//This page is under construction and not ready for public review// **Overview** A very important criterion for evaluating and adopting a software platform is support. The Trusted Firmware-A community has been releasing code from the tip every six months. This model works very well for software innovation and implementing new hardware features. But for platforms in production, this policy does not scale in terms of maintenance, backward compatibility of important software fixes, and overall product lifecycle management. Several open source software projects (e.g. Ubuntu, Yocto, Linux Kernel) have faced this problem during their lifetime and have implemented a long term support release as a solution. Long-term support extends the period of software maintenance; it also alters the type and frequency of software updates (patches) to reduce the risk, expense, and disruption of software deployment, while promoting the dependability of the software. It does not necessarily imply technical support. This document proposes a plan to leverage the path chosen by various open source software projects and define a long-term support release strategy. This proposal will not succeed without the support of the community and relies on contributions from Arm, its partners and platform owners. **Current problems** The following are some of the problems slowing down device upgrades. # The investment to maintain a software release and keep it updated with important software changes from upstream is too high # The cost to productize and deploy a newly released version is too high # Lack of pre-defined tests in the upstream codebase means that a new public release cannot be immediately deployed to the field # Some aspects like documentation, code analysis reports, test reports and long term availability of tools are not available The technical forum for TF-A on 10 Sep, 2020 was focused on this topic to gauge interest and support from the community. To move the discussion forward, this page intends to capture ideas from the community and eventually crystalize a plan that works for everyone. **Proposal** There is interest from the community to explore the possibility of a long-term release codebase to solve these problems. The following might be some of the expectations from a long-term support release branch. # 100% test coverage with a publicly available report for every changelist # Well defined policy to detect, report and deploy software fixes for mitigating security issues, stability concerns, erratas and bugs # Up-to-date API reference manual at any given changelist # Well documented performance numbers for important use cases # Usage of Long-term supported toolchains # Well defined policy for accepting new changes # Use of publicly available static analysis tools to improve code quality # Well defined release cadence and key quality indicators **Call to action** Reviewers are encouraged to add to the list of improvement areas and provide expectations from the long-term support release. This will help us define the problem before we start discussing the mechanics of the release. **References** - Tech forum discussion (https://www.trustedfirmware.org/meetings/tf-a-technical-forum/) on 10 Sep, 2020.

**LTS Proposal** [[ https://developer.trustedfirmware.org/file/data/yhf5nfsofaqobwja5ss3/PHID-FILE-e2hxgf66tgkg3qzayfyv/TF-A_LTS_Proposal.pdf | https://developer.trustedfirmware.org/file/data/yhf5nfsofaqobwja5ss3/PHID-FILE-e2hxgf66tgkg3qzayfyv/TF-A_LTS_Proposal.pdf ]] **Overview** An important criterion for evaluating and adopting a software platform is support. The Trusted Firmware-A community has been releasing code from the tip every six months. This model works very well for software innovation and implementing new hardware features. But for platforms in production, this policy does not scale in terms of maintenance, backward compatibility of important software fixes, getting latest security mitigations, and overall product lifecycle management. Several open-source software projects (e.g. Ubuntu, Yocto, Linux Kernel) have faced this problem during their lifetime and have implemented a long-term support release as a solution. Long-term support not only extends the period of software maintenance, but also alters the type and frequency of software updates (patches) to reduce the risk, expense, and disruption of software deployment, while promoting the dependability of the software. It does not necessarily imply technical support. Long-term support is needed for commercial reasons too. More specifically, on the device side, when a product is released, the companies must support it such that the number of changes to the firmware are kept to a minimum to avoid the risk of regression. At the same time, the companies don't want to exclude critical patches such as those for security advisories. Similarly on server side, companies want to minimize the churn when deploying fixes during incident response, e.g. due to critical security bugs. This means that those companies must maintain and backport critical updates to old branches internally. As this effort is duplicated across different companies using TF-A, it makes sense to factor out this effort into a community wide LTS effort. This document proposes a plan to leverage the path chosen by various open-source software projects and define a long-term support release strategy. This proposal will not succeed without the support of the community and relies on their contributions. **Problems** The following are some of the problems slowing down device upgrades. # The investment to maintain a software release and keep it updated with important software changes from upstream is too high. # The cost to productize and deploy a newly released version is too high. # Lack of tests to cover all scenarios means that a new public release cannot be immediately deployed to the field. # Some aspects like documentation, code analysis reports, test reports and long term availability of tools are not available. **Community involvement** The LTS topic was first presented by @vwadekar as a tech forum discussion on 10 Sep, 2020. The LTS topic was [[ https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/ZZ2DDIW2DS4B7QYHYOL7XE4IPUW7LUNT/ | rebooted ]] in the community in May'22. A [[ https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/MT37NYU3PFDLF5F6CRCRJRGD2SMY5BT3/ | proposal ]] was created by @okash and @vwadekar and presented to the community in tech forums on 14 July, 2022 and 8 Sep 2022. The recordings can be found at https://www.trustedfirmware.org/meetings/tf-a-technical-forum/. Thanks to the responses on the mailing list, the proposal has now evolved into the [[ https://developer.trustedfirmware.org/F274534 | attached ]] execution plan. **First LTS branch** The result of the community interest and review of the execution plan from the board, is the introduction of the first LTS release branch. The following sub-sections document the expectations from the branch and the path to the first LTS release. //Expectations// # Stable and well-tested code branch # Well-defined criteria to pick changes for merge # High quality bar for every patch that gets merged # Active support from the maintainers for a minimum of five years # Clear communication of important milestones to the community //Release planning// # The first LTS release will use TF-A v2.8 as the base and be available in Feb 2023. # The branch name will be based on the format: //lts-<base tf-a version>.<rolling minor version>//. e.g. lts-2.8.0 for the first branch. # The branch maintainers plan to introduce a new mailing list (`tfa-lts@lists.trustedfirmware.org`) to engage with the community. We expect the mailing list to be used for announcements, to report issues, to propose changes to cherry-pick, to propose policy changes, to provide feedback, etc. # The release will be scheduled for a Friday and will pick all the patches that were merged in that week. This is a departure from the initial model where we released immediately after a patch was merged. **Call to action** Reviewers are encouraged to review the plan and provide feedback. We request more people to try the LTS release when available and make the project a success. **References** - Tech forum discussion (https://www.trustedfirmware.org/meetings/tf-a-technical-forum/) on 10 Sep, 2020. - Tech forum discussions (https://www.trustedfirmware.org/meetings/tf-a-technical-forum/) on 14 July, 2022 and 8 Sep 2022. - LTS branch creation and execution proposal - https://developer.trustedfirmware.org/F274534

//This page is under construction and not ready for public review//**LTS Proposal** [[ https://developer.trustedfirmware.org/file/data/yhf5nfsofaqobwja5ss3/PHID-FILE-e2hxgf66tgkg3qzayfyv/TF-A_LTS_Proposal.pdf | https://developer.trustedfirmware.org/file/data/yhf5nfsofaqobwja5ss3/PHID-FILE-e2hxgf66tgkg3qzayfyv/TF-A_LTS_Proposal.pdf ]] **Overview** A veryAn important criterion for evaluating and adopting a software platform is support. The Trusted Firmware-A community has been releasing code from the tip every six months. This model works very well for software innovation and implementing new hardware features. But for platforms in production, this policy does not scale in terms of maintenance, backward compatibility of important software fixes, getting latest security mitigations, and overall product lifecycle management. Several open-source software projects (e.g. Ubuntu, Yocto, Linux Kernel) have faced this problem during their lifetime and have implemented a long-term support release as a solution. Long-term support not only extends the period of software maintenance, but also alters the type and frequency of software updates (patches) to reduce the risk, expense, and disruption of software deployment, while promoting the dependability of the software. and overall product lifecycle managementIt does not necessarily imply technical support. Several open source software projects (e.gLong-term support is needed for commercial reasons too. More specifically, on the device side, when a product is released, the companies must support it such that the number of changes to the firmware are kept to a minimum to avoid the risk of regression. UbuntuAt the same time, Yocto,the companies don't want to exclude critical patches such as those for security advisories. Linux Kernel) have faced this problem during their lifetime and have implemented a long term support release as a solution.Similarly on server side, Long-term support extends the period of software maintenance;companies want to minimize the churn when deploying fixes during incident response, it also alters the type and frequency of software updates (patches) to reduce the risk,e.g. expense,due to critical security bugs. and disruption of software deployment,This means that those companies must maintain and backport critical updates to old branches internally. while promoting the dependability of the software.As this effort is duplicated across different companies using TF-A, It does not necessarily imply technical supportit makes sense to factor out this effort into a community wide LTS effort. This document proposes a plan to leverage the path chosen by various open -source software projects and define a long-term support release strategy. This proposal will not succeed without the support of the community and relies on contributions from Arm, its partnersThis proposal will not succeed without the support of the community and platform ownersrelies on their contributions. **Current p**Problems** The following are some of the problems slowing down device upgrades. # The investment to maintain a software release and keep it updated with important software changes from upstream is too high. # The cost to productize and deploy a newly released version is too high. # Lack of pre-defined tests in the upstream codebaseto cover all scenarios means that a new public release cannot be immediately deployed to the field. # Some aspects like documentation, code analysis reports, test reports and long term availability of tools are not available. **Community involvement** The technical forum for TF-A on 10 Sep,LTS topic was first presented by @vwadekar as a tech forum discussion on 10 Sep, 2020. The LTS topic was [[ https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/ZZ2DDIW2DS4B7QYHYOL7XE4IPUW7LUNT/ | rebooted ]] in the community in May'22. 2020 was focused on this topic to gauge interest and support from the community.A [[ https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/MT37NYU3PFDLF5F6CRCRJRGD2SMY5BT3/ | proposal ]] was created by @okash and @vwadekar and presented to the community in tech forums on 14 July, To move the discussion forward,2022 and 8 Sep 2022. this page intends to capture ideas from the community and eventually crystalize a plan that works for everyoneThe recordings can be found at https://www.trustedfirmware.org/meetings/tf-a-technical-forum/. **Proposal**Thanks to the responses on the mailing list, the proposal has now evolved into the [[ https://developer.trustedfirmware.org/F274534 | attached ]] execution plan. There is interest from the community to explore the possibility of a long-term release codebase to solve these problems**First LTS branch** The result of the community interest and review of the execution plan from the board, is the introduction of the first LTS release branch. The following might be some ofsub-sections document the expectations from a long-term supportthe branch and the path to the first LTS release branch.. //Expectations// # 100% test coverage with a publicly available report for every changelist# Stable and well-tested code branch # Well -defined policy to detect, report and deploy software fixes for mitigating security issues, stability concerns, erratas and bugscriteria to pick changes for merge # Up-to-date API reference manual at any given changelist# High quality bar for every patch that gets merged # Well documented performance numb# Active support from the maintainers for important use casesa minimum of five years # Usage of Long-term supported toolchainsClear communication of important milestones to the community //Release planning// # The first LTS release will use TF-A v2.8 as the base and be available in Feb 2023. # Well defined policy for accepting new changesThe branch name will be based on the format: //lts-<base tf-a version>.<rolling minor version>//. e.g. lts-2.8.0 for the first branch. # Use of publicly available static analysis tools to improve code qualityThe branch maintainers plan to introduce a new mailing list (`tfa-lts@lists.trustedfirmware.org`) to engage with the community. We expect the mailing list to be used for announcements, to report issues, to propose changes to cherry-pick, to propose policy changes, to provide feedback, etc. # Well defined release cadence and key quality indicatorsThe release will be scheduled for a Friday and will pick all the patches that were merged in that week. This is a departure from the initial model where we released immediately after a patch was merged. **Call to action** Reviewers are encouraged to add toreview the list of improvement areasplan and provide expectations from the long-term support releasee feedback. This will help us defineWe request more people to try the problem before we start discussingLTS release when available and make the mechanics of the releaseproject a success. **References** - Tech forum discussion (https://www.trustedfirmware.org/meetings/tf-a-technical-forum/) on 10 Sep, 2020. - Tech forum discussions (https://www.trustedfirmware.org/meetings/tf-a-technical-forum/) on 14 July, 2022 and 8 Sep 2022. - LTS branch creation and execution proposal - https://developer.trustedfirmware.org/F274534