Hi all
We currently do have any topics ready to discuss in tomorrow's meeting. The next scheduled roadmap update is TF-A/Trusted Services but our tech manager is not ready to do this tomorrow. Therefore I'm proposing to cancel unless anyone has any urgent topics?
Also, the following TSC is scheduled for 16th May, which is during Linaro Connect. I propose bringing this forward a week to the same time on 9th May. Let me know if you have any issues with this. Also, at the last Linaro Connect, we had an informal TF.org Board/TSC meeting for those present. Is there any interest in doing this again?
Regards
Dan.
Present:
Shebu Varghese Kuriakose (Arm)
Dan Handley (Arm)
Dave Rodgman (Arm)
Antonio De Angelis (Arm)
Frank Audun (Nordic)
PJ Bringer (ProvenRun)
Janos Follath (Arm)
Andrej Butok (NXP)
Joanna Farley (Arm)
David Brown (Linaro)
Julius Werner (Google)
Ruchika Gupta (NXP)
Michael Thomas (Renesas)
Dominik Ermel (Nordic)
Moritz Fischer (Google)
Eric Finco (ST)
Shebu gave Mbed TLS roadmap update (attached):
* Thread safety on PSA Crypto
* Allow building without software crypto implementation
* Enable TLS 1.3 by default
* Arm v8-A crypto extension support
Shebu: Want to align PSA Crypto headers in TF-M and Mbed TLS in the next TLS of both projects
Shebu: Would like feedback on the PSA Crypto thread safety when teams start to use it
Frank: Regarding schedule, we want to align with Zephyr LTS. Can we get Mbed TLS and TF-M LTS into Zephyr LTS?
Frank: Will propose to Zephyr security committee that Zephyr takes Mbed TLS 3.6 anyway even though it's not quite ready
Shebu: Understand that there were issues in the past when Zephyr took a non-LTS Mbed TLS
Shebu: Definitely happy to line up the ducks here
Shebu: Hopefully when we do TF-M LTS in April there will be enough buffer to get this into Zephyr LTS
Shebu: There will be a change in the Mbed TLS LTS cadence so both Mbed TLS and TF-M LTS cadence will be every 18 months.
Frank: Need some out of tree patches to enable certain TLS/DTLS use-cases using PSA Crypto API
Shebu: Think we're in a better place than we were with Mbed TLS 3.1/3.2
Shebu: After 3.6 LTS is out, it implies all new features will be on the 4.0 codeline
Shebu: Need to do a lot of planning before we can give dates for this
Shebu: 4.0 will make PSA Crypto the default main crypto API.
DaveR: I think we're agreed we want to remove (not deprecate) the legacy cipher interfaces
DaveR: A lot of config options for legacy interface will be removed (PSA_WANT_* will be the default way of configuring)
Shebu: Please check for notifications in the mailing list about interface deprecation proposals
Ruchika: With respect to PSA Crypto repo separation, will people be able to integrate Mbed TLS with their own PSA Crypto implementation?
Janos: Probably not a goal of 4.0 but eventually would like to make that possible.
Janos: 4.0 is already quite ambitious so that is probably not realistic
Ruchika: Trying to enforce the removal of usage of the legacy interfaces, so wanted to confirm that's the plan
DaveR: Yes, that's the plan
Shebu: If anyone is able to help contribute to 4.0, that will help get it out the door earlier
Shebu: I know Ruchika was asking about benchmarking support but that's currently a future item in the roadmap
Frank: Don't see any PQC on this roadmap.
Frank: There is one implementation but not a standardised PSA Cypto API. Will it be moved?
Shebu: The algorithm in question (LMS) was implemented to unblock Arm's Runtime Security Engine (RSE) team but other algorithms are not on the roadmap yet.
Frank: Will there be a PSA Crypto API 1.3 to fix issues in the PSA API GitHub?
Shebu: I'm sure eventually there will be a PSA Crypto API 1.3. We'll add this to the roadmap.
AOB:
Dan: Don finally removed support for Phabricator (developer.trustedfirmware.org) and put it in an archive.
Dan: There are still a few references to this being fixed in the project documentation and website.
Dan: When complete, individual projects should notify their respective MLs.
Dan: We added security.txt file to the website. It's the standard approach to providing security information for issue reporting.
https://www.trustedfirmware.org/.well-known/security.txt
Dan: cgit is being deprecated too. https://git.trustedfirmware.org/ will soon point to gitiles (the in-built Gerrit web interface) instead.
Dan: git commands should continue to work as before.
Dan: Redirects will be in place for high level links to projects/files.
Dan: More specific links to versions/branches may get broken.
Dan: We're doing this to enable support for private branches/repos in Gerrit. Cgit bypasses Gerrit access permissions.
Frank: We were part of defining the ADAC spec. Before it was moved to TF.org ownership.
Frank: It currently seems a bit disconnected from TF-M. It still uses legacy Mbed TLS APIs.
Frank: Any plans to fix this? We're willing to help.
Frank: Would like this to be an officially supported feature.
Shebu: It's not abandoned. People are still working on it.
Shebu: It moved to tf.org to become a reference implementation.
Shebu: We put it in a separate repo as we thought other projects might be able to use it
Shebu: Currently only has MUSCA platforms support
Shebu: We want to enable using this at runtime not just boot time
Shebu: Agree we need to move to using PSA Crypto API. Think there also some usage of other non-MBed TLS Crypto API
Dan: Is this on the roadmap?
Shebu: ADAC runtime support is on the roadmap. We will have to look into legacy API deprecation.
Shebu: Think we're looking for co-maintainers for this. Only a couple of Arm people are on it.
Frank: We can put forward a couple of candidates
Frank: Visibility within TF-M project is what we'd like. We want to make this generically usable.
Frank: Certificate management testing scripts are still internal to the authors of the spec. It might make sense for TF.org to own them publicly, although they might give the wrong impression
Frank: We can take the details offline but we're happy that ADAC is still being developed
Shebu: Linaro connect is approaching. We have a couple of session submissions around TF.org
Hi all,
This is the agenda we have for tomorrow's TSC meeting:
*
mbed TLS roadmap update (@Shebu)
*
AOB
Please let me know if you have any specific topic you would like to add or have it discussed.
Thanks, Antonio
Dear all,
this is a reminder to call for an agenda for the upcoming TSC meeting. The Mbed TLS roadmap update originally planned has been postponed to the March TSC, so at the moment the agenda is empty. If you have anything to discuss please let me know by Tomorrow (14th) COB.
Thanks, Antonio
Hi all
Below are the minutes for last week's meeting (thanks to Antonio).
Regards
Dan.
=====
Shebu Varghese Kuriakose (Arm)
Dan Handley (Arm)
Antonio De Angelis (Arm)
Joanna Farley (Arm)
Pierre-Julien Bringer (ProvenRun)
Camille Greusard (ProvenRun)
Julius Werner (Google)
Moritz Fischer (Google)
Jidong Sun (Google)
KangKang Shen (FutureWei)
Eric Finco (ST)
Frank Audun (Nordic)
Andrej Butok (NXP)
Silvano Di Ninno (NXP)
David Brown (Linaro)
Dan: Welcome to Jidong (new Google rep, replacing Okash) and new members ProvenRun (Pierre-Julien and Camille)
Dan: Starting a new round of roadmap updates, starting with TF-M
Shebu presented TF-M roadmap (attached)
Shebu: Achievements of tf-m 2.0.0:
* Reduction in size for ECDSA using P256M
* Usage of split-build
* New mailbox non-secure agent api
* Non-secure interrupt latency for isolation level > 1
Shebu: Introduction and planning for LTS
* Previous plan was do first LTS in Jan. New plan is April
Shebu: Work continues on Hybrid Platforms
Shebu: TLS connection use case
* Realigning the full headers mainly
Shebu: Impact of LTS on PSA Certified.
* LTS released every 18 months and supported for 36 months. Bug fixes and security fixes backported.
* This will be delta evaluations for the PSA labs, and this will allow partners to keep certification on that branch
Shebu: Platform ports will be allowed on this LTS Branch when those happen
Eric: Sounds good. Will Mbed TLS will move to a similar cadence?
Shebu: Yes. Mbed TLS has had LTS for a long time, but now it's moving to 3 year support, which aligns with TF-M.
Shebu: Will have a new one every 18months (lifetime 3 years).
Dan: Also welcome to Frank, the new rep from Nordic...
Frank: Is there a lead time on the PSA labs to allow such cadence?
Shebu: Important consideration. If there's an external vulnerability, we might not be in control of public disclosure.
Shebu: TF.org security incident process will follow its own process. TF-M will push out it's fix as soon as it can. Trusted Stakeholders will get the fix under embargo.
Shebu: Not necessarily aligned with Trusted Lab release schedule.
Shebu: We have been clear with PSA certified program, but currently there is no guarantee on time needed for the new release to be validated before the vulnerability goes public.
Frank: I'm less concerned about security handling. More that companies might ask the same service from the same company at the same time.
Shebu: TrustCB have been very engaged with the process. You're right this is a concern.
Shebu: But it's not a separate process that everybody has to do when there's a new release. All can benefit from the same handling.
Shebu: PSA labs can share reports generated by other labs so easing the pressure around recertification for platforms
Shebu: If it's a generic fix, it will get applied to all platforms.
Frank: Good, there's some sharing of effort.
Shebu: In next release can move from RSA to ECDSA
* Blocked on moving to this lightweight PSA crypto layer.
Antonio: Looks like it will be in TF-M 2.1
Shebu: Are we expecting some mem size reduction?
Antonio: At least the same size or lower.
Eric: Will Cryptocell refactoring be done without breaking compatibility?
Shebu: Yes, we already moved to PSA Crypto interface before so this is just changing things underneath
Shebu: Enabling TF-M on RSE (formally known as RSS) is not shown on the roadmap
* RSE is firmware for a complete secure enclave. RSE has been presented in one of the previous TF-M tech forums
ProvenRun introduction (Camille):
* We're a French company providing security services. e.g. for Defence, IoT, ...
* Providers of secure operating systems for Cortex-M.
* Currently we integrate TF-M partitions from the upstream repository. This solution is currently delivered to STM (using our own SPM + TF-M partitions).
* Compatibility with official TF-M is important
* We're interested in technical subjects and future developments. Happy with the TF-M presentation contents just showed
* Interested in TF-M community and being a contributor in future.
* Do not hesitate to get in touch. Either Camille or Pierre-Julien will attend this TSC
Shebu: On the A profile, is that a trusted execution environment or a trusted operating system?
Camille: Just M-profile, it was a misunderstanding earlier.
Frank also briefly introduced Nordic/himself:
Frank: Nordic started on tiny ASICs. Now have more and more complex devices.
* Interested in MbedTLS, MCUBoot, TF-M, Zephyr
* Managed to get optimised signature verification working in products
* Very open source oriented.
Dan: Silvano is also new to the TSC
Silvano: Just filling in for Ruchika this time.
Dan gave a Phabricator migration update (Dan)
* Migration going well.
* Just TF-A and Mbed TLS project pages remaining.
* Created https://github.com/TrustedFirmware/tf_docs rendered in readthedocs for generic content like the Security Center.
* Hope to complete before end of Q1 so we can retire Phabricator (https://developer.trustedfirmware.org/)
Dear all,
we have just realized that there has been an issue with the meeting invite series for the TSC meeting. There should have been a TSC meeting today but it got cancelled by mistake. We are looking to reschedule it for next week (25th January 2024), and then we will re-instate the normal meeting series from February onwards. Will send meeting invites again later today.
Apologies for the inconvenience and for the short notice.
Thanks,
Antonio
Hi all
Please let me know if you have any topics for this Thursday's meeting. So far I have:
* New member ProvenRun introduction
* Misc updates (Phabricator migration, alternate Gerrit login mechanism).
Also, please let me know if you intend to join or not, given we are heading into holiday season. I'm sure if we will have a quorum.
Regards
Dan.
Hi All,
Please find the minutes below and Julianus' deck attached.
Best regards,
Don - Send on behalf of the TSC co-chairs
Attendees: Don, Julianus(Linaro), Dan Handley(Arm), Alanksha Jain(Arm),
Antonio De Angelis(Arm), David Brown(Linaro), Domini Ermel(Nordic), Joakim
Andersson(Nordic), Joanna Farley(Arm), Julius Werner(Google),
Kangkang(Futurewei), Eric Finco (ST)
Minutes:
Julianus reviewed the OP TEE summary slides of recent deliveries and the OP
TEE roadmap. Slides attached.
Is Linaro contributing to FFA enhancements? Not sure, just have the status
of what’s been done for this meeting.
Can we share the content? Yes, it will be in attached when the minutes go
out.
Alanksha noted this info is useful for when she prepares plans for the Arm
side roadmaps they can align theirs with this.
Dan: Board meeting - security.txt file from Board Meeting.
Securitytxt.org <https://securitytxt.org/>
Considering integrating into TrustedFirwmare.org
Also need to move the security pages from Phabricator.
Kangkang: Is this the way to report published security issues?
It’s intended for people who find problems, and can’t find the right place
to securely publish issues.
This just publishes the policy, not the vulnerabilities. A Security team
is in place to handle the embargoed reported issues. They handle vendor
notifications at correct times.
This consolidates in standard format / place. The TF Policy is here:
https://developer.trustedfirmware.org/w/collaboration/security_center/repor…