Following on the agenda for tomorrow
* TF-M security vulnerability and patch release policy, providing fixes for security issues for past releases. [Dave Cocca]
* optee.org transition to trustedfimrware.org. [Joakim Bech]
* [Tentative] Trusted Services roadmap presentation. I am checking availability within Arm as this is short notice.
Thanks,
Abhishek
From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Abhishek Pandit via TSC
Sent: 13 April 2021 12:21
To: tsc(a)lists.trustedfirmware.org
Subject: [TF-TSC] TSC Agenda 15 Apr 2021
Hi All,
Any agenda items for this week's meeting?
Thanks,
Abhishek
Hi,
On Tue, 13 Apr 2021 at 13:29, Joakim Bech via TSC <
tsc(a)lists.trustedfirmware.org> wrote:
> Hi,
>
> Timely, I had this written in another email :-)
>
> optee.org (on purpose) doesn't contain much information of value. We
> removed duplicated and stale information quite some time ago and now the
> only thing that is really left of value there is the security advisories.
> So, I want to redirect optee.org to trustedfirmware.org/projects/op-tee.
>
> I don't want to get rid of optee.org (and op-tee.org), since there is
> branding value in those. I simply want to remove our current page and
> redirect to TrustedFirmware.org. Redirection is easy, however, we need to
> figure out where to host the security advisories. We could either store
> them directly accessible under a trustedfirmware.org as a sub-page or we
> can put them somewhere under our existing security pages at Phabricator. So
> as a topic for tomorrow, I'd like to hear whether you're against me
> redirecting this and have a discussion about what to do with security
> advisories. Right now OP-TEE and other TF-projects are spread out on
> various sites.
>
> Then with the recent Armv9 announcement, I wonder if we as a group already
> now need to start thinking about what we need to do with the project under
> TF? I would be surprised if we don't have to do anything as a collective
> group.
>
In addition to that, we from Linaro are also interested in the roadmap and
associated timelines for the Trusted Services project. If someone (from Arm
I suppose) has information about that ready to be shared, then that's a
third thing that could be covered on Thursday.
Regards,
Joakim
>
> Regards,
> Joakim
>
>
> On Tue, 13 Apr 2021 at 13:20, Abhishek Pandit via TSC <
> tsc(a)lists.trustedfirmware.org> wrote:
>
>> Hi All,
>>
>>
>>
>> Any agenda items for this week’s meeting?
>>
>>
>>
>> Thanks,
>>
>> Abhishek
>> --
>> TSC mailing list
>> TSC(a)lists.trustedfirmware.org
>> https://lists.trustedfirmware.org/mailman/listinfo/tsc
>>
> --
> TSC mailing list
> TSC(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tsc
>
Hi,
Timely, I had this written in another email :-)
optee.org (on purpose) doesn't contain much information of value. We
removed duplicated and stale information quite some time ago and now the
only thing that is really left of value there is the security advisories.
So, I want to redirect optee.org to trustedfirmware.org/projects/op-tee.
I don't want to get rid of optee.org (and op-tee.org), since there is
branding value in those. I simply want to remove our current page and
redirect to TrustedFirmware.org. Redirection is easy, however, we need to
figure out where to host the security advisories. We could either store
them directly accessible under a trustedfirmware.org as a sub-page or we
can put them somewhere under our existing security pages at Phabricator. So
as a topic for tomorrow, I'd like to hear whether you're against me
redirecting this and have a discussion about what to do with security
advisories. Right now OP-TEE and other TF-projects are spread out on
various sites.
Then with the recent Armv9 announcement, I wonder if we as a group already
now need to start thinking about what we need to do with the project under
TF? I would be surprised if we don't have to do anything as a collective
group.
Regards,
Joakim
On Tue, 13 Apr 2021 at 13:20, Abhishek Pandit via TSC <
tsc(a)lists.trustedfirmware.org> wrote:
> Hi All,
>
>
>
> Any agenda items for this week’s meeting?
>
>
>
> Thanks,
>
> Abhishek
> --
> TSC mailing list
> TSC(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tsc
>
Hi TF Board/TSC
You may have seen the below invite on the TF-A or OP-TEE lists but I'm just forwarding directly in case you missed this. If you have an interest then please contact François-Frédéric directly.
Regards
Dan.
From: François Ozog <francois.ozog(a)linaro.org<mailto:francois.ozog@linaro.org>>
Sent: Thursday, April 8, 2021 12:59 PM
To: TSC <tsc(a)linaro.org<mailto:tsc@linaro.org>>
Subject: Invitation to OP-TEE functional safety workshop
Hi,
Linaro is conducting an opportunity assessment to make OP TEE (open platform trusted execution environment) ready for functional safety sensitive environments.
The scope of this analysis also covers Trusted Firmware and Hafnium even though we will not try to produce a plan for their own safety readiness.
We’re organizing a 2 hours workshop on April 15th 9am CET to present the state of the research, discuss the key use cases, and brainstorm on possible requirements for a Long Term Support program.
The first use case is to use the TEE to boot a safety certified type-1 hypervisor. We are also considering other use cases - for example, a safety payload could be loaded as a Secure Partition on top of Hafnium with OP-TEE or Zephyr used as a device backends.
Agenda (to be refined)
* Vision
* Use cases discussion
* What is the right scope?
State of the research <https://docs.google.com/presentation/u/0/d/1jWqu39gCF-5XzbFkodXsiVNJJLUN88B…>
* “Who does what” discussion (LTS, archiving...)
* Safety personnel (Linaro and contractors) discussion
* Other considerations from participants?
* Community organizations and funding?
* Closing and next steps
(preliminary content can be found in the attached document, the goal will not be to go though all slides but to use them to guide the discussion)
We have contacted key partners in the Arm ecosystem as well as Tier 1 and car makers and we would like to invite you to join our workshop: we would highly appreciate your contribution. If you are interested or if you would recommend anyone from your team, we will be pleased to send a calendar invite with the bridge details.
Looking forward to hearing from you soon
François-Frédéric
--
[https://drive.google.com/a/linaro.org/uc?id=0BxTAygkus3RgQVhuNHMwUi1mYWc&ex…]
François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group
T: +33.67221.6485
francois.ozog(a)linaro.org<mailto:francois.ozog@linaro.org> | Skype: ffozog
I’d also recommend:
· LVC21-303: Secure Partition Manager evolution (Armv8.4 Secure EL2) – on the Hafnium new developments
* LVC21-207: Standard Firmware Updates on Arm
* LVC21-315: Measured Boot Support in Trusted Firmware A class (TF-A) project
Lots of firmware related talks this time!!
Matteo
From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Don Harbin via TSC
Sent: 20 March 2021 00:42
To: board(a)lists.trustedfirmware.org; tsc(a)lists.trustedfirmware.org
Subject: [TF-TSC] Linaro Virtual Connect next week
Hi All,
I've assumed you are all aware, but just in case, I wanted to invite each of you to Linaro Virtual Connect next week. Of particular interest will be the following sessions:
* Trusted Firmware Project Update presented by Matteo & Shebu
* Introducing the Trusted Services Project by Julian Hall
* Trust Ain't Easy: Challenges of TEE Security by Cristofaro Mune & Niek Timmers
* ASLR in OP-TEE by Jens Wilander
* Firmware Configuration Framework and Chain of Trust in TF-A by Madhukar Pappireddy & Manish Badarkhe
* Firmware update service in TF-M by Sherry Zhang
* Firmware Framework - M 1.1 feature update in TF-M by Ken Liu
* OP-TEE as a Secure Partition running on SPM using ARMv8.4-A SEL2 feature by Arunachalam Ganapathy & Jens Wiklander
· PSA-FF-A compliant Secure User Mode partition support for Arm platforms by Sayanta Pattanayak & Aditya Angadi
· Secure Partition Management in OP-TEE (pre 8.4 Cortex-A devices)
* by Jelle Sels
* VIrtualization for OP-TEE by Volodymyr Babchuk
There's other sessions you may find useful as well so take a look at the schedule here<https://connect.linaro.org/schedule/>.
Virtual Connect additional notes:
* Register here<https://connect.linaro.org/>. It's free, so invite your co-workers to join as well! :)
* The virtual sessions occur across various time-zones, but all sessions will be recorded and published shortly after the event for you to be able to watch later.
Best regards,
Don
*
Hi All,
I've assumed you are all aware, but just in case, I wanted to invite each
of you to Linaro Virtual Connect next week. Of particular interest will be
the following sessions:
- *Trusted Firmware Project Update* presented by Matteo & Shebu
- *Introducing the Trusted Services Project* by Julian Hall
- *Trust Ain't Easy: Challenges of TEE Security* by Cristofaro Mune &
Niek Timmers
- *ASLR in OP-TEE * by Jens Wilander
- *Firmware Configuration Framework and Chain of Trust in TF-A* by
Madhukar Pappireddy & Manish Badarkhe
- *Firmware update service in TF-M* by Sherry Zhang
- *Firmware Framework - M 1.1 feature update in TF-M* by Ken Liu
- *OP-TEE as a Secure Partition running on SPM using ARMv8.4-A SEL2
feature* by Arunachalam Ganapathy & Jens Wiklander
- *PSA-FF-A compliant Secure User Mode partition support for Arm
platforms* by Sayanta Pattanayak & Aditya Angadi
- *Secure Partition Management in OP-TEE (pre 8.4 Cortex-A devices)*
- by Jelle Sels
- *VIrtualization for OP-TEE *by Volodymyr Babchuk
There's other sessions you may find useful as well so take a look at
the *schedule
here <https://connect.linaro.org/schedule/>*.
Virtual Connect additional notes:
- *Register here <https://connect.linaro.org/>*. It's free, so invite
your co-workers to join as well! :)
- The virtual sessions occur across various time-zones, but all sessions
will be recorded and published shortly after the event for you to be able
to watch later.
Best regards,
Don
-
Hi all
As you will have seen from the cancelled meeting invite, there were no agenda items to discuss this month.
Regards
Dan.
From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Dan Handley via TSC
Sent: 15 March 2021 12:20
To: tsc(a)lists.trustedfirmware.org
Subject: [TF-TSC] TSC agenda 18th March 2021
Hi all
Please let us know if you have any agenda items for this Thursday's TSC meeting?
Regards
Dan.
Hi
Attached is my presentation on FF-A and PSA RoT enablement in OP-TEE.
Let me know any further questions on the topic.
Cheers,
Miklos
From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Don Harbin via TSC
Sent: 01 March 2021 20:54
To: tsc(a)lists.trustedfirmware.org
Subject: [TF-TSC] TrustedFirmware Feb 18 TSC Meeting Minutes
Hi All,
Please find the minutes from the last TSC below.
Attachments to be sent separately.
Best regards,
Don Harbin - sent on behalf of the TSC chair
Attendees: Dave Cocca, Lionel Debieve, Eric Finco, Kangkan Shen, Miklos Balint, David Brown, Kevin Townsend, Abhishek Pandit, Joakim Bech, Don Harbin
Minutes:
* Dan: Groups.io update. David B learned that Zephyr used it, but a different migration source (Google groups). More straightforward than ours. So would expect a rough transition. Could make it work if we started over without promising a seamless migration.
* David B: Adding user names should be straightforward.
* Dan: Yes. Major concerns are live migration to TrustedFirwmare.org domain and archive migration. Three ways to proceed: 1) Manage disruption as we go and hope for the best, 2) Go for a clean setup, 3) Drop for now
* A wider tooling issue for TF.org. Github/Gerrit and things like Slack are under consideration.
* AP: Not sure how much more we should invest on this. If we had a communication channel like Slack, there would be less need for mailing lists.
* DB: Groups.io may also remove ongoing headache from managing mailman.
* Dan/Joakim: Mailman not much of a burden these days.
* DB: Spam rules can cause issues. List clients can often look like spam. Email providers may then start to reject folks on the list. Groups.io would be motivated to fix such things.
* AP: Groups.io not even responding to support queries.
* Dan H: Linaro IT is resistant.If we can’t get them onside then who will push this through?
* Linaro IT is currently managing mailman OK, so should we just leave it?
* JB: Proceed or not?
* DB: Perhaps pursue Slack as chat platform? It’s free if you don’t want history archived. Can be expensive if you need other features as there’s a per-user cost.
* Is Mailman a big issue?
* At this point, not so much.
* AP: Perhaps table this for now and if we decide to move from Phabricator handle this at this time.
* AP: With no volunteers to champion, close this and re-open if something changes.
* Lionel: FF-A coming into OP TEE and PSA certs.
* Miklos: Presented attached FF-A enablement slides
* Eric: How backward compatible are the proposed changes?
* Miklos: They can be made backwards compatible if configured accordingly. Existing services can continue to be supported with GP APIs and new services can use FF-A.
* Joakim: Is FF-A expected to replace GP APIs?
* Miklos: GP is widely used. Both are likely to co-exist. On a particular segment/configuration, one may be more relevant than the other.
<end>
