Hi,
Please see minutes from last week's TSC below.
Best regards,
Don
- Sent on behalf of TSC Chair
*Attendees*: Don, Dan H, Abhishek, Kevin Oerton, David Brown, Julius
Werner, Andrej Butok, Joakim Bech, KangKang Shen, Dave Cocca, Kevin
Townsend, Michael Thomas
*Actions*:
-
ACTION: DavidB send a note to Brett and ask for details on Groups.io
options. Ask about options
-
-
ACTION: Don to add DavidB to the Groups.io tickets (IT, and Tasks). Done
- ACTION: Abhishek Pandit <abhishek.pandit(a)arm.com> to reach out
Kangkang for a side discussion on exclusive language.
-
ACTION: Joakim to follow up with Kangkang for the use of multiple cores
on the Secure World side.
*Minutes*:
-
AP: Introduce Kevin Oerton. Focus PSA Certs on ST and moving to
Cortex-A. A self-defending security platform. Comes with “Cyber warranty”
model. Incorporated in US, working out of Toronto
-
Brief intros from the rest of the team
-
Kevin Townsend - Linaro LITE
-
Dan H: Arm, TSC rep. TF-A history but interested in lots more.
-
KK: Futurewei. Chief F/W architect at Huawei before splitting out
into Futurewei.
-
David Brown: Linaro - LITE. On Security Working Group but on Linaro
LITE. MCUBoot Maintainer, Security Arch. for Zephyr
-
Dave C: Renesas: Interested in TF-M and M bed TLS to support Micro
Controllers
-
Andrej B: NXP Czech republic. TSA, TF-M, and more. Support 4
platforms w/ SDK with more to come. Still needs to be upstreamed with
limited resources. Plan to bring an intern on board to accelerate
upstreaming.
-
AP: Is Zephyr team working w/ TF-M?
-
AB: No contributions at this time. Not enough resources to support
upstream TF-M, hoping to change that
-
JoakimB: Sweden, Linaro. Started the Security Working Group. Now
transitioned. An OP TEE Maintainer, but no longer reviewing all
patches.
Now focusing on DT, Boot Architecture, Provisioning, and Remote attention
to name a few. Also handles Security Issues. Includes OP-TEE and more.
-
JuliusW: Google on ChromeOS. Using TF-A for 5 years now. Other Google
teams interested in Hafnium
-
MichaelT: Renesas working for Dave Cocca. Focused on Renesas RA
security solutions.
-
Abhishek: Arm, Cambridge. At Arm for 5 years, lead TF-M from the
start. Manage all firmware teams including TF-A, TF-M, and
more. Focus on
all
-
Groups.io status
-
DanH: Started in May that Groups.io started as a good replacement for
Mailman. Approved by the board to move forward. Included
Domain support.
Ended up not getting a non-profit discount. Since November, Don, Linaro
IT, and I have been investigating. Used a Linaro Service Desk ticket.
-
DanH: Linaro IT (Philip) helped a lot with limitations. Migration
not straight forward and getting very limited support
-
DanH: Archive migration may be a blocker. Also how to do the
switchover with blackout periods but not getting support here.
Potentially
could do archive migration later but not sure if this is possible or what
the behavior is when replying to a mail not in groups.io.
-
DavidB: On last point, got this working for Zephyr. Wasn’t very
friendly. Was all settings adjustments that can be overridden per user.
-
DanH: Private groups can’t become public later. Limited support
response but it may be because we are only evaluating (not paid any
money). Linaro IT is not supportive of this so making the transition
harder.
-
DavidB: Has a bulk suggest option where you can email people to ask
them to sign up.
-
Don: How far was zephyr in when the transition happened? How many
lists?
-
DavidB: Came in after and used David as Admin to go fix issues.
-
DavidB: Was this discussed with Zephyr to see how they transitioned.
-
ACTION: DavidB send a note to Brett and ask for details. Ask about
options
-
Joakim: Maintain OP TEE list. Have added spam filters as we have
moved along, but now going pretty well.
-
DavidB: Zephyr uses Groups.io for mailing lists and group calendars.
A calendar is available that works ok. There is a bug on
Daylight Savings
so must use UTC. ~1000 people on the main mailing lists. Mostly was
migrated.
-
Abhishek: Want to transfer Archives, and Groups.io has to do that.
-
DavidB: Do we get that support if enterprise?
-
ACTION: Don to add DavidB to the tickets (IT, and Tasks).
-
Joakim: Have a long list of senders filters; can we re-use this for
other lists? Any automation on that?
-
Abhishek: Inclusive Language / Code of Conduct
-
Abhishek: Shared both Community Guideline and Code of Conduct
-
Abhishek: Text from what was agreed in the email
-
DaveC: Don’t see issues. Like the retrospective comments that don’t
need to go back and correct existing content but only for new comments.
-
Abhishek to send out a note with Deadline.
-
KK: Like Coding Standard but no in Code of Conduct. A technical
requirement when coding. But not a code of conduct
-
Abhishek: That’s in a different location. Started with Eclipse as an
example for Code of Conduct. Lots of adopters using this -
https://www.contributor-covenant.org/
-
There was consensus from many in the meeting
-
KK: Inclusive Language is a technical requirement.
-
ACTION: Abhishek Pandit <abhishek.pandit(a)arm.com> to reach out
Kangkang for a side discussion.
-
Abhishek: Should this go to vote or just do this?
-
Julius: who enforces is often changed?
-
Julius: Just have it so that TSC members make the decisions.
-
Who decides how to handle it?
-
Board or TSC.
-
Needs to come up to Board.
-
Breaches won’t decide when they happen
-
Conclusions: Leave as is and sending to
enquiries(a)trustedfirmware.org is good for now.
-
No objections. No vote to occur on this.
-
KK: Can we load multi-core in Trusted Firmware? TF-A
-
DavidB: Do that already? Cypress?
-
DanH/Joakim: TF-A has always been multi-core
-
Runtime code is multi-core. PSCI Spec describes this.
-
DanH: It seems that KK is actually talking about the secure world
spawning additional threads on other cores when servicing normal world
requests. This may require discussion with the Firmware Framework-A spec
people at Arm so that the normal world can account for this work..
-
ACTION: Joakim to follow up with KK on multiple cores on the Secure
World side.
Hi all
Attached are 3 slides I prepared on the groups.io topic.
Regards
Dan.
From: TSC <tsc-bounces(a)lists.trustedfirmware.org> On Behalf Of Abhishek Pandit via TSC
Sent: 20 January 2021 19:41
To: tsc(a)lists.trustedfirmware.org
Subject: Re: [TF-TSC] TSC Agenda 21 Jan 2021
Updated agenda:
* Review community guideline draft - https://developer.trustedfirmware.org/w/collaboration/community_guidelines/
* groups.io update from Dan Handley
Thanks,
Abhishek
From: Abhishek Pandit
Sent: 18 January 2021 12:03
To: tsc(a)lists.trustedfirmware.org<mailto:tsc@lists.trustedfirmware.org>
Subject: TSC Agenda 21 Jan 2021
Hi All,
Any agenda items for this week's meeting? Can I please have responses by the end of Tuesday 19th?
Currently on the agenda:
* Review community guideline draft - https://developer.trustedfirmware.org/w/collaboration/community_guidelines/
Thanks,
Abhishek
Hi,
On Tue, 19 Jan 2021 at 23:11, Julius Werner via TSC <
tsc(a)lists.trustedfirmware.org> wrote:
> Hi Abhishek,
>
> > Review community guideline draft -
> https://developer.trustedfirmware.org/w/collaboration/community_guidelines/
>
> Is the intention that we review this draft before the meeting so that
> we can discuss it there? Because all I can access is a stub page that
> links to two other pages (inclusive language and code of conduct),
> both of which I do not have permission to open. Please fix the
> permissions on those if they are ready for review.
>
Same here with the permission and I also wondered the same.
Regards,
Joakim
Hi Abhishek,
> Review community guideline draft - https://developer.trustedfirmware.org/w/collaboration/community_guidelines/
Is the intention that we review this draft before the meeting so that
we can discuss it there? Because all I can access is a stub page that
links to two other pages (inclusive language and code of conduct),
both of which I do not have permission to open. Please fix the
permissions on those if they are ready for review.
Thanks,
Julius
Cancelled. Please note that in cancelling today's meeting I
accidentally cancelled the series, so I had to also send out a new invite
to get those back in your calendar for the upcoming 3rd thursdays of each
month. Sorry about that.
Don
On Thu, 17 Dec 2020 at 05:16, Abhishek Pandit via TSC <
tsc(a)lists.trustedfirmware.org> wrote:
> Hi All,
>
>
>
> There is no agenda for the meeting so I suggest we cancel it.
>
>
>
> Thanks,
>
> Abhishek
>
>
>
> *From:* Abhishek Pandit
> *Sent:* 15 December 2020 17:34
> *To:* tsc(a)lists.trustedfirmware.org
> *Subject:* TSC Agenda 17 Dec 2020
>
>
>
> Hi All,
>
>
>
> Any agenda items for this week’s meeting?
>
>
>
> Thanks,
>
> Abhishek
> --
> TSC mailing list
> TSC(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tsc
>
Dear TSC,
I sent the summary below to the board yesterday and Dan suggested it would
be good to share with the TSC as well.
Let me know if you have any questions. :)
Best regards,
Don
---------- Forwarded message ---------
From: Don Harbin <don.harbin(a)linaro.org>
Date: Wed, 2 Dec 2020 at 16:18
Subject: New Blog posts / website updates FYI
To: <board(a)lists.trustedfirmware.org>
Hi all,
I wanted to make sure you all were aware of some new content on the website
and the Phabricator (wiki). Below are the items of note:
- TF-M 1.2 release blog here:
- https://www.trustedfirmware.org/blog/tfm-v1-2-blog/
- TF-A 2.4 release w/ Secure ELS here:
- https://www.trustedfirmware.org/blog/TF-A-and-Hafnium-v2.4-release/
- You will see the updated TF Member list on the website now including
our newest two members (NXM and OMP - Welcome!).
- https://www.trustedfirmware.org/
- I've had our public meeting calendar integrated into the top of the
meetings page.
- This calendar will improve over time as we get all TF projects
public meetings integrated in. It will also provide a quick way to get
up-to-date dial in info for the meetings (some members have had issues
getting the invites into their corporate email accounts)
- https://www.trustedfirmware.org/meetings/
- Finally, per the last Board meeting, I had an action to provide
Board access to the new Community Development project on Phabricator that
has been proposed. It took me a bit of time to get the content to a place
where it was ready to share; I think it's much closer now. Please take a
look
- Community Development Project Home:
https://developer.trustedfirmware.org/project/profile/24/
- Tasks currently tracking:
https://developer.trustedfirmware.org/maniphest/
- Wiki home page for this with content relevant to submitting and/or
getting involved in TF ecosystem tasks:
https://developer.trustedfirmware.org/w/collaboration/community_development/
NOTE: There were ~5 or so individuals subscribed to the TF Board maillist
that I couldn't map emails to github accounts needed to provide access. So
if you have problems accessing the above, just drop me a note with your
github credentials that you use to log into the phabricator/wiki and I can
add you.
Note also that I gave access to the members of the TSC as requested by Dan
H (again, only for those that I could find github credentials in
phabricator).
Please feel free to send me a note with any questions. We also have the
board meeting Dec 9th, so we can have related discussions at that time as
well (if time allows)
Best regards,
Don
Attendees:
Joakim Bech (Linaro)
Dan Handley (Arm)
Eric Finco (ST)
Abhishek Pandit (Arm)
David Brown (Linaro)
Ashutosh Singh (Arm)
Kevin Townsend (Linaro)
Andrej Butok (NXP)
Dave Cocca (Renesas)
KangKang Shen (FutureWei)
Julius Werner(Google)
Lionel Debieve (ST)
ACTION: AP to propose specific website updates to TSC that incorporates inclusive language text.
ACTION: All to review Joakim's security incident flow diagrams
ACTION: Dan to ask Don about opening up community project items in Phabricator
Minutes:
AP: Light agenda today. Just an update on previous approvals.
AP: Trusted Services project is approved by TSC. There are some pending Arm internal approvals that have nearly completed. Expect to push first patches in the coming week.
AP: Inclusive language proposal is approved by TSC.
AP: Propose to have code of conduct page on website. Could be based on another org's policy. Zephyr looks a good candidate.
AP: Also want to provide a short info about the organization structure on the main website
AP: Inclusive language draft can then be incorporated into those pages.
ACTION: AP to propose specific website updates to TSC that incorporates inclusive language text.
AP: Expectation then will be that project leads will add the text to their own project specific documentation (e.g. coding guidelines).
AP: AOB?
KKS: Was looking for public meeting link for tech forums. Couldn't find them.
AP: We can move the links somewhere more obvious if you want?
KKS: Actually the link in "News & Blogs" is good enough. Just need to get used to the new site.
https://www.trustedfirmware.org/meetings/
JB: We purchased GP test suite a while ago. Since about 3 weeks ago this is now integrated into OP-TEE CI system.
https://optee.readthedocs.io/en/latest/building/gits/optee_test.html#extend…
JB: Have been trying to supplement security incident process with diagrams. Have had early feedback from some (e.g. DH). Now would like to share with TSC for feedback.
https://people.linaro.org/~joakim.bech/tf/
JB: Think this is necessary as the text is quite complex.
https://developer.trustedfirmware.org/w/collaboration/security_center/repor…
DH: Agree. Really useful to show default flow in 1st diagram. Text is complicated due to lots of potential caveats. Each project could show their own specific flow if needed.
DH: Diagrams 2-3 are more linked to the process for security team members so could be added there
https://developer.trustedfirmware.org/w/collaboration/security_center/setup…
AP: Could also write a blog that uses these diagrams and explains the caveats in more detail.
DH/JB: Might need to look at colour scheme before integrating to website
ACTION: All to review Joakim's security incident flow diagrams
AP: 2 other in-progress items: Migration to groups.io and prototyping GitHub/Gerrit integration. Was hoping for update from Don on that.
DH: This and other board/TSC items are captured in Phabricator but visibility is limited at present. We should get those opened up, at least for all board/TSC members
ACTION: Dan to ask Don about opening up community project items in Phabricator
Hi All,
Any agenda items for this week's meeting?
Following are on my list currently
* Inclusive Language guidelines
* Trusted Services project
Thanks
Abhishek
