Hi All I am quite new to TF-M and would like some insight into the query below. I appreciate any help you can provide.
We're adding encryption support for ITS and for nonce requirement, we're thinking of accessing TRNG which is part of the crypto partition. Now, we're aware of the possible cyclic dependency issue with the IPC model but since we're using the SFN model, will it be okay to access crypto service(TRNG) from ITS? In other words, would cyclic dependency be a concern in SFN model provided there are no limitations on hardware?
Thanks in advance. Saurabh
Hi,
We have added a template for ITS encryption in this change: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/31166 You can check platform which are using "ITS_ENCRYPTION" for reference, the rp2350 is using this template solution.
For TRNG I'd suggest defining "MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG" in mbedtls_extra_config.h and implement "mbedtls_psa_external_get_random" function (the template using this method). The default entropy seed method is NV SEED in TFM, which could cause circular dependency, it should be disabled in config_tfm_target.h. The template is using the GCM authenticated encryption algorithm, you also must enable this in the mbedtls (extra) config file.
During our tests we used TFM medium profile. Regression tests are passed. I hope it helped.
Regards, Dávid
-----Original Message----- From: Jain, Saurabh via TF-M tf-m@lists.trustedfirmware.org Sent: 24 October 2024 19:58 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] ITS Encryption
Hi All I am quite new to TF-M and would like some insight into the query below. I appreciate any help you can provide.
We're adding encryption support for ITS and for nonce requirement, we're thinking of accessing TRNG which is part of the crypto partition. Now, we're aware of the possible cyclic dependency issue with the IPC model but since we're using the SFN model, will it be okay to access crypto service(TRNG) from ITS? In other words, would cyclic dependency be a concern in SFN model provided there are no limitations on hardware?
Thanks in advance. Saurabh -- TF-M mailing list -- tf-m@lists.trustedfirmware.org To unsubscribe send an email to tf-m-leave@lists.trustedfirmware.org
Hi Thank you for the response, this is extremely helpful.
I do have another question in general about SFN model. Since it is function call-based model, what could lead to possible deadlock/circular dependencies among partitions?
Example Imagine a system with two partitions, Partition A and Partition B, each providing specific services:
Partition A provides Service A1 and Service A2. Partition B provides Service B1 and Service B2.
Let’s say: Scenario 1 Service A1 in Partition A needs to call Service B1 in Partition B to perform part of its processing. Service B1, while processing, realizes it needs additional data and calls back to Partition A to access Service A2. We believe this is okay as we're not calling A1 again from B1?
Scenario 2 Service A1 in Partition A needs to call Service B1 in Partition B to perform part of its processing. Service B1, while processing, realizes it needs additional data and calls back to Partition A to access Service A1. This is going to be a problem and would lead to cyclic dependency.
Please correct me if I am missing something here.
Thank you! Saurabh
On 10/24/24, 4:38 PM, "David Hazi" <David.Hazi@arm.com mailto:David.Hazi@arm.com> wrote:
[External]
Hi,
We have added a template for ITS encryption in this change: https://urldefense.com/v3/__https://review.trustedfirmware.org/c/TF-M/truste... https://urldefense.com/v3/__https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/*/31166__;Kw!!A3Ni8CS0y2Y!5Q_QkRK4oLmdaMVlQdtWFOLrJBRCVxYrXvoMzuIh7AMsVMCJmfw7mdTVc0btBxDPnNT2WZ0Sh5UrB5jHym8$ You can check platform which are using "ITS_ENCRYPTION" for reference, the rp2350 is using this template solution.
For TRNG I'd suggest defining "MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG" in mbedtls_extra_config.h and implement "mbedtls_psa_external_get_random" function (the template using this method). The default entropy seed method is NV SEED in TFM, which could cause circular dependency, it should be disabled in config_tfm_target.h. The template is using the GCM authenticated encryption algorithm, you also must enable this in the mbedtls (extra) config file.
During our tests we used TFM medium profile. Regression tests are passed. I hope it helped.
Regards, Dávid
-----Original Message----- From: Jain, Saurabh via TF-M <tf-m@lists.trustedfirmware.org mailto:tf-m@lists.trustedfirmware.org> Sent: 24 October 2024 19:58 To: tf-m@lists.trustedfirmware.org mailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] ITS Encryption
Hi All I am quite new to TF-M and would like some insight into the query below. I appreciate any help you can provide.
We're adding encryption support for ITS and for nonce requirement, we're thinking of accessing TRNG which is part of the crypto partition. Now, we're aware of the possible cyclic dependency issue with the IPC model but since we're using the SFN model, will it be okay to access crypto service(TRNG) from ITS? In other words, would cyclic dependency be a concern in SFN model provided there are no limitations on hardware?
Thanks in advance. Saurabh -- TF-M mailing list -- tf-m@lists.trustedfirmware.org mailto:tf-m@lists.trustedfirmware.org To unsubscribe send an email to tf-m-leave@lists.trustedfirmware.org mailto:tf-m-leave@lists.trustedfirmware.org
Hi Saurabh,
this is correct. Note that currently all TF-M partitions host a single service each, so this practically means that partitions themselves can't have cyclical dependencies.
Thanks, Antonio ________________________________ From: Jain, Saurabh via TF-M tf-m@lists.trustedfirmware.org Sent: Friday, October 25, 2024 15:58 To: David Hazi David.Hazi@arm.com; tf-m@lists.trustedfirmware.org tf-m@lists.trustedfirmware.org Subject: [TF-M] Re: ITS Encryption
Hi Thank you for the response, this is extremely helpful.
I do have another question in general about SFN model. Since it is function call-based model, what could lead to possible deadlock/circular dependencies among partitions?
Example Imagine a system with two partitions, Partition A and Partition B, each providing specific services:
Partition A provides Service A1 and Service A2. Partition B provides Service B1 and Service B2.
Let’s say: Scenario 1 Service A1 in Partition A needs to call Service B1 in Partition B to perform part of its processing. Service B1, while processing, realizes it needs additional data and calls back to Partition A to access Service A2. We believe this is okay as we're not calling A1 again from B1?
Scenario 2 Service A1 in Partition A needs to call Service B1 in Partition B to perform part of its processing. Service B1, while processing, realizes it needs additional data and calls back to Partition A to access Service A1. This is going to be a problem and would lead to cyclic dependency.
Please correct me if I am missing something here.
Thank you! Saurabh
On 10/24/24, 4:38 PM, "David Hazi" <David.Hazi@arm.com mailto:David.Hazi@arm.com> wrote:
[External]
Hi,
We have added a template for ITS encryption in this change: https://urldefense.com/v3/__https://review.trustedfirmware.org/c/TF-M/truste... https://urldefense.com/v3/__https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/*/31166__;Kw!!A3Ni8CS0y2Y!5Q_QkRK4oLmdaMVlQdtWFOLrJBRCVxYrXvoMzuIh7AMsVMCJmfw7mdTVc0btBxDPnNT2WZ0Sh5UrB5jHym8$ You can check platform which are using "ITS_ENCRYPTION" for reference, the rp2350 is using this template solution.
For TRNG I'd suggest defining "MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG" in mbedtls_extra_config.h and implement "mbedtls_psa_external_get_random" function (the template using this method). The default entropy seed method is NV SEED in TFM, which could cause circular dependency, it should be disabled in config_tfm_target.h. The template is using the GCM authenticated encryption algorithm, you also must enable this in the mbedtls (extra) config file.
During our tests we used TFM medium profile. Regression tests are passed. I hope it helped.
Regards, Dávid
-----Original Message----- From: Jain, Saurabh via TF-M <tf-m@lists.trustedfirmware.org mailto:tf-m@lists.trustedfirmware.org> Sent: 24 October 2024 19:58 To: tf-m@lists.trustedfirmware.org mailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] ITS Encryption
Hi All I am quite new to TF-M and would like some insight into the query below. I appreciate any help you can provide.
We're adding encryption support for ITS and for nonce requirement, we're thinking of accessing TRNG which is part of the crypto partition. Now, we're aware of the possible cyclic dependency issue with the IPC model but since we're using the SFN model, will it be okay to access crypto service(TRNG) from ITS? In other words, would cyclic dependency be a concern in SFN model provided there are no limitations on hardware?
Thanks in advance. Saurabh -- TF-M mailing list -- tf-m@lists.trustedfirmware.org mailto:tf-m@lists.trustedfirmware.org To unsubscribe send an email to tf-m-leave@lists.trustedfirmware.org mailto:tf-m-leave@lists.trustedfirmware.org
-- TF-M mailing list -- tf-m@lists.trustedfirmware.org To unsubscribe send an email to tf-m-leave@lists.trustedfirmware.org
tf-m@lists.trustedfirmware.org
-
Antonio De Angelis -
David Hazi -
Jain, Saurabh