Contributing

Reporting Security Issues

Please follow the directions of the Trusted Firmware Security Center

Getting Started

Making Changes

  • Make commits of logical units. See these general Git guidelines for contributing to a project.

  • Follow the Coding Style & Guidelines.

  • Keep the commits on topic. If you need to fix another bug or make another enhancement, please create a separate change.

  • Avoid long commit series. If you do have a long series, consider whether some commits should be squashed together or addressed in a separate topic.

  • Make sure your commit messages are in the proper format. Please keel the 50/72 rule (for details see Tim Popes blog entry.)

  • Where appropriate, please update the documentation.

    • Consider which documents or other in-source documentation needs updating.

    • Ensure that each changed file has the correct copyright and license information. Files that entirely consist of contributions to this project should have a copyright notice and BSD-3-Clause SPDX license identifier of the form as shown in License. Example copyright and license comment blocks are shown in Coding Style & Guidelines. Files that contain changes to imported Third Party IP files should retain their original copyright and license notices. For significant contributions you may add your own copyright notice in following format:

      Portions copyright (c) [XXXX-]YYYY, <OWNER>. All rights reserved.

      where XXXX is the year of first contribution (if different to YYYY) and YYYY is the year of most recent contribution. <OWNER> is your name or your company name.

    • For any change, ensure that YYYY is updated if a contribution is made in a year more recent than the previous YYYY.

    • If you are submitting new files that you intend to be the technical sub-maintainer for (for example, a new platform port), then also update the Maintainers file.

    • For topics with multiple commits, you should make all documentation changes (and nothing else) in the last commit of the series. Otherwise, include the documentation changes within the single commit.

  • Please test your changes.

Submitting Changes

  • Ensure that each commit in the series has at least one Signed-off-by: line, using your real name and email address. The names in the Signed-off-by: and Author: lines must match. If anyone else contributes to the commit, they must also add their own Signed-off-by: line. By adding this line the contributor certifies the contribution is made under the terms of the Developer Certificate of Origin.

    More details may be found in the Gerrit Signed-off-by Lines guidelines.

  • Ensure that each commit also has a unique Change-Id: line. If you have cloned the repository with the “Clone with commit-msg hook” clone method, this should already be the case.

    More details may be found in the Gerrit Change-Ids documentation.

  • Submit your changes for review at https://review.trustedfirmware.org targeting the integration branch.

    • The changes will then undergo further review and testing by the Maintainers. Any review comments will be made directly on your patch. This may require you to do some rework.

    Refer to the Gerrit Uploading Changes documentation for more details.

  • When the changes are accepted, the Maintainers will integrate them.

    • Typically, the Maintainers will merge the changes into the integration branch.

    • If the changes are not based on a sufficiently-recent commit, or if they cannot be automatically rebased, then the Maintainers may rebase it on the main branch or ask you to do so.

    • After final integration testing, the changes will make their way into the main branch. If a problem is found during integration, the merge commit will be removed from the integration branch and the Maintainers will ask you to create a new patch set to resolve the problem.

Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.

SPDX-License-Identifier: BSD-3-Clause