Page MenuHomePhabricator
Feed All Stories

Wed, Aug 10

heitbaum created T996: Compiling bl31.elf with binutils 2.39 warns/fails with “ LOAD segment with RWX permissions”.
Wed, Aug 10, 12:18 PM · Trusted Firmware A
joannafarley-arm added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Sure, people are of course free to do what they want downstream. Especially as a temporary measure if this is ultimately needed to be upstreamed with fuller discussion once other stakeholders are available to facilitate that.

Wed, Aug 10, 8:37 AM · Trusted Firmware A

Tue, Aug 9

okash added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Thanks Joanna for letting know. This is actually blocking development so I'm thinking we go ahead with a local change that we think will be best and then we can discuss that change when Soby is back. What do you think?

Tue, Aug 9, 7:23 PM · Trusted Firmware A
cringti edited the content of Proof Of Concepts.
Tue, Aug 9, 4:55 PM
pfalcon created T995: TF-A: Piping source code to $CC complicates usage of static analysis tools.
Tue, Aug 9, 3:00 PM

Mon, Aug 8

joannafarley-arm added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Soby, himself is out until towards end of August. Maybe wait now until Beginning of Septif this is not urgent?

Mon, Aug 8, 8:30 PM · Trusted Firmware A
okash added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Apologies, holiday delays on our side too :)

Mon, Aug 8, 6:22 PM · Trusted Firmware A

Fri, Jul 29

AntonioSanta triaged T994: cannot read beyond 4Gbyte space from eMMC, NXP's sd_mmc driver as Normal priority.
Fri, Jul 29, 2:09 PM · TF-A Bug

Tue, Jul 19

tenkaisakura7 updated tenkaisakura7.
Tue, Jul 19, 6:36 AM

Jul 15 2022

balintdobszay published a new version of OP-TEE SPMC status v3.18.
Jul 15 2022, 1:30 PM · Trusted Services
balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.
Jul 15 2022, 1:30 PM · Trusted Services
balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.
Jul 15 2022, 1:22 PM · Trusted Services
balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.
Jul 15 2022, 1:01 PM · Trusted Services
balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.
Jul 15 2022, 12:58 PM · Trusted Services
balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.
Jul 15 2022, 12:45 PM · Trusted Services

Jul 11 2022

skysuryakumar updated skysuryakumar.
Jul 11 2022, 4:40 PM

Jul 6 2022

michele654 added a comment to Mbed TLS Security Center.

The link to the security advisories at the old Mbed TLS website redirects now to the new trustedfirmware.org website, so there is no place to see the security advisories.

Jul 6 2022, 12:35 PM

Jul 5 2022

shebuk edited the content of Roadmap.
Jul 5 2022, 1:00 PM
shebuk edited the content of Roadmap.
Jul 5 2022, 12:38 PM
shebuk edited the content of Roadmap.
Jul 5 2022, 10:09 AM

Jul 4 2022

balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.
Jul 4 2022, 1:43 PM · Trusted Services
balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.
Jul 4 2022, 1:39 PM · Trusted Services
balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.
Jul 4 2022, 1:38 PM · Trusted Services
balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.
Jul 4 2022, 1:37 PM · Trusted Services
balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.
Jul 4 2022, 12:08 PM · Trusted Services

Jul 1 2022

ManishVB-Arm added a comment to T993: Premature, forced OpenSSL 3.0 API upgrade..

HI Mirschkym,

Jul 1 2022, 12:52 PM · TF-A Question, Trusted Firmware A
dohoangvan added a watcher for Hafnium: dohoangvan.
Jul 1 2022, 8:12 AM

Jun 29 2022

joannafarley-arm added a comment to T993: Premature, forced OpenSSL 3.0 API upgrade..

Hi Mirschkym, just acknowledging your ticket. We are working on a response on how best to address your issue.

Jun 29 2022, 2:33 PM · TF-A Question, Trusted Firmware A

Jun 28 2022

pmanish87 added a watcher for Trusted Firmware A: pmanish87.
Jun 28 2022, 11:47 AM
ManishVB-Arm added a watcher for Trusted Firmware A: ManishVB-Arm.
Jun 28 2022, 11:46 AM
adeaarm updated the task description for T958: Create a JSON description of the driver module.
Jun 28 2022, 8:44 AM · Restricted Project
mirschkyn added a project to T993: Premature, forced OpenSSL 3.0 API upgrade.: TF-A Question.
Jun 28 2022, 7:34 AM · TF-A Question, Trusted Firmware A
mirschkyn created T993: Premature, forced OpenSSL 3.0 API upgrade..
Jun 28 2022, 7:33 AM · TF-A Question, Trusted Firmware A

Jun 22 2022

soby-mathew added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Hi Okash,
Olivier is on holiday and once he is back next week, we can arrange something to discuss.

Jun 22 2022, 9:02 AM · Trusted Firmware A

Jun 20 2022

okash added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Thanks. It seems like we are converging. Would it make sense to set up a meeting to thrash out details? Any time this week will be preferable. Let me know what works for you. Arve and Peter are in Pacific time zone. Rest of us are based in UK I guess?

Jun 20 2022, 5:44 PM · Trusted Firmware A
RajHorizon added a watcher for Hafnium: RajHorizon.
Jun 20 2022, 9:03 AM

Jun 18 2022

ramakrishnanew updated ramakrishnanew.
Jun 18 2022, 12:52 PM

Jun 13 2022

soby-mathew added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

That is not what I meant. The NS SVE/FP access trap is needed to avoid saving and restoring the state when the SVE/FP registers are actively used by the secure world.

Jun 13 2022, 10:27 AM · Trusted Firmware A

Jun 10 2022

arve-android added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Hi Arve

S-EL2 cannot lazily save and restore the non secure register state though since it cannot trap accesses by the normal world. I have not thought much about how to optimize a lazy save and restore mechanism where a lower exception level also uses lazy save and restore, but I don't think the secure world is fundamentally different from the normal world here.

S-EL2 does not need to trap access by Normal world to do a lazy save and restore. The sequence that I have in mind would be something like below:

  1. EL3 switches to the S-EL2 on receipt of a FF-A call from Non Secure. SPM schedules the right S-EL1 partition with the SVE and FP trap enabled. Note that the NS FPU/SVE is still present in the registers at this point in time.
  2. S-EL1 SP now tries to access FP/SVE and takes a trap to SPM in S-EL2. SPM now saves the NS FPU/SVE context and restores the S-EL1 SP FP/SVE context and disables the trap. It reenters the S-EL1 partition.
  3. The partition is now able to use SVE/FP and completes its work. Returns back to SPM.
  4. SPM now saves the SP FP/SVE context and restores the NS SVE/FP context. Return back to NS caller via EL3.

As can be seen, The SPM does not need to trap NS SVE/FP accesses.

That is not what I meant. The NS SVE/FP access trap is needed to avoid saving and restoring the state when the SVE/FP registers are actively used by the secure world, but not by the normal world. In the sequence you describe the lazy save and restore is only lazy when the secure world does not use the SVE/FP registers.

Jun 10 2022, 9:43 PM · Trusted Firmware A
odeprez added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Hi,

on systems that don't support S-EL2, SPMC functionality mostly, if not all, resides in EL3

This is an implementation choice. E.g. OP-TEE implements an S-EL1 SPMC without needing SPMC logic at EL3 (beyond the SPMD as FF-A relayer).
If you consider the EL3 FF-A SPMC just recently added, yes most of the SPMC logic resides at EL3.

Jun 10 2022, 6:33 AM · Trusted Firmware A

Jun 9 2022

okash added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Hey Soby and Olivier, on systems that don't support S-EL2, SPMC functionality mostly, if not all, resides in EL3 right? Going by that convention, would it make sense to have SVE save and restore in EL3? We can make it part of SPMC code in EL3. For additional space we can make use of DDR carveout as Soby mentioned above. Moreover, if we make that context save and restore part enablement configurable at compile time, then platform can choose whether they want the functionality. Would it then be acceptable?

Jun 9 2022, 10:25 PM · Trusted Firmware A

May 24 2022

odeprez added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Hi,
Today SEL2 unconditionally saves/restores FP/SIMD/SVE NS context on any SEL2 entry/exit.
I believe it could be optimized the way Soby is describing it by bullets 1,2,3,4.
It is worth noting that when SEL2 is not present (e.g. using the EL3 FF-A SPMC and a SEL1 TOS), the same lazy NS and TA contexts save/restore mechanism can be used by a SEL1 TOS and EL3 doesn't have to bother.

May 24 2022, 8:53 AM · Trusted Firmware A
soby-mathew added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Hi Arve

May 24 2022, 8:39 AM · Trusted Firmware A

May 23 2022

arve-android added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

When you have a S-EL2 based system with possibly multiple S-EL1 partitions, it would be complex to implement a scheme where in EL3 will restore the right S-EL1 context on taking a trap during lazy save mechanism. In such systems, it is easier for S-EL2 to implement such a scheme since it is the manager for S-EL1 contexts.

S-EL2 cannot lazily save and restore the non secure register state though since it cannot trap accesses by the normal world. I have not thought much about how to optimize a lazy save and restore mechanism where a lower exception level also uses lazy save and restore, but I don't think the secure world is fundamentally different from the normal world here. You can have lazy save and restore in NS-EL1, NS-EL2, S-EL1, S-EL2 and EL3. I think it is worthwhile to see how this can be optimized to avoid saving and restoring register states that will not be used, but I would like to see a solution that does not leak data between execution environments that are supposed to be isolated.

May 23 2022, 8:05 PM · Trusted Firmware A

May 20 2022

bipinravi-arm added a comment to T991: Compiling atf for iMX8 using gcc-12..1 fails.

TF-A works on a 6 month release cadence and we typically update the gcc toolchain to the latest released version along with the TF-A release. gcc versions we use are downloaded from https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads.
Currently we don't update the toolchain to any versions newer than the one released here. We used the version 10.3-2021.07 with TF-A v2.6 release and will be updating to version 11.2-2022.02 with our upcoming v2.7 release which is planned for the end of May, 2022.

May 20 2022, 10:11 PM · Trusted Firmware A, TF-A Bug
soby-mathew added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

When you have a S-EL2 based system with possibly multiple S-EL1 partitions, it would be complex to implement a scheme where in EL3 will restore the right S-EL1 context on taking a trap during lazy save mechanism. In such systems, it is easier for S-EL2 to implement such a scheme since it is the manager for S-EL1 contexts.

May 20 2022, 7:10 PM · Trusted Firmware A
okash added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Hey Olivier,

May 20 2022, 6:32 PM · Trusted Firmware A
madhukar-Arm added a comment to T991: Compiling atf for iMX8 using gcc-12..1 fails.

A similar issue was reported in the ticket https://developer.trustedfirmware.org/T984
Can you confirm if this issue is due to a bug in the toolchain itself?

May 20 2022, 4:33 PM · Trusted Firmware A, TF-A Bug

May 19 2022

LDong-Arm added a comment to T921: Supporting Non-Secure RTOS applications, integrated with Trusted Firmware-M, which want to use the FPU.

If you are still interested, we have an ongoing patch for adding an option to enable FPU coprocessors CP10/CP11: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/15243

May 19 2022, 10:38 AM · Trusted Firmware M

May 17 2022

Anton-TF edited the content of TF-M Security Patch Release Process.
May 17 2022, 11:02 AM

May 13 2022

sjl3110 added a comment to T990: Build TF-M 1.6 regression test failed with too long path on Windows.

Hi! Thanks for your draft! I created a patch: https://review.trustedfirmware.org/c/TF-M/tf-m-tests/+/15150. Does it meet your requirements?

May 13 2022, 5:56 AM · Trusted Firmware M

May 11 2022

heitbaum added a comment to T991: Compiling atf for iMX8 using gcc-12..1 fails.

Reported bug in gcc 12.1.0

May 11 2022, 11:54 AM · Trusted Firmware A, TF-A Bug
Yann-lms added a comment to T984: GCC12 build problem - PLAT=a80x0_mcbin.

The issue is related to this GCC ticket:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578
Which is corrected in the official GCC 12.1 version.

May 11 2022, 8:52 AM · TF-A Bug, Trusted Firmware A

May 10 2022

ccli8 added a comment to T990: Build TF-M 1.6 regression test failed with too long path on Windows.

My modification is very draft, so I just list it here. Actually, the above has mentioned in total.

May 10 2022, 6:12 AM · Trusted Firmware M
KenLSoft added a comment to T990: Build TF-M 1.6 regression test failed with too long path on Windows.

Thanks for your feedback.

May 10 2022, 1:53 AM · Trusted Firmware M

May 7 2022

heitbaum added projects to T984: GCC12 build problem - PLAT=a80x0_mcbin: Trusted Firmware A, TF-A Bug.
May 7 2022, 1:28 PM · TF-A Bug, Trusted Firmware A
heitbaum added a project to T991: Compiling atf for iMX8 using gcc-12..1 fails: Trusted Firmware A.
May 7 2022, 1:27 PM · Trusted Firmware A, TF-A Bug
heitbaum created T991: Compiling atf for iMX8 using gcc-12..1 fails.
May 7 2022, 1:22 PM · Trusted Firmware A, TF-A Bug

May 6 2022

ccli8 added a comment to T990: Build TF-M 1.6 regression test failed with too long path on Windows.

Shorten the build directory -B C:/build can help, but not enough. The same error still occurs.

May 6 2022, 3:34 AM · Trusted Firmware M

May 5 2022

KenLSoft added a comment to T990: Build TF-M 1.6 regression test failed with too long path on Windows.

This issue was spotted by windows users, and here are some workarounds:

May 5 2022, 10:54 AM · Trusted Firmware M
adeaarm triaged T990: Build TF-M 1.6 regression test failed with too long path on Windows as High priority.
May 5 2022, 8:40 AM · Trusted Firmware M
ccli8 created T990: Build TF-M 1.6 regression test failed with too long path on Windows.
May 5 2022, 6:49 AM · Trusted Firmware M

May 3 2022

shebuk edited the content of Roadmap.
May 3 2022, 10:26 AM
adeaarm renamed [Outdated] Secure Storage Service from Secure Storage Service to [Outdated] Secure Storage Service.
May 3 2022, 9:54 AM · Restricted Project
adeaarm updated subscribers of [Outdated] Secure Storage Service.
May 3 2022, 9:53 AM · Restricted Project
simfpayn added a comment to [Outdated] Secure Storage Service.
May 3 2022, 7:48 AM · Restricted Project
simfpayn added a comment to T398: Initial support for IAR Embedded Workbench for Arm tool chain.
May 3 2022, 7:47 AM · Trusted Firmware M
simfpayn added a comment to T414: Build failed on AN524/musca_b1 platform when -DMBEDTLS_DEBUG=ON.
May 3 2022, 7:47 AM · Restricted Project

Apr 29 2022

adeaarm moved T980: Optimise AEAD entry points for single part to use multipart from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Apr 29 2022, 11:00 AM · Restricted Project
adeaarm closed T980: Optimise AEAD entry points for single part to use multipart as Resolved.
Apr 29 2022, 10:59 AM · Restricted Project

Apr 27 2022

odeprez added a comment to T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.

Hi Peter,
So far this has been a deliberate design choice to avoid saving/restoring SVE state from EL3 mainly for BL31 footprint reasons (and performance if unconditionally done on each and every world switch). The vector register file ranges from 2KB to 8KB with 8 cores, and linearly scales to as many cores in the system (which can be hundreds in a server chipset). Apart from specific cases under discussion (SPM-MM or EL3 FF-A SPM), it is preferable to do this at lower EL e.g. a TOS at SEL1 (or Hafnium at SEL2). Do you have specific reasons why it cannot be done at lower EL?
You may also want to take a look at those options: ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/getting_started/build-options.rst#n409
Regards,
Olivier.

Apr 27 2022, 7:22 AM · Trusted Firmware A

Apr 26 2022

pcc created T989: Support SVE in non-secure world with CTX_INCLUDE_FPREGS=1.
Apr 26 2022, 11:09 PM · Trusted Firmware A

Apr 22 2022

balintdobszay edited the content of OP-TEE SPMC status v3.18.
Apr 22 2022, 2:11 PM · Trusted Services
balintdobszay published a new version of OP-TEE SPMC status v3.18.
Apr 22 2022, 1:58 PM · Trusted Services
balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status-v3.16 to OP-TEE SPMC status v3.17.
Apr 22 2022, 1:53 PM · Trusted Services
balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status-v3.16 to OP-TEE SPMC status v3.17.
Apr 22 2022, 1:10 PM · Trusted Services
balintdobszay renamed OP-TEE SPMC status v3.18 from OP-TEE SPMC status-v3.16 to OP-TEE SPMC status v3.17.
Apr 22 2022, 9:54 AM · Trusted Services
Summer-ARM edited the content of Release.
Apr 22 2022, 7:19 AM
Summer-ARM created an object: Psa Arch FF Test Result In TF-M V1.6 Release.
Apr 22 2022, 7:19 AM

Apr 21 2022

gyuri-szing changed the edit policy for OP-TEE SPMC status v3.18.
Apr 21 2022, 2:22 PM · Trusted Services
mcarlini published a new version of TF-A & Hafnium Roadmaps.
Apr 21 2022, 10:21 AM
nekarose added a comment to T988: LS1046 custom board, bl31 booting hangs within caaam_hal_jr_dequeue().

I think My custom 1046 doen't support Secure boot.
Doesn't OPTEE work normally only if the Secure boot is supported?

Apr 21 2022, 6:05 AM
nekarose updated the task description for T988: LS1046 custom board, bl31 booting hangs within caaam_hal_jr_dequeue().
Apr 21 2022, 5:01 AM
nekarose updated the task description for T988: LS1046 custom board, bl31 booting hangs within caaam_hal_jr_dequeue().
Apr 21 2022, 4:30 AM
nekarose created T988: LS1046 custom board, bl31 booting hangs within caaam_hal_jr_dequeue().
Apr 21 2022, 4:29 AM

Apr 20 2022

benunelson updated benunelson.
Apr 20 2022, 4:12 PM
odeprez updated the task description for T987: TF-A to permit bundling more than 8 secure partitions.
Apr 20 2022, 6:58 AM · Trusted Firmware A
odeprez updated the task description for T987: TF-A to permit bundling more than 8 secure partitions.
Apr 20 2022, 6:57 AM · Trusted Firmware A
odeprez created T987: TF-A to permit bundling more than 8 secure partitions.
Apr 20 2022, 6:55 AM · Trusted Firmware A

Apr 14 2022

Summer-ARM edited the content of Psa Arch Crypto Test Failure Analysis In Tf-m V1.6 Release.
Apr 14 2022, 9:34 AM
Summer-ARM edited the content of Release.
Apr 14 2022, 9:06 AM
Summer-ARM created an object: Psa Arch Crypto Test Failure Analysis In Tf-m V1.6 Release.
Apr 14 2022, 9:06 AM

Apr 5 2022

shebuk edited the content of Roadmap.
Apr 5 2022, 5:32 PM
shebuk edited the content of Roadmap.
Apr 5 2022, 4:59 PM
elnoravetrgnable updated elnoravetrgnable.
Apr 5 2022, 12:16 PM

Apr 1 2022

adeaarm moved T980: Optimise AEAD entry points for single part to use multipart from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Apr 1 2022, 2:51 PM · Restricted Project
adeaarm added a comment to T980: Optimise AEAD entry points for single part to use multipart.

saves ~2KB of code size and can be disabled at build time.

Apr 1 2022, 2:50 PM · Restricted Project
adeaarm closed T973: PSA driver for aead multipart capability - Chacha20-Poly1305 as Resolved.
Apr 1 2022, 9:18 AM · Restricted Project
adeaarm moved T973: PSA driver for aead multipart capability - Chacha20-Poly1305 from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Apr 1 2022, 9:18 AM · Restricted Project

Mar 31 2022

Yann-lms closed T661: BL32/SP_min cannot use arg3 from BL2 in AARCH32 as Resolved.
Mar 31 2022, 3:58 PM · Trusted Firmware A, TF-A Bug