Commitments to the LEDGE SC
Upstream TRS secure boot and TPM based encryption to OpenEmbedded
arm64 gets a reference secure build for arm64 platforms
patches to meta-arm merges our fTPM /tf-a patchespoky merges our and TF-A
uki.bbclass and tests for poky
meta-security merges our dm-verity, systemd and initramfs patchesfor meta-security
improve systemd TPM module loading support
Patches merged upstream
Minimal support for TRS
TRS builds latest poky, meta-arm etc upstream main/master branches
Regressions get fixed and submitted back to upstream projects
TS maintenance
TS 0.5 release
TS builds latest poky, meta-arm etc main/master branches
Regressions get get fixed and submitted back to upstream project
...
OP-TEE maintenance
OP-TEE patch reviews and merges
OP-TEE releases
OP-TEE supplicant moved in kernel
Enhance Linux userspace and make it easier for distros to use Secure UEFI variables and TPMs
Merge patches in kernel upstream
U-Boot Memory Tagging extensions PoC
Provide out of tree patches that enable MTE support
Decide if it’s worth merging those upstream
Dynamic memory support for OP-TEE
OP-TEE improved memory usage
Patches merged in OP-TEE
XEN & FF-A async notifications
FF-A improved support for XEN
Patches merged to XEN and/or OP-TEE
...
Add mbedTLS support in U-Boot
Patches merged upstream
mbedTLS improvements
Add MSCode and multiple certs support in MBedtls PKCS7 library needed for UEFI Secure Boot
Secure Boot selftests passing in U-Boot
Patches merged upstream
mbedTLS & LWIP integration
PoC of UEFI HTTPs boot linking to a repo
LWIP mbedTLS 3.X support
LWIP only works with ancient 2.X mbedTLS versions. Bump it to 3.x
Patches merged upstream