Trusted Firmware-M (TF-M) is the reference implementation of Platform Security Architecture (PSA). PSA is a recipe for building secure connected devices from analysis to implementation. PSA consists of three elements - Threat models and Security Analyses, Architecture Specifications and Open Source Reference Implementation (TF-M). See PSA Resource Page

TF-M is being built for Arm Cortex-M processors prioritizing v8-M Cortex cores leveraging Arm TrustZone technology. TF-M is being developed as an Open Source project under an Open Governance Model.

TF-M provides a highly configurable set of software components to create a Trusted Execution Environment. This is achieved by a set of secure run time services such as Secure Storage, Cryptography, Audit Logs and Attestation. Additionally, secure boot in TF-M ensures integrity of Run time Software and supports firmware upgrade.

Functional Block diagram of Trusted Firmware-M below shows the various components and how it would fit in a v8-M System. Note that many of the components are under active development and continuous evolution. See roadmap for available components and future plan.

TF-M was launched publicly in March 2018 with Secure Boot and Secure Storage Support. OtherTF-M Secure Services are under active development. See roadmap for further details

Timeline History

[Dec 17] Limited release to Early Access Partners

[Mar 18] Open access in Linaro Connect HKG 18

[May 18] Audit Logs Secure Service, More Tests and Documents

[June 18] Secure Storage Service Enhancements

[Sept18] Initial Crypto Secure Service and IPC Implementations

[Dec18] Initial Attestation Service Prototype, Secure Interrupt Prototype

[Feb19] TF-Mv1.0-Beta Tag with PSA Dev. APIs implemented for Secure Storage, Crypto and Attestation. Porting of the Tag enabled platforms to achieve PSA Level1 and Functional API Certification

[May19] TF-Mv1.0-RC1 Tag with PSA Level2 Isolation, Firmware Framework IPC, mbedcrypto library in the Crypto Service, Interrupt Handling and Mulit-Image update.

[Nov19] TF-Mv1.0-RC3 Tag showcasing integration with Cryptocell-312 on MuscaB1

[Dec19] Added pSoC64 platform support

• TF-M Presentations

• Entity Attestation Token (EAT) For Attestation

• TF-M Mailing List

• PSA Developer APIs

• Proof of Concepts

• Roadmap

• GIT

• Gerrit

• Design

• Getting Started

• PSA Resources

• TF-M wiki