Hi All,
The next TF-A Tech Forum is scheduled for Thu 8th April 2021 16:00 – 17:00 (BST).
Agenda:
* TF-A OpenCI Update and Q&A
* Lead by Joanna Farley
* Following the posting in late March https://lists.trustedfirmware.org/pipermail/tf-a/2021-March/001045.html announcing the availability of the OpenCI this session is an update on the status and a run through of what’s available in the OpenCI to project contributors. I will have representatives from the OpenCI infrastructure team from Linaro along side TF-A project members familiar with the TF-A CI testing on the call to help answer any questions.
* Attached is an early draft of the OpenCI documentation with Version 1.0 expected soon.
Thanks
Joanna
raghu.ncstate(a)icloud.com:
> Are you pushing ssh://<username>@review.trustedfirmware.org:29418/TF-A/trusted-firmware-a HEAD:refs/for/integration?
> Note that 29418 port. That tripped me up initially. It is not clear from your earlier emails where you cloned from(review.trustedfirmware.org or git.trustedfirmware.org).
[α] links to [β] which recommends
# git clone "https://review.trustedfirmware.org/TF-A/trusted-firmware-a"
I had an existing repository (most contributors probably do) and used
'git add remote' and 'git fetch' instead.
[α] recommends
# git push <remote-name> HEAD:refs/for/integration%<topic-branch>
As expected, the host requires a password.
# git push ssh://<user>@review.trustedfirmware.org:29418/TF-A/trusted-firmware-a HEAD:refs/for/integration?
-> fatal: invalid refspec 'HEAD:refs/for/integration?'
Anyhow, the host would require an SSH key.
[α] https://developer.trustedfirmware.org/w/tf_a/gerrit-getting-started/
[β] https://review.trustedfirmware.org/admin/repos/TF-A%2Ftrusted-firmware-a
Hi
Trusted Firmware M recently introduced protection against glitching at
key decision points:
https://github.com/mcu-tools/mcuboot/pull/776
To me this is a key mitigation element for companies that target PSA
level 3 compliance which means hardware attacks resilience.
I believe similar techniques need to be used in different projects
involved in Linux secure booting (TF-A, OP-TEE, U-Boot, Linux kernel).
Are there any efforts planned around this ?
Is it feasible to have a "library" that could be integrated in
different projects?
Cheers
FF
To += op-tee(a)lists.trustedfirmware.org<mailto:op-tee@lists.trustedfirmware.org>
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of François Ozog via TF-A
Sent: 26 March 2021 19:08
To: Heinrich Schuchardt <xypron.glpk(a)gmx.de>
Cc: tf-a(a)lists.trustedfirmware.org; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; Ilias Apalodimas <ilias.apalodimas(a)linaro.org>
Subject: Re: [TF-A] Firmware FuSa workshop
Le ven. 26 mars 2021 à 18:42, Heinrich Schuchardt <xypron.glpk(a)gmx.de<mailto:xypron.glpk@gmx.de>> a écrit :
On 26.03.21 16:05, François Ozog wrote:
> Hi,
>
>
> Linaro is conducting an opportunity assessment to make OP-TEE ready for
> functional safety sensitive environments. The goal is to present a plan to
> Linaro members by the end of July 2021.
>
> The scope of the research is somewhat bigger because we can’t think of
> OP-TEE without thinking of Trusted Firmware and Hafnium. The plan will
> though not address those (unless we recognize we have to). We don’t think
> U-Boot shall be part of the picture but we are welcoming contradictory
> points of views.
Hello François,
Some boards boot via SPL->TF-A->U-Boot. Here U-Boot's SPL is relevant
for OP-TEE's security.
U-Boot can save variables via OP-TEE (implemented by Ilias). In this
case OP-TEE has an implication on secure boot.
I fully understand that these scenarios are not in the focus of the
workshop.
it may if companies have this particular flow in mind for safety certification. Our goal is not to make all boot flows safety ready but to identify which ones we need to consider. And the workshop may help in this identification.
Best regards
Heinrich
>
> We are organizing a 2 hours workshop on April 15th 9am CET to mostly hear
> about use cases and ideas about Long Term Support requirements . We will
> present the state of the research.
>
> The first use case is booting a safety certified type-1 hypervisor (open
> source or commercial is irrelevant).
>
> But we know there are many more: please be ready to contribute.
>
> We think of more radical use cases: a safety payload is actually loaded as
> a Secure Partition on top of Hafnium with OP-TEE or Zephyr used as a device
> backends. In other words, Trust Zone hosts both safety and security worlds
> , EL3 being the « software root of trust » pivot world. In those cases,
> some cores never go out of secure state…
>
>
> Agenda (to be refined)
>
> -
>
> Vision
> -
>
> State of the research
> <https://docs.google.com/presentation/u/0/d/1jWqu39gCF-5XzbFkodXsiVNJJLUN88B…>
> -
>
> Use cases discussion
> -
>
> What is the right scope?
> -
>
> “Who do what” discussion (LTS, archiving...)
> -
>
> Safety personnel (Linaro and contractors) discussion
> -
>
> Other considerations from participants?
> -
>
> Community organizations and funding?
> -
>
> Closing and next steps
>
>
> Should you want to participate and have not yet received an invite, please
> contact me directly.
>
> Cordially,
>
> François-Frédéric
>
> PS: Please reach out should you want another date with a time compatible
> with more time zones. This alternate date is not guaranteed though.
>
>
--
[https://drive.google.com/a/linaro.org/uc?id=0BxTAygkus3RgQVhuNHMwUi1mYWc&ex…]
François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group
T: +33.67221.6485
francois.ozog(a)linaro.org<mailto:francois.ozog@linaro.org> | Skype: ffozog
Hi Everyone,
I wanted to give an update on the availability of the TF-A OpenCI. Recognised projects contributors can now invoke the OpenCI on patches they submit or patches they review through Gerrit and so view results and fix any issues identified without an Arm reviewer having to intercede and start the Open CI for them.
This is achieved in Gerrit patches (https://review.trustedfirmware.org/p/TF-A/trusted-firmware-a/+/dashboard/si…) by setting the Allow-CI label with +1 or +2 where +1 is a light level of testing and +2 includes additional tests on top of the +1 tests. Results are linked to in the Gerrit patch comments.
Recognised projects contributors is currently seeded as everybody listed in https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/about… including all maintainers and code-owners. The intent going forward is to include others when vouched for by other recognised projects contributors. In this way we hope to be open to all project contributors to have access to the OpenCI while providing some protection to the OpenCI back end resources.
The plan is to have another TF-A Tech-Forum session on the OpenCI on 8th April 2021 where more of the details of the OpenCI can be shared, discussed and questions can be taken.
For now please experiment with the OpenCI through your patch submissions or reviews. Please be aware this is a shared resource and use when appropriate during the patch review and be tolerant if its not quite perfect yet. Please rest assured the existing Legacy CI is still available during this transition to the OpenCI where needed to help ensure patches are adequately tested to maintain repository quality levels.
I’ll like to say a big thanks to the Linaro team working in the background to provide the OpenCI service to the TF-A project.
Cheers
Joanna
Hi,
Linaro is conducting an opportunity assessment to make OP-TEE ready for
functional safety sensitive environments. The goal is to present a plan to
Linaro members by the end of July 2021.
The scope of the research is somewhat bigger because we can’t think of
OP-TEE without thinking of Trusted Firmware and Hafnium. The plan will
though not address those (unless we recognize we have to). We don’t think
U-Boot shall be part of the picture but we are welcoming contradictory
points of views.
We are organizing a 2 hours workshop on April 15th 9am CET to mostly hear
about use cases and ideas about Long Term Support requirements . We will
present the state of the research.
The first use case is booting a safety certified type-1 hypervisor (open
source or commercial is irrelevant).
But we know there are many more: please be ready to contribute.
We think of more radical use cases: a safety payload is actually loaded as
a Secure Partition on top of Hafnium with OP-TEE or Zephyr used as a device
backends. In other words, Trust Zone hosts both safety and security worlds
, EL3 being the « software root of trust » pivot world. In those cases,
some cores never go out of secure state…
Agenda (to be refined)
-
Vision
-
State of the research
<https://docs.google.com/presentation/u/0/d/1jWqu39gCF-5XzbFkodXsiVNJJLUN88B…>
-
Use cases discussion
-
What is the right scope?
-
“Who do what” discussion (LTS, archiving...)
-
Safety personnel (Linaro and contractors) discussion
-
Other considerations from participants?
-
Community organizations and funding?
-
Closing and next steps
Should you want to participate and have not yet received an invite, please
contact me directly.
Cordially,
François-Frédéric
PS: Please reach out should you want another date with a time compatible
with more time zones. This alternate date is not guaranteed though.
--
François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group*
T: +33.67221.6485
francois.ozog(a)linaro.org | Skype: ffozog