Hi All,
I've assumed you are all aware, but just in case, I wanted to invite each
of you to Linaro Virtual Connect next week. Of particular interest will be
the following sessions:
- *Trusted Firmware Project Update* presented by Matteo & Shebu
- *Introducing the Trusted Services Project* by Julian Hall
- *Trust Ain't Easy: Challenges of TEE Security* by Cristofaro Mune &
Niek Timmers
- *ASLR in OP-TEE * by Jens Wilander
- *Firmware Configuration Framework and Chain of Trust in TF-A* by
Madhukar Pappireddy & Manish Badarkhe
- *Firmware update service in TF-M* by Sherry Zhang
- *Firmware Framework - M 1.1 feature update in TF-M* by Ken Liu
- *OP-TEE as a Secure Partition running on SPM using ARMv8.4-A SEL2
feature* by Arunachalam Ganapathy & Jens Wiklander
- *PSA-FF-A compliant Secure User Mode partition support for Arm
platforms* by Sayanta Pattanayak & Aditya Angadi
- *Secure Partition Management in OP-TEE (pre 8.4 Cortex-A devices)*
- by Jelle Sels
- *VIrtualization for OP-TEE *by Volodymyr Babchuk
There's other sessions you may find useful as well so take a look at
the *schedule
here <https://connect.linaro.org/schedule/>*.
Virtual Connect additional notes:
- *Register here <https://connect.linaro.org/>*. It's free, so invite
your co-workers to join as well! :)
- The virtual sessions occur across various time-zones, but all sessions
will be recorded and published shortly after the event for you to be able
to watch later.
Best regards,
Don
-
Hi all
As you will have seen from the cancelled meeting invite, there were no agenda items to discuss this month.
Regards
Dan.
From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Dan Handley via TSC
Sent: 15 March 2021 12:20
To: tsc(a)lists.trustedfirmware.org
Subject: [TF-TSC] TSC agenda 18th March 2021
Hi all
Please let us know if you have any agenda items for this Thursday's TSC meeting?
Regards
Dan.
Hi
Attached is my presentation on FF-A and PSA RoT enablement in OP-TEE.
Let me know any further questions on the topic.
Cheers,
Miklos
From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Don Harbin via TSC
Sent: 01 March 2021 20:54
To: tsc(a)lists.trustedfirmware.org
Subject: [TF-TSC] TrustedFirmware Feb 18 TSC Meeting Minutes
Hi All,
Please find the minutes from the last TSC below.
Attachments to be sent separately.
Best regards,
Don Harbin - sent on behalf of the TSC chair
Attendees: Dave Cocca, Lionel Debieve, Eric Finco, Kangkan Shen, Miklos Balint, David Brown, Kevin Townsend, Abhishek Pandit, Joakim Bech, Don Harbin
Minutes:
* Dan: Groups.io update. David B learned that Zephyr used it, but a different migration source (Google groups). More straightforward than ours. So would expect a rough transition. Could make it work if we started over without promising a seamless migration.
* David B: Adding user names should be straightforward.
* Dan: Yes. Major concerns are live migration to TrustedFirwmare.org domain and archive migration. Three ways to proceed: 1) Manage disruption as we go and hope for the best, 2) Go for a clean setup, 3) Drop for now
* A wider tooling issue for TF.org. Github/Gerrit and things like Slack are under consideration.
* AP: Not sure how much more we should invest on this. If we had a communication channel like Slack, there would be less need for mailing lists.
* DB: Groups.io may also remove ongoing headache from managing mailman.
* Dan/Joakim: Mailman not much of a burden these days.
* DB: Spam rules can cause issues. List clients can often look like spam. Email providers may then start to reject folks on the list. Groups.io would be motivated to fix such things.
* AP: Groups.io not even responding to support queries.
* Dan H: Linaro IT is resistant.If we can’t get them onside then who will push this through?
* Linaro IT is currently managing mailman OK, so should we just leave it?
* JB: Proceed or not?
* DB: Perhaps pursue Slack as chat platform? It’s free if you don’t want history archived. Can be expensive if you need other features as there’s a per-user cost.
* Is Mailman a big issue?
* At this point, not so much.
* AP: Perhaps table this for now and if we decide to move from Phabricator handle this at this time.
* AP: With no volunteers to champion, close this and re-open if something changes.
* Lionel: FF-A coming into OP TEE and PSA certs.
* Miklos: Presented attached FF-A enablement slides
* Eric: How backward compatible are the proposed changes?
* Miklos: They can be made backwards compatible if configured accordingly. Existing services can continue to be supported with GP APIs and new services can use FF-A.
* Joakim: Is FF-A expected to replace GP APIs?
* Miklos: GP is widely used. Both are likely to co-exist. On a particular segment/configuration, one may be more relevant than the other.
<end>
Hi All,
Please find the minutes from the last TSC below.
Attachments to be sent separately.
Best regards,
Don Harbin - sent on behalf of the TSC chair
*Attendees*: Dave Cocca, Lionel Debieve, Eric Finco, Kangkan Shen, Miklos
Balint, David Brown, Kevin Townsend, Abhishek Pandit, Joakim Bech, Don
Harbin
*Minutes*:
-
Dan: Groups.io update. David B learned that Zephyr used it, but a
different migration source (Google groups). More straightforward than
ours. So would expect a rough transition. Could make it work if we started
over without promising a seamless migration.
-
David B: Adding user names should be straightforward.
-
Dan: Yes. Major concerns are live migration to TrustedFirwmare.org
domain and archive migration. Three ways to proceed: 1) Manage
disruption
as we go and hope for the best, 2) Go for a clean setup, 3) Drop for now
-
A wider tooling issue for TF.org. Github/Gerrit and things like
Slack are under consideration.
-
AP: Not sure how much more we should invest on this. If we had a
communication channel like Slack, there would be less need for mailing
lists.
-
DB: Groups.io may also remove ongoing headache from managing mailman.
-
Dan/Joakim: Mailman not much of a burden these days.
-
DB: Spam rules can cause issues. List clients can often look like
spam. Email providers may then start to reject folks on the list.
Groups.io would be motivated to fix such things.
-
AP: Groups.io not even responding to support queries.
-
Dan H: Linaro IT is resistant.If we can’t get them onside then who
will push this through?
-
Linaro IT is currently managing mailman OK, so should we just leave
it?
-
JB: Proceed or not?
-
DB: Perhaps pursue Slack as chat platform? It’s free if you don’t
want history archived. Can be expensive if you need other features as
there’s a per-user cost.
-
Is Mailman a big issue?
-
At this point, not so much.
-
AP: Perhaps table this for now and if we decide to move from
Phabricator handle this at this time.
-
AP: With no volunteers to champion, close this and re-open if
something changes.
-
Lionel: FF-A coming into OP TEE and PSA certs.
-
Miklos: Presented attached FF-A enablement slides
-
Eric: How backward compatible are the proposed changes?
-
Miklos: They can be made backwards compatible if configured
accordingly. Existing services can continue to be supported with GP APIs
and new services can use FF-A.
-
Joakim: Is FF-A expected to replace GP APIs?
-
Miklos: GP is widely used. Both are likely to co-exist. On a
particular segment/configuration, one may be more relevant than the other.
<end>
+Serban who can answer this much better than me.
On Wed, Feb 17, 2021 at 1:53 AM Joakim Bech via TSC
<tsc(a)lists.trustedfirmware.org> wrote:
>
> Hi Abhishek, Julius, TF-reps,
>
> I'd like to better understand what the plan is with Hafnium. What are Google, Arm and TF as a group intending to do with it? I believe it was and still is (?) going to be the reference implementation in S-EL2. But, maybe I'm wrong. But I think I've heard that Google changed the focus wrt secure side. I believe Will Deacon touches this in this talk [1] (although KVM related). As said I could be wrong, but if someone could give an update and clarity to this, it'd be great.
>
> [1] https://youtu.be/wY-u6n75iXc?t=894
>
> Regards,
> Joakim
>
>
> On Tue, 16 Feb 2021 at 00:44, Abhishek Pandit via TSC <tsc(a)lists.trustedfirmware.org> wrote:
>>
>> Hi All,
>>
>>
>>
>> Any agenda items for this week’s meeting?
>>
>>
>>
>> Thanks,
>>
>> Abhishek
>>
>> --
>> TSC mailing list
>> TSC(a)lists.trustedfirmware.org
>> https://lists.trustedfirmware.org/mailman/listinfo/tsc
>
> --
> TSC mailing list
> TSC(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tsc
Hi Abhishek, Julius, TF-reps,
I'd like to better understand what the plan is with Hafnium. What are
Google, Arm and TF as a group intending to do with it? I believe it was and
still is (?) going to be the reference implementation in S-EL2. But, maybe
I'm wrong. But I think I've heard that Google changed the focus wrt secure
side. I believe Will Deacon touches this in this talk [1] (although KVM
related). As said I could be wrong, but if someone could give an update and
clarity to this, it'd be great.
[1] https://youtu.be/wY-u6n75iXc?t=894
Regards,
Joakim
On Tue, 16 Feb 2021 at 00:44, Abhishek Pandit via TSC <
tsc(a)lists.trustedfirmware.org> wrote:
> Hi All,
>
>
>
> Any agenda items for this week’s meeting?
>
>
>
> Thanks,
>
> Abhishek
> --
> TSC mailing list
> TSC(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tsc
>
Hi Don, Kangkang, TSC-reps,
On Tue, 26 Jan 2021 at 00:27, Don Harbin via TSC <
tsc(a)lists.trustedfirmware.org> wrote:
> Hi,
> Please see minutes from last week's TSC below.
> Best regards,
> Don
>
> - Sent on behalf of TSC Chair
>
> *Actions*:
>
> -
>
>
> -
>
> -
>
> ACTION: Joakim to follow up with Kangkang for the use of multiple
> cores on the Secure World side.
>
> I've talked to some people internally regarding this and in addition to
that I've just sent a follow-up email to Kangkang with some clarifications
and some suggestions for a continued discussion. I think we can close this
action (at least for now). We'll bring this up for discussion at TF TSC
later on if/when we have more to discuss.
Regards,
Joakim
Hi,
Please see minutes from last week's TSC below.
Best regards,
Don
- Sent on behalf of TSC Chair
*Attendees*: Don, Dan H, Abhishek, Kevin Oerton, David Brown, Julius
Werner, Andrej Butok, Joakim Bech, KangKang Shen, Dave Cocca, Kevin
Townsend, Michael Thomas
*Actions*:
-
ACTION: DavidB send a note to Brett and ask for details on Groups.io
options. Ask about options
-
-
ACTION: Don to add DavidB to the Groups.io tickets (IT, and Tasks). Done
- ACTION: Abhishek Pandit <abhishek.pandit(a)arm.com> to reach out
Kangkang for a side discussion on exclusive language.
-
ACTION: Joakim to follow up with Kangkang for the use of multiple cores
on the Secure World side.
*Minutes*:
-
AP: Introduce Kevin Oerton. Focus PSA Certs on ST and moving to
Cortex-A. A self-defending security platform. Comes with “Cyber warranty”
model. Incorporated in US, working out of Toronto
-
Brief intros from the rest of the team
-
Kevin Townsend - Linaro LITE
-
Dan H: Arm, TSC rep. TF-A history but interested in lots more.
-
KK: Futurewei. Chief F/W architect at Huawei before splitting out
into Futurewei.
-
David Brown: Linaro - LITE. On Security Working Group but on Linaro
LITE. MCUBoot Maintainer, Security Arch. for Zephyr
-
Dave C: Renesas: Interested in TF-M and M bed TLS to support Micro
Controllers
-
Andrej B: NXP Czech republic. TSA, TF-M, and more. Support 4
platforms w/ SDK with more to come. Still needs to be upstreamed with
limited resources. Plan to bring an intern on board to accelerate
upstreaming.
-
AP: Is Zephyr team working w/ TF-M?
-
AB: No contributions at this time. Not enough resources to support
upstream TF-M, hoping to change that
-
JoakimB: Sweden, Linaro. Started the Security Working Group. Now
transitioned. An OP TEE Maintainer, but no longer reviewing all
patches.
Now focusing on DT, Boot Architecture, Provisioning, and Remote attention
to name a few. Also handles Security Issues. Includes OP-TEE and more.
-
JuliusW: Google on ChromeOS. Using TF-A for 5 years now. Other Google
teams interested in Hafnium
-
MichaelT: Renesas working for Dave Cocca. Focused on Renesas RA
security solutions.
-
Abhishek: Arm, Cambridge. At Arm for 5 years, lead TF-M from the
start. Manage all firmware teams including TF-A, TF-M, and
more. Focus on
all
-
Groups.io status
-
DanH: Started in May that Groups.io started as a good replacement for
Mailman. Approved by the board to move forward. Included
Domain support.
Ended up not getting a non-profit discount. Since November, Don, Linaro
IT, and I have been investigating. Used a Linaro Service Desk ticket.
-
DanH: Linaro IT (Philip) helped a lot with limitations. Migration
not straight forward and getting very limited support
-
DanH: Archive migration may be a blocker. Also how to do the
switchover with blackout periods but not getting support here.
Potentially
could do archive migration later but not sure if this is possible or what
the behavior is when replying to a mail not in groups.io.
-
DavidB: On last point, got this working for Zephyr. Wasn’t very
friendly. Was all settings adjustments that can be overridden per user.
-
DanH: Private groups can’t become public later. Limited support
response but it may be because we are only evaluating (not paid any
money). Linaro IT is not supportive of this so making the transition
harder.
-
DavidB: Has a bulk suggest option where you can email people to ask
them to sign up.
-
Don: How far was zephyr in when the transition happened? How many
lists?
-
DavidB: Came in after and used David as Admin to go fix issues.
-
DavidB: Was this discussed with Zephyr to see how they transitioned.
-
ACTION: DavidB send a note to Brett and ask for details. Ask about
options
-
Joakim: Maintain OP TEE list. Have added spam filters as we have
moved along, but now going pretty well.
-
DavidB: Zephyr uses Groups.io for mailing lists and group calendars.
A calendar is available that works ok. There is a bug on
Daylight Savings
so must use UTC. ~1000 people on the main mailing lists. Mostly was
migrated.
-
Abhishek: Want to transfer Archives, and Groups.io has to do that.
-
DavidB: Do we get that support if enterprise?
-
ACTION: Don to add DavidB to the tickets (IT, and Tasks).
-
Joakim: Have a long list of senders filters; can we re-use this for
other lists? Any automation on that?
-
Abhishek: Inclusive Language / Code of Conduct
-
Abhishek: Shared both Community Guideline and Code of Conduct
-
Abhishek: Text from what was agreed in the email
-
DaveC: Don’t see issues. Like the retrospective comments that don’t
need to go back and correct existing content but only for new comments.
-
Abhishek to send out a note with Deadline.
-
KK: Like Coding Standard but no in Code of Conduct. A technical
requirement when coding. But not a code of conduct
-
Abhishek: That’s in a different location. Started with Eclipse as an
example for Code of Conduct. Lots of adopters using this -
https://www.contributor-covenant.org/
-
There was consensus from many in the meeting
-
KK: Inclusive Language is a technical requirement.
-
ACTION: Abhishek Pandit <abhishek.pandit(a)arm.com> to reach out
Kangkang for a side discussion.
-
Abhishek: Should this go to vote or just do this?
-
Julius: who enforces is often changed?
-
Julius: Just have it so that TSC members make the decisions.
-
Who decides how to handle it?
-
Board or TSC.
-
Needs to come up to Board.
-
Breaches won’t decide when they happen
-
Conclusions: Leave as is and sending to
enquiries(a)trustedfirmware.org is good for now.
-
No objections. No vote to occur on this.
-
KK: Can we load multi-core in Trusted Firmware? TF-A
-
DavidB: Do that already? Cypress?
-
DanH/Joakim: TF-A has always been multi-core
-
Runtime code is multi-core. PSCI Spec describes this.
-
DanH: It seems that KK is actually talking about the secure world
spawning additional threads on other cores when servicing normal world
requests. This may require discussion with the Firmware Framework-A spec
people at Arm so that the normal world can account for this work..
-
ACTION: Joakim to follow up with KK on multiple cores on the Secure
World side.
