Hi all
Below are the minutes for last week's meeting (thanks to Antonio).
Regards
Dan.
=====
Shebu Varghese Kuriakose (Arm)
Dan Handley (Arm)
Antonio De Angelis (Arm)
Joanna Farley (Arm)
Pierre-Julien Bringer (ProvenRun)
Camille Greusard (ProvenRun)
Julius Werner (Google)
Moritz Fischer (Google)
Jidong Sun (Google)
KangKang Shen (FutureWei)
Eric Finco (ST)
Frank Audun (Nordic)
Andrej Butok (NXP)
Silvano Di Ninno (NXP)
David Brown (Linaro)
Dan: Welcome to Jidong (new Google rep, replacing Okash) and new members ProvenRun (Pierre-Julien and Camille)
Dan: Starting a new round of roadmap updates, starting with TF-M
Shebu presented TF-M roadmap (attached)
Shebu: Achievements of tf-m 2.0.0:
* Reduction in size for ECDSA using P256M
* Usage of split-build
* New mailbox non-secure agent api
* Non-secure interrupt latency for isolation level > 1
Shebu: Introduction and planning for LTS
* Previous plan was do first LTS in Jan. New plan is April
Shebu: Work continues on Hybrid Platforms
Shebu: TLS connection use case
* Realigning the full headers mainly
Shebu: Impact of LTS on PSA Certified.
* LTS released every 18 months and supported for 36 months. Bug fixes and security fixes backported.
* This will be delta evaluations for the PSA labs, and this will allow partners to keep certification on that branch
Shebu: Platform ports will be allowed on this LTS Branch when those happen
Eric: Sounds good. Will Mbed TLS will move to a similar cadence?
Shebu: Yes. Mbed TLS has had LTS for a long time, but now it's moving to 3 year support, which aligns with TF-M.
Shebu: Will have a new one every 18months (lifetime 3 years).
Dan: Also welcome to Frank, the new rep from Nordic...
Frank: Is there a lead time on the PSA labs to allow such cadence?
Shebu: Important consideration. If there's an external vulnerability, we might not be in control of public disclosure.
Shebu: TF.org security incident process will follow its own process. TF-M will push out it's fix as soon as it can. Trusted Stakeholders will get the fix under embargo.
Shebu: Not necessarily aligned with Trusted Lab release schedule.
Shebu: We have been clear with PSA certified program, but currently there is no guarantee on time needed for the new release to be validated before the vulnerability goes public.
Frank: I'm less concerned about security handling. More that companies might ask the same service from the same company at the same time.
Shebu: TrustCB have been very engaged with the process. You're right this is a concern.
Shebu: But it's not a separate process that everybody has to do when there's a new release. All can benefit from the same handling.
Shebu: PSA labs can share reports generated by other labs so easing the pressure around recertification for platforms
Shebu: If it's a generic fix, it will get applied to all platforms.
Frank: Good, there's some sharing of effort.
Shebu: In next release can move from RSA to ECDSA
* Blocked on moving to this lightweight PSA crypto layer.
Antonio: Looks like it will be in TF-M 2.1
Shebu: Are we expecting some mem size reduction?
Antonio: At least the same size or lower.
Eric: Will Cryptocell refactoring be done without breaking compatibility?
Shebu: Yes, we already moved to PSA Crypto interface before so this is just changing things underneath
Shebu: Enabling TF-M on RSE (formally known as RSS) is not shown on the roadmap
* RSE is firmware for a complete secure enclave. RSE has been presented in one of the previous TF-M tech forums
ProvenRun introduction (Camille):
* We're a French company providing security services. e.g. for Defence, IoT, ...
* Providers of secure operating systems for Cortex-M.
* Currently we integrate TF-M partitions from the upstream repository. This solution is currently delivered to STM (using our own SPM + TF-M partitions).
* Compatibility with official TF-M is important
* We're interested in technical subjects and future developments. Happy with the TF-M presentation contents just showed
* Interested in TF-M community and being a contributor in future.
* Do not hesitate to get in touch. Either Camille or Pierre-Julien will attend this TSC
Shebu: On the A profile, is that a trusted execution environment or a trusted operating system?
Camille: Just M-profile, it was a misunderstanding earlier.
Frank also briefly introduced Nordic/himself:
Frank: Nordic started on tiny ASICs. Now have more and more complex devices.
* Interested in MbedTLS, MCUBoot, TF-M, Zephyr
* Managed to get optimised signature verification working in products
* Very open source oriented.
Dan: Silvano is also new to the TSC
Silvano: Just filling in for Ruchika this time.
Dan gave a Phabricator migration update (Dan)
* Migration going well.
* Just TF-A and Mbed TLS project pages remaining.
* Created https://github.com/TrustedFirmware/tf_docs rendered in readthedocs for generic content like the Security Center.
* Hope to complete before end of Q1 so we can retire Phabricator (https://developer.trustedfirmware.org/)
Dear all,
we have just realized that there has been an issue with the meeting invite series for the TSC meeting. There should have been a TSC meeting today but it got cancelled by mistake. We are looking to reschedule it for next week (25th January 2024), and then we will re-instate the normal meeting series from February onwards. Will send meeting invites again later today.
Apologies for the inconvenience and for the short notice.
Thanks,
Antonio
Hi all
Please let me know if you have any topics for this Thursday's meeting. So far I have:
* New member ProvenRun introduction
* Misc updates (Phabricator migration, alternate Gerrit login mechanism).
Also, please let me know if you intend to join or not, given we are heading into holiday season. I'm sure if we will have a quorum.
Regards
Dan.
Hi All,
Please find the minutes below and Julianus' deck attached.
Best regards,
Don - Send on behalf of the TSC co-chairs
Attendees: Don, Julianus(Linaro), Dan Handley(Arm), Alanksha Jain(Arm),
Antonio De Angelis(Arm), David Brown(Linaro), Domini Ermel(Nordic), Joakim
Andersson(Nordic), Joanna Farley(Arm), Julius Werner(Google),
Kangkang(Futurewei), Eric Finco (ST)
Minutes:
Julianus reviewed the OP TEE summary slides of recent deliveries and the OP
TEE roadmap. Slides attached.
Is Linaro contributing to FFA enhancements? Not sure, just have the status
of what’s been done for this meeting.
Can we share the content? Yes, it will be in attached when the minutes go
out.
Alanksha noted this info is useful for when she prepares plans for the Arm
side roadmaps they can align theirs with this.
Dan: Board meeting - security.txt file from Board Meeting.
Securitytxt.org <https://securitytxt.org/>
Considering integrating into TrustedFirwmare.org
Also need to move the security pages from Phabricator.
Kangkang: Is this the way to report published security issues?
It’s intended for people who find problems, and can’t find the right place
to securely publish issues.
This just publishes the policy, not the vulnerabilities. A Security team
is in place to handle the embargoed reported issues. They handle vendor
notifications at correct times.
This consolidates in standard format / place. The TF Policy is here:
https://developer.trustedfirmware.org/w/collaboration/security_center/repor…
Present:
Dan Handley (Arm)
Antonio De Angelis (Arm)
Akanksha Jain (Arm)
Joanna Farley (Arm)
Olivier Deprez (Arm)
Matteo Carlini (Arm)
Eric Finco (ST)
Lionel Debieve (ST)
Moritz Fischer (Google)
Joakim Andersson (Nordic)
Dominik Ermel (Nordic)
David Brown (Linaro)
Ruchika Gupta (NXP)
Dan: This is the first time Akanksha joins this call
Dan: She a tech manager in Arm taking over from Matteo looking after roadmaps for Trusted Services and TF-A
Dan: No other topics but there will be some AOB later
Akanksha: Introduction (TF-A, Trusted Services and other A-class firmware are bundled now)
Akanksha: Description of deltas since last roadmap presentation that was a few quarters ago
Akanksha: TF v2.9 highlight: TF.org OpenCI, several improvements around Realms, Mbed TLS upgrades, additional platforms, EL3 arch feature enablement, CCA support to BET0 alignment
Akanksha: CCA upstream alignment describes the next steps for the RMM component mainly and Kernel and EDK II components
Dan: The CCA roadmap is a bit out of date. A few items in H1 are still ongoing in H2. Hope soon we can expand on what we're doing in 2024.
Dan: We should get RMM spec EAC5 aligned components into TF-A v2.10 release (backup plan is EAC2 components).
Akanksha: Recent Linaro presentations as additional resources on these topics are available in the slide deck
Akanksha: Trusted Services + OPTEE roadmap is shown as well
Eric: What's behind the requirement for Yocto support (TS roadmap)? Why are there 2 slots for that in roadmap?
Akanksha: Has been deprioritized in favour of platform support. It's going to happen but at a slower pace.
Akanksha: Not sure why it appears twice. We'll take that offline and respond later.
Akanksha: Getting ready for next releases (both normal and LTS) in 2024
Akanksha: Recap on LTS timelines -> requires strong partner support to make sure the branches get the proper support
Matteo: On the LTS side, this was mentioned at board meeting this week.
Matteo: Board says LTS OpenCI work to be in top 3 priority items
Matteo: But maintainers need to be prompt in opening these tickets
Matteo: Board asking for effort estimation on current LTS. Will report to TSC too.
Matteo: Can take figure for Arm make prediction of other companies' effort
Dan: I will ask Ilias (or someone in Linaro) for update on TS integration (e.g. FWU support) next month along with OP-TEE roadmap
Dan: Mbed TLS licensing was mentioned in redacted board slides
Dan: Plan is to re-introduce dual licensing (Apache-2.0 AND GPL-2.0-or-later)
Dan: Fortunately, can do this as we never changed the inbound license
Dan: Plan previously was to drop GPL support but this is needed for U-Boot to integrate Mbed TLS
Dan: Have now given all interested parties an opportunity to comment
Dan: Just awaiting final Arm legal approval then we'll do this
Dan: Migration of Phabricator is ongoing;
Dan: Now GitHub mirrors of all projects are available, can take advantage of tools there (e.g. issue tracking).
Dan: For consistency we want to use readthedocs for wiki content
Dan: Once done we can remove Phabricator
Hi All,
Please find redacted Board Slides from yesterday's meeting for reference.
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
Attendees:
Dan Handley (Arm)
Antonio De Angelis (Arm)
Shebu Varghese Kuriakose (Arm)
Moritz Fisher (Google)
Julius Werner (Google)
Joakim Andersson (Nordic)
KangKang Shen (FutureWei)
Andrej Butok (NXP)
Ruchika Gupta (NXP)
(Linaro not available due to internal offsite meeting)
* Dan: No roadmap updates this month due to unavailability of Linaro and Arm technology manager
* Dan: Expecting combined TF-A + Trusted Services roadmap next month. OP-TEE roadmap is also due.
* Dan: Don wanted to raise again the risk of Phabricator being deprecated (that we use for wiki content)
* Dan: It's not getting security updates and we have had issues with rogue accounts being created
* Dan: Now the task to create GitHub mirrors for all projects (https://linaro.atlassian.net/browse/TFC-247) is mostly complete, we can progress with migrating wiki content there
* Dan: Propose that we ping maintainers to start migrating project information. Can also directly migrate generic content (e.g. community pages).
(No objections)
Action: Dan and Antonio to ping maintainers to start migrating project information. Also directly migrate generic content (e.g. community pages).
Shebu presented attached slides on TF-M LTS proposal.
* AndreJ: TF-M has a dependency on MCUBoot and MBedTLS. Will they have the same LTS policy?
* Shebu: Yes, Mbed TLS has similar LTS schedule that is proposed for TF-M (2 concurrent LTS, each with 3-year lifetime). Slide 6 shows integration plan.
* We thought about doing this for MCUBoot too but as it is a small project, we think we can live with backporting security fixes as required. No plans currently.
* Dan: So, no releases from main branch? Why not?
* Shebu: Such releases wouldn't be usable for PSA certification.
* Shebu: This would save effort, which could be used for LTS maintenance instead
* Shebu: One possible use-case is for RSS releases.
* Shebu: One consequence is that users would have to wait for the next LTS to get latest features in a release (up to 18 months)
* Shebu: Expect that we'll need to backport new platform ports to LTS branches
* Shebu: Platforms can't wait until next LTS release.
* Ruchika: I also think main branch releases would be good as not everyone will be consuming LTS. 18 month wait could be too long.
* Ruchika: Would help platforms that don't need certification but do need new features.
* Shebu: We would need to work out how we could resource main branch releases. Probably wouldn't have the same level of support as LTS releases.
* Shebu: We'll need help from TF-M users using PSA Certified to resource the LTS releases
* Shebu: Going to present this in TF-M Tech forum.
* Shebu: Have already mentioned it to the TF.org board.
* Shebu: This is only tentative until we get approval from certification lab
* Shebu: Need to know from members if this will break their distribution model somehow
* Dan: So the plan is to get feedback from the lab and members, then go to the TF-M tech forum?
* Shebu: Yes.
