Shebu Varghese Kuriakose (Arm) Antonio De Angelis (Arm) Dan Handley (Arm) Janos Follath (Arm) Eric Finco (ST) Lionel Debieve (ST) P J Bringer (ProvenRun) Michael Thomas (Renesas) Julius Werner (Google) Moritz Fischer (Google) Dominik Ermel (Nordic)
Mbed TLS roadmap (Shebu) * Shebu presented roadmap (attached) * Looking to align TF-M and Mbed TLS LTS releases (every 18 months), 3 year lifetime * TF-PSACrypto repo expected end of this year or early next year. * Still features to be added to PSA Crypto to have feature parity with legacy Mbed TLS APIs * But there's enough now to switch to PSA Crypto as the default * Original scope of 4.0 release was to remove all legacy interfaces while supporting all features provided by legacy interfaces * Some rescoping needed to get release out * Some features provided by legacy interfaces will only be available in subsequent TF-PSACrypto 4.x releases * 1st half of 2025 is all about MBed TLS 4.0 prep * We'll look at other features 2nd half of 2025. * Hopefully TF-M and other consumers will move to TF-PSACrypto 4.x in 2nd half of 2025
7 year TF-A LTS (Dan) * Request from Chris Palmer (Google Android) to extend TF-A LTS lifetime from 5 years to 7 years * Currently a community effort from Arm, Google, Nvidia and ST. * Obviously there's a cost to supporting up to 7 concurrent LTS for longer than before * Arm's position is that we're willing to increase our own efforts if others are too. Can't do it on our own. * Not really a cost to TF.org, other than the extra CI cloud cost. (No concerns raised by others)
Firmware_handoff lib hosting (Dan) * https://github.com/FirmwareHandoff/ * Originally an Arm spec but became a community effort as it became clear this is about alignment across SW projects rather than a need for central standardization * Still at v0.9 but expect to be able to make a v1.0 release soon. * There are already implementations in U-Boot, TF-A and OP-TEE * There's a common library implementation that we expect to at least be used by the latter 2, maybe U-Boot too eventually * Needs a hosting location. Stakeholders happy for this to be TF.org. * Proposing this to be under the \shared namespace in git.trustedfirmware.org. * For maximum compatibility, we're proposing a dual license of GPLv2 + MIT, or possibly GPLv2 + BSD-2-Clause. * However, as this is not BSD-3-Clause, it will need board approval (as per the charter). * Julius/Eric: Sounds OK (No other concerns raised) Action: Dan to send a mail to the board to try to get this approved offline
OpenCI hosting (Shebu) * Effort to move OpenCI from Linaro hosting to Arm * Has been discussed a lot at the board * Arm has agreed to fund this directly. * Board farm and FVP hosting will remain in Linaro * Jenkins and other CI parts will move to Arm AWS instance. * TF-A, TF-M and Hafnium will be in staging this quarter, public trials expected in Jan/Feb * Will have fallback to Linaro CI for some time. * Will allow us to fund more projects in CI, e.g. TF-RMM