Attendees
Abhishek Pandit (Arm)
Dan Handley (Arm)
Kevin Townsend (Linaro)
Joakim Bech (Linaro)
Christian Daudt (Cypress)
Eric Finco (ST)
Mark Grosen (TI)
Bill Mills (TI)
Bill Fletcher (Linaro Community Projects) Minutes
DH: Security handling process. Projects to be incorporated have different ways to handle security … Kernel has an upstream/early approach to get thefix in. In Mbed TLS etc work very closely with crypto researchers to disclose at the same time. Not sure if the latest wording is enough to satisfy them. Flexibility - if the reporter has a different plan. Maybe holding back the fix until you make the disclosure. Skilled researcher could reverse engineer the fix. Also an export control issue. Can’t release fixes to a restricted audience and keep waiver from EAR. Will send an update soon. Try to agree a date for approval - mid March? Then see when we could make it active after approval. Are we trying to make it active for all projects at the same time?
AP: Wording looked ok for me e.g. for export restrictions. Currently our TSC list is closed. Think we should open it. Any objection to opening minutes on a public page?
EF: If we open it, will allow anyone to review the security document?
AP: To be able to point people showing we have an ongoing process. How to track that everyone has agreed?
DH: On a project-by-project basis. Expand to everyone on the security team. Give a plan for when it might happen that they adopt it.
AP: Create a quick form for everyone to check.
DH: Suggest a separate meeting with those people on the details. Proposed some next steps in the email. Will try to drive things forward.
AP: Suggest you and Joakim come up with a deadline to review/agree.
DH: Could go for a final approval but want to avoid someone vetoing at a late stage.
JB: From Linaro point-of-view we’re ok with it.
DH: Action: will send a reply to mail to say like to know that approval is acceptable to everyone. Will then ask for final approval on the text of the process.
AP: Visibility of TSC Minutes. Should we open the mailing list archives to be public without logging in?
CD: In principle OK. Trying to think of instances where we might not want everything public.
BF: Mailing list archives are open to all members of the list and the list is open to anyone who wants to subscribe.
AP: Action: will send a yes/no vote mail to see if people are ok to open the archive.
KT: Provisioning. No feedback responses on certificate chains https://github.com/microbuilder/certificate_chains/blob/master/rfc_tfm.md
David has been thinking more about factory provisioning. Early vs late bindings. I replied to thread with Jamie identified some issues for late bindings where need to store in secure storage. Definitely some overlap. Some feedback would be nice.
EF: Can’t disconnect from real world product implementation. People have questions about if it is ‘affordable’ on an MCU product. Something that is being targetted for implementation outside of TF-M.
KT: A lot of functionality already exists. Not supporting certificate chain today. In order to work with a certificate chain there are some missing pieces. Need to generate cert signing request on TF-M side. Has to happen on secure processing side. Need to expose this functionality in the PSA API.
EF: Usecase understood. Initial feedback - purpose understood. Based on this response will ask for a more in-depth opinion.
KT: Looks like extra 25-30kbytes of Flash.
JB: Did you look into the PSA specification for this?
KT: Email from Jamie wasn’t on our radar.
JB: Seems Arm is pushing various documents into PSA. Maybe the way to go to get it aligned with PSA.
AP: Leave this to next TSC meeting - too early to set a deadline.
AP: Coding standards. Divided into which standards we target and also identify a few experienced team members who can make decisions. Would like to put a deadline on this for next TSC and will send out a follow up for ‘enforcers’.
MG: Where do we want the codebase to go from a standards point of view? In the automotive space - MISRA - do we care about that?
AP: How to take this forward - form a breakaway group for people who are interested?
MG: TI definitely interested in having a codebase we could certify to e.g. ISO26262. Need to decide which ones.
JB: For all the projects - do we need to specify which projects will follow which conventions.
CD: Don’t think can have an overarching one over all projects.
AP: TF-M could just do with something set up now to aim for something in a year’s time. Answer doesn’t seem to be coming in this call. Need a breakaway group.
CD: Acceptable. Think starting point could be TF-A and OP-TEE as a baseline.
Action: Christian will send out an email with a date for a meeting
AP: Also platform folders have different coding standards. Think this needs specifying.
JB: I was asked about FIPS certification - has anyone had a request?
DH: Have never accepted this as a requirement to the project.
AP: Platform maintainers and core maintainers. Platform - desire is to make it easier. Core maintainers - are open to adding more. Not pushing, but openness is there.
AP: Website review. Had initial discussion last time around. Haven’t seen any response.
Action: Will work with Bill to produce a document. Then people can go and add comments.
KT: Agree to create a shared document. Need somewhere to post images
BF: Could either be Googledoc or on Phabricator wiki.
AOB
BF: Private workflow on Maniphest raised by Dan?
DH: Commenting now. Will follow up on return.