Hi All,
Please find the minutes to the Sept 15 TSC.
Best regards,
Don - sent on behalf of the TSC co-chairs
======================================
Attnedees: David Brown (Linaro), Thomas Sanderson (Infineon), Kevin
Townsend (Linaro), Lionel D (ST), Eric Finco (ST), Andrej Butok (NXP), Dan
H (Arm), Antonio (Arm), Bill Peckham (Google), Kevin Oerton (NXM.Labs),
Julius Werner (Google), Okash (Google), Matteo (Arm)
Agenda items:
* LTS
* RMM
* FW handoff spec
Recurring:
* OpenCI update won't be held as Glen/Don are not available today. See
backup in the redacted board slides sent out by Don for Open CI monthly
update.
LTS sum-up from board meeting
* until we start, it's hard to gain momentum and hard to estimate costs in
advance.
* TF.org to evaluate direct funding but only from the next financial year
* Proposal: share the burden for 1 LTS release to be maintained for at
least one year. To evaluate the effort, gather data, see how it goes,
evaluate the engagement, and then have data to propose to the board for
long term funding. Share the burden between companies interested.
* Question: which platforms are tested and supported? The baseline is the
one tested by the official TF-A releases, with those platforms available in
the OpenCI
* Board requests to carefully iron out the messaging to be shared with the
community around the announce of the LTS so that expectations are clear in
the community
* Tech-wise, the proposal does not seem to have any objection so this is
mostly around funding/maintainership topics at the moment
* Companies interested are now to meet and agree next steps
TF-RMM component
* Upstreaming expected November 2022. Plans on integrating TF-RMM in the
OpenCI in the longer term as well.
Is the code already visible? It's still private. Arm Architecture group
has some private prototype that was shared with some partners under NDA.
But different significantly from what we're planning to upstream.
* Is it completely separate or depends on other TF.org projects? It's
coupled with TF-A in the same way as Hafnium is. It implements RMM
specification, so Linux and KVM and other clients they need to support the
same version of the spec of RMM to be compatible
Is the KVM counterpart of RMM going to be upstreamed? Yes, but Arm not
the maintainer so actual upstreaming will take longer as Arm does not
maintain those projects. But there will be public branches with these
changes in the meantime
* KVM, EDK2, etc altogether available in November, they will follow their
own destiny in each project.
Is there a plan-B if upstream does not accept them? There is the risk but
hopefully we will try to minimize and does not come to upstream maintainers
as a surprise (discussions under NDA for years already with non-Arm
maintainers). It does not mean it will be quick and easy but confident that
it will happen. For example one particular concern is the major work going
on in Android pKVM. Might risk some conflicts that slow down upstreaming
FW Handoff spec
* Several discussions around this happened so far. A number of interested
parties (e.g. uboot). Quite difficult to accommodate all requirements from
different parties. This is a tentative to summarise and centralise the
discussion so far to foster further collaboration and evolution of the
spec. We start on TF.org then we will re-assess if this the best place (or
needs to be moved to GitHub or other places).
* Contribution model: similar to other projects but with indepedent
maintainers, no strong links to other projects
* Creative commons license as it's more user friendly.
* Unless a big objection this is what is going to happen in the next weeks
* Is the format not pinned to devicetree? The spec just talks about
container format, the actual data can have different practical formats. It
tends to accommodate different implementation details. It's more focused on
the information itself rather than formats to organize this information
(i.e. registers to use, etc). It's quite a simple spec
* The spec will allow to specify different formats for the practical
structures that hold the information
Are there plans to add also tftf-tests for RMM? Yes there are some
additional tests that will be upstreamed.
* There are some changes in TF-A for example that are already happening
upstream in preparation for November 2022
Agenda items finished, no further objections.
Discussion about what will happen in subsequent meetings.
1. Roadmap sharing: Start again with TF-M (action item: inform Shebu and
invite for October (last presentation was in February)
2. Members inform about their usage (e.g. Kevin from NXM did very good
presentation last round) of TF.org projects, we believe it can be
beneficial for the community. Call to major partners in the call if there
is something you might be considering.
TSC interested especially in hearing about any particular challenge that
you need to overcome to use the projects commercially, any
suggestions/lesson learnt that can benefit the different projects in terms
of technical direction. Not necessarily to public TSC, can be a members
only TSC (and share public/open info only)
Feel free to reach out (directly to us in private if not comfortable)
STM: We can do that for some of the projects of TF.org (what we use).
Some direction, what we think it's difficult, what can be changed in terms
of direction.
Is there anything else members would like to have in future TSC?
No particular feedback.
Last clarification about the structure of mailing lists. TSC-Private is the
members only invited to the meeting.
TSC is for public attendance (no filter). Don has re-organized recently so
hopefully minutes of meetings will have been correctly archived in the list
manager now.
No particular other business, meeting close.
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended
recipient, please notify the sender immediately and do not disclose the
contents to any other person, use it for any purpose, or store or copy the
information in any medium. Thank you.
Hi All,
As I was doing some updates, I realized that the TF TSC maillists were out
of date. We also haven't been sending minutes to the list for archival
purposes. To that end, please see below:
- There are 2 maillists for the TSC.
- *tsc-private*: For the official TSC reps
- *tsc*: Includes the folks in *tsc-private* plus additional
developers interested in tracking the TSC activities.
- We've been sending TSC minutes to individuals in the TSC calendar
invite. I plan to change this so that the minutes are sent to TSC list to
be correctly archived.
- I've just updated both lists to represent what I believe is
correct. If you see anyone I've missed or other errors, please send me a
note and I'll correct. If a communication is for TSC Member Reps only,
please use TSC-private.
- Moving forward, we will send TSC Meeting minutes to the TSC maillist
to include the wider distribution..
- I plan to keep the invite to the meeting as-is with invites going out
to individuals.
Please review the snapshots of each list below and let me know if I've
missed anyone on your teams.
Thanks for your support/feedback in cleaning up,
Don
[image: TSC-private.png]
[image: TSC maillist.png]
Hi all
Please let me know if you have any topics for the TSC on Thursday. I won't be present at the meeting so Antonio will chair. I have the following topics so far:
* LTS discussion (see mailing list thread<https://lists.trustedfirmware.org/archives/list/tsc@lists.trustedfirmware.o…>) - Okash
* Hosting the firmware hand-off spec at tf.org (see TF-A mailing list thread<https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.…>). If no-one is comfortable leading this, I can do it next month.
Given it's holiday/vacation season, It would be helpful if you can let Don/Antonio know if you will be attending.
Regards
Dan.
Hi all,
Next TSC meeting is scheduled for Thursday 2022-07-21 9 AM PST. The only (tentative) item we have so far in agenda is:
1. Introduction to PSA FW handoff spec on TF.org (15 minutes)
This is the same discussion which happened in the last board meeting, and we could replicate it for TSC in case there are any TSC attendees who missed the board meeting.
To avoid replicating the presentation un-necessarily though, I would kindly ask you to confirm if you are interested in having this item discussed on the next TSC by replying to this email or directly to me in private by Wednesday 20th .
If I don't receive any reply for this (or for any other business you might want to discuss), I will cancel the upcoming TSC meeting.
Thanks,
Antonio
Hi All,
FYI, the Call For Participation(CFP) deadline for this year's OSFC in
Sweden is very near. If you or others on your team are interested,
the proposal
submission page is here <https://talks.osfc.io/osfc2022/cfp>.
The in-person conference is scheduled for mid-September.
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
Hi All,
The CFP deadline for Arm Dev summit is in a couple days- Thursday 23 June.
I realize this is last minute, but still wanted to make sure you were all
aware in case you had a topic to present.
Here is the link to submit
<https://devsummit.arm.com/flow/arm/devsummit22/cfpinfo/page/details>,
Best regards,
Don
Attendees:
Glen Valante (Linaro)
Antonio de Angelis (Arm)
Matteo Carlini (Arm)
Kangkang Shen (FutureWei)
Andrej Butok (NXP)
Dan Handley (Arm)
Julius Werner (Google)
Bill Peckham (Google)
Kevin Oerton (NXM LABS)
Brandon Hussey (Renesas)
Eric Finco (STMicroelectronics)
Meeting start, Dan introduces.
- [Matteo] First we'll talk about CCA - same presentation already given to the board.
- Don't share roadmap slides normally, but we are not going to talk about anything confidential information anyway. We'll cover where we are and where we're going with the CCA architecture.
- Realm Management Extension (RME) in v9 - realm world is distrustful wrt NS and S, EL3 becomes the Root World. This is the Arm way of doing confidential compute, a well-known practice in the industry.
- Changes relating to RMI interfaces already happening in TF-A latest release. There will be changes in Linux kernel, in EDKII as the reference implementation of UEFI; focus on infrastructure systems first.
- TF-RMM will be our implementation of Realm Management Monitor software component: it will be a new project part of the TF.org family; already introduced to the board
- Outside of the application processor: RSS (runtime security subsystem) firmware will be upstreamed to TF-M project
- RSS is the HW root of trust that implements the HES (Hardware Enforced Security) requirements of the Arm CCA Security Model.
- RSS is going to appear on mobile client platform first (it will be enabled on its own without the rest of HES/CCA)
- [Kangkang]: We looked at CCA, 100% full implementation might be taking a long time. Stages and status of different software components?
- [Matteo] I will describe the various components and how we will start to demonstrate some of the components on a fast model platform soon.
- RME EL3 implementation first appeared in TF-Av2.6
- Specification will be public and published around end of June on developer.arm.com - if delay, beginning July
- [Dan]: This means the RMM spec for SW (the architecture specs are already out)
- [Matteo] All components and interfaces must be aligned towards the same interface version - currently non-public alpha, so that when beta goes public realigned work is needed
- (4-5 upstream components aligned against the public beta released spec)
- The timeline is roughly H2 2022 (CY22Q4 for upstreaming to start) kernel/kvm, edk2, rmm in tf-org]
- Quality level still not finalised (0.1, or better)
- Hafnium/TF-A EL3/TF-RMM will need to be aligned to be able to communicate
- Spec will be EAC end 22 beginning 23 - will need to realign components against EAC then
- In H2 2023 advanced 1.x features of the spec will start to be implemented
- [Kangkang]: Remember our experience in TrustZone, implementing Secure World (EL3), Trusted OS and secure applications one at a time.
- Why do you focus on the complete set of components instead of just picking a single use case / component and expand gradually on this?
- CCA looks like all components are planned and need to work together and be aligned and implemented. Why not just start with simple use case (CCA application) and then expand?
- [Matteo]: It's the architecture itself that has such extensive requirements. It's already an MVP. Very basic use case. You can't go simpler than this.
- [Matteo] You need to have several components in place otherwise it won't work, but we're just giving basic building blocks without trying to overstretch.
- [Dan]: Agree, it's a lot of components, but they are all needed for the key initial use-case: Boot guest VM from encrypted disk into a realm protected from host access.
- [Kangkang]: it's important to demonstrate how to use as soon as possible. Showing the full picture but implemented gradually
- [Matteo]: RME extension is available on latest publicly accessible architectural model (Base FVP) - allows you to play with these features.
- Qemu work ongoing (towards the end of the year). Emulation functionality is being assessed by virtualisation team of Linaro.
- Arm will provide publicly available solution FVPs, containing all System IP (CPU, GIC, interconnect, GPU for mobile for example)
- Infrastructure FVP will contain all IPs needed to demonstrate CCA.
- [Glen]: OpenCI status update; this has been moved from board to TSC to reduce technical details shared in board meeting.
- Boards going into lava lab. Rack still being built to add more boards; ST boards going in next week or two.
- After that it's Renesas, although still waiting on Renesas on the availability of the SW.
- Board meeting required to discuss other boards that need to be made available.
- [Eric]: as we discussed: additional candidate board coming from ST but no pressure. Any timing?
- [Glen] From a Sw point of view we're almost ready; but need to check latest readiness internally. Glen on standby for updated timeline to plan accordingly.
- Mbed TLS in openCI:. Some stability issues with Windows, need to upgrade the CI platform - will allow stability and performance increase
- PSA ACK tests enabled, but still have failures. Working with Arm to fix them.
- Code coverage: going through docs and code coverage reports to have source links (got completed last week)
- Will do MISRA enablement after code coverage and PSA ACK tests. Starting with TF-A. Create a series of milestones and estimates. Published plan and resourcing.
- Having biweekly meetings -> maybe going to weekly to keep up the pace.
- Getting licensing in place now. Discussions and emails ongoing for licensing infrastructure. Several weeks work for that before prototyping can start in staging.
- Then onto production. Several issues closed/fixed.
- [Dan]: Is the resource/plan public? I did not see numbers.
- [Glen]: Updated the plan two days ago with resource, check again. TFC-10 contains actual work tasks and first two milestones.
- [Dan] Is this waiting for review and approval?
- [Glen] Already reviewed from Arm and Linaro.
- [Dan]: What's the status of the ticket for read only mirrors on GitHub?
- [Glen]: need to check offline.
- [Dan]: The plan going forward is for OpenCI details to be in TSC and feedback from TSC back to board. Is there any feedback for the board yet? Anything offline is fine as well.
- [Dan]: Next time would be good to focus on what are the big things in the backlog, what are the next important things planned, etc (i.e. 6 months medium term roadmap).
- [Glen]: we presented that detail to the board meeting. will move from the board meeting to the TSC meeting next time.
- Any questions / AOB?
- None. Meeting end.
Hi all
We have these topics so far for the TSC meeting tomorrow. Please let me know if you have any more.
* Arm CCA roadmap update
* Open CI update
(Note, there is a plan to discuss the LTS topic in the TF-A and TF-M tech forums so I didn't put this as an agenda item here, but we can discuss this needed).
Regards
Dan.
