
* Bharath Subramanian (Arm)
* Matteo Carlini (Arm)
* Frank Kvamtrø (Nordic)
* Dominik Ermel (Nordic)
* Chris Palmer (Google)
* Julius Werner (Google)
* Moritz Fisher (Google)
Agenda:
* TI welcome
* Continue board discussion on impacts of regulation like CRA. Eric
* TF-M binary uploads (Ahmad)
Dan welcomes TI to TF.org TSC
Praneeth:
Andrew and Kamlash will be TI TSC reps
I will be on the board
We were part of TF earlier, 4-5 years back.
Want to be more engaged again.
Especially interested in OpenCI, TF-A and TF-M
We will talk about topics of interest in future calls.
We're also interested in UBoot, e.g. LTS strategy
We're engaged with UBoot maintainers.
Kamlesh working for 3 years at TI: security and power management
Linux crypto driver, TF-A, U-boot, ...
Will be handling any new development here
Dan: FW-handoff could be one other possible topic of interest. We're working with Simon Glass (UBoot maintainer) on this.
(https://github.com/FirmwareHandoff/firmware_handoff)
Continue board discussion on impacts of regulation like CRA
Eric:
There was a 2 day workshop by Linux Foundation in Amsterdam, 10-11 Dec
Impact of regulation
2 sets of rules in CRA specification: 1 for manufacturers, 1 for open source stewards
For manufacturers, it's reasonably clear. Have to comply with all requirements in CRA
For stewards, it's much more fuzzy:
* Specific to open source
* Responsible for maintaining security standards
ST understanding is there will be 3 workgroups setup to dive into this and influence the EU's finalisation of the spec.
There's also discussion under Global Platform (GP) on the same topic. ST is part of this and monitoring/contributing.
Most likely will have an impact on TF.org.
Agreement at board is to have regular conversations about this.
I think this is something we have to do. They're expecting some deployment as early as 2025.
Don: What's our likely investment here?
Eric: Keep contributing to stewards's role. May need more community management.
Eric: May need more CI. Too early to say
Frank: Does the GlobalPlatform work you mention also include and/or focus on SESIP?
Frank: Or is our focus more broad and generic?
Eric: Don't have an answer right now. Can check with our guy working with GP.
Frank: in Zephyr security committee, there's an ongoing requirement to handle requirements like these (also for US, Asian markets).
Frank: Unfortunately likely to be many levels removed from the workshop scope. So anything we learn there will be very valuable.
Frank: Thanks to ST for covering this.
Binary hosting topic (Ahmad):
Presented slides
Eric: We will send declassified version of the slides
Will be using our own boot stage (BL2 equivalent) so will only be publishing TF-M secure/ns apps
Export control problems with hosting own boot binary
Would like TF-M binary to be hosted with TF-M repo for ease of integration
Dan: Would it have a different license?
Eric: No
Dan/Julius: Can't we just use the tf-binaries repo?
(https://git.trustedfirmware.org/plugins/gitiles/tf-binaries/+/refs/heads/ma…)
Eric: Requirements are slightly different.
Would like to keep with platform port in TF-M source code
Dan: How to link precise source code version with the binary?
Eric: Maybe could sign binary with SHA-1.
Could have several versions in the repo.
Antonio: Is this for just new platforms or existing platforms too.
Eric: Just new platforms.
Anton: Concerned about side-effect of repo growth.
Anton: Why not host separately and keep link to TF-M source code?
Eric: Haven't discussed repo growth
Eric: Can we limit to release versions?
Ahmad: Yes, can do that and update with each release
Dan: Repo growth is not a blocker issues on its own. Can use tech like Git LFS (https://git-lfs.com/).
Frank: Could tf-binaries be a staging area for this?
Frank: Agree that releasing binaries is a good use-case
Frank: Could ST look into that?
Anton: I accept the use-case but also would prefer to use tf-binaries.
Eric: Next steps. Should we post something on TF-M forum
Anton: Happy to discuss in TF-M tech forum.
Frank: It might also be useful to store other artefacts to that separate repo.
Frank: We also do not use TF-M BL2. We have our own version. But it's still part of certification scope
AOB:
Call for ideas to use tf.org surplus
TF-M code size:
Frank: Nordic also cater for small devices.
We see some reluctance to use full TF-M distribution
e.g. Maybe will never use the attestation service
e.g. for Mbed TLS developer branch, may need to look into optimisations for small devices
Still want to use TF-M but some of PSA requirements may not be included.
Some vendors are saying TF-M is too big.
e.g. For PSA trusted storage using external storage, need rollback protection. But this is cumbersome for some customers. For our real implementation, we use internal storage.
We hope this kind of suggestion doesn't change governance for generic users of TF-M.
May end up not being fully certified.
Expect this to be internal build details.
Eric: We're seeing more of the same thing
Eric: Would you propose some simplified profile?
Frank: In Zephyr scope, we're already disabling features we don't need.
Frank: Turning off attestation is one basic thing but if we do, it is against PSA certification.
Frank: Seems OK for some devices, e.g. simple Bluetooth devices
(ran out of time)
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi
My apologies for the lateness but here are the minutes for December's TSC meeting...
Dan.
Present:
* Ahmad El Jouaid (ST)
* Eric Finco (ST)
* Praneeth Bajjuri (TI)
* Andrew Davis (TI)
* Antonio De Angelis (Arm)
* Anton Komlev (Arm)
* Bharath Subramanian (Arm)
* Matteo Carlini (Arm)
* Frank Kvamtrø (Nordic)
* Dominik Ermel (Nordic)
* Chris Palmer (Google)
* Julius Werner (Google)
* Moritz Fisher (Google)
Agenda:
* TI welcome
* Continue board discussion on impacts of regulation like CRA. Eric
* TF-M binary uploads (Ahmad)
Dan welcomes TI to TF.org TSC
Praneeth:
Andrew and Kamlash will be TI TSC reps
I will be on the board
We were part of TF earlier, 4-5 years back.
Want to be more engaged again.
Especially interested in OpenCI, TF-A and TF-M
We will talk about topics of interest in future calls.
We're also interested in UBoot, e.g. LTS strategy
We're engaged with UBoot maintainers.
Kamlesh working for 3 years at TI: security and power management
Linux crypto driver, TF-A, U-boot, ...
Will be handling any new development here
Dan: FW-handoff could be one other possible topic of interest. We're working with Simon Glass (UBoot maintainer) on this.
(https://github.com/FirmwareHandoff/firmware_handoff)
Continue board discussion on impacts of regulation like CRA
Eric:
There was a 2 day workshop by Linux Foundation in Amsterdam, 10-11 Dec
Impact of regulation
2 sets of rules in CRA specification: 1 for manufacturers, 1 for open source stewards
For manufacturers, it's reasonably clear. Have to comply with all requirements in CRA
For stewards, it's much more fuzzy:
* Specific to open source
* Responsible for maintaining security standards
ST understanding is there will be 3 workgroups setup to dive into this and influence the EU's finalisation of the spec.
There's also discussion under Global Platform (GP) on the same topic. ST is part of this and monitoring/contributing.
Most likely will have an impact on TF.org.
Agreement at board is to have regular conversations about this.
I think this is something we have to do. They're expecting some deployment as early as 2025.
Don: What's our likely investment here?
Eric: Keep contributing to stewards's role. May need more community management.
Eric: May need more CI. Too early to say
Frank: Does the GlobalPlatform work you mention also include and/or focus on SESIP?
Frank: Or is our focus more broad and generic?
Eric: Don't have an answer right now. Can check with our guy working with GP.
Frank: in Zephyr security committee, there's an ongoing requirement to handle requirements like these (also for US, Asian markets).
Frank: Unfortunately likely to be many levels removed from the workshop scope. So anything we learn there will be very valuable.
Frank: Thanks to ST for covering this.
Binary hosting topic (Ahmad):
Presented slides
Eric: We will send declassified version of the slides
Will be using our own boot stage (BL2 equivalent) so will only be publishing TF-M secure/ns apps
Export control problems with hosting own boot binary
Would like TF-M binary to be hosted with TF-M repo for ease of integration
Dan: Would it have a different license?
Eric: No
Dan/Julius: Can't we just use the tf-binaries repo?
(https://git.trustedfirmware.org/plugins/gitiles/tf-binaries/+/refs/heads/ma…)
Eric: Requirements are slightly different.
Would like to keep with platform port in TF-M source code
Dan: How to link precise source code version with the binary?
Eric: Maybe could sign binary with SHA-1.
Could have several versions in the repo.
Antonio: Is this for just new platforms or existing platforms too.
Eric: Just new platforms.
Anton: Concerned about side-effect of repo growth.
Anton: Why not host separately and keep link to TF-M source code?
Eric: Haven't discussed repo growth
Eric: Can we limit to release versions?
Ahmad: Yes, can do that and update with each release
Dan: Repo growth is not a blocker issues on its own. Can use tech like Git LFS (https://git-lfs.com/).
Frank: Could tf-binaries be a staging area for this?
Frank: Agree that releasing binaries is a good use-case
Frank: Could ST look into that?
Anton: I accept the use-case but also would prefer to use tf-binaries.
Eric: Next steps. Should we post something on TF-M forum
Anton: Happy to discuss in TF-M tech forum.
Frank: It might also be useful to store other artefacts to that separate repo.
Frank: We also do not use TF-M BL2. We have our own version. But it's still part of certification scope
AOB:
Call for ideas to use tf.org surplus
TF-M code size:
Frank: Nordic also cater for small devices.
We see some reluctance to use full TF-M distribution
e.g. Maybe will never use the attestation service
e.g. for Mbed TLS developer branch, may need to look into optimisations for small devices
Still want to use TF-M but some of PSA requirements may not be included.
Some vendors are saying TF-M is too big.
e.g. For PSA trusted storage using external storage, need rollback protection. But this is cumbersome for some customers. For our real implementation, we use internal storage.
We hope this kind of suggestion doesn't change governance for generic users of TF-M.
May end up not being fully certified.
Expect this to be internal build details.
Eric: We're seeing more of the same thing
Eric: Would you propose some simplified profile?
Frank: In Zephyr scope, we're already disabling features we don't need.
Frank: Turning off attestation is one basic thing but if we do, it is against PSA certification.
Frank: Seems OK for some devices, e.g. simple Bluetooth devices
(ran out of time)
