Hi, Please find Apr 21 minutes below: Thanks - Sent on behalf of the TSC co-chairs Don
Attendees: Kevin Oerton(NXM), David Brown(Linaro), Kangkang Shen(Futurewei), Julius Werner(Google), Andrej Butok(NXP), Dan Handley(Arm), Okash(Google)
Minutes:
-
TF-A Roadmap update: Matteo -
Walked thru roadmap page -
https://developer.trustedfirmware.org/w/tf_a/roadmap/ -
Don: Can be found from the https://www.trustedfirmware.org/faq/ page as well. -
Plan to keep this page up-to-date -
Note the in-development section that shares active engineering activities. -
Okash: Heard there was a push to make Hafnium compulsory. Is the EL3 SPMC a stop gap? -
Matteo: Depends on use cases for TZ enablement. Google not mandating FF-A to the best of my knowledge. From Arm POV, if you want to isolate the normal world from malicious TAs/TEEs, Arm recommends using Hafnium Secure-EL2 reference. -
Okash: S-EL2 adds code/architecture complexity. Need an IOMMU that supports S-EL2. Must look at tradeoffs. If OEMs want other secure VMs, I can see the advantage. Would all vendors want this? Is there an option not to use this (secure EL2) solution? -
Matteo: Yes, TF-A doesn’t impose mandatory Hafnium usage. Can still use other SPM configs. From an upstream POV, there’s a limit to the long-term support for all the different configs. We can’t promise that EL3 SPMC will still be supported upstream in 2-3 years (though it can still be used downstream). -
DanH: If there’s partner demand for long term support of the EL3 SPMC, we’re open to other non-Arm maintainers helping out. -
Okash: Deprecating EL3 SPMC would send the message that Arm thinks partners should move to Hafnium (S-EL2). Not deprecating implies partners can choose. -
Matteo: Some components in TF-A aren’t maintained by Arm. -
Okash: Any discussions on long-term LTS releases? -
Matteo: Has been discussed in the past, also in a previous tech forum. This lost traction, but a recent security issue (Spectre-BHB) has brought it back. Arm isn’t in a position to maintain it ourselves. We can discuss lighter options, like hotfix releases to most recent tagged release, as recently added to TF-M. Could do similar in TF-A. Must consider the cost of various options.. -
Okash: Can look at the phone ecosystem as an example starting point for what is required. Could provide a rough gauge for how many years an LTS needs to be maintained. -
Dan: The cost of emulating the phone ecosystem would be high, for example you’d need to backport bug fixes to 3 year old releases. As Matteo says, this would be too much for Arm on its own. Partners would need to share those costs. -
Okash: Google is interested but would also need other partners too. -
Don: There’s a CI cost as well? -
Dan: Yes -
Matteo: Could this be a future TSC topic? -
Dan: May be a good maillist topic so that non-members can chime in. -
Okash: I restart the thread on the TF-A mailing list. -
Matteo: reviewed ongoing/future tasks -
MISRA tool integration into OpenCI now planned. Arm will remove reliance on internal instructure. -
See tech forum recording on DRTM here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ -
KangKang: How often will the roadmap be updated? -
Matteo: It’s a live doc. Will try to update every quarter, but at least every 6 months. These roadmap presentations are roughly every 6 months. -
Dan: TSC survey feedback: Should Open CI tasks be reviewed in TSC or Board? -
Matteo: Not much discussed in the Board meeting. Perhaps high level strategy in Board and ticket/plans reviewed by TSC? -
Dan: Should Board minutes be shared w/ TSC? -
Don: Ask the Board? -
Planned future TSC topics -
OP-TEE -
Action: Next session is an OP-TEE review. Don reach out to Rushika -
Trusted Services: by Shebu -
Open CI - a potential backlog/roadmap review in this round robin review
<end>