- TSC - lists.trustedfirmware.org

TrustedFirmware TSC Mar 17 meeting minutes

by Don Harbin

Hi All, Please find the March 17th TSC minutes below. Dan's slides regarding Github from the meeting are also attached. Best regards, Don ======================================================== Attendees: Don Harbin, David Brown (Linaro), KangKang Shen (Futurewei), Antonio De Angelis (Arm), Dan Handley (Arm), Shebu Varghese Kuriakose (Arm), Andrej Butok (NXP), Anton Komlev (Arm), Kevin Oerton (NXMLabs), Dave Rodgman (Arm), Julius Werner (Google), Kevin Townsend (Linaro), Eric Finco (ST), Okash Khawaja (Google) Actions: - Anton: Check feasibility of changing PSA Crypto header folder name. - Anton: Gauge interest in various GitHub options for TF-M Minutes: MBed TLS Roadmap (Shebu): Presented his slides - Continuing to look for support from members in the review role since there’s a large load. Several members have stepped up - could still use some additional support. - Kevin Townsend: Have we made any progress making PSA Crypto headers work across projects? - Anton: No mismatch between MBed TLS v3.1.0 and TF-M - Antonio: TF-M’s headers are good now. Public headers are aligned between TF-M and MBed TLS. Some headers are private to implementation, so there’s not much we can do there. - Andrej: Can we change the folder name for one of the projects, so that we don’t get conflicts in projects that build both sets of headers? Could be either Mbed TLS or TF-M, but it’s important for them to be different. Tfm_psa for example. - ACTION Anton: Check feasibility of changing PSA Crypto header folder name. - Dave Rodgman: Getting good engagement/involvement. Agree review contributions are very helpful - Andrej: What is the best place for companies to upstream their own PSA Crypto drivers? - DaveR: Mbed TLS doesn’t plan to host h/w specific drivers. - Andrej: Somewhere in TF-M or create own repo? - Antonio: There are some PSA Crypto drivers in TF-M platform folder. Would this make sense? - Andrej: What about products that don’t use TF-M? - Andrej: Could provide in own SDK or a separate repo on github. We’ll probably go with the latter. We’re getting customers wanting to use the upstream. - Anton: TF-M allows use of external projects. Github seems the right place. - DanH: In future there may be value in TF.org providing full platform stacks where stuff like this could live. Part of the problem here is that TF-M and TF-A already have platform interfaces and host platform code, but Mbed TLS is a generic library with no platform interfaces. - Shebu: We also need to get MBed TLS tested on real target h/w in Open CI - See the MBed TLS roadmap for more. - Don: reminder - new FAQ points to roadmaps page: https://www.trustedfirmware.org/faq/ Current GitHub Status: Dan Handley - Presented status slides - Dan: Will be moving MBed TLS repos to a TF-owned org account vs Arm-owned in the next few weeks. - Dan: TSC previously decided that all TF projects should have a GitHub presence, even if some projects (e.g. TF-A) retain Gerrit for review - Andrej: Was this a TSC decision? - Dan: Yes. Unfortunately progress got blocked on funding an investigation into a hybrid Gerrit/GitHub solution. But other solutions are possible. - Dan: NXP/Linaro especially keen for TF-M to move to GitHub - Andrej: Would like TF-M to fully move to GitHub (not just a read-only or hybrid solution) - Andrej: Agree it will help contributions. We believe this will make TF-M more popular - David Brown: Recently had difficulty creating a simple change for review. GitHub will remove blockers in pushing changes. - Dan: GitHub access from China is more difficult, but solvable with VPN - Antonio: Could have a repo mirror in TF.org infrastructure to remove the VPN dependency? - David: Providing a read-only mirror is simple enough - Dan: But what about providing a seamless GitHub experience. - David: That’s a much harder problem to solve. - Andrej: MBed TLS doesn’t have a problem, then it should be OK for TF-M as well - Dan: It’s a problem for all GitHub projects - Kangkang: Most big China companies have their own VPN. Mainly a problem for smaller companies. - Dan: Even if we decide that fully migrating to GitHub is the way to go, this requires a lot of work from Arm to move internal systems to GitHub, which we can’t do for some months. Could we create a read-only mirror as a stepping stone and see if this improves engagement? - Kevin: We won't be able to measure success from a read-only mirror, but it’s still a good stepping stone. - Antonio: Can at least measure attempted pull requests, even if they can't be merged. - Kevin: It would also be useful to link to GitHub from related projects. - Dan: We should also check if fully moving to GitHub eventually is what TF-M contributors want - ACTION Anton: Gauge interest in various GitHub options for TF-M - DanH: Secondary issue is our dependency on deprecated Phabricator. GitHub provides a solution for migrating content out. - Agreement: Pursue the read only mirror. Objections? - None heard.

3 years, 11 months

1
0
0 0

TSC agenda 2022-03-17

by Dan Handley

Hi all We have 2 topics so far for the TSC meeting tomorrow. Please let me know if you have any more. * Mbed TLS roadmap * Continuation of the "Using GitHub" discussion (especially for TF-M). This got bounced back from the board to the TSC. Regards Dan.

3 years, 11 months

1
1
0 0

Feb 17 TrustedFirmware TSC meeting minutes

by Don Harbin

Hi, Please find the minutes to the Feb 17 TSC below. Best regards, Don - Sent on behalf of TSC chairs. ============================= Meeting started 17.05 UK time on 02-17-2022 *Attendance:* Antonio de Angelis Anton Komlev Andrej Butok David Brown Julius Werner Kevin Townsend 1. Brief introduction from Antonio on the survey prepared by the tf.org community manager to be circulated with TSC and Board members after the upcoming Board meeting. General overview of the type of questions in the survey, possibility to request a 1:1 with TSC leadership in one of the survey questions, if don’t want to share feedback on the survey itself. Results will be collected and shared during March’s TSC. 1. Next topic: Anton’s presentation on TF-M roadmap. - Release cadence updated to two releases per year, April and November. Next one in April will be TF-M 1.6 (still in discussion when to move to 2.0 numbering, might be November or earlier depending on features that end up in the release) - Main focus for the project is on optimisations - Kevin: code size/RAM requirements don’t look that bad, especially given the amount of features you get - Anton: agree, but trying to achieve some smaller footprints like 8 KB of RAM for FF-M - Mbed TLS 3.1.0 already integrated and will be available in next released version of TF-M - Allows to pass full set of compliance tests for PSA (Architecture Compliance Kit, ACK) - David: need to further investigate integration with Zephyr OS at this stage given the new version of mbed TLS 3.1.0 integrated in TF-M - Efforts to improve documentation - Kevin: There is a lot of good documentation in the design docs folder, but unfortunately it gets outdated and does not reflect latest status of development. Idea proposed to add an expiry date and an owner to each document. When the document expires the owner needs to review and update it accordingly to latest development. It’s extra effort on owner but helps keeping documentation updated. Might be an expiry date of once per year. TF-M to consider the idea. - ADAC tooling support for host side tools - PSA FWU - Kevin: wondering how big is the update expected here . TF-M: We expect consolidation phase: check with the users and work on their feedback. - Any questions: - Andrej: are there examples of companies already using TF-M in production? TF-M: Some startups already using TF-M in their designs but not sure if already production stage - Kevin: Confidential AI use case from Linaro is an example of how TF-M can be used to secure model parameters for inferencing on the edge node. Confidential AI whitepaper for additional details. Security and protection of the models, encryption of raw sensor data on S world, transition to NS world in encrypted form only to establish a TLS connection to a cloud server. Decryption happens in the server - TF-M: Another use case is an algorithm to be protected hence allowed to run only on the Secure world - Andrej: moving from Gerrit to GitHub would improve wide spreading the adoption process of TF-M as a lot of companion projects (e.g. Zephyr, mbed TLS) in this space are already hosted in GitHub and developers are used to GitHub flow while Gerrit flow is more complicated. TF-M: agree move to GitHub is good for popularity. Discussions ongoing in TSC already for several months, final decision is with maintainers for Gerrit to GitHub move. DavidB: TF-M on GitHub might improve contribution rate from additional developers more used to GitHub, Gerrit is more complicated / less common: might result in popularity increase 1. Any other topics for today TSC: - Attendance: no questions or additional topics raised - Antonio: need to identify which is next project for March’s meeting roadmap update. Will discuss and communicate on the mailing list accordingly in advance. Meeting close 17:45 UK time.

4 years

1
0
0 0

TSC Agenda 2022-02-17

by Antonio De Angelis

Hi all, Can you please let me know if you have any additional topics for tomorrow's TSC meeting? Please find below the agenda so far: * Update on the trustedfirmware.org survey for Board / TSC members (5 mins) * Roadmap update for trustedfirmware.org projects: Trusted Firmware - M (by Anton Komlev, TF-M tech lead) (25 mins) * AOB Best regards, Antonio

4 years

2
1
0 0

Trusted Firmware Jan 20 TSC meeting minutes

by Don Harbin

Hi All, Please find the minutes from yesterday's meeting below. Please let me know if any questions Best regards, Don - *Sent on behalf to the TSC Chairs* *==================================* *Attendees*: Antonio De Angelis(Arm), David Brown(Linaro), Don, Kangkang(FutureWei), Kevin Oerton(NXMLabs), Anton Komlev(Arm), Dan Handley(Arm), Julius Werner(Google), Andrej Butok(NXP), Lionel Debieve(ST), Eric Finco(ST), Michael T(Renesas) *Minutes*: - Don: Quorum reached - Dan: Welcome to Antonio (online) - taking on Abhishek’s role. - Dan: Interested in chairing this call since transitioning? - If interested, let Don know on the side and we can propose the change. - Kevin: For continuity, it seems a good thing to have an Arm rep chairing. Substitutions if the Arm rep can’t attend would be more effective. - Dan will chair - MBed TLS Github location. Currently under Github and currently being transitioned. Plan is to move to TF.org account. Maintainers are having 2nd thoughts. If repos are put in the organization account, Github is flat, so sometimes hard to map multiple repos to one project. Access control is also a concern. So plan to create a separate MBed TLS github account. - David: Is the mbed-tls available? - Dan: Yes we have it - Dan: Will run by the board - Eric: Just MBed TLS or all projects? - Dan: Separate accounts provide some healthy autonomy. Some are blocked by reviews - Hafnium and TF-A use Gerrit for reviews. Some tooling helps with this but hasn’t been progressing. - No objections from TSC - Kevin: Breaking up to individual accounts makes sense, could have “cross-pointers” to all other accounts in each one. Can use Github for discussions integrated into Github - Dan: Good point, and can use github wiki and other features if not a “shared” project. - Kevin - Lightning talk recorded here: - https://linaro-org.zoom.us/rec/share/dN_VrMIH6jjBYEbYf9DYO_oBhAqeHp2BAyCTZA… - Passcode: Tid4xb8& - Don: Survey to TSC and Board? Thoughts? - Consensus wan that both may be valuable. - Could help to answer Dan’s question on the direction of the TSC - Next month topics: - Dan: Restarting roadmap presentations thru each project starting with TF-M next month.

4 years, 1 month

1
0
0 0

FW: [Board] FYI - Upcoming session at FOSDEM (Feb 5 & 6) and more

by Dan Handley

Hi TSC members Just forwarding the below info to you too FYI Dan. From: Don Harbin via Board <board(a)lists.trustedfirmware.org> Sent: 13 January 2022 00:11 To: board(a)lists.trustedfirmware.org Subject: [Board] FYI - Upcoming session at FOSDEM (Feb 5 & 6) and more Hi, I hope this note finds you all well. FOSDEM<https://fosdem.org/2022/>(Free and Open-source Software Developers' European Meeting) is coming up in early February, and we wanted to let you all know that a session will be presented entitled "Arm CCA enablement through the Trusted Firmware community project" by Charles Garcia-Tobin and our own Matteo Carlini. :) Session details can be found here<https://fosdem.org/2022/schedule/event/tee_arm_cca/>. I'll also mention a couple of other items: * Linaro is hosting a free 2-hour technical training session entitled "Kernel Debug Stories for Arm" on February 8th and 15th. Three slots are provided to help find a session that's time-zone friendly. Further details and registration can be found here<https://www.linaro.org/events/kernel-debug-stories-for-arm-linaro-connect-t…>. Feel free to share with any devs on your teams that may find it of interest * A white paper from Linaro many of you may enjoy called "Confidential AI for MCUs" has been garnering lots of interest, so I wanted to share it. It can be downloaded here<https://www.linaro.org/iot-and-embedded> if interested. If you have any questions, please feel free to reach out to me. Thanks and best regards, Don

4 years, 1 month

1
0
0 0

TSC Agenda 2022-01-19

by Dan Handley

Hi all Can you please let me know if you have any topics for tomorrow's TSC meeting? So far I have: * Change in Arm TSC representation and chair (see separate mail) * Proposal for migrating Mbed TLS GitHub location * Perhaps also revisit the wider TF.org GitHub presence * Lightning talk on NXM usage of TF. Kevin - are you ready to do this? * Identify any future lightning talks Regards Dan.

4 years, 1 month

2
1
0 0

Adding lists to the MBed TLS Tech Forum invite

by Don Harbin

Hi All, FYI, per Shebu, I'm adding both mbed-tls(a)lists.trustedfirmware.org and psa-crypto(a)lists.trustedfirmware.org to the MBed TLS Tech Forum invites. Please look for this in your inbox and accept it if you would like the series added to your calendar. - Note that this is a monthly meeting but you will see two invites, one that is for Asia timezones and one for Europe/US. Just delete the series that isn't timezone friendly for you. - FYI, recall that this and other tech forums can be found in the meeting calendar on the TF website <https://www.trustedfirmware.org/meetings/>. If you see a meeting in that calendar, click on the entry and an option comes up saying "copy to my calendar." It will import that single instance into your personal calendar from there if you wish. I wasn't able to test this feature with outlook, but it worked fine for google calendar. Please let me know if you have any questions. Best regards, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org

4 years, 1 month

1
0
0 0

TSC Agenda 14 Dec 2021

by Abhishek Pandit

Hi All, A quick reminder that the TSC meeting is on Tuesday this week. Are there any agenda suggestions? Thanks, Abhishek

4 years, 2 months

1
0
0 0

Linaro TF TSC representative changes

by Joakim Bech

Hi Abhishek, TSC representatives, We're doing some changes when it comes to the Linaro TF TSC representatives. - I'm stepping out (but I'm still around in Linaro). - David Brown becomes the main Linaro TF TSC rep. - Ruchika Gupta steps in as the backfill for David when he is unable to attend. Please update mailing-lists and meeting invitations etc accordingly. Regards, Joakim

4 years, 2 months

2
1
0 0

TF TSC Minutes Nov 18

by Don Harbin

Hi All, Please find the minutes from this morning's meeting below. Also, find attached Ruchika's presentation. Best regards Don Harbin - Sent on behalf of the TSC Chair ================================================= Attendees: Don, Kevin Townsend(Linaro), Ruchika Gupta(Linaro), Julius Werner(Google), Miklos Balint, David Brown(Linaro), Joakim Bech(Linaro), Gyorgy Szing, Kangkang Shen(Futurewei), Abhishek Pandit(Arm), Lionel DEBIEVE(ST), Konstantin Karasev(OMP), Andrej Butok(NXP), Matteo, Kevin Oerton(NXM Labs) Minutes: - OP-TEE Roadmap: Ruchika - Linaro Security Working Group Tech Lead - GET SLIDES - Reviewed Focus areas - OP-TEE and Virtualization - Functional Safety Updates - Proposal of task ownership shown - Share H/W resources - Roadmap - Details - Note the Jira Tickets are public and accessible by the team - Ruchika provided a brief overview of Stratos <https://www.linaro.org/projects/#automotive_STR> (Linaro driven Virtualization Project) and TS <https://www.linaro.org/projects/#trusted-substrate_TS>(Linaro driven Trusted Substrate project). - KK: Re: Trusted Substrate - it’s a platform to support firmware-level security features. Related to SOAFEE. Edge focused - Abhishek: Partner Lightning Talks - round robin usage of TF - Interest in lightning talks and sharing how their company is using the output of TF.org, one Member share monthly in this meeting. - Will push out the vote for doing this. - KO: Initial target is to start in December? - AP: Suggest starting in January - KO: Will talk thru email, but pencil in Kevin for January <end>

4 years, 3 months

1
0
0 0

TSC Agenda 18 Nov 2021

by Abhishek Pandit

Hi All, Sorry a bit late for this week's meeting. We have - * OPTEE roadmap presentation. (Please note that meeting has been moved 2 hours earlier.) * Revisit - lightning talks proposal? * Any other agenda suggestions? Thanks, Abhishek

4 years, 3 months

1
0
0 0

Trusted Firmware TSC Oct 21 meeting minutes

by Don Harbin

Hi All, Please find the minutes from yesterday's TSC Tech Form below. Best regards, Don - Sent on behalf of the TSC Chair ============================================== Attendees: Joakim Bech(Linaro), Don, Abhishek Pandit(Arm), Anton Komlev <Anton.Komlev(a)arm.com>(Arm), Dan Handley(Arm), Kevin Oerton(NXM Labs), David Brown(Linaro), Julius Werner <jwerner(a)google.com>(Google), Andrej Butok(NXP), Eric Finco(ST), Michael T(Renesas) Minutes: - Security Incident Reporting Review - Reference Joakims email thread - Joakim shared the background. Working to simplify. Walked thru a sample incident process spreadsheet. - DB: How consistent in alerting additional Stakeholders? - Joakim: reference Phabricator page to answer the question. - Joakim: Process requires discipline. Shared checklist. - Each issue would have its own checklist. - KO: Looks good and provides the picture we need - KO: Why manual process? - JB: See checklist - must add dates - DanH: New tab for each checklist may be hard to sustain. - KO: Automation would be nice - AP: What is this solving? - KO: From Technical oversight, this provides a high-level view of security robustness and responsiveness to issues. May be a useful mgt tool to understand security state and velocity is sufficient. - DB: With Zephyr, a checklist for each issue has caught things that would have been missed, like publishing to MITRE. - DanH, AP: Agree checklists seem useful. - AP: Doesn’t include effort. What metric is needed? - DB: Need a start and an end, which doesn’t happen in this. - MT: Renesas uses Jira. Excel is tough - not scalable and can’t export - AP: What is the use of date for each transition? - DB: Checklists, and states in Jira. Jira is not trivial either and must be tuned when changes are made. Clickup or Airtable might be good choices. Scriptable is helpful. Not free solutions. - KO: Air table is $60 / month. Development/maintenance is the real cost. - DanH: Corner cases are abundant and can skew statistics. - DB: Current sheet is a report, the data is the dates. - AP: Only stats that matter is when Opened and When closed. If lock-on purpose, then can decide what data is needed. - DB: On zephyr, patches are done by others rather than the security team, which makes it difficult. What happens when a 3rd party comes in? - DanH: Could be a case but hasn’t happened. - Agreed to table this and discuss again in a month - Phabricator Deprecation: - Noted raised and not discussed. Will discuss later - TF-M Release cadence change - Anton: From 4 to 6 months. Minimizes overhead associated with releases - KO: Keeping the window open allows better synchronization. - Anton: Each project is different. Smaller windows have a better chance to overlap. - EF: How aligns w/ MCUBoot? - Anton: No formal plan there, we pick it up asap. - EF: 2 versions in a time window. Make sure MCUBoot release is done 6 weeks before, for example, so can be merged in - Anton: This aligns with the purpose of this proposal. TF-A also has 6 months schedule. - AP: MBed TLS starting open tech Forum. - AP: ADAC repo - top-level repo now available. Expect a tech talk in the future - AP: Roadmap discussions: None this month as it was covered last month, plan to do every month. If can have lightning talks from Member reps on how they’re using TF.org projects and are public. Still deciding if useful and how to organize? - KO: A sense of how this is getting leveraged is the ultimate end goal. A google project w/ BOM is being tracked for security issues that impact other projects. - AP: Feel free to provide Abhishek feedback outside this forum - AP: Funding approval for Open CI. All aware - DonH: FYI includes reduction of Community Mgr to 0.3 to maintain a healthy surplus. Also, the majority votes are in and it has passed. - Joakim: Can now compile OP TEE TA’s in Rust <end>

4 years, 4 months

1
0
0 0

TSC Agenda 21 Oct 2021

by Abhishek Pandit

Hi All, Any agenda suggestions for this week's meeting? Couple of potential topics : * Security incident monitoring * Phabricator deprecation Thanks, Abhishek

4 years, 4 months

3
2
0 0

Linaro Connect Session Resource List

by Don Harbin

Hi All, In case you missed a session of interest at Linaro Connect, the recorded sessions and accompanying presentations are now posted on line <https://connect.linaro.org/resources/lvc21f/lvc21f-212>. I've attached a Session Resource List to this email as well that has been created to quickly find sessions of interest based upon topics. Best regards, Don

4 years, 5 months

1
0
0 0

TSC minutes 2021-09-16

by Dan Handley

Attendees: Dan Handley (Arm, chair) Joanna Farley (Arm) Shebu Varghese Kuriakose (Arm) Matteo Carlini (Arm) Joakim Bech (Linaro) David Brown (Linaro) Don Harbin (Linaro) Eric Finco (ST) Lionel Debieve (ST) KangKang Shen (Futurewei) Michael Thomas (Renesas) Julius Werner (Google) Kevin Oerton (NXMLabs) Andrey Butok (NXP) Shebu presented Mbed TLS roadmap (attached) KO: How will the Crypto Driver API be used. SK: This is a back-end HAL interface for crypto-processors to plug in to. The front-end interface will always be the PSA Crypto API. KO: Will this driver API help add support for certs that Mbed TLS doesn't support yet? Shebu: No, the fron- end interface will always be via the Mbed TLS and PSA Crypto APIs. Adding new cert support would be a separate work item. Currently we're more focussed on new crypto algorithm support. KO: For A-profile, is there a dependency on the Trusted Services (TS) project? SVK: TS uses PSA Crypto, as does TF-A. There is some plumbing still to do with FF-A if you want to call PSA Crypto APIs from the normal world and route that through to TS or a Secure Element backend. MT: When will there be a 3.x LTS branch? SVK: Will consider the next LTS in 2022. The last 2.x branch will be an LTS. We don't have firm plans for a 3.x LTS branch yet. MT: Even if you update Mbed TLS to use the PSA Crypto API, some partners will continue to use the legacy Mbed TLS crypto APIs (via Mbed TLS) since they will only use LTS branches. They will not move until there is an LTS that uses the PSA Crypto APIs. DH: The strategy is to clean up the dependencies on the legacy crypto APIs through the 3.x series of releases. Eventually Mbed TLS will not have a dependency on the legacy APIs. Even then, backwards compatibility will be maintained in the legacy APIs. Support for the legacy APIs would not be removed until a (TBD) 4.0 release. KO: Is there any overhead to using PSA Crypto API. SVK: We haven't actually measured this. DH: There will be a small overhead in the current implementation as these effectively wrap the legacy API implementations. There's no overhead due to the APIs themselves. Through the 3.x series of releases, the implementation will be inverted so that the legacy APIs will wrap the PSA Crypto API implementations. Then the overhead will be in the legacy implementation instead. Matteo presented the TF-A roadmap: https://developer.trustedfirmware.org/w/tf_a/roadmap/ EF: What is firmware transparency? Is it a device side or server side technology? MC: It's related to firmware attestation, which is about collecting firmware measurements and providing them to a relying party in the form of an attestation token. DH: Actually, it’s a bit orthogonal to attestation. Attestation is about providing evidence to a (possibly remote) relying party in order enable functionality (e.g. provisioning of secrets). DH: Firmware transparency is about making that evidence (in the form of certificates) available to anyone in a verifiable data store, so they can trust the firmware on a device is what it says it is JB: So it's similar to TPM? DH: Hmm, not exactly but the measurements may be stored in a TPM on the device. DH: The project we’re interested in here is Google Trillian: https://opensource.google/projects/trillian DH: This is really a server side technology but there may be some alignment activities to do on the device side EF: What is the 32-bit support about in the roadmap? SVK: This is related to Trusted Services (TS). It's about running legacy 32-bit TAs within TS, which is extra work MC: Phabricator page for this: https://developer.trustedfirmware.org/w/tf_a/roadmap/ MC: Plan is to create a common landing page with Don for all roadmaps AOB: DH: Someone in Arm pointed out that the tagline on the tf.org website is not strictly accurate: "OPEN SOURCE SECURE WORLD SOFTWARE" DH: Some of the software does not necessarily reside in the secure world (e.g. Mbed TLS, Trusted Services, Future CCA support) DH: Proposal is to just remove the word "World". JK: Makes sense. I thought that too. (No-one disagreed) SVK: There's another reference on that page too. DH: Yes, we may need to remove this in several places on the website. ACTION: Dan to work with Don on changing "secure world" to "secure" on the website JB: Board wanted more visibility into the security process, e.g. how fast are we to respond, what issues are in flight, etc... DH: OK, as long as this isn't leaking security critical info to people who are not necessarily part of the security teams. JB: Yes, of course. This is just about seeing how well the process is working, not the issues themselves DH: My other concern is not putting too much extra process on the security teams. JB: I have an action to propose something that is workable here. DonH: Would like more of the tech people on the teams to propose topics at future conferences, e.g. the OSFC DH: Arm folk have quite a few presentations at last week's LVC but perhaps not OSFC. DonH: Yes, I was looking for more than just Arm people. Regards Dan. -----Original Appointment----- From: Don Harbin <don.harbin(a)linaro.org<mailto:don.harbin@linaro.org>> Sent: 14 April 2021 15:08 To: Don Harbin; Joakim Bech; Bill Fletcher (bill.fletcher(a)linaro.org<mailto:bill.fletcher@linaro.org>); lionel.debieve(a)st.com<mailto:lionel.debieve@st.com>; andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>; Nicusor Penisoara; Abhishek Pandit; Eric Finco (eric.finco(a)st.com<mailto:eric.finco@st.com>); k.karasev(a)omprussia.ru<mailto:k.karasev@omprussia.ru>; kevin(a)nxmlabs.com<mailto:kevin@nxmlabs.com>; David Brown; David Cocca; kangkang.shen(a)futurewei.com<mailto:kangkang.shen@futurewei.com>; Dan Handley; roman.baker(a)cypress.com<mailto:roman.baker@cypress.com>; Kevin Townsend (kevin.townsend(a)linaro.org<mailto:kevin.townsend@linaro.org>); reinauer(a)google.com<mailto:reinauer@google.com>; Serban Constantinescu; a.rybakov(a)omprussia.ru<mailto:a.rybakov@omprussia.ru>; Julius Werner; roman.baker(a)infineon.com<mailto:roman.baker@infineon.com> Subject: Trusted Firmware TSC When: 16 September 2021 09:00-09:55 America/Los_Angeles. Where: https://linaro-org.zoom.us/j/96393644990?pwd=VXlGeFF1Z2U3UTlwbmNhRTZYeE5lZz… This event has been changed with this note: "Adjusting due to time zone changes" Trusted Firmware TSC When Changed: Monthly from 9am to 9:55am on the third Thursday 9 times Mountain Standard Time - Phoenix Where https://linaro-org.zoom.us/j/96393644990?pwd=VXlGeFF1Z2U3UTlwbmNhRTZYeE5lZz… (map<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9639364…>) Calendar dan.handley(a)arm.com<mailto:dan.handley@arm.com> Who • Don Harbin - organizer • Joakim Bech • Bill Fletcher • lionel.debieve(a)st.com<mailto:lionel.debieve@st.com> • andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com> • nicusor.penisoara(a)nxp.com<mailto:nicusor.penisoara@nxp.com> • abhishek.pandit(a)arm.com<mailto:abhishek.pandit@arm.com> • eric.finco(a)st.com<mailto:eric.finco@st.com> • k.karasev(a)omprussia.ru<mailto:k.karasev@omprussia.ru> • kevin(a)nxmlabs.com<mailto:kevin@nxmlabs.com> • David Brown • david.cocca(a)renesas.com<mailto:david.cocca@renesas.com> • kangkang.shen(a)futurewei.com<mailto:kangkang.shen@futurewei.com> • dan.handley(a)arm.com<mailto:dan.handley@arm.com> • roman.baker(a)cypress.com<mailto:roman.baker@cypress.com> • kevin.townsend(a)linaro.org<mailto:kevin.townsend@linaro.org> • reinauer(a)google.com<mailto:reinauer@google.com> • Serban Constantinescu • a.rybakov(a)omprussia.ru<mailto:a.rybakov@omprussia.ru> • Julius Werner • roman.baker(a)infineon.com<mailto:roman.baker@infineon.com> more details »<https://calendar.google.com/calendar/event?action=VIEW&eid=c2NxdnQzczZubWpt…> Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: TrustedFirmware TSC Time: Dec 17, 2020 05:00 PM London Every month on the Third Thu, 12 occurrence(s) Dec 17, 2020 05:00 PM Jan 21, 2021 05:00 PM Feb 18, 2021 05:00 PM Mar 18, 2021 05:00 PM Apr 15, 2021 05:00 PM May 20, 2021 05:00 PM Jun 17, 2021 05:00 PM Jul 15, 2021 05:00 PM Aug 19, 2021 05:00 PM Sep 16, 2021 05:00 PM Oct 21, 2021 05:00 PM Nov 18, 2021 05:00 PM Please download and import the following iCalendar (.ics) files to your calendar system. Monthly: https://linaro-org.zoom.us/meeting/tJIufuquqj8jE9QUXZNeFMnKKzozNj9SWM72/ics…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fmeeting%2Ft…> Join Zoom Meeting https://linaro-org.zoom.us/j/96393644990?pwd=VXlGeFF1Z2U3UTlwbmNhRTZYeE5lZz…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9639364…> Meeting ID: 963 9364 4990 Passcode: roadRunner One tap mobile +13462487799,,96393644990# US (Houston) +16699009128,,96393644990# US (San Jose) Dial by your location +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) +1 301 715 8592 US (Washington D.C) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 963 9364 4990 Find your local number: https://linaro-org.zoom.us/u/aegtEd7Roj<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fu%2FaegtEd7…> Going (dan.handley(a)arm.com<mailto:dan.handley@arm.com>)? All events in this series: Yes<https://calendar.google.com/calendar/event?action=RESPOND&eid=c2NxdnQzczZub…> - Maybe<https://calendar.google.com/calendar/event?action=RESPOND&eid=c2NxdnQzczZub…> - No<https://calendar.google.com/calendar/event?action=RESPOND&eid=c2NxdnQzczZub…> more options »<https://calendar.google.com/calendar/event?action=VIEW&eid=c2NxdnQzczZubWpt…> Invitation from Google Calendar<https://calendar.google.com/calendar/> You are receiving this courtesy email at the account dan.handley(a)arm.com<mailto:dan.handley@arm.com> because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More<https://support.google.com/calendar/answer/37135#forwarding>.

4 years, 5 months

1
0
0 0

this week: TF-A focus

by Eric FINCO

Abhishek, all referring to the minutes of our July meeting - see point highlighted in yellow below, TF-A was foreseen as the focus topic of the next TSC meeting. It was expected to take place in August but the August meeting has been cancelled so is TF-A slot postponed accordingly meaning is it the main topic of this week TSC ? Regards, Eric [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: logo_big5] Eric FINCO | Tel: +33 (0)2 4402 7154 MDG | Technical Specialist Fellow, Technical Staff College (TSC) France Board Chairman From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Don Harbin via TSC Sent: mardi 3 août 2021 17:07 To: tsc(a)lists.trustedfirmware.org Subject: [TF-TSC] July 20 Trusted Firmware TSC Meeting minutes Hi, Please find the minutes from the last call below Attendees: Don, Abhishek, Anton Komlev<mailto:Anton.Komlev@arm.com>, Dave Cocca, David Brown, Shebu, Julius, Andrej Bujok, Eric Finco, Michael Thomas, Kevin Oerton, Kevin Townsend Minutes: * TF-M release / roadmap update - Shebu * See slides * 1.4.0 - 4 months release cadence * Docs deficiencies have been a focus. * Need MCU update to Mbed TLS 3.0 - getting support from David Brown. * Asure RTOS work within Linaro - a couple of Pull Requests are queued * EF: Patches limited to TF-M? * SK: In Azure RTOS and Threadx * MT: Jump to 3.0 pretty big? * MT: Calls only to PSA crypto? * SK: Ongoing, uses a mix of legacy and later API's * SK: Community push for clean-ups before migration is completed. Not a completion point for PSA crypto. * SK: A new LTS will happen this quarter * Public Roadmap Slide * Anton provided overview * SK: Looking at profiling to understand context switching overhead when go from Normal to Secure World * Authentication Debug Access Control (ADAC) development being looked at and how to migrate to TF-M * MT: PSA ADAC Spec: Location? * SK: In the PSA specification page * EF: Concerning F/W Update, some services enhancements in 1.4 - duration? * SK: Picked up f/w update service. So as spec evolves so will work. * SK: Listed a couple of others... * AK: Protocol update of Flash w/ progress line. Minor * TF-M Security Patch Release Proposal * See WIki * AK: Walked thru https://developer.trustedfirmware.org/w/collaboration/tf_m_security_patch_r… * DC: Will review this and provide feedback. * MT: Some wording seems like could be updated, but the intent is fine. * MT/AK agree on the wording and raise a vote (if required). Will do a "No objection" next meeting * Discussion about TSC feedback - AP * Shebu/Matteo/Abhishek/Dan have had syncs. Lots done by Arm teams. A need for something from TSC to discuss. Suggesting to put all roadmaps on the wiki. Frequency TBD (release cycles?) * Would like 2 weeks notice on technical topic requests. * Once public roadmap, will make discussions easier. * TF-M today, next up will be other projects * Next TF-A, MBed TLS, Hafnium, Trusted Services. * EF: Date for next meeting? * AP: Only time to skip is when meetings are not available. * Team: Agrees this flow is useful and gives good visibility. * Details can be found _in the comments_ on: https://developer.trustedfirmware.org/w/collaboration/community_development… § Don: Action to Board on TSC needs? · Shebu: Have TSC reps joined the board to share? · AP: Will come up w/ questions posed to the board over the next month. September may be the appropriate time to have Board attendance. In TSC, can then formulate and make it more specific. ACTION: AP come up with a list of topics/questions for the September joint TSC/Board meeting. Best regards, Don Harbin - Sent on behalf of the TSC Chair ST Restricted

4 years, 5 months

1
0
0 0

Linaro Connect Next week

by Don Harbin

Hi All, I wanted to make sure you were all aware of Linaro Connect <https://connect.linaro.org/> next week. As an online event, registration is free. A few sessions that might be of interest to you are below: - LVC21F-114 Enchance Linux Kernel protection with Trusted Execution Environment <https://events.pinetool.ai/2231/#sessions/67138?referrer%5Bpathname%5D=%2Fs…> - *LVC21F-312 TrustedFirmware.org panel discussion* <https://events.pinetool.ai/2231/#sessions/67183?referrer%5Bpathname%5D=%2Fs…> - *LVC21F-117 Secure Partition Manager for Arm Cortex-A* <https://events.pinetool.ai/2231/#sessions/67140?referrer%5Bpathname%5D=%2Fs…> - *LVC21F-118 Firmware Standards and Security* <https://events.pinetool.ai/2231/#sessions/67142?referrer%5Bpathname%5D=%2Fs…> - *LVC21F-208 Floating-point support in Trusted Firmware–M* <https://events.pinetool.ai/2231/#sessions/67154?referrer%5Bpathname%5D=%2Fs…> - *LVC21F-209 Interrupt Handling in Trusted Firmware M* <https://events.pinetool.ai/2231/#sessions/67155?referrer%5Bpathname%5D=%2Fs…> - *LVC21F-311 Overview of Firmware Architecture for Arm CCA* <https://events.pinetool.ai/2231/#sessions/67182?referrer%5Bpathname%5D=%2Fs…> - *LVC21F-312 TrustedFirmware.org panel discussion* <https://events.pinetool.ai/2231/#sessions/67183?referrer%5Bpathname%5D=%2Fs…> - *LVC21F-313 A firmware journey through standards to Arm SystemReady certification* <https://events.pinetool.ai/2231/#sessions/67184?referrer%5Bpathname%5D=%2Fs…> - *LVC21F-309 SystemReady Panel* <https://events.pinetool.ai/2231/#sessions/67180?referrer%5Bpathname%5D=%2Fs…> The full schedule is here: https://connect.linaro.org/schedule Feel free to forward to co-workers as well. :) Best regards, Don

4 years, 5 months

1
0
0 0

July 20 Trusted Firmware TSC Meeting minutes

by Don Harbin

Hi, Please find the minutes from the last call below Attendees: Don, Abhishek, Anton Komlev <Anton.Komlev(a)arm.com>, Dave Cocca, David Brown, Shebu, Julius, Andrej Bujok, Eric Finco, Michael Thomas, Kevin Oerton, Kevin Townsend Minutes: - TF-M release / roadmap update - Shebu - See slides - 1.4.0 - 4 months release cadence - Docs deficiencies have been a focus. - Need MCU update to Mbed TLS 3.0 - getting support from David Brown. - Asure RTOS work within Linaro - a couple of Pull Requests are queued - EF: Patches limited to TF-M? - SK: In Azure RTOS and Threadx - MT: Jump to 3.0 pretty big? - MT: Calls only to PSA crypto? - SK: Ongoing, uses a mix of legacy and later API’s - SK: Community push for clean-ups before migration is completed. Not a completion point for PSA crypto. - SK: A new LTS will happen this quarter - Public Roadmap Slide - Anton provided overview - SK: Looking at profiling to understand context switching overhead when go from Normal to Secure World - Authentication Debug Access Control (ADAC) development being looked at and how to migrate to TF-M - MT: PSA ADAC Spec: Location? - SK: In the PSA specification page - EF: Concerning F/W Update, some services enhancements in 1.4 - duration? - SK: Picked up f/w update service. So as spec evolves so will work. - SK: Listed a couple of others… - AK: Protocol update of Flash w/ progress line. Minor - TF-M Security Patch Release Proposal - See WIki - AK: Walked thru https://developer.trustedfirmware.org/w/collaboration/tf_m_security_patch_r… - DC: Will review this and provide feedback. - MT: Some wording seems like could be updated, but the intent is fine. - MT/AK agree on the wording and raise a vote (if required). Will do a “No objection” next meeting - Discussion about TSC feedback - AP - Shebu/Matteo/Abhishek/Dan have had syncs. Lots done by Arm teams. A need for something from TSC to discuss. Suggesting to put all roadmaps on the wiki. Frequency TBD (release cycles?) - Would like 2 weeks notice on technical topic requests. - Once public roadmap, will make discussions easier. - TF-M today, next up will be other projects - Next TF-A, MBed TLS, Hafnium, Trusted Services. - EF: Date for next meeting? - AP: Only time to skip is when meetings are not available. - Team: Agrees this flow is useful and gives good visibility. - Details can be found _in the comments_ on: https://developer.trustedfirmware.org/w/collaboration/community_development… - Don: Action to Board on TSC needs? - Shebu: Have TSC reps joined the board to share? - AP: Will come up w/ questions posed to the board over the next month. September may be the appropriate time to have Board attendance. In TSC, can then formulate and make it more specific. ACTION: AP come up with a list of topics/questions for the September joint TSC/Board meeting. Best regards, Don Harbin - Sent on behalf of the TSC Chair

4 years, 6 months

1
0
0 0

Re: [TF-TSC] TSC Agenda 15 Jul 2021

by Abhishek Pandit

Thanks Eric. Added that to the agenda. From: Eric FINCO <eric.finco(a)st.com> Sent: 13 July 2021 12:56 To: Abhishek Pandit <Abhishek.Pandit(a)arm.com>; tsc-bounces(a)lists.trustedfirmware.org Subject: RE: TSC Agenda 15 Jul 2021 Hi Abhishek and all, I suggest the following if you think it is possible: -Update on TF-M V1.4 content as the code freeze date is approaching -I noticed the TF-M roadmap on Phabricator was updated 10days ago. Can we go through the changes and get comments ? Regards, Eric [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: logo_big5] Eric FINCO | Tel: +33 (0)2 4402 7154 MDG | Technical Specialist ST Restricted From: TSC <tsc-bounces(a)lists.trustedfirmware.org<mailto:tsc-bounces@lists.trustedfirmware.org>> On Behalf Of Abhishek Pandit via TSC Sent: mardi 13 juillet 2021 13:13 To: tsc(a)lists.trustedfirmware.org<mailto:tsc@lists.trustedfirmware.org> Subject: [TF-TSC] TSC Agenda 15 Jul 2021 Hi All, Any agenda items for this week's meeting? On my list at the moment - * TF-M security patch release. * TSC feedback. Action items against me. Thanks, Abhishek

4 years, 7 months

1
0
0 0

TSC Agenda 15 Jul 2021

by Abhishek Pandit

Hi All, Any agenda items for this week's meeting? On my list at the moment - * TF-M security patch release. * TSC feedback. Action items against me. Thanks, Abhishek

4 years, 7 months

1
0
0 0

Linaro Connect Session Proposal Deadline

by Don Harbin

Hi All, This is a reminder that the Linaro Connect call for session proposal *deadline is July 13th*. See details here: https://connect.linaro.org Connect has historically had a strong representation of TF-related sessions, so I wanted to encourage all to consider submitting proposals again for the upcoming Connect (Sept 8-10). It remains a virtual event. Best regards, Don

4 years, 7 months

1
0
0 0

Fwd: Arm/Linaro confidential computing architecture event resources

by Don Harbin

FYI for any of you that missed the CCA event and are interested in watching the recordings. Don ---------- Forwarded message --------- From: François Ozog <francois.ozog(a)linaro.org> Date: Thu, 24 Jun 2021 at 07:53 Subject: Arm/Linaro confidential computing architecture event resources Hi The recorded event is available at: https://connect.linaro.org/resources/arm-cca/ This has been a great event with deep technical content. A key element is the enablement through the Verifier which allows a third party to play a trust role between the cloud customer and the cloud provider. It has been the missing link of all processor vendor proposed confidential computing technologies I've seen so far. An open governance project is associated: https://github.com/veraison Cheers FF

4 years, 8 months

1
0
0 0

TrustedFirmware TSC June 17 Meeting Minutes

by Don Harbin

Hi All, Please find minutes/actions from last week's TF TSC below. If any questions or corrections, please let me know. Best regards, Don Harbin - sent on behalf of TF TSC Chair Attendees: Don Harbin, Abhishek Pandit, Kevin Oerton, Dave Cocca, Eric Finco, Julius Werner, Joakim Bech, Kevin Townsend, Dan Handley, Michael Thomas(Renesas), David Brown Action Items: - Abhishek: Keep the TSC informed of important decisions made. - Abhishek: Check to see if Tech Leads can come in and present plans. - Don: Ask the board if they need items from TSC. - Abhishek: Discuss with Tech Leads about participating in the TSC and informing about major changes. Present results at next TSC. - Abhishek: Plan bi-annual roadmap discussions and the possibility of public versions in TSC - Abhishek: Add “Phabricator transition planning” as a future TSC agenda item. - *Abhishek*: Create a wiki space for TSC members to provide ideas on what they would like to see in the TSC meeting. Minutes: - TF-M Patchlist proposal - AP: Should this be left for today? About TF-M tightening up the wording? - DC: Sounds OK. It seemed OK, the main issue is that we would like to tackle the LTS issue - as brought up in the Board meeting. Understood this may require additional funding - AP: Waiting for TF-M PL team to approve. Once they confirm, Plan to move forward. Haven’t heard, so I will bring up in the next meeting. - TSC Feedback - AP: Will create a page for members to comment on. Would like comments - https://developer.trustedfirmware.org/w/collaboration/community_development… - TSC decision for returning TF projects to Github - DanH: Agree a good idea, but want to continue Gerrit use. May want to re-look given feedback. - JB: Summary - don’t have technical agenda or discussions - taking place in other forums and 1:1’s. The items are happening in other places. Much is around CI and testing, so if not leading Architecture and testing, should we change goals of TF? - JW: Agree, processes in other meetings. Perhaps accept that and evaluate the value of this TSC. - EF: Mentions iotmint comment he made. We could give it a try and use meeting for lookahead? Or is open forum a better format? Should these open forum items be discussed in this TSC? - AP: The technical top level SC to have lightweight topics that cross projects? There are multiple issues that are common and need to be handled. If push to board, that’s fine. Having more technical topics in this TSC - a good thing in general, but they need to be proposed. Between Dan and Abhishek, they can handle most topics. So how should Technical proposals come into TSC? - EF: Miss a place where we can discuss what we’re thinking. Sometimes in Open Forums, but not always in the best format. Where topics come from - most of the inputs coming from Arm on significant developments. - DanH: Some things that Arm can bring to the table, but they are semi-periodical. After that, for example, we could discuss the outputs of CCA event happening next week. - AP: IF someone asks for an Arm expert to present, this is reasonable. But we need to have members proposing desired topics. Roadmap is a good round robin topic - need to have tech leads attend. But deeper technical topics are still unclear. All TSC members can invite outside people to present. Agenda comes from members - DanH: Roadmaps could be a recurring topic. - AP: Roadmaps are on a 6 month cadence, so not a monthly thing - MT: TF.org handles tf-m and tf-a. TF-M is more self contained regarding dependencies vs TF-A. - AP: Yes, A has multiple projects in the stack - MT: For TF-A, is there coordination between the multiple stacks? OP TEE for example. Are there cross project discussions? - JB: Tends to be 1:1 communications. Is this the forum to add others? - MT: Is there a benefit to at least present this in TSC? - JB: Makes sense to present merged roadmap views. - MT: Probably other examples. - AP: Purpose of TSC previously discussed and wanted to keep it light. If multiple methods, discuss in TSC, else don't get involved. Should TSC steer any decision making? - EF: Back to Michaels example on mbedtls - where should this take place. - MT: A summary of changes being made to x or y project, would help. - AP: Where should we have these active conversations? In TSC or elsewhere? - MT: Don’t want tech leads to come in regularly, but occasionally not a bad idea. As SC, to steer at the right time with right information, SC can provide the input. - AP: Can make a draft to suggest how the TSC could get involved at the suggested level. So Cortex-A discussions every few months? - MT: How does it happen now? Decisions made autonomously per project? - DanH: Tech Leads for solutions do discuss in Arm, but a case that some of these discussions could be brought outside of Arm to TSC. - AP: Multiple components. - DanH; A proposal to look at solutions in TF.org. Step changes may be required. - AP: Action: Have TSC remain informed of important decisions? - DC: Also important topics on the table that want SC and Members to shape the decision. Aligns with Roadmap - as decisions made, vet with TSC to meet member objectives. - AP: Possibly if TSC is interested in OP TEE, then join OP TEE Tech Forum. Or discuss in TSC? Two possibilities. - DC: Have resource conflicts. TSC must have enough about overall org to steer. - AP: Agree. Shouldn’t just be informed afterwards, but get involved earlier to “steer” Have discussed MISRA compliance in the past. - MT: A roadmap discussion is a good starting point. - DC: Key off milestones in roadmaps can determine when a topic should be discussed. - AP: Action: Need to see if Tech Leads can come in and present plans. - DanH: Comes back to how a project is driven forward. By Arm? By others? A roadmap can be lopsided. What is missing is Tech Mgr/Roadmap owners across all projects. Arm Tech Mgrs may not always be receptive to requested changes - DC: If someone is not participating, then inputs carry less weight. - JB: A look at the product today, mainly Arm/Linaro that drives much of it. OP TEE roadmap is driven from Linaro Members, for example, so what does it mean for TF to own a project? - AP: There is an opportunity where if someone brings a topic in, then a different model. A proposal comes to the table. Then discussed. - JB: OP TEE - “can I see roadmaps?” “Talking to Linaro” doesn’t seem like a good answer. - AP: OK with roadmaps to be driven from other orgs. - AP: 2 Actions: - What do we ask Tech leads to inform - How to discuss items in advance on roadmap - Think Matteo/Shebu post roadmaps, but can ask if don’t - JW: Still not sure how affective the TSC can be with external activities driving things - AP: Aligning w/ Eric’s input and take votes to the board. - EF: Still see some potential value on what is happening. - JW: Could be emails? - AP: Could take this to Tech Leads in Arm and get their thoughts on willingness to discuss work items. - DC: worth a try to see if it could add value. - JB: Once example if companies presenting Security incidents on their own pace. Wanted to publish June 24th, Joakim explained and they pushed to July 10th - DanH: Need to add Phabricator to the future agenda. - AP: *Action*: Ask the board if they need items from TSC. - DanH: Off line feedback would be OK. - AP: May create a Q & A. <end>

4 years, 8 months

1
0
0 0

Fwd: View the agenda and register for Linaro and Arm CCA Tech Event on June 23

by Don Harbin

Reminder - might be of interest to some. Don ---------- Forwarded message --------- From: Kristine Dill <kristine.dill(a)linaro.org> Date: Thu, 17 Jun 2021 at 05:56 Subject: Re: View the agenda and register for Linaro and Arm CCA Tech Event on June 23 Hi all, This is a reminder to register for our event next week: Linaro and Arm CCA Tech Event, Deep dive into the Arm Confidential Compute Architecture <https://www.linaro.org/events/linaro-and-arm-cca-tech-day-deep-dive-into-ar…> . The event is free and open to the public so feel free to share with any developers who may be interested. The registration link and schedule can be found here: https://www.linaro.org/events/linaro-and-arm-cca-tech-day-deep-dive-into-ar… The event has 6 sessions and starts at 14:00 UTC on June 23 - the schedule should pick up your local timezone. Once you register, you'll receive an invite to login to the event platform PINE on Monday (2 days before the event). All sessions will be presented live and the platform has a Q&A and chat window so you can ask questions and interact with the speakers and other attendees during the event. Thanks and let me know if you have any questions! Kristine Dill Events Manager Linaro On Wed, May 26, 2021 at 10:40 AM Kristine Dill <kristine.dill(a)linaro.org> wrote: > Hi everyone, > > The agenda is now available for viewing and registration is open for the > Linaro and Arm CCA Tech Event on June 23! View the agenda and register on > the event page here: > > > https://www.linaro.org/events/linaro-and-arm-cca-tech-day-deep-dive-into-ar… > > The schedule widget should pick up your local timezone. The event begins > at 14:00 UTC. This event is free and open to anyone, so feel free to share > the link publicly. > > For those who can't attend, videos of sessions will be made available > after the event on the Connect Resource Page. We'll be using the same > software we used for Linaro Virtual Connect 2021 (PINEtool.ai). If you've > registered, you'll receive an email invite from PINE when we get closer to > the event on June 23. > > > Thanks and let me know if you have any questions. > > Kristine > > > > <https://www.hubspot.com/email-signature-generator?utm_source=create-signatu…> >

4 years, 8 months

1
0
0 0

TSC Agenda 17 Jun 2021

by Abhishek Pandit

Hi All, Any agenda items for this week's meeting? Following topics from previous meeting - * TF-M security patch release. Have the teams agreed on this and is this now concluded? * TSC feedback I have created a page where people can add their inputs. It is open at the moment, if you feel there is a need to restrict visibility then please let me know. https://developer.trustedfirmware.org/w/collaboration/community_development… Thanks, Abhishek

4 years, 8 months

1
0
0 0

TSC Minutes 20 May 2021

by Abhishek Pandit

Attendees : - Abhishek Pandit, Arm - Andrej Butok, NXP - Anton Komlev, Arm - Dan Handley, Arm - David Brown, Linaro - Dave Cocca, Renesas - Eric Finco, ST - Gyorgy Szing, Arm - Joakim Bech, Linaro - Julius Werner, Google - Kangkang Shen, Futurewei - Kevin Oerton, NXM - Michael Thomas, Renesas - Shebu Varghese Kuriakose, Arm - Lionel Debieve, ST (Thanks Joakim for taking the notes!) Trusted Services & PSA - Shebu presented Trusted Services roadmap (to be circulated). - Crypto, Attestation and secure storage is the three first main API's. - TF-M available on several platforms. - General ask to extend PSA to Cortex-A devices, Edge devices etc. More complicated environment, since many different stacks etc. This was the reason why Trusted Services was born. - Initial code base etc for Trusted Services can be found at TF.org. - T.S. is a framework to develop security related services. - Communication can be FF-A or OpenAMP. - Started to implement same services on Cortex-A as we've done for the TF-M. - Michael: Is this expected to reach TF-M? Shebu: No, it's only for TF-A. - Andrej: Will interface be the same as in TF-M? Shebu: Yes - FF-A is the protocol between all exception levels (pre-Armv8.4 devices where there are no S-EL2). Right now development takes place on Arm models (FVP). - For Armv8.4 we also have Secure EL-2 (Hafnium). I.e., the secure partition manager (SPM) is in S-EL2. - Kevin: TA's access? pre8.4 only to non-secure side? Shebu: Traditional TA's will co-exist with SP's (via a shim layer). - TS: 2021/Q2: Attest SP, Protected Storage SP, FF-A direct messaging, FIP based booting. - TS: 2021/Q3: Attest SP continues, StMM Updates, PSA Functional API testing, 32bit support SEL0/SP, Storage backend intergration. - TS: 2021/Q4: 32-bit support SEL0/SP continues, Platform Security Firmware Update for A-profile, Meta-arm yocto support. - OP-TEE Q2,3,4: Co-developed (pending changes can be found in a TF.org branch). - OP-TEE users will get all changes from the official upstream project, and TS services from TF.org. - Kangkang: Multicore, how to switch to secure side. Gyorgy: Same as OP-TEE. JB: Everything on secure side runs on a single core. I.e., a TA cannot use two or more cores. Kangkang: On x86, it's possible to switch so you utilize all cores. Patch management - security issues - LTS - Dave: Generally positive feedback. - Dave: Dan wanted to avoid the semantic versioning? What's the background for the concern? We'd like to use the Major, Minor, Fix Anton: TF-M uses semver, but it's tweaked for it's own purposes. David B: Do we have any reason not to compel with the standard? Anton: No hotfix? Michael: Yes it's there, they call it patch. https://semver.org/ Anton: Wanted to use the "Patch" for security fixes only. Abhishek: On high-level it matches, but not backwards-compatible for "patch". Hence strictly not Semantic Versioning. - Dave: We should reference the link in the release cadence and process. - Dave: Dan, LTS policy, use the lifetime of the branch. Anton proposed a 8 month coverage (two releases back basically). TF-M have stayed away from the LTS terminology. Abhishek: Should we patch all old release or only the last one? The last is properly tested, but the one prior to that will not have the same amount of testing. Dave: Customers must be comfortable with understanding for how long the LTS will be there and will be patched. Need to figure out how far back we will test old release when doing security fixes. Shebu: Not trivial from a resourcing point of view. Three years should be more than enough, more than that will probably not make sense, since things will likely have been re-designed. Michael: TF-M is in an early state, maybe pre-mature to define LTS. But once customer started to deploy it, we must assure that there are patches/stable builds maintained and security holes and bugs fixed. Shebu: Everyone in the board supports the LTS, the question is to frame it (time). Dave: For now leave LTS out and mention the previous version as starting point. Abhishek: Sounds OK. Companies on older version will to thorough testing since they have products out already. Dave: Major, minor? Abhishek: Yes, only use Major and Minor. - Dave: testing, on the minor release that gets the hot-fix, what is the amount of testing? Need clarification. Anton: Normal CI testing is overnight, sanity tests, performance etc. All done on FVP. For release test, we ask "everyone" to test on their boards and we give the 2 week window for the testing. Dave: Once we have OpenCI in place, things could improve for hot-fix testing? Anton: Yes, that's our optimistic view on it. Abhishek: Automatic successful testing is not the problem. It's the failing that is the challenge. Board/device owner will have to help with investigations. Michael: Also important to add new test, testing the security fix. Will the test suite also be updated for old versions. Anton: If we provide a fix, do we want to keep the branch forever? Dave: How to get it to Phabricator? Abhishek: You can add it there yourself. Will help you with permissions etc. Feedback from TSC reps - Abhishek: Looking for more feedback for the next meeting. - Joakim: Reminder that the email tsc@... is going to a public list seen by anyone https://lists.trustedfirmware.org/pipermail/tsc/. Abhishek: Will see if I'll create an internal Phabricator page.

4 years, 9 months

2
1
0 0

Re: [TF-TSC] TSC Agenda 20 May 2021

by Eric FINCO

There is the one pending from the previous meeting: * [Tentative] Trusted Services roadmap presentation. I am checking availability within Arm as this is short notice. Regards, Eric Finco [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: logo_big5] Eric FINCO | Tel: +33 (0)2 4402 7154 MDG | Technical Specialist ST Restricted From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Abhishek Pandit via TSC Sent: lundi 17 mai 2021 13:00 To: tsc(a)lists.trustedfirmware.org Subject: [TF-TSC] TSC Agenda 20 May 2021 Hi All, Any agenda items for this week's meeting? Thanks, Abhishek

4 years, 9 months

2
1
0 0

TSC Agenda 20 May 2021

by Abhishek Pandit

Hi All, Any agenda items for this week's meeting? Thanks, Abhishek

4 years, 9 months

1
0
0 0

April 15th TSC Meeting Minutes / Action Items

by Don Harbin

Hi, Please find the minutes/actions from last Thursday's TrustedFirmware TSC. Best regards Don - Sent on behalf to the Trustedfirmware TSC Chairs Attendees Dave Cocca, Joakim Bech, Anton Komlev <Anton.Komlev(a)arm.com>, Eric Finco, Julius Werner Kevin Townsend, David Brown, Kangkang Shen, Abhishek Pandit Lionel Debieve, Andrej Butok, Dan Handley, Andrej Butok, Don Harbin Actions: - Dave Cocca develop an initial proposal on how to handle Security Patches midstream. Send to Joakim and Dan Handley for review, then to the TSC. - Abhishek Pandit - ask PSA team how they handle security patches and provide feedback to TSC. Minutes: - AP: Reminder - TS presentation next month - JB: Timeline/Roadmaps for TS can be asked about next month - DC: Security Patches - a policy in place for how patches rolled out, versions, how many versions to backport, etc. In particular, coming out with a new MCUrelease, want to align TF-M and mBedTLS - AP: Some discussions happening. TF-M specific? - DC: mBedTLS and TF-M - AP: TF-M, Anton is Tech Lead. - DanH: mbedTLS - relatively mature product going well and widely used. A history of LTS branches, etc. So there is a policy in place. All security and non-security bugs support is on the LTS branches. When released, fixes are part of the released version. All fixes updated at the same time. TF-M policy is relatively new, and it needs discussion on how to move this forward with consideration of costs. - DC: Yes cost is a factor, and members doing it as well for their own s/w. The solution needs to be practical - DanH: Reasonable to come up w/ policy related to security fixes. For example, have no release without all security fixes in place and validated. - AP: Current releases are on a 3-4 month cadence, assuming that’s OK - AK: TF-M has only a couple of incidents. Have hotfixes. The main issues is validation and test. Can’t expect an ad-hoc release. Should release on tested platforms. Can define the process and verification window. - AP: Talking about a next release, not LTS - AK: Correct - DanH: We need to understand what all members want to see - DC: With TF-M v1.2, we could put out a 1.2.1 for a Security Vulnerability with limited testing and validation of the patches. Customers must then decide if they want to integrate. Could be a 1.2.z, i.e. a revision versus version. Not officially tested standalone, but the patch would be available. - AP: The question is if 1.1 is there, then what? - DC: In how we do it, the 1.0 needs maintained, if prior, then have to go back further. Then if someone wants it fixed, must go to the next minor release - DanH: So most recent release as a starting point? - DC: yes - AP: If TF-M makes a 1.2.1 release, for example, and it’s not being validated, what is the value? - DC: from TF.org standpoint, patch release with limited testing. - AK: Patch is available - DanH: Is there a concern on backporting? - DB: Conflict issue is more obvious. But testing is more important - DonH: Why not run the full Open CI test suite? - DB: That’s run on the branch, but not for separate vendor releases - AP: So full release gets tested, then it’s up to vendors to pull into their own builds/boards. - DanH: So running Open CI is enough? - DC: Yes, that should be enough. Vendors can also do extra testing but can inform that it also ran on Open CI. As long as transparent. - AP: Lack of experience on TF-M users and lack of definition of major and minor releases are clear. - AK: Have a versioning schema. - JB: Example - https://semver.org/ - KKS: Older security patches often have a short time, so only as a reference is the level of commitment that can be made. - DC: Agree wouldn’t release major versions until fully tested, but for ones not fully tested, could do the ad-hoc release. - AP: In most cases, security patches are a reference. - DanH: What Dave asked for doesn’t seem that costly. - AK: The main difference is the amount of testing. - AP: That proposal can go out. - ACTION: ^^^ DC come up with the initial draft. Send to Joakim, Dan. - DanH: Do these impact release schedules? - JB: No. - DC: If someone wants PSA level 2 certification, would they be able to use the current version (1.2 for example) with identified security patches? - DanH: Not sure how this is handled. Need to ask PSA Team - ACTION ^^^ AP - Joakim: OP TEE content. Like to redirect OPTEE.org - JB: Docs in multiple places and attempting to pull this together like the OP TEE readthedocs. - JB: Where do we put Security Advisories. - DanH: Why not in all documentation? - DanH: Github has a way to list as well - DB: Github solution is being used elsewhere - then code users automatically see the advisories. - DB: Must have admin rights on the advisory repo. Can add people to do other tasks. - JB: Can’t see a way to remove ones - DB: Shared example for Zephyr. Data matches CVEs well. - JB: The link to PR is nice. - DB: No API yet but can get an alert. Must web scrape to get it. - DanH: Avoiding Phabricator seems good - JB: Agreed - DanH: Github seems a good idea - JB: Will plan to redirect. - ArmV9 - DanH: Armv9 announced, presented at a high level. CCA and realm mgt extensions included. The expectation is to have more details coming over the following months. May see some TF-A EL3 code support patches but won’t change how things work. Later, some changes could be more invasive. - JB: Memory Tagging extension has been around, why mentioned here? - DanH: Not sure, a stepping stone to Morello? Not sure if anything additional in V9. - AP: Note this is just the first announcement. Must wait on some details. - DanH: Expect more technical presentations in the upcoming months

4 years, 10 months

1
0
0 0

Re: [TF-TSC] TSC Agenda 15 Apr 2021

by Abhishek Pandit

Following on the agenda for tomorrow * TF-M security vulnerability and patch release policy, providing fixes for security issues for past releases. [Dave Cocca] * optee.org transition to trustedfimrware.org. [Joakim Bech] * [Tentative] Trusted Services roadmap presentation. I am checking availability within Arm as this is short notice. Thanks, Abhishek From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Abhishek Pandit via TSC Sent: 13 April 2021 12:21 To: tsc(a)lists.trustedfirmware.org Subject: [TF-TSC] TSC Agenda 15 Apr 2021 Hi All, Any agenda items for this week's meeting? Thanks, Abhishek

4 years, 10 months

1
1
0 0

Re: [TF-TSC] TSC Agenda 15 Apr 2021

by Joakim Bech

Hi, On Tue, 13 Apr 2021 at 13:29, Joakim Bech via TSC < tsc(a)lists.trustedfirmware.org> wrote: > Hi, > > Timely, I had this written in another email :-) > > optee.org (on purpose) doesn't contain much information of value. We > removed duplicated and stale information quite some time ago and now the > only thing that is really left of value there is the security advisories. > So, I want to redirect optee.org to trustedfirmware.org/projects/op-tee. > > I don't want to get rid of optee.org (and op-tee.org), since there is > branding value in those. I simply want to remove our current page and > redirect to TrustedFirmware.org. Redirection is easy, however, we need to > figure out where to host the security advisories. We could either store > them directly accessible under a trustedfirmware.org as a sub-page or we > can put them somewhere under our existing security pages at Phabricator. So > as a topic for tomorrow, I'd like to hear whether you're against me > redirecting this and have a discussion about what to do with security > advisories. Right now OP-TEE and other TF-projects are spread out on > various sites. > > Then with the recent Armv9 announcement, I wonder if we as a group already > now need to start thinking about what we need to do with the project under > TF? I would be surprised if we don't have to do anything as a collective > group. > In addition to that, we from Linaro are also interested in the roadmap and associated timelines for the Trusted Services project. If someone (from Arm I suppose) has information about that ready to be shared, then that's a third thing that could be covered on Thursday. Regards, Joakim > > Regards, > Joakim > > > On Tue, 13 Apr 2021 at 13:20, Abhishek Pandit via TSC < > tsc(a)lists.trustedfirmware.org> wrote: > >> Hi All, >> >> >> >> Any agenda items for this week’s meeting? >> >> >> >> Thanks, >> >> Abhishek >> -- >> TSC mailing list >> TSC(a)lists.trustedfirmware.org >> https://lists.trustedfirmware.org/mailman/listinfo/tsc >> > -- > TSC mailing list > TSC(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tsc >

4 years, 10 months

1
0
0 0

Re: [TF-TSC] TSC Agenda 15 Apr 2021

by Joakim Bech

Hi, Timely, I had this written in another email :-) optee.org (on purpose) doesn't contain much information of value. We removed duplicated and stale information quite some time ago and now the only thing that is really left of value there is the security advisories. So, I want to redirect optee.org to trustedfirmware.org/projects/op-tee. I don't want to get rid of optee.org (and op-tee.org), since there is branding value in those. I simply want to remove our current page and redirect to TrustedFirmware.org. Redirection is easy, however, we need to figure out where to host the security advisories. We could either store them directly accessible under a trustedfirmware.org as a sub-page or we can put them somewhere under our existing security pages at Phabricator. So as a topic for tomorrow, I'd like to hear whether you're against me redirecting this and have a discussion about what to do with security advisories. Right now OP-TEE and other TF-projects are spread out on various sites. Then with the recent Armv9 announcement, I wonder if we as a group already now need to start thinking about what we need to do with the project under TF? I would be surprised if we don't have to do anything as a collective group. Regards, Joakim On Tue, 13 Apr 2021 at 13:20, Abhishek Pandit via TSC < tsc(a)lists.trustedfirmware.org> wrote: > Hi All, > > > > Any agenda items for this week’s meeting? > > > > Thanks, > > Abhishek > -- > TSC mailing list > TSC(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tsc >

4 years, 10 months

1
0
0 0

TSC Agenda 15 Apr 2021

by Abhishek Pandit

Hi All, Any agenda items for this week's meeting? Thanks, Abhishek

4 years, 10 months

1
0
0 0

FW: Invitation to OP-TEE functional safety workshop

by Dan Handley

Hi TF Board/TSC You may have seen the below invite on the TF-A or OP-TEE lists but I'm just forwarding directly in case you missed this. If you have an interest then please contact François-Frédéric directly. Regards Dan. From: François Ozog <francois.ozog(a)linaro.org<mailto:francois.ozog@linaro.org>> Sent: Thursday, April 8, 2021 12:59 PM To: TSC <tsc(a)linaro.org<mailto:tsc@linaro.org>> Subject: Invitation to OP-TEE functional safety workshop Hi, Linaro is conducting an opportunity assessment to make OP TEE (open platform trusted execution environment) ready for functional safety sensitive environments. The scope of this analysis also covers Trusted Firmware and Hafnium even though we will not try to produce a plan for their own safety readiness. We’re organizing a 2 hours workshop on April 15th 9am CET to present the state of the research, discuss the key use cases, and brainstorm on possible requirements for a Long Term Support program. The first use case is to use the TEE to boot a safety certified type-1 hypervisor. We are also considering other use cases - for example, a safety payload could be loaded as a Secure Partition on top of Hafnium with OP-TEE or Zephyr used as a device backends. Agenda (to be refined) * Vision * Use cases discussion * What is the right scope? State of the research <https://docs.google.com/presentation/u/0/d/1jWqu39gCF-5XzbFkodXsiVNJJLUN88B…> * “Who does what” discussion (LTS, archiving...) * Safety personnel (Linaro and contractors) discussion * Other considerations from participants? * Community organizations and funding? * Closing and next steps (preliminary content can be found in the attached document, the goal will not be to go though all slides but to use them to guide the discussion) We have contacted key partners in the Arm ecosystem as well as Tier 1 and car makers and we would like to invite you to join our workshop: we would highly appreciate your contribution. If you are interested or if you would recommend anyone from your team, we will be pleased to send a calendar invite with the bridge details. Looking forward to hearing from you soon François-Frédéric -- [https://drive.google.com/a/linaro.org/uc?id=0BxTAygkus3RgQVhuNHMwUi1mYWc&ex…] François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group T: +33.67221.6485 francois.ozog(a)linaro.org<mailto:francois.ozog@linaro.org> | Skype: ffozog

4 years, 10 months

1
0
0 0

Re: [TF-TSC] Linaro Virtual Connect next week

by Matteo Carlini

I’d also recommend: · LVC21-303: Secure Partition Manager evolution (Armv8.4 Secure EL2) – on the Hafnium new developments * LVC21-207: Standard Firmware Updates on Arm * LVC21-315: Measured Boot Support in Trusted Firmware A class (TF-A) project Lots of firmware related talks this time!! Matteo From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Don Harbin via TSC Sent: 20 March 2021 00:42 To: board(a)lists.trustedfirmware.org; tsc(a)lists.trustedfirmware.org Subject: [TF-TSC] Linaro Virtual Connect next week Hi All, I've assumed you are all aware, but just in case, I wanted to invite each of you to Linaro Virtual Connect next week. Of particular interest will be the following sessions: * Trusted Firmware Project Update presented by Matteo & Shebu * Introducing the Trusted Services Project by Julian Hall * Trust Ain't Easy: Challenges of TEE Security by Cristofaro Mune & Niek Timmers * ASLR in OP-TEE by Jens Wilander * Firmware Configuration Framework and Chain of Trust in TF-A by Madhukar Pappireddy & Manish Badarkhe * Firmware update service in TF-M by Sherry Zhang * Firmware Framework - M 1.1 feature update in TF-M by Ken Liu * OP-TEE as a Secure Partition running on SPM using ARMv8.4-A SEL2 feature by Arunachalam Ganapathy & Jens Wiklander · PSA-FF-A compliant Secure User Mode partition support for Arm platforms by Sayanta Pattanayak & Aditya Angadi · Secure Partition Management in OP-TEE (pre 8.4 Cortex-A devices) * by Jelle Sels * VIrtualization for OP-TEE by Volodymyr Babchuk There's other sessions you may find useful as well so take a look at the schedule here<https://connect.linaro.org/schedule/>. Virtual Connect additional notes: * Register here<https://connect.linaro.org/>. It's free, so invite your co-workers to join as well! :) * The virtual sessions occur across various time-zones, but all sessions will be recorded and published shortly after the event for you to be able to watch later. Best regards, Don *

4 years, 11 months

1
0
0 0

Linaro Virtual Connect next week

by Don Harbin

Hi All, I've assumed you are all aware, but just in case, I wanted to invite each of you to Linaro Virtual Connect next week. Of particular interest will be the following sessions: - *Trusted Firmware Project Update* presented by Matteo & Shebu - *Introducing the Trusted Services Project* by Julian Hall - *Trust Ain't Easy: Challenges of TEE Security* by Cristofaro Mune & Niek Timmers - *ASLR in OP-TEE * by Jens Wilander - *Firmware Configuration Framework and Chain of Trust in TF-A* by Madhukar Pappireddy & Manish Badarkhe - *Firmware update service in TF-M* by Sherry Zhang - *Firmware Framework - M 1.1 feature update in TF-M* by Ken Liu - *OP-TEE as a Secure Partition running on SPM using ARMv8.4-A SEL2 feature* by Arunachalam Ganapathy & Jens Wiklander - *PSA-FF-A compliant Secure User Mode partition support for Arm platforms* by Sayanta Pattanayak & Aditya Angadi - *Secure Partition Management in OP-TEE (pre 8.4 Cortex-A devices)* - by Jelle Sels - *VIrtualization for OP-TEE *by Volodymyr Babchuk There's other sessions you may find useful as well so take a look at the *schedule here <https://connect.linaro.org/schedule/>*. Virtual Connect additional notes: - *Register here <https://connect.linaro.org/>*. It's free, so invite your co-workers to join as well! :) - The virtual sessions occur across various time-zones, but all sessions will be recorded and published shortly after the event for you to be able to watch later. Best regards, Don -

4 years, 11 months

1
0
0 0

Re: [TF-TSC] TSC agenda 18th March 2021

by Dan Handley

Hi all As you will have seen from the cancelled meeting invite, there were no agenda items to discuss this month. Regards Dan. From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Dan Handley via TSC Sent: 15 March 2021 12:20 To: tsc(a)lists.trustedfirmware.org Subject: [TF-TSC] TSC agenda 18th March 2021 Hi all Please let us know if you have any agenda items for this Thursday's TSC meeting? Regards Dan.

4 years, 11 months

1
0
0 0

TSC agenda 18th March 2021

by Dan Handley

Hi all Please let us know if you have any agenda items for this Thursday's TSC meeting? Regards Dan.

4 years, 11 months

1
0
0 0

Re: [TF-TSC] TrustedFirmware Feb 18 TSC Meeting Minutes

by Miklos Balint

Hi Attached is my presentation on FF-A and PSA RoT enablement in OP-TEE. Let me know any further questions on the topic. Cheers, Miklos From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Don Harbin via TSC Sent: 01 March 2021 20:54 To: tsc(a)lists.trustedfirmware.org Subject: [TF-TSC] TrustedFirmware Feb 18 TSC Meeting Minutes Hi All, Please find the minutes from the last TSC below. Attachments to be sent separately. Best regards, Don Harbin - sent on behalf of the TSC chair Attendees: Dave Cocca, Lionel Debieve, Eric Finco, Kangkan Shen, Miklos Balint, David Brown, Kevin Townsend, Abhishek Pandit, Joakim Bech, Don Harbin Minutes: * Dan: Groups.io update. David B learned that Zephyr used it, but a different migration source (Google groups). More straightforward than ours. So would expect a rough transition. Could make it work if we started over without promising a seamless migration. * David B: Adding user names should be straightforward. * Dan: Yes. Major concerns are live migration to TrustedFirwmare.org domain and archive migration. Three ways to proceed: 1) Manage disruption as we go and hope for the best, 2) Go for a clean setup, 3) Drop for now * A wider tooling issue for TF.org. Github/Gerrit and things like Slack are under consideration. * AP: Not sure how much more we should invest on this. If we had a communication channel like Slack, there would be less need for mailing lists. * DB: Groups.io may also remove ongoing headache from managing mailman. * Dan/Joakim: Mailman not much of a burden these days. * DB: Spam rules can cause issues. List clients can often look like spam. Email providers may then start to reject folks on the list. Groups.io would be motivated to fix such things. * AP: Groups.io not even responding to support queries. * Dan H: Linaro IT is resistant.If we can’t get them onside then who will push this through? * Linaro IT is currently managing mailman OK, so should we just leave it? * JB: Proceed or not? * DB: Perhaps pursue Slack as chat platform? It’s free if you don’t want history archived. Can be expensive if you need other features as there’s a per-user cost. * Is Mailman a big issue? * At this point, not so much. * AP: Perhaps table this for now and if we decide to move from Phabricator handle this at this time. * AP: With no volunteers to champion, close this and re-open if something changes. * Lionel: FF-A coming into OP TEE and PSA certs. * Miklos: Presented attached FF-A enablement slides * Eric: How backward compatible are the proposed changes? * Miklos: They can be made backwards compatible if configured accordingly. Existing services can continue to be supported with GP APIs and new services can use FF-A. * Joakim: Is FF-A expected to replace GP APIs? * Miklos: GP is widely used. Both are likely to co-exist. On a particular segment/configuration, one may be more relevant than the other. <end>

4 years, 12 months

1
0
0 0

TrustedFirmware Feb 18 TSC Meeting Minutes

by Don Harbin

Hi All, Please find the minutes from the last TSC below. Attachments to be sent separately. Best regards, Don Harbin - sent on behalf of the TSC chair *Attendees*: Dave Cocca, Lionel Debieve, Eric Finco, Kangkan Shen, Miklos Balint, David Brown, Kevin Townsend, Abhishek Pandit, Joakim Bech, Don Harbin *Minutes*: - Dan: Groups.io update. David B learned that Zephyr used it, but a different migration source (Google groups). More straightforward than ours. So would expect a rough transition. Could make it work if we started over without promising a seamless migration. - David B: Adding user names should be straightforward. - Dan: Yes. Major concerns are live migration to TrustedFirwmare.org domain and archive migration. Three ways to proceed: 1) Manage disruption as we go and hope for the best, 2) Go for a clean setup, 3) Drop for now - A wider tooling issue for TF.org. Github/Gerrit and things like Slack are under consideration. - AP: Not sure how much more we should invest on this. If we had a communication channel like Slack, there would be less need for mailing lists. - DB: Groups.io may also remove ongoing headache from managing mailman. - Dan/Joakim: Mailman not much of a burden these days. - DB: Spam rules can cause issues. List clients can often look like spam. Email providers may then start to reject folks on the list. Groups.io would be motivated to fix such things. - AP: Groups.io not even responding to support queries. - Dan H: Linaro IT is resistant.If we can’t get them onside then who will push this through? - Linaro IT is currently managing mailman OK, so should we just leave it? - JB: Proceed or not? - DB: Perhaps pursue Slack as chat platform? It’s free if you don’t want history archived. Can be expensive if you need other features as there’s a per-user cost. - Is Mailman a big issue? - At this point, not so much. - AP: Perhaps table this for now and if we decide to move from Phabricator handle this at this time. - AP: With no volunteers to champion, close this and re-open if something changes. - Lionel: FF-A coming into OP TEE and PSA certs. - Miklos: Presented attached FF-A enablement slides - Eric: How backward compatible are the proposed changes? - Miklos: They can be made backwards compatible if configured accordingly. Existing services can continue to be supported with GP APIs and new services can use FF-A. - Joakim: Is FF-A expected to replace GP APIs? - Miklos: GP is widely used. Both are likely to co-exist. On a particular segment/configuration, one may be more relevant than the other. <end>

4 years, 12 months

1
0
0 0

Re: [TF-TSC] TSC Agenda 18 Feb 2021

by Julius Werner

+Serban who can answer this much better than me. On Wed, Feb 17, 2021 at 1:53 AM Joakim Bech via TSC <tsc(a)lists.trustedfirmware.org> wrote: > > Hi Abhishek, Julius, TF-reps, > > I'd like to better understand what the plan is with Hafnium. What are Google, Arm and TF as a group intending to do with it? I believe it was and still is (?) going to be the reference implementation in S-EL2. But, maybe I'm wrong. But I think I've heard that Google changed the focus wrt secure side. I believe Will Deacon touches this in this talk [1] (although KVM related). As said I could be wrong, but if someone could give an update and clarity to this, it'd be great. > > [1] https://youtu.be/wY-u6n75iXc?t=894 > > Regards, > Joakim > > > On Tue, 16 Feb 2021 at 00:44, Abhishek Pandit via TSC <tsc(a)lists.trustedfirmware.org> wrote: >> >> Hi All, >> >> >> >> Any agenda items for this week’s meeting? >> >> >> >> Thanks, >> >> Abhishek >> >> -- >> TSC mailing list >> TSC(a)lists.trustedfirmware.org >> https://lists.trustedfirmware.org/mailman/listinfo/tsc > > -- > TSC mailing list > TSC(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tsc

5 years

2
1
0 0

Re: [TF-TSC] TSC Agenda 18 Feb 2021

by Joakim Bech

Hi Abhishek, Julius, TF-reps, I'd like to better understand what the plan is with Hafnium. What are Google, Arm and TF as a group intending to do with it? I believe it was and still is (?) going to be the reference implementation in S-EL2. But, maybe I'm wrong. But I think I've heard that Google changed the focus wrt secure side. I believe Will Deacon touches this in this talk [1] (although KVM related). As said I could be wrong, but if someone could give an update and clarity to this, it'd be great. [1] https://youtu.be/wY-u6n75iXc?t=894 Regards, Joakim On Tue, 16 Feb 2021 at 00:44, Abhishek Pandit via TSC < tsc(a)lists.trustedfirmware.org> wrote: > Hi All, > > > > Any agenda items for this week’s meeting? > > > > Thanks, > > Abhishek > -- > TSC mailing list > TSC(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tsc >

5 years

1
0
0 0

TSC Agenda 18 Feb 2021

by Abhishek Pandit

Hi All, Any agenda items for this week's meeting? Thanks, Abhishek

5 years

1
1
0 0

Re: [TF-TSC] Jan 21 TrustedFirmware TSC Minutes

by Joakim Bech

Hi Don, Kangkang, TSC-reps, On Tue, 26 Jan 2021 at 00:27, Don Harbin via TSC < tsc(a)lists.trustedfirmware.org> wrote: > Hi, > Please see minutes from last week's TSC below. > Best regards, > Don > > - Sent on behalf of TSC Chair > > *Actions*: > > - > > > - > > - > > ACTION: Joakim to follow up with Kangkang for the use of multiple > cores on the Secure World side. > > I've talked to some people internally regarding this and in addition to that I've just sent a follow-up email to Kangkang with some clarifications and some suggestions for a continued discussion. I think we can close this action (at least for now). We'll bring this up for discussion at TF TSC later on if/when we have more to discuss. Regards, Joakim

5 years

1
0
0 0

Jan 21 TrustedFirmware TSC Minutes

by Don Harbin

Hi, Please see minutes from last week's TSC below. Best regards, Don - Sent on behalf of TSC Chair *Attendees*: Don, Dan H, Abhishek, Kevin Oerton, David Brown, Julius Werner, Andrej Butok, Joakim Bech, KangKang Shen, Dave Cocca, Kevin Townsend, Michael Thomas *Actions*: - ACTION: DavidB send a note to Brett and ask for details on Groups.io options. Ask about options - - ACTION: Don to add DavidB to the Groups.io tickets (IT, and Tasks). Done - ACTION: Abhishek Pandit <abhishek.pandit(a)arm.com> to reach out Kangkang for a side discussion on exclusive language. - ACTION: Joakim to follow up with Kangkang for the use of multiple cores on the Secure World side. *Minutes*: - AP: Introduce Kevin Oerton. Focus PSA Certs on ST and moving to Cortex-A. A self-defending security platform. Comes with “Cyber warranty” model. Incorporated in US, working out of Toronto - Brief intros from the rest of the team - Kevin Townsend - Linaro LITE - Dan H: Arm, TSC rep. TF-A history but interested in lots more. - KK: Futurewei. Chief F/W architect at Huawei before splitting out into Futurewei. - David Brown: Linaro - LITE. On Security Working Group but on Linaro LITE. MCUBoot Maintainer, Security Arch. for Zephyr - Dave C: Renesas: Interested in TF-M and M bed TLS to support Micro Controllers - Andrej B: NXP Czech republic. TSA, TF-M, and more. Support 4 platforms w/ SDK with more to come. Still needs to be upstreamed with limited resources. Plan to bring an intern on board to accelerate upstreaming. - AP: Is Zephyr team working w/ TF-M? - AB: No contributions at this time. Not enough resources to support upstream TF-M, hoping to change that - JoakimB: Sweden, Linaro. Started the Security Working Group. Now transitioned. An OP TEE Maintainer, but no longer reviewing all patches. Now focusing on DT, Boot Architecture, Provisioning, and Remote attention to name a few. Also handles Security Issues. Includes OP-TEE and more. - JuliusW: Google on ChromeOS. Using TF-A for 5 years now. Other Google teams interested in Hafnium - MichaelT: Renesas working for Dave Cocca. Focused on Renesas RA security solutions. - Abhishek: Arm, Cambridge. At Arm for 5 years, lead TF-M from the start. Manage all firmware teams including TF-A, TF-M, and more. Focus on all - Groups.io status - DanH: Started in May that Groups.io started as a good replacement for Mailman. Approved by the board to move forward. Included Domain support. Ended up not getting a non-profit discount. Since November, Don, Linaro IT, and I have been investigating. Used a Linaro Service Desk ticket. - DanH: Linaro IT (Philip) helped a lot with limitations. Migration not straight forward and getting very limited support - DanH: Archive migration may be a blocker. Also how to do the switchover with blackout periods but not getting support here. Potentially could do archive migration later but not sure if this is possible or what the behavior is when replying to a mail not in groups.io. - DavidB: On last point, got this working for Zephyr. Wasn’t very friendly. Was all settings adjustments that can be overridden per user. - DanH: Private groups can’t become public later. Limited support response but it may be because we are only evaluating (not paid any money). Linaro IT is not supportive of this so making the transition harder. - DavidB: Has a bulk suggest option where you can email people to ask them to sign up. - Don: How far was zephyr in when the transition happened? How many lists? - DavidB: Came in after and used David as Admin to go fix issues. - DavidB: Was this discussed with Zephyr to see how they transitioned. - ACTION: DavidB send a note to Brett and ask for details. Ask about options - Joakim: Maintain OP TEE list. Have added spam filters as we have moved along, but now going pretty well. - DavidB: Zephyr uses Groups.io for mailing lists and group calendars. A calendar is available that works ok. There is a bug on Daylight Savings so must use UTC. ~1000 people on the main mailing lists. Mostly was migrated. - Abhishek: Want to transfer Archives, and Groups.io has to do that. - DavidB: Do we get that support if enterprise? - ACTION: Don to add DavidB to the tickets (IT, and Tasks). - Joakim: Have a long list of senders filters; can we re-use this for other lists? Any automation on that? - Abhishek: Inclusive Language / Code of Conduct - Abhishek: Shared both Community Guideline and Code of Conduct - Abhishek: Text from what was agreed in the email - DaveC: Don’t see issues. Like the retrospective comments that don’t need to go back and correct existing content but only for new comments. - Abhishek to send out a note with Deadline. - KK: Like Coding Standard but no in Code of Conduct. A technical requirement when coding. But not a code of conduct - Abhishek: That’s in a different location. Started with Eclipse as an example for Code of Conduct. Lots of adopters using this - https://www.contributor-covenant.org/ - There was consensus from many in the meeting - KK: Inclusive Language is a technical requirement. - ACTION: Abhishek Pandit <abhishek.pandit(a)arm.com> to reach out Kangkang for a side discussion. - Abhishek: Should this go to vote or just do this? - Julius: who enforces is often changed? - Julius: Just have it so that TSC members make the decisions. - Who decides how to handle it? - Board or TSC. - Needs to come up to Board. - Breaches won’t decide when they happen - Conclusions: Leave as is and sending to enquiries(a)trustedfirmware.org is good for now. - No objections. No vote to occur on this. - KK: Can we load multi-core in Trusted Firmware? TF-A - DavidB: Do that already? Cypress? - DanH/Joakim: TF-A has always been multi-core - Runtime code is multi-core. PSCI Spec describes this. - DanH: It seems that KK is actually talking about the secure world spawning additional threads on other cores when servicing normal world requests. This may require discussion with the Firmware Framework-A spec people at Arm so that the normal world can account for this work.. - ACTION: Joakim to follow up with KK on multiple cores on the Secure World side.

5 years, 1 month

1
0
0 0

Re: [TF-TSC] TSC Agenda 21 Jan 2021

by Dan Handley

Hi all Attached are 3 slides I prepared on the groups.io topic. Regards Dan. From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Abhishek Pandit via TSC Sent: 20 January 2021 19:41 To: tsc(a)lists.trustedfirmware.org Subject: Re: [TF-TSC] TSC Agenda 21 Jan 2021 Updated agenda: * Review community guideline draft - https://developer.trustedfirmware.org/w/collaboration/community_guidelines/ * groups.io update from Dan Handley Thanks, Abhishek From: Abhishek Pandit Sent: 18 January 2021 12:03 To: tsc(a)lists.trustedfirmware.org<mailto:tsc@lists.trustedfirmware.org> Subject: TSC Agenda 21 Jan 2021 Hi All, Any agenda items for this week's meeting? Can I please have responses by the end of Tuesday 19th? Currently on the agenda: * Review community guideline draft - https://developer.trustedfirmware.org/w/collaboration/community_guidelines/ Thanks, Abhishek

5 years, 1 month

1
0
0 0

TSC Agenda 21 Jan 2021

by Abhishek Pandit

Hi All, Any agenda items for this week's meeting? Can I please have responses by the end of Tuesday 19th? Currently on the agenda: * Review community guideline draft - https://developer.trustedfirmware.org/w/collaboration/community_guidelines/ Thanks, Abhishek

5 years, 1 month

1
1
0 0

Re: [TF-TSC] TSC Agenda 21 Jan 2021

by Joakim Bech

Hi, On Tue, 19 Jan 2021 at 23:11, Julius Werner via TSC < tsc(a)lists.trustedfirmware.org> wrote: > Hi Abhishek, > > > Review community guideline draft - > https://developer.trustedfirmware.org/w/collaboration/community_guidelines/ > > Is the intention that we review this draft before the meeting so that > we can discuss it there? Because all I can access is a stub page that > links to two other pages (inclusive language and code of conduct), > both of which I do not have permission to open. Please fix the > permissions on those if they are ready for review. > Same here with the permission and I also wondered the same. Regards, Joakim

5 years, 1 month

2
1
0 0

Re: [TF-TSC] TSC Agenda 21 Jan 2021

by Julius Werner

Hi Abhishek, > Review community guideline draft - https://developer.trustedfirmware.org/w/collaboration/community_guidelines/ Is the intention that we review this draft before the meeting so that we can discuss it there? Because all I can access is a stub page that links to two other pages (inclusive language and code of conduct), both of which I do not have permission to open. Please fix the permissions on those if they are ready for review. Thanks, Julius

5 years, 1 month

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

2019

TSC