Hi all
We have these topics so far for the TSC meeting tomorrow. Please let me know if you have any more.
* Combined OP-TEE and Trusted Services roadmaps (Julianus and Shebu)
* Open CI Update
* Discussion on whether this should be a recurring topic
* Discussion on what board info should be shared with TSC
Regards
Dan.
Hi,
Please find Apr 21 minutes below:
Thanks - Sent on behalf of the TSC co-chairs
Don
Attendees: Kevin Oerton(NXM), David Brown(Linaro), Kangkang
Shen(Futurewei), Julius Werner(Google), Andrej Butok(NXP), Dan
Handley(Arm), Okash(Google)
Minutes:
-
TF-A Roadmap update: Matteo
-
Walked thru roadmap page
-
https://developer.trustedfirmware.org/w/tf_a/roadmap/
-
Don: Can be found from the https://www.trustedfirmware.org/faq/
page as well.
-
Plan to keep this page up-to-date
-
Note the in-development section that shares active engineering
activities.
-
Okash: Heard there was a push to make Hafnium compulsory. Is the EL3
SPMC a stop gap?
-
Matteo: Depends on use cases for TZ enablement. Google not
mandating FF-A to the best of my knowledge. From Arm POV, if
you want to
isolate the normal world from malicious TAs/TEEs, Arm recommends using
Hafnium Secure-EL2 reference.
-
Okash: S-EL2 adds code/architecture complexity. Need an IOMMU that
supports S-EL2. Must look at tradeoffs. If OEMs want other
secure VMs, I
can see the advantage. Would all vendors want this? Is there
an option not
to use this (secure EL2) solution?
-
Matteo: Yes, TF-A doesn’t impose mandatory Hafnium usage. Can
still use other SPM configs. From an upstream POV, there’s a
limit to the
long-term support for all the different configs. We can’t
promise that EL3
SPMC will still be supported upstream in 2-3 years (though it
can still be
used downstream).
-
DanH: If there’s partner demand for long term support of the EL3
SPMC, we’re open to other non-Arm maintainers helping out.
-
Okash: Deprecating EL3 SPMC would send the message that Arm thinks
partners should move to Hafnium (S-EL2). Not deprecating
implies partners
can choose.
-
Matteo: Some components in TF-A aren’t maintained by Arm.
-
Okash: Any discussions on long-term LTS releases?
-
Matteo: Has been discussed in the past, also in a previous tech
forum. This lost traction, but a recent security issue
(Spectre-BHB) has
brought it back. Arm isn’t in a position to maintain it
ourselves. We can
discuss lighter options, like hotfix releases to most recent tagged
release, as recently added to TF-M. Could do similar in TF-A.
Must consider
the cost of various options..
-
Okash: Can look at the phone ecosystem as an example starting
point for what is required. Could provide a rough gauge for
how many years
an LTS needs to be maintained.
-
Dan: The cost of emulating the phone ecosystem would be high, for
example you’d need to backport bug fixes to 3 year old
releases. As Matteo
says, this would be too much for Arm on its own. Partners
would need to
share those costs.
-
Okash: Google is interested but would also need other partners too.
-
Don: There’s a CI cost as well?
-
Dan: Yes
-
Matteo: Could this be a future TSC topic?
-
Dan: May be a good maillist topic so that non-members can chime
in.
-
Okash: I restart the thread on the TF-A mailing list.
-
Matteo: reviewed ongoing/future tasks
-
MISRA tool integration into OpenCI now planned. Arm will remove
reliance on internal instructure.
-
See tech forum recording on DRTM here:
https://www.trustedfirmware.org/meetings/tf-a-technical-forum/
-
KangKang: How often will the roadmap be updated?
-
Matteo: It’s a live doc. Will try to update every quarter, but at
least every 6 months. These roadmap presentations are roughly every 6
months.
-
Dan: TSC survey feedback: Should Open CI tasks be reviewed in TSC or
Board?
-
Matteo: Not much discussed in the Board meeting. Perhaps high level
strategy in Board and ticket/plans reviewed by TSC?
-
Dan: Should Board minutes be shared w/ TSC?
-
Don: Ask the Board?
-
Planned future TSC topics
-
OP-TEE
-
Action: Next session is an OP-TEE review. Don reach out to Rushika
-
Trusted Services: by Shebu
-
Open CI - a potential backlog/roadmap review in this round robin
review
<end>
Hi all
So far we have the following topics for tomorrow's TSC meeting. Please let me know if you have any others.
* TF-A roadmap update
* TSC survey feedback
* GitHub mirroring update
Regards
Dan
Hi All,
Please find the March 17th TSC minutes below. Dan's slides regarding
Github from the meeting are also attached.
Best regards,
Don
========================================================
Attendees: Don Harbin, David Brown (Linaro), KangKang Shen (Futurewei),
Antonio De Angelis (Arm), Dan Handley (Arm), Shebu Varghese Kuriakose
(Arm), Andrej Butok (NXP), Anton Komlev (Arm), Kevin Oerton (NXMLabs), Dave
Rodgman (Arm), Julius Werner (Google), Kevin Townsend (Linaro), Eric Finco
(ST), Okash Khawaja (Google)
Actions:
-
Anton: Check feasibility of changing PSA Crypto header folder name.
-
Anton: Gauge interest in various GitHub options for TF-M
Minutes:
MBed TLS Roadmap (Shebu): Presented his slides
-
Continuing to look for support from members in the review role since
there’s a large load. Several members have stepped up - could still use
some additional support.
-
Kevin Townsend: Have we made any progress making PSA Crypto headers
work across projects?
-
Anton: No mismatch between MBed TLS v3.1.0 and TF-M
-
Antonio: TF-M’s headers are good now. Public headers are aligned
between TF-M and MBed TLS. Some headers are private to implementation, so
there’s not much we can do there.
-
Andrej: Can we change the folder name for one of the projects, so
that we don’t get conflicts in projects that build both sets of headers?
Could be either Mbed TLS or TF-M, but it’s important for them to be
different. Tfm_psa for example.
-
ACTION Anton: Check feasibility of changing PSA Crypto header folder
name.
-
Dave Rodgman: Getting good engagement/involvement. Agree review
contributions are very helpful
-
Andrej: What is the best place for companies to upstream their own PSA
Crypto drivers?
-
DaveR: Mbed TLS doesn’t plan to host h/w specific drivers.
-
Andrej: Somewhere in TF-M or create own repo?
-
Antonio: There are some PSA Crypto drivers in TF-M platform folder.
Would this make sense?
-
Andrej: What about products that don’t use TF-M?
-
Andrej: Could provide in own SDK or a separate repo on github. We’ll
probably go with the latter. We’re getting customers wanting to use the
upstream.
-
Anton: TF-M allows use of external projects. Github seems the right
place.
-
DanH: In future there may be value in TF.org providing full platform
stacks where stuff like this could live. Part of the problem here is that
TF-M and TF-A already have platform interfaces and host platform
code, but
Mbed TLS is a generic library with no platform interfaces.
-
Shebu: We also need to get MBed TLS tested on real target h/w in Open
CI
-
See the MBed TLS roadmap for more.
-
Don: reminder - new FAQ points to roadmaps page:
https://www.trustedfirmware.org/faq/
Current GitHub Status: Dan Handley
-
Presented status slides
-
Dan: Will be moving MBed TLS repos to a TF-owned org account vs
Arm-owned in the next few weeks.
-
Dan: TSC previously decided that all TF projects should have a GitHub
presence, even if some projects (e.g. TF-A) retain Gerrit for review
-
Andrej: Was this a TSC decision?
-
Dan: Yes. Unfortunately progress got blocked on funding an investigation
into a hybrid Gerrit/GitHub solution. But other solutions are possible.
-
Dan: NXP/Linaro especially keen for TF-M to move to GitHub
-
Andrej: Would like TF-M to fully move to GitHub (not just a read-only or
hybrid solution)
-
Andrej: Agree it will help contributions. We believe this will make TF-M
more popular
-
David Brown: Recently had difficulty creating a simple change for
review. GitHub will remove blockers in pushing changes.
-
Dan: GitHub access from China is more difficult, but solvable with VPN
-
Antonio: Could have a repo mirror in TF.org infrastructure to remove the
VPN dependency?
-
David: Providing a read-only mirror is simple enough
-
Dan: But what about providing a seamless GitHub experience.
-
David: That’s a much harder problem to solve.
-
Andrej: MBed TLS doesn’t have a problem, then it should be OK for TF-M
as well
-
Dan: It’s a problem for all GitHub projects
-
Kangkang: Most big China companies have their own VPN. Mainly a problem
for smaller companies.
-
Dan: Even if we decide that fully migrating to GitHub is the way to go,
this requires a lot of work from Arm to move internal systems to GitHub,
which we can’t do for some months. Could we create a read-only mirror as a
stepping stone and see if this improves engagement?
-
Kevin: We won't be able to measure success from a read-only mirror, but
it’s still a good stepping stone.
-
Antonio: Can at least measure attempted pull requests, even if they
can't be merged.
-
Kevin: It would also be useful to link to GitHub from related projects.
-
Dan: We should also check if fully moving to GitHub eventually is what
TF-M contributors want
-
ACTION Anton: Gauge interest in various GitHub options for TF-M
-
DanH: Secondary issue is our dependency on deprecated Phabricator.
GitHub provides a solution for migrating content out.
-
Agreement: Pursue the read only mirror. Objections?
-
None heard.
Hi all
We have 2 topics so far for the TSC meeting tomorrow. Please let me know if you have any more.
* Mbed TLS roadmap
* Continuation of the "Using GitHub" discussion (especially for TF-M). This got bounced back from the board to the TSC.
Regards
Dan.
Hi,
Please find the minutes to the Feb 17 TSC below.
Best regards,
Don - Sent on behalf of TSC chairs.
=============================
Meeting started 17.05 UK time on 02-17-2022
*Attendance:*
Antonio de Angelis
Anton Komlev
Andrej Butok
David Brown
Julius Werner
Kevin Townsend
1. Brief introduction from Antonio on the survey prepared by the
tf.org community
manager to be circulated with TSC and Board members after the upcoming
Board meeting. General overview of the type of questions in the survey,
possibility to request a 1:1 with TSC leadership in one of the survey
questions, if don’t want to share feedback on the survey itself. Results
will be collected and shared during March’s TSC.
1. Next topic: Anton’s presentation on TF-M roadmap.
- Release cadence updated to two releases per year, April and November.
Next one in April will be TF-M 1.6 (still in discussion when to move to 2.0
numbering, might be November or earlier depending on features that end up
in the release)
- Main focus for the project is on optimisations
- Kevin: code size/RAM requirements don’t look that bad, especially
given the amount of features you get
- Anton: agree, but trying to achieve some smaller footprints like 8
KB of RAM for FF-M
- Mbed TLS 3.1.0 already integrated and will be available in next
released version of TF-M
- Allows to pass full set of compliance tests for PSA (Architecture
Compliance Kit, ACK)
- David: need to further investigate integration with Zephyr OS at
this stage given the new version of mbed TLS 3.1.0 integrated in TF-M
- Efforts to improve documentation
- Kevin: There is a lot of good documentation in the design docs
folder, but unfortunately it gets outdated and does not reflect latest
status of development. Idea proposed to add an expiry date and
an owner to
each document. When the document expires the owner needs to review and
update it accordingly to latest development. It’s extra effort
on owner but
helps keeping documentation updated. Might be an expiry date of once per
year. TF-M to consider the idea.
- ADAC tooling support for host side tools
- PSA FWU
- Kevin: wondering how big is the update expected here . TF-M: We
expect consolidation phase: check with the users and work on
their feedback.
- Any questions:
- Andrej: are there examples of companies already using TF-M in
production? TF-M: Some startups already using TF-M in their
designs but not
sure if already production stage
- Kevin: Confidential AI use case from Linaro is an example of how
TF-M can be used to secure model parameters for inferencing on the edge
node. Confidential AI whitepaper for additional details. Security and
protection of the models, encryption of raw sensor data on S world,
transition to NS world in encrypted form only to establish a TLS
connection
to a cloud server. Decryption happens in the server
- TF-M: Another use case is an algorithm to be protected hence
allowed to run only on the Secure world
- Andrej: moving from Gerrit to GitHub would improve wide spreading
the adoption process of TF-M as a lot of companion projects (e.g. Zephyr,
mbed TLS) in this space are already hosted in GitHub and developers are
used to GitHub flow while Gerrit flow is more complicated. TF-M:
agree move
to GitHub is good for popularity. Discussions ongoing in TSC already for
several months, final decision is with maintainers for Gerrit to GitHub
move.
DavidB: TF-M on GitHub might improve contribution rate from
additional developers more used to GitHub, Gerrit is more complicated /
less common: might result in popularity increase
1. Any other topics for today TSC:
- Attendance: no questions or additional topics raised
- Antonio: need to identify which is next project for March’s meeting
roadmap update. Will discuss and communicate on the mailing list
accordingly in advance.
Meeting close 17:45 UK time.
Hi all,
Can you please let me know if you have any additional topics for tomorrow's TSC meeting? Please find below the agenda so far:
* Update on the trustedfirmware.org survey for Board / TSC members (5 mins)
* Roadmap update for trustedfirmware.org projects: Trusted Firmware - M (by Anton Komlev, TF-M tech lead) (25 mins)
* AOB
Best regards,
Antonio
Hi All,
Please find the minutes from yesterday's meeting below.
Please let me know if any questions
Best regards,
Don - *Sent on behalf to the TSC Chairs*
*==================================*
*Attendees*: Antonio De Angelis(Arm), David Brown(Linaro), Don,
Kangkang(FutureWei), Kevin Oerton(NXMLabs), Anton Komlev(Arm), Dan
Handley(Arm), Julius Werner(Google), Andrej Butok(NXP), Lionel
Debieve(ST), Eric
Finco(ST), Michael T(Renesas)
*Minutes*:
-
Don: Quorum reached
-
Dan: Welcome to Antonio (online) - taking on Abhishek’s role.
-
Dan: Interested in chairing this call since transitioning?
-
If interested, let Don know on the side and we can propose the change.
-
Kevin: For continuity, it seems a good thing to have an Arm rep
chairing. Substitutions if the Arm rep can’t attend would be more
effective.
-
Dan will chair
-
MBed TLS Github location. Currently under Github and currently being
transitioned. Plan is to move to TF.org account. Maintainers are having
2nd thoughts. If repos are put in the organization account, Github is
flat, so sometimes hard to map multiple repos to one project. Access
control is also a concern. So plan to create a separate MBed TLS github
account.
-
David: Is the mbed-tls available?
-
Dan: Yes we have it
-
Dan: Will run by the board
-
Eric: Just MBed TLS or all projects?
-
Dan: Separate accounts provide some healthy autonomy. Some are
blocked by reviews - Hafnium and TF-A use Gerrit for reviews.
Some tooling
helps with this but hasn’t been progressing.
-
No objections from TSC
-
Kevin: Breaking up to individual accounts makes sense, could have
“cross-pointers” to all other accounts in each one. Can use Github for
discussions integrated into Github
-
Dan: Good point, and can use github wiki and other features if not a
“shared” project.
-
Kevin - Lightning talk recorded here:
-
https://linaro-org.zoom.us/rec/share/dN_VrMIH6jjBYEbYf9DYO_oBhAqeHp2BAyCTZA…
-
Passcode: Tid4xb8&
-
Don: Survey to TSC and Board? Thoughts?
-
Consensus wan that both may be valuable.
-
Could help to answer Dan’s question on the direction of the TSC
-
Next month topics:
-
Dan: Restarting roadmap presentations thru each project starting with
TF-M next month.
Hi TSC members
Just forwarding the below info to you too FYI
Dan.
From: Don Harbin via Board <board(a)lists.trustedfirmware.org>
Sent: 13 January 2022 00:11
To: board(a)lists.trustedfirmware.org
Subject: [Board] FYI - Upcoming session at FOSDEM (Feb 5 & 6) and more
Hi,
I hope this note finds you all well.
FOSDEM<https://fosdem.org/2022/>(Free and Open-source Software Developers' European Meeting) is coming up in early February, and we wanted to let you all know that a session will be presented entitled "Arm CCA enablement through the Trusted Firmware community project" by Charles Garcia-Tobin and our own Matteo Carlini. :) Session details can be found here<https://fosdem.org/2022/schedule/event/tee_arm_cca/>.
I'll also mention a couple of other items:
* Linaro is hosting a free 2-hour technical training session entitled "Kernel Debug Stories for Arm" on February 8th and 15th. Three slots are provided to help find a session that's time-zone friendly. Further details and registration can be found here<https://www.linaro.org/events/kernel-debug-stories-for-arm-linaro-connect-t…>. Feel free to share with any devs on your teams that may find it of interest
* A white paper from Linaro many of you may enjoy called "Confidential AI for MCUs" has been garnering lots of interest, so I wanted to share it. It can be downloaded here<https://www.linaro.org/iot-and-embedded> if interested.
If you have any questions, please feel free to reach out to me.
Thanks and best regards,
Don
