 |
|
AbhishekP - Arm
DavidB - Linaro
MarkG - TI
VickyJ - Linaro
EricF - ST
BillM - TI
ChristianD -Cypress
JoakimB - Linaro
JuliusW - Google
AshutoshS - Arm
Pending action items
PSA L2 update for TF-M. Ashutosh Singh (Arm) will be joining to present.
Couple of misc items.
Documentation hosting on ReadTheDocs.
Gerrit hooks to inform specific maintainers of submitted patches.
AOB
Pending action items
AP: Any specific input on security reporting. Otherwise please raise with Dan on email.
JB: Have a few points but will raise by mail.
AP: By mid-July meeting should try to reach Beta level
AP: Coding guidelines patch
EF: Should hopefully be next week
AP: Static analysis and functional safety - please could everyone think about this. Both TF teams are doing static analysis.
JB: Functional safety came up in BKK19 - MISRA C
AP: TSC Members - some members have not identified.
May need to have invitation-only closed discussions
CD: OP-TEE is going to add an extra row to the matrix of interest
Representative discussion: Proposal generally agreed - 2 reps, expertise partitioned as member company desired. Ideally designated primary and secondary, either but not both can vote.
PSA L2 update for TF-M
AS: For v8m, isolation is through hardware. For dual cpu cortex-m each side has separate interrupts and no leakage of information through interrupts
JB: Not much information in the document 18/19 pages. Interested in 5.6. What is the list of supported crypto expected.
AS: Has not been listed. Should support the crypto currently used in TF-M
DB: Secure storage TBD?
AS: Crypto shouldn’t allow visibility of the key for secure storage. Have to close this. Action item later in slides.
JB: Who is ‘The Lab’ in the slides?
AS: 6-7 around the world. Partners have already gone for level 1 certification. Link here: https://www.psacertified.org/security-certification/test-labs/
EF: Foresee any work on mcuboot?
AS: Have a fork in TF-M. Can’t comment on open source project.
EF: Wondering if TF-M and upstream fork could converge
AP: Could happen. Need to look at what it would take. DavidB discussing with TF-M team.
JB: Any plans to do (external) security audits
AP: Only in early stages. Who would be interested?
JB, DB
AP: Action: AP will contact JB., DB before next TSC about audits
Documentation hosting on ReadTheDocs.
AP: Agreed to do this. Joakim has demonstrated how to do this. Free option?
JB: Works fine.
AP: Any objection from TSC? Otherwise will raise the request to Linaro infrastructure to publish from Gerrit.
JB: Ad free - as low as $5. Commercial support is $50-150/month.
JW: Do we need an external service? Can we just run Sphinx? Since already asking for engineering effort.
DB: Doubt to be able to do it for $5/month
Action Bill to find out about cost of internal Sphinx hosting.
JW: Coreboot is already doing this. (docs.coreboot.org)
DB: Can also look into what Zephyr are doing.
Gerrit hooks to inform specific maintainers of submitted patches.
AP: Just have to update some guidelines
AOB
MG: is there a longer term roadmap for e.g. Level 3?
|
|