Phriction Trusted Firmware Trusted Firmware-A (TF-A) TF-A, TF-RMM & Hafnium Roadmaps History Version 25 vs 50
Version 25 vs 50
Version 25 vs 50
Edits
Edits
- Edit by • aksjai112, Version 50
- Feb 4 2024 8:52 PM
- Edit by • aksjai112, Version 25
- Jan 23 2024 12:11 PM
Edit Older Version 25... | Edit Current Version 50... |
Content Changes
Content Changes
If you are interested in collaborating on any of the roadmap features or other features, please mail [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-a | TF-A mailing list ]]
**WARNING:**
All dates are provisional and subject to change without notice. Items in Ongoing/Future section will be planned in detail and confirmed in due course.
**TF-Av2.9 release (May 2023)**
**Architecture extensions support:**
- Support for PSCI OS initiated mode
- Architecture support for FEAT_TCR2, Guarded Control Stack (FEAT_GCS), Config Register Support for FEAT_HCX
- Save/Restore Support for FEAT_PIE/POE, FEAT_SME | SME2, FEAT_MPAM: runtime check
- Added dynamic detection of architecture feature enablement
- System registers access trap handler
- Eighteen CPU Errata Mitigations for Cortex-A510, A-78, X2, Neoverse V1, N2 cores and GICv3 bug fixes
- Errata Management Firmware Interface implementation supported for version 1.0 of the public specification
- First release done solely relying on TrustedFirmware.org Open CI
- Ethos-N NPU Driver Added support for Protected Firmware Setup
- EL3 SPMC enhanced feature hardening (scan warning fixes, report execution stage in partition info etc)
**Arm CCA support:**
- Support for Trusted Boot rooted into RSS RoT
- Support for PSA attestation scheme with Measured Boot rooted into RSS.
- General improvements and hardening of the boot and attestation support.
- Hardening efforts in the X.509 certificate parser, including a security fix (TFV-10, CVE-2022-47630)
**TF-RMM Enhancements [0.3.0] :**
- Refactoring Stage 1 Translation Table to better fit RMM Usage
- PMU usage in Realms as per RMM v1.0 BET0 spec
- Realm support to leverage SVE hardware functionality, if enabled
- Improve dynamic config of RMM by adding support for DRAM info in RMM-EL3 interface
- RMM Unit test support for granule and slot-buffer components
- Mask MTE capability so that realms can see that MTE is not supported
- Build improvements in RMM comprising : build times, decouple dependencies during build cycle and support multi-config builds
**Hafnium SPM & FF-A enablement:**
- FF-A v1.2 Early Adoption
- FF-A v1.1 Enhanced Support
- //Interrupt handling (S-EL0 partition signaling, allow a physical interrupt to be routed to a specified PE)
- Memory sharing (support for FF-A backward compatibility, share/lend/donate memory to multiple borrowers, normal/secure fragmented memory sharing)
- Power management (events relayed to the SPMC and removed limitations)
- Indirect messaging (buffer synchronization and ownership transfer rules)
- Hardened SP manifest memory regions boot time validation
- CI migration to LLVM/clang 15.0.6
- Removal of non-VHE build and test configurations
- Added EL3 SPMC test configurations using the Hafnium’s CI infrastructure//
**TF-A Tests**
- support for 2021 Architecture Extensions
- new tests for FEAT_RME and RMM Testing
- support for FF-A v1.1 Feature testing
- New cores/platforms support:
- Arm TC3 CPU cores support
- Power Domain support for N1SDP and Morello hardware
- Allwinner T507 SoC support
- Legacy support for Nvidia Tegra 210
- MT8188 | MT8195 Platform support
**Qemu** : Enable Dynamic Feature Detection for Normal World
**TF-RMMv01.0/v0.2.0 first releases (November 2022)**
* Reference implementation of the Arm Realm Management Monitor (RMM) [[ https://developer.arm.com/documentation/den0137/ | specification ]]
* Aligned against BETA revision of the specification
* Tested against TF-Av2.8
* All contributions accepted under DCO and BSD 3-Clause
**TF-Av2.8 release (November 2022)**
* Architecture extensions support:
** Added Pointer Authentication Extension helper support for QARMA3 (FEAT_PACQARMA3)
** Partial EL3 support for RNDR/RNDRRS (FEAT_RNG_TRAP)
** Added SVE fall back if SME not available (FEAT_SME)
** Support full SVE vector Length (FEAT_SVE)
** Added FEAT_BRBE and FEAT_TRBE under feature detection mechanism
* Added support for DRTM (Dynamic Root of Trust Measurement) Phase 1 (Standard services, Complete DMA protection)
* Various Errata Mitigations (Cortex-A710, A510, X3, X2, A76, A77, A78C, Neoverse N1, N2, GIC-600)
* Improved SVE support (as per SMCCCv1.3)
* Ethos-N Driver support for SMMU
* EL3 SPMC feature hardening
* FEAT_RME:
** Bootflow chain of trust support for AEM FVP
** Further developments to support TF-RMM upstreaming
** Tested interop against TF-RMM v0.2.0
* TF-A Tests support for 4 new platforms (N1SDP, RD-N2, RD-N2-Cfg1, RD-V1)
* TF-A Tests FEAT_RME Realm Payload Testing
* TF-A Tests FF-A v1.1 Secure interrupts Testing
* Hafnium SPM & FF-A enablement:
** FF-A v1.1 additions (Interrupt handling, Memory sharing, Framework notifications and indirect messaging)
** Added FF-A console log ABI, support for GICv3.1 extended INTID ranges
** Enhanced SVE by supporting up to the maximum vector length
** FF-A v1.0 ACS test suite integration in Open CI.
**TF-A-v2.7 Release features**
* Architecture support:
** Armv9.2 Branch Record Buffer Extension (FEAT_BRBE) for Non-secure World support
** Armv8.7 Statistical Profiling Extension (FEAT_SPEV1P2) TF-A-Tests support
** Armv8.7 WFE/WFI instructions with Timeout (FEAT_WFxT), Increased precision of Reciprocal Estimate and Reciprocal Square Root Estimate (FEAT_RPRES) & Alternate Floating-Point (FEAT_AFP) TF-A-Tests support
* *Armv8.3 Extended Cache Index (FEAT_CCIDX) support
* Spectre Branch History Buffer (BHB) Mitigations
* Various Software workarounds for Errata affecting Cortex-A710, A510, A78, X2
* New Architectural Features Detection Mechanism (Experimental Feature)
* SMMU Granule Protection Checks (GPC) for Secure and Non-secure world transactions
* FF-A & SPM:
** Secure Partition Manager (SPM) operating at EL3 (Experimental Feature)
** Hafnium: Memory Tagging Extension (MTE) stack tagging support at S-EL2
** Hafnium FF-A implementation:
** FF-A v1.1 EAC0: Boot protocol, Setup and discovery, Notifications
** FF-A v1.1 Beta0: Interrupt handling improvements
** FF-A v1.0 compliance fixes
**TF-A-v2.6 Release features**
* Armv9 features support:
** Realm Management Extension (FEAT_RME): first prototype implementation (ENABLE_RME)
** Scalable Matrix Extension (FEAT_SME) enabled for Normal world use
** Trace Buffer Extension (FEAT_TRBE): enable access to trace buffer control registers from Normal world
** Embedded Trace Extension (FEAT_ETE, FEAT_ETEv1p1): enabled for Normal world use
* Armv8 features support:
** Activity Monitors Extension (FEAT_AMU): enable per-core AMU auxiliary counters
** Support for the HCRX_EL2 register (FEAT_HCX)
** Scalable Vector Extension (FEAT_SVE): enabled for the Secure world
** Self-hosted Trace Extensions (FEAT_TRF)
* Support for the Arm Firmware Update specification
* Hafnium SPM:
** Arm FF-A v1.1 notifications support
** Arm FF-A v1.1 interrupt handling (Hafnium para-virtualized interface)
** S-EL0 partitions support through VHE architecture extension in the SW
** Save/restore NW SVE live state on world switches
** SPs to use FP/SIMD while NW uses SVE/SIMD/FP on the same core
** Updated toolchain to LLVM/Clang 12
** Published new SPMC threat model
**TF-A-v2.5 Release features**
* TF-A Public Threat Model published
* Armv8.7: FEAT_MTE3, FEAT_PAN3
* Armv8.6: FEAT_AMUv1p1, FEAT_MTPMU
* Armv8.5: Speculation Barrier (SB) for non-Armv8.5 platforms starting from Armv8.0 (FEAT_SB)
* Helper functions for Random number generator registers (FEAT_RNG)
* Support for TRNG firmware interface service
* SiP service to configure Ethos-N NPU
* GPT Image Support aligned to Firmware update specification
* S-EL2 Hafnium/FF-A:
** PAuth & BTI support
** SMMUv3.2 S-EL2 driver for stage 2 translation
** FF-A Non-secure interrupt handling
** FF-A Power management support at boot time
** FF-A Direct message interfaces & Memory sharing interfaces
** Added SPMC support to Hafnium CI
** Save/restore of Normal world FP/NEON/SIMD state
If you are interested in collaborating on any of the roadmap features or other features, please mail [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-a | TF-A mailing list ]]
**WARNING:**
All dates are provisional and subject to change without notice. Items in Ongoing/Future section will be planned in detail and confirmed in due course.
**Ongoing**
* CPU Errata Support
* Gearing up for TF-A next Release
* Firmware Handoff
* DSU PMU S/R support
* PSA Crypto API
* FF-A 1.2 enhanced Support
* Firmware Update live Activation BL31 II
* mbedTLS 2.x removal
* Firmware Update Improvements
**Future**
* GICv5 Investigation
* GIC v3 | NMI Support
* Firmware Handoff | Platform Support
* CCA Plane II/DI
* CCA DA II/DI
* Live FW Update
* CCA Granule Delegation
* 2023|2024 architecture Feature enablement
* FF-A 1.1 ACS Compliance
* Secure Timer Virtualization
____________________________________________________________________________________________
**2023 TF-A Releases**
**TF-Av2.10 release (Nov 2023)**
**Architecture extensions support :**
* Arm v8.9 | 2022 Architecture extension support enabled for FEAT_HAFT,RPRFM, LRCPC3, and MTE_PERM
* Non Secure SME support in RMM
* PAC+ BTI support enabled in RMM and Realm
* CPU support added for Gelas, Nevis and Travis cores
**TF-A | EL3 Root World :**
* Firmware handoff Library Support : transfer list APIs and Firmware Handoff build option
* Improvements to BL31 runtime exception handling
* Context management refactoring for RME/4 Worlds
**Boot Support :**
* Trusted Boot support for ECDSA (Elliptic Curve Digital Signature Algorithm) P- 384 keys
* Migrated to PSA crypto API’s (Except for authenticated decryption feature. Also, mbedTLS legacy crypto APIs will still be supported for some time)
* Improved the GUID Partition Table (GPT) parser
* Various security Improvements and threat Model updates for ARM CCA
* Completed PSA Attestation Support
**Hafnium | S-EL2 SPM :**
* Continued support for FF-A v1.2 - FFA_YIELD with time-out; EL3 SPMDs LSPs communication; memory sharing updates
* Memory region relative base address field support in SP manifests
* Interrupt re-configuration hypervisor calls
* Memory management: S2 PT NS/S IPA split
* SMCCCv1.2+ compliance fixes
* Feature parity test improvements for EL3 SPMC and Hafnium
**TF-RMM | R-EL2:**
* TF-RMM aligned to RMM 1.0 EAC5 spec
* Initial CBMC Support
* Added TF-RMM Threat Model to the documentation support
* Added capability to privately map the per-CPU stack in RMM
**TF-A Tests:**
* Added support for errata management firmware interface tests
* Added support for firmware hand-off tests
* Test support for SMCCCv1.2 extended GP register set
* Added PAC and PMU support in Realm tests
**Platform Support :**
* Support for Aspeed AST2700, NXP IMX93, Intel Agilex5,Nuvoton and ST platforms
**Errata ABI:**
* Added 13 CPU Errata mitigations(1xCortex-X2, 1xCortex-A710, 4xNeoverse N2, 4xNeoverse V2, 2xCortex- X3 CPU, 1xCortex-A510)
**Others :**
* Qemu Platform Support
* SDEI support added
* Firmware handoff support implemented
* QEMU virt platform is now supported in TF-RMM
* mbedTLS Update to 3.4.1
* Crypto-cell support for 712/713 removal ( deprecation announced in TF-A 2.9)
_______________________________________________________________________
**TF-Av2.9 release (May 2023)**
**Architecture extensions support:**
- Support for PSCI OS initiated mode
- Architecture support for FEAT_TCR2, Guarded Control Stack (FEAT_GCS), Config Register Support for FEAT_HCX
- Save/Restore Support for FEAT_PIE/POE, FEAT_SME | SME2, FEAT_MPAM: runtime check
- Added dynamic detection of architecture feature enablement
- System registers access trap handler
- Eighteen CPU Errata Mitigations for Cortex-A510, A-78, X2, Neoverse V1, N2 cores and GICv3 bug fixes
- Errata Management Firmware Interface implementation supported for version 1.0 of the public specification
- First release done solely relying on TrustedFirmware.org Open CI
- Ethos-N NPU Driver Added support for Protected Firmware Setup
- EL3 SPMC enhanced feature hardening (scan warning fixes, report execution stage in partition info etc)
**Arm CCA support:**
- Support for Trusted Boot rooted into RSS RoT
- Support for PSA attestation scheme with Measured Boot rooted into RSS.
- General improvements and hardening of the boot and attestation support.
- Hardening efforts in the X.509 certificate parser, including a security fix (TFV-10, CVE-2022-47630)
**TF-RMM Enhancements [0.3.0] :**
- Refactoring Stage 1 Translation Table to better fit RMM Usage
- PMU usage in Realms as per RMM v1.0 BET0 spec
- Realm support to leverage SVE hardware functionality, if enabled
- Improve dynamic config of RMM by adding support for DRAM info in RMM-EL3 interface
- RMM Unit test support for granule and slot-buffer components
- Mask MTE capability so that realms can see that MTE is not supported
- Build improvements in RMM comprising : build times, decouple dependencies during build cycle and support multi-config builds
**Hafnium SPM & FF-A enablement:**
* FF-A v1.2 Early Adoption
* FF-A v1.1 Enhanced Support
** Interrupt handling (S-EL0 partition signaling, allow a physical interrupt to be routed to a specified PE)
** Memory sharing (support for FF-A backward compatibility, share/lend/donate memory to multiple borrowers, normal/secure fragmented memory sharing)
** Power management (events relayed to the SPMC and removed limitations)
** Indirect messaging (buffer synchronization and ownership transfer rules)
** Hardened SP manifest memory regions boot time validation
** CI migration to LLVM/clang 15.0.6
** Removal of non-VHE build and test configurations
** Added EL3 SPMC test configurations using the Hafnium’s CI infrastructure
**TF-A Tests**
- support for 2021 Architecture Extensions
- new tests for FEAT_RME and RMM Testing
- support for FF-A v1.1 Feature testing
- New cores/platforms support:
- Arm TC3 CPU cores support
- Power Domain support for N1SDP and Morello hardware
- Allwinner T507 SoC support
- Legacy support for Nvidia Tegra 210
- MT8188 | MT8195 Platform support
**Qemu** : Enable Dynamic Feature Detection for Normal World
----------------------------------------------------------------------------------------------------------------------------------------
**Previous TF-A Releases**
**TF-RMMv01.0/v0.2.0 first releases (November 2022)**
* Reference implementation of the Arm Realm Management Monitor (RMM) [[ https://developer.arm.com/documentation/den0137/ | specification ]]
* Aligned against BETA revision of the specification
* Tested against TF-Av2.8
* All contributions accepted under DCO and BSD 3-Clause
**TF-Av2.8 release (November 2022)**
* Architecture extensions support:
** Added Pointer Authentication Extension helper support for QARMA3 (FEAT_PACQARMA3)
** Partial EL3 support for RNDR/RNDRRS (FEAT_RNG_TRAP)
** Added SVE fall back if SME not available (FEAT_SME)
** Support full SVE vector Length (FEAT_SVE)
** Added FEAT_BRBE and FEAT_TRBE under feature detection mechanism
* Added support for DRTM (Dynamic Root of Trust Measurement) Phase 1 (Standard services, Complete DMA protection)
* Various Errata Mitigations (Cortex-A710, A510, X3, X2, A76, A77, A78C, Neoverse N1, N2, GIC-600)
* Improved SVE support (as per SMCCCv1.3)
* Ethos-N Driver support for SMMU
* EL3 SPMC feature hardening
* FEAT_RME:
** Bootflow chain of trust support for AEM FVP
** Further developments to support TF-RMM upstreaming
** Tested interop against TF-RMM v0.2.0
* TF-A Tests support for 4 new platforms (N1SDP, RD-N2, RD-N2-Cfg1, RD-V1)
* TF-A Tests FEAT_RME Realm Payload Testing
* TF-A Tests FF-A v1.1 Secure interrupts Testing
* Hafnium SPM & FF-A enablement:
** FF-A v1.1 additions (Interrupt handling, Memory sharing, Framework notifications and indirect messaging)
** Added FF-A console log ABI, support for GICv3.1 extended INTID ranges
** Enhanced SVE by supporting up to the maximum vector length
** FF-A v1.0 ACS test suite integration in Open CI.
**TF-A-v2.7 Release features**
* Architecture support:
** Armv9.2 Branch Record Buffer Extension (FEAT_BRBE) for Non-secure World support
** Armv8.7 Statistical Profiling Extension (FEAT_SPEV1P2) TF-A-Tests support
** Armv8.7 WFE/WFI instructions with Timeout (FEAT_WFxT), Increased precision of Reciprocal Estimate and Reciprocal Square Root Estimate (FEAT_RPRES) & Alternate Floating-Point (FEAT_AFP) TF-A-Tests support
* *Armv8.3 Extended Cache Index (FEAT_CCIDX) support
* Spectre Branch History Buffer (BHB) Mitigations
* Various Software workarounds for Errata affecting Cortex-A710, A510, A78, X2
* New Architectural Features Detection Mechanism (Experimental Feature)
* SMMU Granule Protection Checks (GPC) for Secure and Non-secure world transactions
* FF-A & SPM:
** Secure Partition Manager (SPM) operating at EL3 (Experimental Feature)
** Hafnium: Memory Tagging Extension (MTE) stack tagging support at S-EL2
** Hafnium FF-A implementation:
** FF-A v1.1 EAC0: Boot protocol, Setup and discovery, Notifications
** FF-A v1.1 Beta0: Interrupt handling improvements
** FF-A v1.0 compliance fixes
**TF-A-v2.6 Release features**
* Armv9 features support:
** Realm Management Extension (FEAT_RME): first prototype implementation (ENABLE_RME)
** Scalable Matrix Extension (FEAT_SME) enabled for Normal world use
** Trace Buffer Extension (FEAT_TRBE): enable access to trace buffer control registers from Normal world
** Embedded Trace Extension (FEAT_ETE, FEAT_ETEv1p1): enabled for Normal world use
* Armv8 features support:
** Activity Monitors Extension (FEAT_AMU): enable per-core AMU auxiliary counters
** Support for the HCRX_EL2 register (FEAT_HCX)
** Scalable Vector Extension (FEAT_SVE): enabled for the Secure world
** Self-hosted Trace Extensions (FEAT_TRF)
* Support for the Arm Firmware Update specification
* Hafnium SPM:
** Arm FF-A v1.1 notifications support
** Arm FF-A v1.1 interrupt handling (Hafnium para-virtualized interface)
** S-EL0 partitions support through VHE architecture extension in the SW
** Save/restore NW SVE live state on world switches
** SPs to use FP/SIMD while NW uses SVE/SIMD/FP on the same core
** Updated toolchain to LLVM/Clang 12
** Published new SPMC threat model
**TF-A-v2.5 Release features**
* TF-A Public Threat Model published
* Armv8.7: FEAT_MTE3, FEAT_PAN3
* Armv8.6: FEAT_AMUv1p1, FEAT_MTPMU
* Armv8.5: Speculation Barrier (SB) for non-Armv8.5 platforms starting from Armv8.0 (FEAT_SB)
* Helper functions for Random number generator registers (FEAT_RNG)
* Support for TRNG firmware interface service
* SiP service to configure Ethos-N NPU
* GPT Image Support aligned to Firmware update specification
* S-EL2 Hafnium/FF-A:
** PAuth & BTI support
** SMMUv3.2 S-EL2 driver for stage 2 translation
** FF-A Non-secure interrupt handling
** FF-A Power management support at boot time
** FF-A Direct message interfaces & Memory sharing interfaces
** Added SPMC support to Hafnium CI
** Save/restore of Normal world FP/NEON/SIMD state
If you are interested in collaborating on any of the roadmap features or other features, please mail [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-a | TF-A mailing list ]]
**WARNING:**
All dates are provisional and subject to change without notice. Items in Ongoing/Future section will be planned in detail and confirmed in due course.
**Ongoing**
* CPU Errata Support
* Gearing up for TF-A next Release
* Firmware Handoff
* DSU PMU S/R support
* PSA Crypto API
* FF-A 1.2 enhanced Support
* Firmware Update live Activation BL31 II
* mbedTLS 2.x removal
* Firmware Update Improvements
**Future**
* GICv5 Investigation
* GIC v3 | NMI Support
* Firmware Handoff | Platform Support
* CCA Plane II/DI
* CCA DA II/DI
* Live FW Update
* CCA Granule Delegation
* 2023|2024 architecture Feature enablement
* FF-A 1.1 ACS Compliance
* Secure Timer Virtualization
____________________________________________________________________________________________
**2023 TF-A Releases**
**TF-Av2.10 release (Nov 2023)**
**Architecture extensions support :**
* Arm v8.9 | 2022 Architecture extension support enabled for FEAT_HAFT,RPRFM, LRCPC3, and MTE_PERM
* Non Secure SME support in RMM
* PAC+ BTI support enabled in RMM and Realm
* CPU support added for Gelas, Nevis and Travis cores
**TF-A | EL3 Root World :**
* Firmware handoff Library Support : transfer list APIs and Firmware Handoff build option
* Improvements to BL31 runtime exception handling
* Context management refactoring for RME/4 Worlds
**Boot Support :**
* Trusted Boot support for ECDSA (Elliptic Curve Digital Signature Algorithm) P- 384 keys
* Migrated to PSA crypto API’s (Except for authenticated decryption feature. Also, mbedTLS legacy crypto APIs will still be supported for some time)
* Improved the GUID Partition Table (GPT) parser
* Various security Improvements and threat Model updates for ARM CCA
* Completed PSA Attestation Support
**Hafnium | S-EL2 SPM :**
* Continued support for FF-A v1.2 - FFA_YIELD with time-out; EL3 SPMDs LSPs communication; memory sharing updates
* Memory region relative base address field support in SP manifests
* Interrupt re-configuration hypervisor calls
* Memory management: S2 PT NS/S IPA split
* SMCCCv1.2+ compliance fixes
* Feature parity test improvements for EL3 SPMC and Hafnium
**TF-RMM | R-EL2:**
* TF-RMM aligned to RMM 1.0 EAC5 spec
* Initial CBMC Support
* Added TF-RMM Threat Model to the documentation support
* Added capability to privately map the per-CPU stack in RMM
**TF-A Tests:**
* Added support for errata management firmware interface tests
* Added support for firmware hand-off tests
* Test support for SMCCCv1.2 extended GP register set
* Added PAC and PMU support in Realm tests
**Platform Support :**
* Support for Aspeed AST2700, NXP IMX93, Intel Agilex5,Nuvoton and ST platforms
**Errata ABI:**
* Added 13 CPU Errata mitigations(1xCortex-X2, 1xCortex-A710, 4xNeoverse N2, 4xNeoverse V2, 2xCortex- X3 CPU, 1xCortex-A510)
**Others :**
* Qemu Platform Support
* SDEI support added
* Firmware handoff support implemented
* QEMU virt platform is now supported in TF-RMM
* mbedTLS Update to 3.4.1
* Crypto-cell support for 712/713 removal ( deprecation announced in TF-A 2.9)
_______________________________________________________________________
**TF-Av2.9 release (May 2023)**
**Architecture extensions support:**
- Support for PSCI OS initiated mode
- Architecture support for FEAT_TCR2, Guarded Control Stack (FEAT_GCS), Config Register Support for FEAT_HCX
- Save/Restore Support for FEAT_PIE/POE, FEAT_SME | SME2, FEAT_MPAM: runtime check
- Added dynamic detection of architecture feature enablement
- System registers access trap handler
- Eighteen CPU Errata Mitigations for Cortex-A510, A-78, X2, Neoverse V1, N2 cores and GICv3 bug fixes
- Errata Management Firmware Interface implementation supported for version 1.0 of the public specification
- First release done solely relying on TrustedFirmware.org Open CI
- Ethos-N NPU Driver Added support for Protected Firmware Setup
- EL3 SPMC enhanced feature hardening (scan warning fixes, report execution stage in partition info etc)
**Arm CCA support:**
- Support for Trusted Boot rooted into RSS RoT
- Support for PSA attestation scheme with Measured Boot rooted into RSS.
- General improvements and hardening of the boot and attestation support.
- Hardening efforts in the X.509 certificate parser, including a security fix (TFV-10, CVE-2022-47630)
**TF-RMM Enhancements [0.3.0] :**
- Refactoring Stage 1 Translation Table to better fit RMM Usage
- PMU usage in Realms as per RMM v1.0 BET0 spec
- Realm support to leverage SVE hardware functionality, if enabled
- Improve dynamic config of RMM by adding support for DRAM info in RMM-EL3 interface
- RMM Unit test support for granule and slot-buffer components
- Mask MTE capability so that realms can see that MTE is not supported
- Build improvements in RMM comprising : build times, decouple dependencies during build cycle and support multi-config builds
**Hafnium SPM & FF-A enablement:**
-* FF-A v1.2 Early Adoption
-* FF-A v1.1 Enhanced Support
- //** Interrupt handling (S-EL0 partition signaling, allow a physical interrupt to be routed to a specified PE)
-** Memory sharing (support for FF-A backward compatibility, share/lend/donate memory to multiple borrowers, normal/secure fragmented memory sharing)
-** Power management (events relayed to the SPMC and removed limitations)
-** Indirect messaging (buffer synchronization and ownership transfer rules)
-** Hardened SP manifest memory regions boot time validation
-** CI migration to LLVM/clang 15.0.6
-** Removal of non-VHE build and test configurations
-** Added EL3 SPMC test configurations using the Hafnium’s CI infrastructure//
**TF-A Tests**
- support for 2021 Architecture Extensions
- new tests for FEAT_RME and RMM Testing
- support for FF-A v1.1 Feature testing
- New cores/platforms support:
- Arm TC3 CPU cores support
- Power Domain support for N1SDP and Morello hardware
- Allwinner T507 SoC support
- Legacy support for Nvidia Tegra 210
- MT8188 | MT8195 Platform support
**Qemu** : Enable Dynamic Feature Detection for Normal World
----------------------------------------------------------------------------------------------------------------------------------------
**Previous TF-A Releases**
**TF-RMMv01.0/v0.2.0 first releases (November 2022)**
* Reference implementation of the Arm Realm Management Monitor (RMM) [[ https://developer.arm.com/documentation/den0137/ | specification ]]
* Aligned against BETA revision of the specification
* Tested against TF-Av2.8
* All contributions accepted under DCO and BSD 3-Clause
**TF-Av2.8 release (November 2022)**
* Architecture extensions support:
** Added Pointer Authentication Extension helper support for QARMA3 (FEAT_PACQARMA3)
** Partial EL3 support for RNDR/RNDRRS (FEAT_RNG_TRAP)
** Added SVE fall back if SME not available (FEAT_SME)
** Support full SVE vector Length (FEAT_SVE)
** Added FEAT_BRBE and FEAT_TRBE under feature detection mechanism
* Added support for DRTM (Dynamic Root of Trust Measurement) Phase 1 (Standard services, Complete DMA protection)
* Various Errata Mitigations (Cortex-A710, A510, X3, X2, A76, A77, A78C, Neoverse N1, N2, GIC-600)
* Improved SVE support (as per SMCCCv1.3)
* Ethos-N Driver support for SMMU
* EL3 SPMC feature hardening
* FEAT_RME:
** Bootflow chain of trust support for AEM FVP
** Further developments to support TF-RMM upstreaming
** Tested interop against TF-RMM v0.2.0
* TF-A Tests support for 4 new platforms (N1SDP, RD-N2, RD-N2-Cfg1, RD-V1)
* TF-A Tests FEAT_RME Realm Payload Testing
* TF-A Tests FF-A v1.1 Secure interrupts Testing
* Hafnium SPM & FF-A enablement:
** FF-A v1.1 additions (Interrupt handling, Memory sharing, Framework notifications and indirect messaging)
** Added FF-A console log ABI, support for GICv3.1 extended INTID ranges
** Enhanced SVE by supporting up to the maximum vector length
** FF-A v1.0 ACS test suite integration in Open CI.
**TF-A-v2.7 Release features**
* Architecture support:
** Armv9.2 Branch Record Buffer Extension (FEAT_BRBE) for Non-secure World support
** Armv8.7 Statistical Profiling Extension (FEAT_SPEV1P2) TF-A-Tests support
** Armv8.7 WFE/WFI instructions with Timeout (FEAT_WFxT), Increased precision of Reciprocal Estimate and Reciprocal Square Root Estimate (FEAT_RPRES) & Alternate Floating-Point (FEAT_AFP) TF-A-Tests support
* *Armv8.3 Extended Cache Index (FEAT_CCIDX) support
* Spectre Branch History Buffer (BHB) Mitigations
* Various Software workarounds for Errata affecting Cortex-A710, A510, A78, X2
* New Architectural Features Detection Mechanism (Experimental Feature)
* SMMU Granule Protection Checks (GPC) for Secure and Non-secure world transactions
* FF-A & SPM:
** Secure Partition Manager (SPM) operating at EL3 (Experimental Feature)
** Hafnium: Memory Tagging Extension (MTE) stack tagging support at S-EL2
** Hafnium FF-A implementation:
** FF-A v1.1 EAC0: Boot protocol, Setup and discovery, Notifications
** FF-A v1.1 Beta0: Interrupt handling improvements
** FF-A v1.0 compliance fixes
**TF-A-v2.6 Release features**
* Armv9 features support:
** Realm Management Extension (FEAT_RME): first prototype implementation (ENABLE_RME)
** Scalable Matrix Extension (FEAT_SME) enabled for Normal world use
** Trace Buffer Extension (FEAT_TRBE): enable access to trace buffer control registers from Normal world
** Embedded Trace Extension (FEAT_ETE, FEAT_ETEv1p1): enabled for Normal world use
* Armv8 features support:
** Activity Monitors Extension (FEAT_AMU): enable per-core AMU auxiliary counters
** Support for the HCRX_EL2 register (FEAT_HCX)
** Scalable Vector Extension (FEAT_SVE): enabled for the Secure world
** Self-hosted Trace Extensions (FEAT_TRF)
* Support for the Arm Firmware Update specification
* Hafnium SPM:
** Arm FF-A v1.1 notifications support
** Arm FF-A v1.1 interrupt handling (Hafnium para-virtualized interface)
** S-EL0 partitions support through VHE architecture extension in the SW
** Save/restore NW SVE live state on world switches
** SPs to use FP/SIMD while NW uses SVE/SIMD/FP on the same core
** Updated toolchain to LLVM/Clang 12
** Published new SPMC threat model
**TF-A-v2.5 Release features**
* TF-A Public Threat Model published
* Armv8.7: FEAT_MTE3, FEAT_PAN3
* Armv8.6: FEAT_AMUv1p1, FEAT_MTPMU
* Armv8.5: Speculation Barrier (SB) for non-Armv8.5 platforms starting from Armv8.0 (FEAT_SB)
* Helper functions for Random number generator registers (FEAT_RNG)
* Support for TRNG firmware interface service
* SiP service to configure Ethos-N NPU
* GPT Image Support aligned to Firmware update specification
* S-EL2 Hafnium/FF-A:
** PAuth & BTI support
** SMMUv3.2 S-EL2 driver for stage 2 translation
** FF-A Non-secure interrupt handling
** FF-A Power management support at boot time
** FF-A Direct message interfaces & Memory sharing interfaces
** Added SPMC support to Hafnium CI
** Save/restore of Normal world FP/NEON/SIMD state