Current gerrit proposal to fix this can be found in https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3749 (and related preceding commits).

This is an issue on FVP. It will case the system cannot boot up after a warm reset. So as a workaround, we have to skip BL2 when testing.

The output hangs at this point :

Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
[INF] Starting bootloader
[INF] Image 0: version=0.0.0+5, magic= good, image_ok=0x3
[INF] Image 1: No valid image
[INF] Booting image from the primary slot
[INF] Bootloader chainload address offset: 0x80000
[INF] Jumping to the first image slot
[Sec Thread] Secure image initializing!
TFM level is: 0x00000001
[Sec Thread] Jumping to non-secure code...

This is a known limitation of CC-312 and hence will not be fixed in TF-M code.

Update from Tamas

I can try end of the week. Thanks.

Sorry if it wasn't clear in my original answer, the SAVE_KEYS=1 option (and friends) must be passed on the command line when you build the firmware, not the cert_create tool itself. The tool has no built-in knowledge of which keys it should use, instead it is told so when it is invoked.

Thanks for reminding me. Miss it. All patches had been merged, close it.

@edison-ai , both patches were merged. Is this task done?

Corrected with the following commit that has just been merged:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3518

Hi @sandrine-bailleux-arm, where do the PEM files go? Because I still can't find them.

Thanks a lot @sandrine-bailleux-arm for the input. I will try it now.

This makes sense to me. Would you mind preparing a patch that removes the func macro on el3_exit and post it on review.trustedfirmware.org ?

By default, the cert_create tool creates temporary keys that it keeps in RAM just to sign the certificates. These keys are not stored in files on the disk and are thus discarded after the tool exits.
If you want to save them, please have a look at the SAVE_KEYS build option. In your case, adding SAVE_KEYS=1 NON_TRUSTED_WORLD_KEY=ntw.key BL31_KEY=bl31.key to your command line should do what you want. You'll get the private keys in PEM format I believe, from which you can generate the associated public keys using the openssl tool (or equivalent) if needed.

@danh-arm Good point, done.

Could we remove the "TF-A/TF-M" bit from the title and just make it clear in the "Goal of this proposal" that we're focusing on TF-A/TF-M initially? Eventually we want this to apply to all projects.

I took the patch and put it into gerrit. Due to a lack of name or email address I used mine. Happy to change that once I learn about the real identity of "armlabs".

Hi Andrew, yes the change looks fine.

If this generally looks okay I'm happy to follow https://developer.trustedfirmware.org/w/tf_a/gerrit-getting-started/ and push this for review according to the TF-A workflow.

Again, this is for now staged via Pete's tree and you can view the pull request here - https://github.com/pbatard/arm-trusted-firmware/pull/2

This page lists cmake versions available in different Linux distributions.
https://gitlab.kitware.com/cmake/community/-/wikis/CMake-Versions-on-Linux-Distros

Love to comment on Google it.

https://review.trustedfirmware.org/c/trusted-firmware-m/+/3634

https://review.trustedfirmware.org/c/trusted-firmware-m/+/3618

By using this patch, the test will stop at test case 4 by the hardware flash bug, which is not related to this defect.
After the test fails, the system cannot boot up anymore except we erase the flashes again.

Add key diversification support never missed in your work. If you missed it, Means you missed all support key which never going to be missed in best essays reviews. I want to stay here and wait for the time when others come for our help and we can easily check diversification support method.

This has been fixed in https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/2789.

Patch for addressing the ticket:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3597

Change for this issue is: https://review.trustedfirmware.org/c/trusted-firmware-m/+/3592

ACKed. We need to investigate how to solve this problem.

Patch made to fix:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3588

https://review.trustedfirmware.org/c/trusted-firmware-m/+/3959

Yes, the mbed-crypto tag 3.1.0 adds these 2 new APIs whereas the version TF-M currently supports is 3.0.1. I intend to catch up once again in a month's time and hopefully by then mbed-crypto will have added more functions which can be utilized.

I would like to add some IAR fixes to the mbed-crypto CMakeList.txt file and tried using the current development version of mbed-crypto.

I will send the patches shortly

https://review.trustedfirmware.org/c/trusted-firmware-m/+/3527/

Enable memory protection for PSA FF test: https://review.trustedfirmware.org/c/trusted-firmware-m/+/3526

Isolation level 2 peripheral MPU config:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3524
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3525

NSPE parameter checking of iovecs, With also checking all missed patch. These missed patched are used to take https://www.ukbestessay.net/assignment-writing look, When you decided to check all the mention informative material you understand how and in which way it important to share.

Switch SST FS from flash to RAM: https://review.trustedfirmware.org/c/trusted-firmware-m/+/3523

Fix the isolation level issue related with ACK test
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3516

Patches now available for review:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3484
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3485

Add lifecycle API
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3465/1

Fix the PROGRAMMER ERROR issue
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3464