Present: Dan Handley Antonio De Angelis Eric Finco Yann Gautier Frank Audun Kvamtrø Olivier Deprez Manish Pandey Manish Badarkhe Javier Almansa Sobrino Julius Werner Kangkang Shen Arunachalam Ganapathy Michael Thomas Varun Wadekar Joanna Farley

Agenda:

1. Progressing the TrustedFirmware.org "Guidance on AI-assisted contributions" 2. More information on the proposed TrustedFirmware.org bug bounty program. 3. Debrief of OSFC call on EU-CRA boot managers

Progressing the TrustedFirmware.org "Guidance on AI-assisted contributions" Dan recapped previous discussions at board and TSC (see attached). Eric's feedback on the draft policy: * Explicitly attribute the tool used for the contribution for transparency * Policy should apply to all projects of TF.org rather than having project-specific guidance Some pushback from TF.org members on these modifications. Wider feedback requested from maintainer community How do we proceed?

Example feedback: * Hard to gather attribution information when using some high level AI tools. The tools may be seamlessly integrated into a developer's IDE. * Projects might be risk averse and want to define their own policy instead of having to apply the wider TF.org policy

Kangkang shared his experience when using AI assisted tooling. For open source the there are lots of models available and they're evolving quickly. They're very flexible and quick at producing code. Main issue is verification of the code that is being produced; that should be done by a real human. Suggest contributors are responsible for what they contribute, whether they use AI tools or not. Dan: There's no issue with the value of using the tools and that contributors are responsible for their contributions. But this meeting is about defining the policy and handling any feedback. Eric: Often we identify problems that need to be debugged so we believe it is fair for the maintainer to be informed about which tool has been used. Olivier: Are you asking for hints in the commit message that portions use such tools? Olivier: Or more fine grained saying specifically what tool? Eric: Both, although I agree with KK it will be hard to provide accurate information. ManishB: What is expected of these attributions? Dan: Just an indication to reviewers. ManishB: Might be hard to trust these attributions. Joanna: Don't think attributions are needed when contributions already must comply with the DCO. Joanna: I like the policy as shown in the draft. Would want to allow projects to extend the guidance, though not to allow them to deviate. Varun: As a downstream consumer, I would find attribution info useful. Dan: OK, we're far from consensus here so I think we need to pass this back to the TF.org board for a vote to proceed.

More information on the proposed TrustedFirmware.org bug bounty program. Dan presented attached slides MCUboot could be added to the list of qualifying projects if it adds a threat model. Expect TF-RMM and Hafnium to be added in due course too. No objections or feedback received so propose that Arm proceeds with this and we have a final check in before it goes live.

Debrief of OSFC call on EU-CRA boot managers Eric described his takeaways from the OSFC call in August Eric: What is new is that EU-CRA is to work on a set of standards (Working Groups (WGs) in ETSI). 18 different WGs. Eric: They're expected to produce standards that are conformant with CRA. Eric: If you look at the publicly available groups, I see at least 2 WGs that are relevant for TF.org; one is boot manager, other is hypervisor. Eric: The TF.org Board was contacted by OSFC and the boot manager WG chair. They wanted to advertise their work and asked us to contribute. Eric: Outcome wasn't very obvious. Not sure what they want to standardize. Eric: In CRA, there is a distinction between open source stewards and product manufacturers. But no idea what these 2 WGs mean for TF.org. Eric: ST will keep an eye out. Will try to find people to get involved in these WGs. Would welcome any contribution from others. Olivier: Agree with this summary. Olivier: The discussion started on boot managers but became more general. What CRA means for open source stewards. Olivier: There might be pressure from manufacturers to upstream fixes to problems. Olivier: There was an example in uboot and how it's integrated into distros. But manufacturer remains responsible. Eric: Specs were actually written about a year ago. So better to be involved earlier before they become stable. Eric: There are other groups on OS, PKI, etc... Dan: Would be good if ST keep TF.org board informed. Will try to get Arm involved and we can assess if others should be too. Eric: As background, there's a good presentation from Linx Foundation's Kate Steward at OSS25 using Zephyr as example: https://static.sched.com/hosted_files/osseu2025/32/202508%20OSSEU%20Zephyr%2... Eric: Also see ETSI - CRA Standards Unlocked - Opening public consultation https://www.etsi.org/events/2586-crawebinar Will be open for public feedback soon