Hi all
I've sent this to what I hope is a representative subset of TrustedFirmware.org project maintainers. Feel free to forward to others you think should be included.
I'm writing to gather maintainer feedback on a proposal for TrustedFirmware.org to have a policy on the use of AI-assistants in code contributions. Several other open-source organizations already have their own policies. Attached is the current draft of that policy, which is based on the Linux Foundation and Apache Software Foundation guidance. This has been discussed at the TF.org board and more recently, the TSC (see minutes here<https://lists.trustedfirmware.org/archives/list/tsc@lists.trustedfirmware.o…>). Eric Finco @ ST had 2 pieces of feedback to this, the 2nd of which prompted me to seek this wider input. To summarize that feedback:
1. Eric would like all contributions that use AI assistants to explicitly attribute the tool(s) used in the contribution for transparency reasons. The counter feedback is that this might be onerous to generate (especially if a tool has a complex backend) and there is no clear use for that information.
2. Eric would like the policy to apply to all TrustedFirmware.org projects, rather allowing projects to develop their own project-specific guidance (as per the current draft).
Some of this might require more interaction discussion. My plan was to invite you all to a future TSC meeting (perhaps in September) to discuss further. I'm happy to take feedback on the policy, Eric's feedback or the process to handle this. Feel free to reply to this email (to all or just to me), or just wait for that TSC meeting.
Best regards
Dan.
Hi all
Below are some edited AI notes from today's meeting:
Present:
Eric Finco (ST)
Antonio De Angelis (Arm)
Dan Handley (Arm)
Kamlesh Gurudasani (TI)
Frank (Nordic)
David Brown (Linaro)
Joanna Farley (Arm)
Dominik Ermel (Nordic Semi)
Quick recap
The meeting focused on several key topics related to Trusted Firmware development and project policies. The group discussed changing the "co-developed by" tag format in the AI-assisted contributions policy<https://www.trustedfirmware.org/aipolicy/> to align with the new Linux project guidelines<https://github.com/torvalds/linux/blob/master/Documentation/process/coding-…>, with Kamlesh noting that some TF-A patches<https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/39036> had already used the "co-developed-by" tag.
The team reviewed a Zephyr interpretation<https://docs.zephyrproject.org/latest/security/standards/cyber-resilience-a…> of the CRA (Cyber Resiliency Act) requirements and their implications for vulnerability handling and SBOM generation, though David emphasized the importance of avoiding legal advice in the documentation unless it's been reviewed by a lawyer.
Antonio presented options for creating a separate PSA crypto driver repository on GitHub, with Frank explaining that the main driver was familiarity with GitHub for vendors, though licensing concerns were raised.
The conversation ended with Dan advertising a new Confidential Compute Working Group<https://corecollective.dev/working-groups/> at CoreCollective that would kick off the following week, initially focusing on CCA reference SW roadmap and CCA attestation enablement.
Next steps
*
Dan: Send an offline message to the group proposing the change to the "co-developed by" tag in the AI policy and proceed with the change if there are no objections.
*
Dan: Run the proposed tag change by the maintainers and ensure everyone who is using the tag is notified if the change proceeds.
*
Antonio (and relevant team members): Discuss further with Gilles and the PSA-Crypto team regarding the creation and use of a new GitHub repo for PSA crypto driver prototyping, including considerations around licensing, building, and testing.
Summary
AI-assisted Contribution Policy Discussion
The team discussed changing the "co-developed by" tag in the AI-assisted contributions policy<https://www.trustedfirmware.org/aipolicy/> to align with the new Linux project guidelines<https://github.com/torvalds/linux/blob/master/Documentation/process/coding-…>, which uses an assisted-by tag with a specific format. The Linux policy is otherwise well aligned. Attributions are optional. Dan proposed sending an offline notification about the proposed change since no objections were raised during the meeting. Kamlesh pointed out that some TF-A patches<http://some%20TF-A%20patches> had already used the "co-developed by" tag. The team agreed this is just for audit purposes so there should be no need to change existing code.
CRA Compliance Documentation Discussion
The team discussed a Zephyr analysis<http://Zephyr%20interpretation> <http://Zephyr%20interpretation> of the CRA and its implications for open source stewardship, with David explaining that that document had been reviewed by lawyers since it contains legal advice about CRA interpretations. Eric proposed using future funding to prepare materials for due diligence, but the group agreed to focus on factual statements about their current practices rather than making interpretive claims about CRA compliance. David raised concerns about the target audience for additional compliance features, noting that many Trusted Firmware members are SOC manufacturers rather than device vendors who would face direct CRA compliance requirements. The discussion concluded with questions about due diligence requirements and vulnerability reporting timelines, which David noted might be more aggressive than current practices.
PSA Crypto Repository Planning
The team discussed creating a new GitHub repository for prototyping PSA crypto drivers, with Frank explaining that the main reason was to align with most vendors' existing GitHub workflows. Antonio raised concerns about licensing issues and building/testing processes for the new repository. The group also learned about an existing PSA crypto API repository<https://review.trustedfirmware.org/plugins/gitiles/shared/tf-psa-crypto-dri…> on Gerrit, but noted it doesn't address licensing requirements for code hosting. Dan noted the existing PSA Crypto API GitHub<https://github.com/ARM-software/psa-crypto-api> doesn't look suitable for code sharing as there is no license information.
AOB
The conversation ended with an announcement about a new Confidential Compute Working Group<https://corecollective.dev/working-groups/> kickoff planned for the following week.
Please note the below is a combination of AI generated and my own notes. Please find the slides I showed attached.
Regards
Dan.
Meeting summary
Quick recap
The meeting focused on several key topics related to Trusted Firmware and security initiatives. Dan provided updates on the PSA specification governance, emphasizing the goal to maintain long term momentum with wider participation. The discussion then shifted to the TF bug bounty program, which has seen a significant increase in submissions, leading to concerns about maintainability and the use of AI tools in submissions. Dan highlighted the challenges faced in managing the volume of reports and the need for more CVEs, which has been delayed due to responsiveness issues with Mitre. The group also discussed the launch of Core Collective, a new collaboration platform backed by Arm and Linaro, and its potential role in supporting various projects, including Trusted Firmware. David raised questions about the organization of working groups within Core Collective and its potential impact on existing project structures.
Next steps
* Dan: Send meeting slides to attendees after the meeting.<https://tasks.zoom.us/?meetingId=WM9WhRFeRT2Qu%2BUdFs2eyA%3D%3D&stepId=2ebd…>
* Dan: Pass on feedback and concerns about the bug bounty program to the Arm PSIRT team.<https://tasks.zoom.us/?meetingId=WM9WhRFeRT2Qu%2BUdFs2eyA%3D%3D&stepId=2ebd…>
* David and Dan: Discuss offline the possibility of using AI/automated tools for internal bug triage and analysis, and potentially test such tools.<https://tasks.zoom.us/?meetingId=WM9WhRFeRT2Qu%2BUdFs2eyA%3D%3D&stepId=2ebd…>
* David: Set up a call with Grant to discuss Zephyr backporting/LTS funding and Core Collective project structure.<https://tasks.zoom.us/?meetingId=WM9WhRFeRT2Qu%2BUdFs2eyA%3D%3D&stepId=2ebd…>
* Dan: Lead or co-lead the confidential compute working group in Core Collective and organize a discussion in the next month to define scope and membership.<https://tasks.zoom.us/?meetingId=WM9WhRFeRT2Qu%2BUdFs2eyA%3D%3D&stepId=2ebd…>
Summary
Present
Ben Vogel (QTI)
Eric Finco (ST)
David Brown (Linaro)
KangKang (FutureWei)
Michael Thomas (Renesas)
Julius Werner (Google)
Kamlesh Gurudasani (TI)
Andrew Davis (TI)
Dominik Ermel (Nordic)
Joanna Farley (Arm)
Dan Handley (Arm)
Zephyr Long Term Support (LTS)
David explained how Zephyr is trying to change its LTS frequency from 5 years to 3. To date Zephyr has been pulling main branches from TF projects, which isn't great. Now plan to pull in TF LTS branches and if they go out of date for Zephyr, we can discuss how to address it in a public forum, maybe at CoreCollective. There was some discussion on there being a Zephyr Working Group (WG) at CoreCollective, but Zephyr has wider scope than just Arm architecture platforms. There is an Edge WG, which includes part of Zephyr in its scope. Joanna mentioned how TrustedFirmware-A related projects are released together, which helps to managed dependencies. David countered that this is harder across project ecosystems with different governance - one has to go first. Michael also mentioned difficulties managing versions in their product because some dependencies are using older versions of TF projects; they have to fix the dependencies themselves.
PSA Specification governance moving to Global Platform (GP)
The group discussed changes to the PSA specification governance, with David agreeing that making the specification more broadly applicable beyond ARM was a good idea, particularly given its use in Mbed TLS and other areas. Dan confirmed that the copyright and licensing would remain unchanged, and Andrew Thoelke would continue to manage the PSA APIs as working group lead. The discussion addressed concerns about implementation in TF, which would not change, and David suggested that PKCS11 could potentially be replaced in the future.
The team discussed the progress and potential for moving PSA API and FF-M specs to GP, though the timeline remains unclear.
TF Bug Bounty Program
Dan shared updates on the TF bug bounty program, which launched in December and has seen a higher volume of reports than anticipated, leading to changes in the program's rules to prevent automatic suspension due to budget constraints. Despite these challenges, the program continues to receive submissions, with 103 reports in March alone, raising concerns about the sustainability of the workload for maintainers.
The team discussed security vulnerability handling across different projects, with Dan noting that Mbed TLS and OP-TEE are experienced in managing high volumes of security issues, while TF-A has been more challenging due to lower volume historically. Dan mentioned that Hafnium is not yet live in the program but it probably should be added soon. Kamlesh inquired about TF-A bug types, clarifying that while platform-specific issues are out of scope, some may still be considered if reproducible in a platform context. The team also discussed the increasing use of AI tools in bug submissions, with Dan estimating over 90% of submissions now using such tools, and Kamlesh raised questions about bug bounty program payouts and effectiveness. David suggested using AI tools to analyze and triage bug reports, which could be a potential approach given the high volume of submissions. Eric asked whether the 10% rate of valid reports is the same across projects. Dan said we don't have that data but we expect so.
The team discussed challenges with AI-generated bug reports, noting that while some reports contain valid vulnerabilities, others are of low quality or incorrect. David and Dan agreed to discuss the issue offline, as they are two of the people managing the tools. Ben shared that the curl maintainer had to cancel their bug bounty program due to overwhelming low-quality submissions. The team considered implementing an invitation-only bug bounty program with a limited number of high-bounty issues to reduce AI submissions. Dan mentioned that the Intigrity and Arm PSIRT are currently filtering out most AI-generated reports, with only a few requiring deeper inspection.
CVE Allocation Challenges
The group discussed the delay in receiving CVEs from Mitre, which is taking over a month for allocation, making the process increasingly cumbersome. David and Dan discussed the admin challenges of the security teams generating CVEs themselves, highlighting the need to justify the training time and costs for already-stretched teams. They considered options such as using the existing TF budget surplus to cover training for someone to handle the task, though this could risk affecting other work.
Core Collective
Dan mentioned that Core Collective, launched by Linaro with backing from Arm, is a new collaboration platform that is free to join and has a governance structure similar to Trusted Firmware, but it is not intended to replace it. Dan clarified that the confidential compute working group is still in the planning stages, with Dan set to lead discussions on its scope and membership in the coming month.
Hi all
I only have a few small topics for today's TSC so I'm not expecting a long meeting (yes, I know I've said that before). Please let me know if you have anything else.
*
PSA Certified API spec governance.
*
TF.org CVE allocation
*
CoreCollective CCA working group
Regards
Dan.
Dear all,
Please find below the minute of the meeting for yesterday’s TSC; also the presentation is attached.
Attendance:
Shebu
Joanna
David
Janos
Antonio
Eric Finco
Andrew Davis
Julius Werner
PJ Bringer
Dominik Ermel
David Brown
Frank AK
Michael T
Agenda:
* TF-PSA-Crypto / Mbed TLS roadmap update [Shebu]
*
Zephyr’s release timeline and sync with dependency projects (TF-M, Mbed TLS, TF-PSA-Crypto) [David B]
[Shebu] TF-PSA-Crypto release and split happened in 2025, April 2026 targeting for first TLSs to be integrated with TF-M
PSA Crypto APIs are now the default APIs
PQC algorithms: After NIST ha standardised, we’re looking into how to enable PQC into PSA Crypto. First step is ML-DSA; start with mldsa-native from PQCAlliance. Fork and integrate through the PSA Crypto drivers interface ML-DSA-87 initially only. PSA API in the work. TF-M will pick it up as soon it is available. Then look into ML-KEM. Hopefully it will be adopted widely
[David B] What’s the timeline? PR already open, driven by Gilles. Integration in drivers first; might not make it into the LTS but should available by April; Then PSA APIs support will happen towards end of Q2
[Shebu] Appreciate any feedback upstream
[Shebu] Arm Bug Bounty project has been rolled out. Lot of interest and traction; Several submissions and security incidents reported.
[Shebu] tf-psa-crypto-drivers interest from partners to maintainer vendor drivers; Mbed TLS or TF-PSA-Crypto doesn’t maintain drivers because there is no way for testing. CryptoCell goes first
[Shebu] Additional maintainer from the community: Valerio Setti from Baylibre contracted by Nordic Semiconductor. First maintainer from non-Arm. Hopefully sets a good precedence for more contributors to be involved in the project, for example security engineer from partner companies doing more reviews as Mbed TLS / TF-PSA-Crypto is always scarce on review bandwidth.
[Frank AK] NXP requests on driver API change for KDF. Oberon has a proposal, our understanding is that Oberon has intention to push that proposal on PSA API Github after following up on discussion on Discord, Andrew T happy to review the proposal so at the moment we’re waiting for Oberon to push the proposal. Also we are happy to have partner companies, implement those APIs based on the Oberon proposal
[Frank AK] The proposal is still limited to non-opaque keys, so this needs more discussion towards either NXP or Arm to complete / fulfill the discussion.
[Shebu] The first step would be to wait for Andrew T come back from holiday, wait for push, and then discuss on Github and the tf-psa-crypto-drivers working group; Janos agrees on discussion for the tech aspects in that, then feedback into API proposal to finalise the API submission
[Janos] On Security issues and Reviews: new bug bounty program resulted in quite a number of vulnerabilities, some of them have merit, a lot of analysis and bandwidth consumption for the team; Think AI tools are helping to submit more vulnerability reports. As a comparison, previously we were getting 1-3 reports, last week only we got 5. Non-negligible time for the maintainers to review, not very predictable. Can affect delivery times overall.
[Janos] OSTIF Audit offered to us and decided to go through with it
[Janos] Process to support community members to become trusted reviewers. Likely being a trusted reviewers is a pre-requisite to push features that are not on the roadmap, community-driven. Power that can be use
Thanks,
Antonio
Sent from Outlook for Mac
Dear all,
we are restarting the TSC meetings from tomorrow with the roadmap updates. @Shebu Varghese Kuriakose<mailto:Shebu.VargheseKuriakose@arm.com> and @Janos Follath<mailto:Janos.Follath@arm.com> will give an update on the TF-PSA-Crypto / Mbed TLS projects roadmaps.
Agenda:
*
TF-PSA-Crypto / Mbed TLS projects roadmap updates
*
Any other business
Please reply to this email if you want to add a topic to discuss for the meeting.
Thanks,
Antonio
Hi all
I apologise for the late notice, but today’s TSC meeting is cancelled as we haven’t managed to prepare for this properly. Hope to speak to you in February. Let me know if you have anything more urgent to discuss.
Regards
Dan.
Hi all
Apologies for the delay, but here are the minutes from the last TSC:
Present:
Dan Handley (Arm)
Antonio DeAngelis (Arm)
Bharath Subramanian (Arm)
Eric Finco (ST)
Kangkang Shen (FutureWei)
David Brown (Linaro)
Julius Werner (Google)
Dominik Ermel (Nordic)
Michael Thomas (Renesas)
Bharath presented the TF-A roadmap (attached)
This is mainly about enablement of the 2023-2024 architecture extensions
Eric: Is Rust SPMC something new for the Rust project?
Dan: No, we're just taking the previous Rust SPMC prototype project and turning it into a library for reuse in RF-A and potentially other projects too.
Bharath: Dan - do you want to say something about TF-RMM?
Dan: Just that TF-RMM (and Linux kernel guest) has CCA 1.0 support upstream, but Linux host upstreaming has been delayed a long time.
Dan: Due to this and KVM maintainer feedback, we're planning some significant changes to the CCA roadmap.
Dan: This requires some replanning - we'll give a more comprehensive CCA update in a future session.
KK: I went to OSFC conference
KK: It was a good 1 week conference. The presentations are online
KK: We are sponsors so I got a ticket!
Dan: Any particularly interesting sessions?
KK: One from Microsoft about TF enablement but you have to be UEFI member to see it.
KK: Also asked Microsoft guy if he would present this at TF.
KK: I will send contact details.
Dan: Also, note there will be an update on some important changes at Linaro at the next board meeting.
Julius: Is that board meeting the earlier one?
Bharath: Yes
Julius: Will it be recorded?
Bharath: We can ask for that bit at least to be recorded. Will also ask Bill to distribute the slides.
Bharath: There's a TF budget surplus so we're asking if there are any suggestions on how to spend this?
(no response)
