Ok perfect. I think the first point does not require a lot of discussion it should be fast. The second (I hope 😊) is requiring more though from members so in a first step I just intend to share with other members some though we had internally to check if it is also a topic of interest (to not say concerns) for other members. If so, it will request further discussion and work.
Regards,
Eric
[Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: logo_big5] Eric FINCO | Tel: +33 (0)2 4402 7154 MDG | Technical Specialist
ST Restricted From: Shebu Varghese Kuriakose Shebu.VargheseKuriakose@arm.com Sent: mercredi 14 juin 2023 11:48 To: Eric FINCO eric.finco@st.com; Dan Handley Dan.Handley@arm.com; tsc@lists.trustedfirmware.org; Don Harbin don.harbin@linaro.org; Matteo Carlini Matteo.Carlini@arm.com Cc: nd nd@arm.com Subject: RE: TSC agenda 2023-06-15 -> or Board 2023-06-14
Hi Eric,
Thanks for raising the topics.
The MCUboot topic can be covered in the MCUboot review at the TSC on Thursday.
As TSC agenda is almost full, okay to cover the 2nd topic in the board meeting today. We can discuss in future TSC as well if needed.
Regards, Shebu
From: Eric FINCO <eric.finco@st.commailto:eric.finco@st.com> Sent: Tuesday, June 13, 2023 9:14 PM To: Dan Handley <Dan.Handley@arm.commailto:Dan.Handley@arm.com>; tsc@lists.trustedfirmware.orgmailto:tsc@lists.trustedfirmware.org; Don Harbin <don.harbin@linaro.orgmailto:don.harbin@linaro.org>; Shebu Varghese Kuriakose <Shebu.VargheseKuriakose@arm.commailto:Shebu.VargheseKuriakose@arm.com>; Matteo Carlini <Matteo.Carlini@arm.commailto:Matteo.Carlini@arm.com> Subject: RE: TSC agenda 2023-06-15 -> or Board 2023-06-14
Hello All, I have two topics (related). I rely on you, Don, and Shebu to decide if the Board of tomorrow or the TSC of Thursday is most appropriate meeting to discuss them:
-Process clarification to report security issue for MCUboot after the merge of the project in TF.org: https://github.com/mcu-tools/mcuboot/security vs https://developer.trustedfirmware.org/w/collaboration/security_center/report...
-How to manage certification constraints vs community vulnerability management ? -Today Certificates are Terminated in case of an trustedfirmware.org impacting issue (without any information for the customer to understand). Can members (if there are interested) team-up to see with labs how to improve this situation -Could we explore way to get “official” patches fixing a CVE recognized by labs so that applicating such patches avoid to get a certificates terminated ? Regards,
Eric
[Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: logo_big5] Eric FINCO | Tel: +33 (0)2 4402 7154 MDG | Technical Specialist
ST Restricted From: Dan Handley via TSC <tsc@lists.trustedfirmware.orgmailto:tsc@lists.trustedfirmware.org> Sent: mardi 13 juin 2023 17:06 To: tsc@lists.trustedfirmware.orgmailto:tsc@lists.trustedfirmware.org Cc: Olivier Deprez <Olivier.Deprez@arm.commailto:Olivier.Deprez@arm.com>; Joanna Farley <Joanna.Farley@arm.commailto:Joanna.Farley@arm.com> Subject: [TF-TSC] TSC agenda 2023-06-15
Hi all
Please let me know if you have any urgent agenda topics for tomorrow. I have these so far:
* Completion of “Use of Rust at tf.org” discussion (Joanna, Dan) * Use of vector features in A-profile secure world, e.g. FP&SIMD, SVE, SME (Dan) * MCUBoot overview (David)
Regards
Dan.