Attendees:
Glen Valante (Linaro)
Antonio de Angelis (Arm)
Matteo Carlini (Arm)
Kangkang Shen (FutureWei)
Andrej Butok (NXP)
Dan Handley (Arm)
Julius Werner (Google)
Bill Peckham (Google)
Kevin Oerton (NXM LABS)
Brandon Hussey (Renesas)
Eric Finco (STMicroelectronics)
Meeting start, Dan introduces.
- [Matteo] First we'll talk about CCA - same presentation already given to the board.
- Don't share roadmap slides normally, but we are not going to talk about anything confidential information anyway. We'll cover where we are and where we're going with the CCA architecture.
- Realm Management Extension (RME) in v9 - realm world is distrustful wrt NS and S, EL3 becomes the Root World. This is the Arm way of doing confidential compute, a well-known practice in the industry.
- Changes relating to RMI interfaces already happening in TF-A latest release. There will be changes in Linux kernel, in EDKII as the reference implementation of UEFI; focus on infrastructure systems first.
- TF-RMM will be our implementation of Realm Management Monitor software component: it will be a new project part of the TF.org family; already introduced to the board
- Outside of the application processor: RSS (runtime security subsystem) firmware will be upstreamed to TF-M project
- RSS is the HW root of trust that implements the HES (Hardware Enforced Security) requirements of the Arm CCA Security Model.
- RSS is going to appear on mobile client platform first (it will be enabled on its own without the rest of HES/CCA)
- [Kangkang]: We looked at CCA, 100% full implementation might be taking a long time. Stages and status of different software components?
- [Matteo] I will describe the various components and how we will start to demonstrate some of the components on a fast model platform soon.
- RME EL3 implementation first appeared in TF-Av2.6
- Specification will be public and published around end of June on developer.arm.com - if delay, beginning July
- [Dan]: This means the RMM spec for SW (the architecture specs are already out)
- [Matteo] All components and interfaces must be aligned towards the same interface version - currently non-public alpha, so that when beta goes public realigned work is needed
- (4-5 upstream components aligned against the public beta released spec)
- The timeline is roughly H2 2022 (CY22Q4 for upstreaming to start) kernel/kvm, edk2, rmm in tf-org]
- Quality level still not finalised (0.1, or better)
- Hafnium/TF-A EL3/TF-RMM will need to be aligned to be able to communicate
- Spec will be EAC end 22 beginning 23 - will need to realign components against EAC then
- In H2 2023 advanced 1.x features of the spec will start to be implemented
- [Kangkang]: Remember our experience in TrustZone, implementing Secure World (EL3), Trusted OS and secure applications one at a time.
- Why do you focus on the complete set of components instead of just picking a single use case / component and expand gradually on this?
- CCA looks like all components are planned and need to work together and be aligned and implemented. Why not just start with simple use case (CCA application) and then expand?
- [Matteo]: It’s the architecture itself that has such extensive requirements. It’s already an MVP. Very basic use case. You can’t go simpler than this.
- [Matteo] You need to have several components in place otherwise it won’t work, but we’re just giving basic building blocks without trying to overstretch.
- [Dan]: Agree, it’s a lot of components, but they are all needed for the key initial use-case: Boot guest VM from encrypted disk into a realm protected from host access.
- [Kangkang]: it's important to demonstrate how to use as soon as possible. Showing the full picture but implemented gradually
- [Matteo]: RME extension is available on latest publicly accessible architectural model (Base FVP) – allows you to play with these features.
- Qemu work ongoing (towards the end of the year). Emulation functionality is being assessed by virtualisation team of Linaro.
- Arm will provide publicly available solution FVPs, containing all System IP (CPU, GIC, interconnect, GPU for mobile for example)
- Infrastructure FVP will contain all IPs needed to demonstrate CCA.
- [Glen]: OpenCI status update; this has been moved from board to TSC to reduce technical details shared in board meeting.
- Boards going into lava lab. Rack still being built to add more boards; ST boards going in next week or two.
- After that it's Renesas, although still waiting on Renesas on the availability of the SW.
- Board meeting required to discuss other boards that need to be made available.
- [Eric]: as we discussed: additional candidate board coming from ST but no pressure. Any timing?
- [Glen] From a Sw point of view we're almost ready; but need to check latest readiness internally. Glen on standby for updated timeline to plan accordingly.
- Mbed TLS in openCI:. Some stability issues with Windows, need to upgrade the CI platform – will allow stability and performance increase
- PSA ACK tests enabled, but still have failures. Working with Arm to fix them.
- Code coverage: going through docs and code coverage reports to have source links (got completed last week)
- Will do MISRA enablement after code coverage and PSA ACK tests. Starting with TF-A. Create a series of milestones and estimates. Published plan and resourcing.
- Having biweekly meetings -> maybe going to weekly to keep up the pace.
- Getting licensing in place now. Discussions and emails ongoing for licensing infrastructure. Several weeks work for that before prototyping can start in staging.
- Then onto production. Several issues closed/fixed.
- [Dan]: Is the resource/plan public? I did not see numbers.
- [Glen]: Updated the plan two days ago with resource, check again. TFC-10 contains actual work tasks and first two milestones.
- [Dan] Is this waiting for review and approval?
- [Glen] Already reviewed from Arm and Linaro.
- [Dan]: What's the status of the ticket for read only mirrors on GitHub?
- [Glen]: need to check offline.
- [Dan]: The plan going forward is for OpenCI details to be in TSC and feedback from TSC back to board. Is there any feedback for the board yet? Anything offline is fine as well.
- [Dan]: Next time would be good to focus on what are the big things in the backlog, what are the next important things planned, etc (i.e. 6 months medium term roadmap).
- [Glen]: we presented that detail to the board meeting. will move from the board meeting to the TSC meeting next time.
- Any questions / AOB?
- None. Meeting end.