Hi All,
Please find the March 17th TSC minutes below. Dan's slides regarding
Github from the meeting are also attached.
Best regards,
Don
========================================================
Attendees: Don Harbin, David Brown (Linaro), KangKang Shen (Futurewei),
Antonio De Angelis (Arm), Dan Handley (Arm), Shebu Varghese Kuriakose
(Arm), Andrej Butok (NXP), Anton Komlev (Arm), Kevin Oerton (NXMLabs), Dave
Rodgman (Arm), Julius Werner (Google), Kevin Townsend (Linaro), Eric Finco
(ST), Okash Khawaja (Google)
Actions:
-
Anton: Check feasibility of changing PSA Crypto header folder name.
-
Anton: Gauge interest in various GitHub options for TF-M
Minutes:
MBed TLS Roadmap (Shebu): Presented his slides
-
Continuing to look for support from members in the review role since
there’s a large load. Several members have stepped up - could still use
some additional support.
-
Kevin Townsend: Have we made any progress making PSA Crypto headers
work across projects?
-
Anton: No mismatch between MBed TLS v3.1.0 and TF-M
-
Antonio: TF-M’s headers are good now. Public headers are aligned
between TF-M and MBed TLS. Some headers are private to implementation, so
there’s not much we can do there.
-
Andrej: Can we change the folder name for one of the projects, so
that we don’t get conflicts in projects that build both sets of headers?
Could be either Mbed TLS or TF-M, but it’s important for them to be
different. Tfm_psa for example.
-
ACTION Anton: Check feasibility of changing PSA Crypto header folder
name.
-
Dave Rodgman: Getting good engagement/involvement. Agree review
contributions are very helpful
-
Andrej: What is the best place for companies to upstream their own PSA
Crypto drivers?
-
DaveR: Mbed TLS doesn’t plan to host h/w specific drivers.
-
Andrej: Somewhere in TF-M or create own repo?
-
Antonio: There are some PSA Crypto drivers in TF-M platform folder.
Would this make sense?
-
Andrej: What about products that don’t use TF-M?
-
Andrej: Could provide in own SDK or a separate repo on github. We’ll
probably go with the latter. We’re getting customers wanting to use the
upstream.
-
Anton: TF-M allows use of external projects. Github seems the right
place.
-
DanH: In future there may be value in TF.org providing full platform
stacks where stuff like this could live. Part of the problem here is that
TF-M and TF-A already have platform interfaces and host platform
code, but
Mbed TLS is a generic library with no platform interfaces.
-
Shebu: We also need to get MBed TLS tested on real target h/w in Open
CI
-
See the MBed TLS roadmap for more.
-
Don: reminder - new FAQ points to roadmaps page:
https://www.trustedfirmware.org/faq/
Current GitHub Status: Dan Handley
-
Presented status slides
-
Dan: Will be moving MBed TLS repos to a TF-owned org account vs
Arm-owned in the next few weeks.
-
Dan: TSC previously decided that all TF projects should have a GitHub
presence, even if some projects (e.g. TF-A) retain Gerrit for review
-
Andrej: Was this a TSC decision?
-
Dan: Yes. Unfortunately progress got blocked on funding an investigation
into a hybrid Gerrit/GitHub solution. But other solutions are possible.
-
Dan: NXP/Linaro especially keen for TF-M to move to GitHub
-
Andrej: Would like TF-M to fully move to GitHub (not just a read-only or
hybrid solution)
-
Andrej: Agree it will help contributions. We believe this will make TF-M
more popular
-
David Brown: Recently had difficulty creating a simple change for
review. GitHub will remove blockers in pushing changes.
-
Dan: GitHub access from China is more difficult, but solvable with VPN
-
Antonio: Could have a repo mirror in TF.org infrastructure to remove the
VPN dependency?
-
David: Providing a read-only mirror is simple enough
-
Dan: But what about providing a seamless GitHub experience.
-
David: That’s a much harder problem to solve.
-
Andrej: MBed TLS doesn’t have a problem, then it should be OK for TF-M
as well
-
Dan: It’s a problem for all GitHub projects
-
Kangkang: Most big China companies have their own VPN. Mainly a problem
for smaller companies.
-
Dan: Even if we decide that fully migrating to GitHub is the way to go,
this requires a lot of work from Arm to move internal systems to GitHub,
which we can’t do for some months. Could we create a read-only mirror as a
stepping stone and see if this improves engagement?
-
Kevin: We won't be able to measure success from a read-only mirror, but
it’s still a good stepping stone.
-
Antonio: Can at least measure attempted pull requests, even if they
can't be merged.
-
Kevin: It would also be useful to link to GitHub from related projects.
-
Dan: We should also check if fully moving to GitHub eventually is what
TF-M contributors want
-
ACTION Anton: Gauge interest in various GitHub options for TF-M
-
DanH: Secondary issue is our dependency on deprecated Phabricator.
GitHub provides a solution for migrating content out.
-
Agreement: Pursue the read only mirror. Objections?
-
None heard.
Hi all
We have 2 topics so far for the TSC meeting tomorrow. Please let me know if you have any more.
* Mbed TLS roadmap
* Continuation of the "Using GitHub" discussion (especially for TF-M). This got bounced back from the board to the TSC.
Regards
Dan.
Hi,
Please find the minutes to the Feb 17 TSC below.
Best regards,
Don - Sent on behalf of TSC chairs.
=============================
Meeting started 17.05 UK time on 02-17-2022
*Attendance:*
Antonio de Angelis
Anton Komlev
Andrej Butok
David Brown
Julius Werner
Kevin Townsend
1. Brief introduction from Antonio on the survey prepared by the
tf.org community
manager to be circulated with TSC and Board members after the upcoming
Board meeting. General overview of the type of questions in the survey,
possibility to request a 1:1 with TSC leadership in one of the survey
questions, if don’t want to share feedback on the survey itself. Results
will be collected and shared during March’s TSC.
1. Next topic: Anton’s presentation on TF-M roadmap.
- Release cadence updated to two releases per year, April and November.
Next one in April will be TF-M 1.6 (still in discussion when to move to 2.0
numbering, might be November or earlier depending on features that end up
in the release)
- Main focus for the project is on optimisations
- Kevin: code size/RAM requirements don’t look that bad, especially
given the amount of features you get
- Anton: agree, but trying to achieve some smaller footprints like 8
KB of RAM for FF-M
- Mbed TLS 3.1.0 already integrated and will be available in next
released version of TF-M
- Allows to pass full set of compliance tests for PSA (Architecture
Compliance Kit, ACK)
- David: need to further investigate integration with Zephyr OS at
this stage given the new version of mbed TLS 3.1.0 integrated in TF-M
- Efforts to improve documentation
- Kevin: There is a lot of good documentation in the design docs
folder, but unfortunately it gets outdated and does not reflect latest
status of development. Idea proposed to add an expiry date and
an owner to
each document. When the document expires the owner needs to review and
update it accordingly to latest development. It’s extra effort
on owner but
helps keeping documentation updated. Might be an expiry date of once per
year. TF-M to consider the idea.
- ADAC tooling support for host side tools
- PSA FWU
- Kevin: wondering how big is the update expected here . TF-M: We
expect consolidation phase: check with the users and work on
their feedback.
- Any questions:
- Andrej: are there examples of companies already using TF-M in
production? TF-M: Some startups already using TF-M in their
designs but not
sure if already production stage
- Kevin: Confidential AI use case from Linaro is an example of how
TF-M can be used to secure model parameters for inferencing on the edge
node. Confidential AI whitepaper for additional details. Security and
protection of the models, encryption of raw sensor data on S world,
transition to NS world in encrypted form only to establish a TLS
connection
to a cloud server. Decryption happens in the server
- TF-M: Another use case is an algorithm to be protected hence
allowed to run only on the Secure world
- Andrej: moving from Gerrit to GitHub would improve wide spreading
the adoption process of TF-M as a lot of companion projects (e.g. Zephyr,
mbed TLS) in this space are already hosted in GitHub and developers are
used to GitHub flow while Gerrit flow is more complicated. TF-M:
agree move
to GitHub is good for popularity. Discussions ongoing in TSC already for
several months, final decision is with maintainers for Gerrit to GitHub
move.
DavidB: TF-M on GitHub might improve contribution rate from
additional developers more used to GitHub, Gerrit is more complicated /
less common: might result in popularity increase
1. Any other topics for today TSC:
- Attendance: no questions or additional topics raised
- Antonio: need to identify which is next project for March’s meeting
roadmap update. Will discuss and communicate on the mailing list
accordingly in advance.
Meeting close 17:45 UK time.
Hi all,
Can you please let me know if you have any additional topics for tomorrow's TSC meeting? Please find below the agenda so far:
* Update on the trustedfirmware.org survey for Board / TSC members (5 mins)
* Roadmap update for trustedfirmware.org projects: Trusted Firmware - M (by Anton Komlev, TF-M tech lead) (25 mins)
* AOB
Best regards,
Antonio
Hi All,
Please find the minutes from yesterday's meeting below.
Please let me know if any questions
Best regards,
Don - *Sent on behalf to the TSC Chairs*
*==================================*
*Attendees*: Antonio De Angelis(Arm), David Brown(Linaro), Don,
Kangkang(FutureWei), Kevin Oerton(NXMLabs), Anton Komlev(Arm), Dan
Handley(Arm), Julius Werner(Google), Andrej Butok(NXP), Lionel
Debieve(ST), Eric
Finco(ST), Michael T(Renesas)
*Minutes*:
-
Don: Quorum reached
-
Dan: Welcome to Antonio (online) - taking on Abhishek’s role.
-
Dan: Interested in chairing this call since transitioning?
-
If interested, let Don know on the side and we can propose the change.
-
Kevin: For continuity, it seems a good thing to have an Arm rep
chairing. Substitutions if the Arm rep can’t attend would be more
effective.
-
Dan will chair
-
MBed TLS Github location. Currently under Github and currently being
transitioned. Plan is to move to TF.org account. Maintainers are having
2nd thoughts. If repos are put in the organization account, Github is
flat, so sometimes hard to map multiple repos to one project. Access
control is also a concern. So plan to create a separate MBed TLS github
account.
-
David: Is the mbed-tls available?
-
Dan: Yes we have it
-
Dan: Will run by the board
-
Eric: Just MBed TLS or all projects?
-
Dan: Separate accounts provide some healthy autonomy. Some are
blocked by reviews - Hafnium and TF-A use Gerrit for reviews.
Some tooling
helps with this but hasn’t been progressing.
-
No objections from TSC
-
Kevin: Breaking up to individual accounts makes sense, could have
“cross-pointers” to all other accounts in each one. Can use Github for
discussions integrated into Github
-
Dan: Good point, and can use github wiki and other features if not a
“shared” project.
-
Kevin - Lightning talk recorded here:
-
https://linaro-org.zoom.us/rec/share/dN_VrMIH6jjBYEbYf9DYO_oBhAqeHp2BAyCTZA…
-
Passcode: Tid4xb8&
-
Don: Survey to TSC and Board? Thoughts?
-
Consensus wan that both may be valuable.
-
Could help to answer Dan’s question on the direction of the TSC
-
Next month topics:
-
Dan: Restarting roadmap presentations thru each project starting with
TF-M next month.
Hi TSC members
Just forwarding the below info to you too FYI
Dan.
From: Don Harbin via Board <board(a)lists.trustedfirmware.org>
Sent: 13 January 2022 00:11
To: board(a)lists.trustedfirmware.org
Subject: [Board] FYI - Upcoming session at FOSDEM (Feb 5 & 6) and more
Hi,
I hope this note finds you all well.
FOSDEM<https://fosdem.org/2022/>(Free and Open-source Software Developers' European Meeting) is coming up in early February, and we wanted to let you all know that a session will be presented entitled "Arm CCA enablement through the Trusted Firmware community project" by Charles Garcia-Tobin and our own Matteo Carlini. :) Session details can be found here<https://fosdem.org/2022/schedule/event/tee_arm_cca/>.
I'll also mention a couple of other items:
* Linaro is hosting a free 2-hour technical training session entitled "Kernel Debug Stories for Arm" on February 8th and 15th. Three slots are provided to help find a session that's time-zone friendly. Further details and registration can be found here<https://www.linaro.org/events/kernel-debug-stories-for-arm-linaro-connect-t…>. Feel free to share with any devs on your teams that may find it of interest
* A white paper from Linaro many of you may enjoy called "Confidential AI for MCUs" has been garnering lots of interest, so I wanted to share it. It can be downloaded here<https://www.linaro.org/iot-and-embedded> if interested.
If you have any questions, please feel free to reach out to me.
Thanks and best regards,
Don
Hi all
Can you please let me know if you have any topics for tomorrow's TSC meeting? So far I have:
* Change in Arm TSC representation and chair (see separate mail)
* Proposal for migrating Mbed TLS GitHub location
* Perhaps also revisit the wider TF.org GitHub presence
* Lightning talk on NXM usage of TF. Kevin - are you ready to do this?
* Identify any future lightning talks
Regards
Dan.
Hi All,
FYI, per Shebu, I'm adding both mbed-tls(a)lists.trustedfirmware.org and
psa-crypto(a)lists.trustedfirmware.org to the MBed TLS Tech Forum invites.
Please look for this in your inbox and accept it if you would like the
series added to your calendar.
- Note that this is a monthly meeting but you will see two invites, one
that is for Asia timezones and one for Europe/US. Just delete the series
that isn't timezone friendly for you.
- FYI, recall that this and other tech forums can be found in the meeting
calendar on the TF website <https://www.trustedfirmware.org/meetings/>.
If you see a meeting in that calendar, click on the entry and an option
comes up saying "copy to my calendar." It will import that single instance
into your personal calendar from there if you wish. I wasn't able to test
this feature with outlook, but it worked fine for google calendar.
Please let me know if you have any questions.
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
