Present:

Shebu Varghese Kuriakose (Arm)

Dan Handley (Arm)

Dave Rodgman (Arm)

Antonio De Angelis (Arm)

Frank Audun (Nordic)

PJ Bringer (ProvenRun)

Janos Follath (Arm)

Andrej Butok (NXP)

Joanna Farley (Arm)
David Brown (Linaro)

Julius Werner (Google)

Ruchika Gupta (NXP)

Michael Thomas (Renesas)

Dominik Ermel (Nordic)

Moritz Fischer (Google)

Eric Finco (ST)

 

Shebu gave Mbed TLS roadmap update (attached):

* Thread safety on PSA Crypto

* Allow building without software crypto implementation

* Enable TLS 1.3 by default

* Arm v8-A crypto extension support

Shebu: Want to align PSA Crypto headers in TF-M and Mbed TLS in the next TLS of both projects

Shebu: Would like feedback on the PSA Crypto thread safety when teams start to use it

 

Frank: Regarding schedule, we want to align with Zephyr LTS. Can we get Mbed TLS and TF-M LTS into Zephyr LTS?

Frank: Will propose to Zephyr security committee that Zephyr takes Mbed TLS 3.6 anyway even though it’s not quite ready

Shebu: Understand that there were issues in the past when Zephyr took a non-LTS Mbed TLS

Shebu: Definitely happy to line up the ducks here

Shebu: Hopefully when we do TF-M LTS in April there will be enough buffer to get this into Zephyr LTS

Shebu: There will be a change in the Mbed TLS LTS cadence so both Mbed TLS and TF-M LTS cadence will be every 18 months.

Frank: Need some out of tree patches to enable certain TLS/DTLS use-cases using PSA Crypto API

Shebu: Think we’re in a better place than we were with Mbed TLS 3.1/3.2

 

Shebu: After 3.6 LTS is out, it implies all new features will be on the 4.0 codeline

Shebu: Need to do a lot of planning before we can give dates for this

Shebu: 4.0 will make PSA Crypto the default main crypto API.

DaveR: I think we’re agreed we want to remove (not deprecate) the legacy cipher interfaces

DaveR: A lot of config options for legacy interface will be removed (PSA_WANT_* will be the default way of configuring)

Shebu: Please check for notifications in the mailing list about interface deprecation proposals

 

Ruchika: With respect to PSA Crypto repo separation, will people be able to integrate Mbed TLS with their own PSA Crypto implementation?

Janos: Probably not a goal of 4.0 but eventually would like to make that possible.

Janos: 4.0 is already quite ambitious so that is probably not realistic

Ruchika: Trying to enforce the removal of usage of the legacy interfaces, so wanted to confirm that’s the plan

DaveR: Yes, that’s the plan

Shebu: If anyone is able to help contribute to 4.0, that will help get it out the door earlier

Shebu: I know Ruchika was asking about benchmarking support but that’s currently a future item in the roadmap

 

Frank: Don’t see any PQC on this roadmap.

Frank: There is one implementation but not a standardised PSA Cypto API. Will it be moved?

Shebu: The algorithm in question (LMS) was implemented to unblock Arm’s Runtime Security Engine (RSE) team but other algorithms are not on the roadmap yet.

Frank: Will there be a PSA Crypto API 1.3 to fix issues in the PSA API GitHub?

Shebu: I’m sure eventually there will be a PSA Crypto API 1.3. We’ll add this to the roadmap.

 

AOB:

Dan: Don finally removed support for Phabricator (developer.trustedfirmware.org) and put it in an archive.

Dan: There are still a few references to this being fixed in the project documentation and website.

Dan: When complete, individual projects should notify their respective MLs.

 

Dan: We added security.txt file to the website. It’s the standard approach to providing security information for issue reporting.

https://www.trustedfirmware.org/.well-known/security.txt

 

Dan: cgit is being deprecated too. https://git.trustedfirmware.org/ will soon point to gitiles (the in-built Gerrit web interface) instead.

Dan: git commands should continue to work as before.

Dan: Redirects will be in place for high level links to projects/files.

Dan: More specific links to versions/branches may get broken.

Dan: We’re doing this to enable support for private branches/repos in Gerrit. Cgit bypasses Gerrit access permissions.

 

Frank: We were part of defining the ADAC spec. Before it was moved to TF.org ownership.

Frank: It currently seems a bit disconnected from TF-M. It still uses legacy Mbed TLS APIs.

Frank: Any plans to fix this? We’re willing to help.

Frank: Would like this to be an officially supported feature.

Shebu: It’s not abandoned. People are still working on it.

Shebu: It moved to tf.org to become a reference implementation.

Shebu: We put it in a separate repo as we thought other projects might be able to use it

Shebu: Currently only has MUSCA platforms support

Shebu: We want to enable using this at runtime not just boot time

Shebu: Agree we need to move to using PSA Crypto API. Think there also some usage of other non-MBed TLS Crypto API

Dan: Is this on the roadmap?

Shebu: ADAC runtime support is on the roadmap. We will have to look into legacy API deprecation.

Shebu: Think we’re looking for co-maintainers for this. Only a couple of Arm people are on it.

Frank: We can put forward a couple of candidates

Frank: Visibility within TF-M project is what we’d like. We want to make this generically usable.

Frank: Certificate management testing scripts are still internal to the authors of the spec. It might make sense for TF.org to own them publicly, although they might give the wrong impression

Frank: We can take the details offline but we're happy that ADAC is still being developed

 

Shebu: Linaro connect is approaching. We have a couple of session submissions around TF.org