Commitments to the LEDGE SC
Upstream TRS secure boot and TPM based encryption to OpenEmbedded
arm64 gets a reference secure build for arm64 platforms
meta-arm fTPM/tf-a patches
uki.bbclass and tests for poky
dm-verity, systemd and initramfs for meta-security
improve systemd TPM module loading support
Patches merged upstream
Minimal support for TRS
TRS builds latest poky, meta-arm etc upstream main/master branches
Regressions get fixed and submitted back to upstream projects
TS maintenance
TS 0.5 release
TS builds latest poky, meta-arm etc main/master branches
Regressions get get fixed and submitted back to upstream project
OP-TEE maintenance
OP-TEE patch reviews and merges
OP-TEE releases
OP-TEE supplicant moved in kernel
Enhance Linux userspace and make it easier for distros to use Secure UEFI variables and TPMs
Merge patches in kernel upstream
U-Boot Memory Tagging extensions PoC
Provide out of tree patches that enable MTE support
Decide if it’s worth merging those upstream
Dynamic memory support for OP-TEE
OP-TEE improved memory usage
Patches merged in OP-TEE
XEN & FF-A async notifications
FF-A improved support for XEN
Patches merged to XEN and/or OP-TEE
ACS conformance for RB2
Capsule update support for RB2 merged in U-Boot
ACS passing successfully on RB2
Fedora support for RB2 – Fedora public .iso installs on RB2 boards
U-Boot enhancements
Dynamic UUIDs for capsule updates
USB support for RB5
Patches merged upstream
Add mbedTLS support in U-Boot
Patches merged upstream
mbedTLS improvements
Add MSCode and multiple certs support in MBedtls PKCS7 library needed for UEFI Secure Boot
Secure Boot selftests passing in U-Boot
Patches merged upstream
mbedTLS & LWIP integration
PoC of UEFI HTTPs boot linking to a repo
LWIP mbedTLS 3.X support
LWIP only works with ancient 2.X mbedTLS versions. Bump it to 3.x
Patches merged upstream