Contributing

Reporting Security Issues

Please follow the directions of the Trusted Firmware Security Center

Getting Started

  • Make sure you have a GitHub account and you are logged in at review.trustedfirmware.org.

  • Make sure the following is configured in Gerrit settings:

    • Your public key is set under SSH Keys. This will be needed when pushing changes. Please see Public keys section of Gerrit documentation if you need new keys.

    • The email address you will use in git is added under Email Addresses.

  • Clone the TS repository on your own machine.

Making Changes

  • Send an email to the TS Mailing List about your work. This gives everyone visibility of whether others are working on something similar.

  • Make commits of logical units. See these general Git guidelines for contributing to a project.

  • Follow the Coding Style & Guidelines.

  • Keep the commits on topic. If you need to fix another bug or make another enhancement, please create a separate change.

  • Avoid long commit series. If you do have a long series, consider whether some commits should be squashed together or addressed in a separate topic.

  • Make sure your commit messages are in the proper format. Please keep the 50/72 rule (for details see Tim Popes blog entry.)

  • Where appropriate, please update the documentation.

    • Consider which documents or other in-source documentation needs updating.

    • For topics with multiple commits, you should make all documentation changes (and nothing else) in the last commit of the series. Otherwise, include the documentation changes within the single commit.

  • Ensure that files have the correct copyright and license information. Files that entirely consist of contributions to this project should have a copyright notice and BSD-3-Clause SPDX license identifier of the form as shown in License. Example copyright and license comment blocks are shown in Coding Style & Guidelines. Files that contain changes to imported Third Party IP files should retain their original copyright and license notices. For significant contributions you may add your own copyright notice in following format:

    Portions copyright (c) [XXXX-]YYYY, <OWNER>. All rights reserved.

    where XXXX is the year of first contribution (if different to YYYY) and YYYY is the year of most recent contribution. <OWNER> is your name or your company name.

  • If you are submitting new files that you intend to be the technical sub-maintainer for (for example, a new platform port), then also update the Maintainers file.

  • Please test your changes.

Submitting Changes

  • Ensure that each commit in the series has at least one Signed-off-by: line, using your real name and email address. The names in the Signed-off-by: and Author: lines must match. If anyone else contributes to the commit, they must also add their own Signed-off-by: line. By adding this line the contributor certifies the contribution is made under the terms of the Developer Certificate of Origin.

    More details may be found in the Gerrit Signed-off-by Lines guidelines.

  • Ensure that each commit also has a unique Change-Id: line. If you have cloned the repository with the “Clone with commit-msg hook” clone method, this should already be the case.

    More details may be found in the Gerrit Change-Ids documentation.

  • Select your target branch.

    • If all commits of your change compile and run ok, then your review can target the integration branch.

    • If not, a topic branch is needed. The name of the topic branch has to be kept reasonably sort and has to follow this format: topics/<user-id>/<topic>.

      • user-id is unique ID of the user (e.g. nick name, <first name>_<last name>, etc…).

      • topic is a title reflecting the purpose of the change.

  • Push your changes to Gerrit. Refer to the Gerrit Uploading Changes documentation to see how this can be done.

  • The changes will then undergo further review and testing by the Maintainers. Any review comments will be made directly on your patch. This may require you to do some rework.

  • When the changes are accepted, the Maintainers will integrate them.

  • Typically, the Maintainers will merge the changes into the target branch.

  • If the changes are not based on a sufficiently-recent commit, or if they cannot be automatically rebased, then the Maintainers may rebase it ask you to do so.

  • After final integration testing, the changes will make their way into the main branch. If a problem is found during integration, the merge commit will be removed from the integration branch and the Maintainers will ask you to create a new patch set to resolve the problem.

Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.

SPDX-License-Identifier: BSD-3-Clause