Hi Eric,
Thanks for raising the topics.
The MCUboot topic can be covered in the MCUboot review at the TSC on Thursday.
As TSC agenda is almost full, okay to cover the 2nd topic in the board meeting today. We can discuss in future TSC as well if needed.
Regards,
Shebu
From: Eric FINCO <eric.finco@st.com>
Sent: Tuesday, June 13, 2023 9:14 PM
To: Dan Handley <Dan.Handley@arm.com>; tsc@lists.trustedfirmware.org; Don Harbin <don.harbin@linaro.org>; Shebu Varghese Kuriakose <Shebu.VargheseKuriakose@arm.com>; Matteo Carlini <Matteo.Carlini@arm.com>
Subject: RE: TSC agenda 2023-06-15 -> or Board 2023-06-14
Hello All,
I have two topics (related).
I rely on you, Don, and Shebu to decide if the Board of tomorrow or the TSC of Thursday is most appropriate meeting to discuss them:
-Process clarification to report security issue for MCUboot after the merge of the project in TF.org:
https://github.com/mcu-tools/mcuboot/security
vs
https://developer.trustedfirmware.org/w/collaboration/security_center/reporting/
-How to manage certification constraints vs community vulnerability management
?
-Today Certificates are Terminated in case of an trustedfirmware.org impacting issue (without any information for the customer to understand).
Can members (if there are interested) team-up to see with labs how to improve this situation
-Could we explore way to get “official” patches fixing a CVE recognized by labs so that applicating such patches
avoid to get a certificates terminated ?
Regards,
Eric
Eric FINCO
|
Tel: +33 (0)2 4402 7154
MDG
|
Technical Specialist
From: Dan Handley via TSC <tsc@lists.trustedfirmware.org>
Sent: mardi 13 juin 2023 17:06
To: tsc@lists.trustedfirmware.org
Cc: Olivier Deprez <Olivier.Deprez@arm.com>; Joanna Farley <Joanna.Farley@arm.com>
Subject: [TF-TSC] TSC agenda 2023-06-15
Hi all
Please let me know if you have any urgent agenda topics for tomorrow. I have these so far:
Regards
Dan.