Hi all

 

Below are the minutes for last week’s meeting (thanks to Antonio).

Regards

Dan.

 

=====

 

Shebu Varghese Kuriakose (Arm)

Dan Handley (Arm)

Antonio De Angelis (Arm)

Joanna Farley (Arm)

Pierre-Julien Bringer (ProvenRun)

Camille Greusard (ProvenRun)

Julius Werner (Google)

Moritz Fischer (Google)

Jidong Sun (Google)

KangKang Shen (FutureWei)

Eric Finco (ST)

Frank Audun (Nordic)

Andrej Butok (NXP)

Silvano Di Ninno (NXP)

David Brown (Linaro)

 

 

Dan: Welcome to Jidong (new Google rep, replacing Okash) and new members ProvenRun (Pierre-Julien and Camille)

Dan: Starting a new round of roadmap updates, starting with TF-M

 

Shebu presented TF-M roadmap (attached)

Shebu: Achievements of tf-m 2.0.0:

 * Reduction in size for ECDSA using P256M

 * Usage of split-build

 * New mailbox non-secure agent api

 * Non-secure interrupt latency for isolation level > 1

 

Shebu: Introduction and planning for LTS

  * Previous plan was do first LTS in Jan. New plan is April

 

Shebu: Work continues on Hybrid Platforms

 

Shebu: TLS connection use case

 * Realigning the full headers mainly

 

Shebu: Impact of LTS on PSA Certified.

  * LTS released every 18 months and supported for 36 months. Bug fixes and security fixes backported.

  * This will be delta evaluations for the PSA labs, and this will allow partners to keep certification on that branch

 

Shebu: Platform ports will be allowed on this LTS Branch when those happen

 

Eric: Sounds good. Will Mbed TLS will move to a similar cadence?

Shebu: Yes. Mbed TLS has had LTS for a long time, but now it’s moving to 3 year support, which aligns with TF-M.

Shebu: Will have a new one every 18months (lifetime 3 years).

 

Dan: Also welcome to Frank, the new rep from Nordic…

Frank: Is there a lead time on the PSA labs to allow such cadence?

Shebu: Important consideration. If there’s an external vulnerability, we might not be in control of public disclosure.

Shebu: TF.org security incident process will follow its own process. TF-M will push out it’s fix as soon as it can. Trusted Stakeholders will get the fix under embargo.

Shebu: Not necessarily aligned with Trusted Lab release schedule.
Shebu: We have been clear with PSA certified program, but currently there is no guarantee on time needed for the new release to be validated before the vulnerability goes public.  

Frank: I’m less concerned about security handling. More that companies might ask the same service from the same company at the same time.

Shebu: TrustCB have been very engaged with the process. You’re right this is a concern.

Shebu: But it’s not a separate process that everybody has to do when there’s a new release. All can benefit from the same handling.

Shebu: PSA labs can share reports generated by other labs so easing the pressure around recertification for platforms

Shebu: If it’s a generic fix, it will get applied to all platforms.

Frank: Good, there’s some sharing of effort.

 

Shebu: In next release can move from RSA to ECDSA

  * Blocked on moving to this lightweight PSA crypto layer.

Antonio: Looks like it will be in TF-M 2.1

Shebu: Are we expecting some mem size reduction?

Antonio: At least the same size or lower.

 

Eric: Will Cryptocell refactoring be done without breaking compatibility?

Shebu: Yes, we already moved to PSA Crypto interface before so this is just changing things underneath

 

Shebu: Enabling TF-M on RSE (formally known as RSS) is not shown on the roadmap

  * RSE is firmware for a complete secure enclave. RSE has been presented in one of the previous TF-M tech forums

 

ProvenRun introduction (Camille):

  * We’re a French company providing security services. e.g. for Defence, IoT, …
  * Providers of secure operating systems for Cortex-M.

  * Currently we integrate TF-M partitions from the upstream repository. This solution is currently delivered to STM (using our own SPM + TF-M partitions).

  * Compatibility with official TF-M is important

  * We’re interested in technical subjects and future developments. Happy with the TF-M presentation contents just showed

  * Interested in TF-M community and being a contributor in future.

  * Do not hesitate to get in touch. Either Camille or Pierre-Julien will attend this TSC

Shebu: On the A profile, is that a trusted execution environment or a trusted operating system?

Camille: Just M-profile, it was a misunderstanding earlier.

 

Frank also briefly introduced Nordic/himself:

Frank: Nordic started on tiny ASICs. Now have more and more complex devices.

  * Interested in MbedTLS, MCUBoot, TF-M, Zephyr

  * Managed to get optimised signature verification working in products

  * Very open source oriented.

 

Dan: Silvano is also new to the TSC

Silvano: Just filling in for Ruchika this time.

 

Dan gave a Phabricator migration update (Dan)

* Migration going well.
* Just TF-A and Mbed TLS project pages remaining.
* Created https://github.com/TrustedFirmware/tf_docs rendered in readthedocs for generic content like the Security Center.

* Hope to complete before end of Q1 so we can retire Phabricator (https://developer.trustedfirmware.org/)