Dear all,
we have just realized that there has been an issue with the meeting invite series for the TSC meeting. There should have been a TSC meeting today but it got cancelled by mistake. We are looking to reschedule it for next week (25th January 2024), and then we will re-instate the normal meeting series from February onwards. Will send meeting invites again later today.
Apologies for the inconvenience and for the short notice.
Thanks,
Antonio
Hi all
Please let me know if you have any topics for this Thursday's meeting. So far I have:
* New member ProvenRun introduction
* Misc updates (Phabricator migration, alternate Gerrit login mechanism).
Also, please let me know if you intend to join or not, given we are heading into holiday season. I'm sure if we will have a quorum.
Regards
Dan.
Hi All,
Please find the minutes below and Julianus' deck attached.
Best regards,
Don - Send on behalf of the TSC co-chairs
Attendees: Don, Julianus(Linaro), Dan Handley(Arm), Alanksha Jain(Arm),
Antonio De Angelis(Arm), David Brown(Linaro), Domini Ermel(Nordic), Joakim
Andersson(Nordic), Joanna Farley(Arm), Julius Werner(Google),
Kangkang(Futurewei), Eric Finco (ST)
Minutes:
Julianus reviewed the OP TEE summary slides of recent deliveries and the OP
TEE roadmap. Slides attached.
Is Linaro contributing to FFA enhancements? Not sure, just have the status
of what’s been done for this meeting.
Can we share the content? Yes, it will be in attached when the minutes go
out.
Alanksha noted this info is useful for when she prepares plans for the Arm
side roadmaps they can align theirs with this.
Dan: Board meeting - security.txt file from Board Meeting.
Securitytxt.org <https://securitytxt.org/>
Considering integrating into TrustedFirwmare.org
Also need to move the security pages from Phabricator.
Kangkang: Is this the way to report published security issues?
It’s intended for people who find problems, and can’t find the right place
to securely publish issues.
This just publishes the policy, not the vulnerabilities. A Security team
is in place to handle the embargoed reported issues. They handle vendor
notifications at correct times.
This consolidates in standard format / place. The TF Policy is here:
https://developer.trustedfirmware.org/w/collaboration/security_center/repor…
Present:
Dan Handley (Arm)
Antonio De Angelis (Arm)
Akanksha Jain (Arm)
Joanna Farley (Arm)
Olivier Deprez (Arm)
Matteo Carlini (Arm)
Eric Finco (ST)
Lionel Debieve (ST)
Moritz Fischer (Google)
Joakim Andersson (Nordic)
Dominik Ermel (Nordic)
David Brown (Linaro)
Ruchika Gupta (NXP)
Dan: This is the first time Akanksha joins this call
Dan: She a tech manager in Arm taking over from Matteo looking after roadmaps for Trusted Services and TF-A
Dan: No other topics but there will be some AOB later
Akanksha: Introduction (TF-A, Trusted Services and other A-class firmware are bundled now)
Akanksha: Description of deltas since last roadmap presentation that was a few quarters ago
Akanksha: TF v2.9 highlight: TF.org OpenCI, several improvements around Realms, Mbed TLS upgrades, additional platforms, EL3 arch feature enablement, CCA support to BET0 alignment
Akanksha: CCA upstream alignment describes the next steps for the RMM component mainly and Kernel and EDK II components
Dan: The CCA roadmap is a bit out of date. A few items in H1 are still ongoing in H2. Hope soon we can expand on what we're doing in 2024.
Dan: We should get RMM spec EAC5 aligned components into TF-A v2.10 release (backup plan is EAC2 components).
Akanksha: Recent Linaro presentations as additional resources on these topics are available in the slide deck
Akanksha: Trusted Services + OPTEE roadmap is shown as well
Eric: What's behind the requirement for Yocto support (TS roadmap)? Why are there 2 slots for that in roadmap?
Akanksha: Has been deprioritized in favour of platform support. It's going to happen but at a slower pace.
Akanksha: Not sure why it appears twice. We'll take that offline and respond later.
Akanksha: Getting ready for next releases (both normal and LTS) in 2024
Akanksha: Recap on LTS timelines -> requires strong partner support to make sure the branches get the proper support
Matteo: On the LTS side, this was mentioned at board meeting this week.
Matteo: Board says LTS OpenCI work to be in top 3 priority items
Matteo: But maintainers need to be prompt in opening these tickets
Matteo: Board asking for effort estimation on current LTS. Will report to TSC too.
Matteo: Can take figure for Arm make prediction of other companies' effort
Dan: I will ask Ilias (or someone in Linaro) for update on TS integration (e.g. FWU support) next month along with OP-TEE roadmap
Dan: Mbed TLS licensing was mentioned in redacted board slides
Dan: Plan is to re-introduce dual licensing (Apache-2.0 AND GPL-2.0-or-later)
Dan: Fortunately, can do this as we never changed the inbound license
Dan: Plan previously was to drop GPL support but this is needed for U-Boot to integrate Mbed TLS
Dan: Have now given all interested parties an opportunity to comment
Dan: Just awaiting final Arm legal approval then we'll do this
Dan: Migration of Phabricator is ongoing;
Dan: Now GitHub mirrors of all projects are available, can take advantage of tools there (e.g. issue tracking).
Dan: For consistency we want to use readthedocs for wiki content
Dan: Once done we can remove Phabricator
Hi All,
Please find redacted Board Slides from yesterday's meeting for reference.
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
Attendees:
Dan Handley (Arm)
Antonio De Angelis (Arm)
Shebu Varghese Kuriakose (Arm)
Moritz Fisher (Google)
Julius Werner (Google)
Joakim Andersson (Nordic)
KangKang Shen (FutureWei)
Andrej Butok (NXP)
Ruchika Gupta (NXP)
(Linaro not available due to internal offsite meeting)
* Dan: No roadmap updates this month due to unavailability of Linaro and Arm technology manager
* Dan: Expecting combined TF-A + Trusted Services roadmap next month. OP-TEE roadmap is also due.
* Dan: Don wanted to raise again the risk of Phabricator being deprecated (that we use for wiki content)
* Dan: It's not getting security updates and we have had issues with rogue accounts being created
* Dan: Now the task to create GitHub mirrors for all projects (https://linaro.atlassian.net/browse/TFC-247) is mostly complete, we can progress with migrating wiki content there
* Dan: Propose that we ping maintainers to start migrating project information. Can also directly migrate generic content (e.g. community pages).
(No objections)
Action: Dan and Antonio to ping maintainers to start migrating project information. Also directly migrate generic content (e.g. community pages).
Shebu presented attached slides on TF-M LTS proposal.
* AndreJ: TF-M has a dependency on MCUBoot and MBedTLS. Will they have the same LTS policy?
* Shebu: Yes, Mbed TLS has similar LTS schedule that is proposed for TF-M (2 concurrent LTS, each with 3-year lifetime). Slide 6 shows integration plan.
* We thought about doing this for MCUBoot too but as it is a small project, we think we can live with backporting security fixes as required. No plans currently.
* Dan: So, no releases from main branch? Why not?
* Shebu: Such releases wouldn't be usable for PSA certification.
* Shebu: This would save effort, which could be used for LTS maintenance instead
* Shebu: One possible use-case is for RSS releases.
* Shebu: One consequence is that users would have to wait for the next LTS to get latest features in a release (up to 18 months)
* Shebu: Expect that we'll need to backport new platform ports to LTS branches
* Shebu: Platforms can't wait until next LTS release.
* Ruchika: I also think main branch releases would be good as not everyone will be consuming LTS. 18 month wait could be too long.
* Ruchika: Would help platforms that don't need certification but do need new features.
* Shebu: We would need to work out how we could resource main branch releases. Probably wouldn't have the same level of support as LTS releases.
* Shebu: We'll need help from TF-M users using PSA Certified to resource the LTS releases
* Shebu: Going to present this in TF-M Tech forum.
* Shebu: Have already mentioned it to the TF.org board.
* Shebu: This is only tentative until we get approval from certification lab
* Shebu: Need to know from members if this will break their distribution model somehow
* Dan: So the plan is to get feedback from the lab and members, then go to the TF-M tech forum?
* Shebu: Yes.
Hi TSC
Let me know if you have any discussion topics for tomorrow. So far I have:
* TF-M LTS branch (Shebu).
* OP-TEE or Trusted Services roadmap (TBC).
Regards
Dan.
