Version 15 vs 16
Version 15 vs 16
Content Changes
Content Changes
TF-M has been under active development since it was launched in Q1'18. It is being designed to include
1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of
//** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services
providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are
//**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**//
Roadmap below shows when the services are getting supported and then enhanced.
Currently Supported Features
- [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]]
- [[ https://developer.trustedfirmware.org/w/tf_m/design/ipc_design/ | TF-M Core - Inter Process Communication (IPC)]]
- [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]]
- [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]]
- [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_crypto_integration_guide.md | Crypto Secure Service]]
- [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_attestation_integration_guide.md | Initial Attestation Service ]]
[[ https://developer.trustedfirmware.org/w/tf_m/design/secure_partition_interrupt_handling/ | Secure Partition Interrupt Handling ]]
- [Platform] Reset Service
- [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance
- [Crypto] PSA API Compliance
- [Secure Storage] PSA API Implementation
- [TF-M Core] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_firmware-m_isolation_level_2/ | PSA Level2 Isolation ]]
- [Secure Storage,Crypto,Attestation] Compatible with PSA Firmware Framework IPC
- [Secure Boot] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_boot/rollback_protection/ | Rollback Protection ]]
- [TF-M Core] Secure Interrupt Handling
- [TF-M Core] Pre-emption of SPE execution
- Dual CPU Enablement
- Open Continuous Integration (CI) System
- [Crypto] Use mbedcrypto
- [Secure Boot] Multiple Image Update
- [Storage] Crypto Binding
- Boot and Runtime Crypto Hardware Integration
- Dual CPU Support
- [Secure Storage] Support Internal Trusted Storage PSA APIs
CQ1'20
- PSA FF, API v1.0
- TF-M Profile1 Prototype
- TF-M mcuboot upstream alignment
Future
- Scheduler - Initial Support
- [Secure Storage] Key Diversification Enhancements
- [Platform] NV Count, Timer
- [Platform] Secure Time
- Secure Debug Investigation
- [Provisioning] Initial Investigation/API Prototype
- [Secure Boot] Key Revocation
- [Secure Storage] Lifecycle Management
- [Crypto] RNG, KDF
- [Audit Logs] Secure Storage, Policy Manager
- [Platform] GPIO, Debug, NONCE
- Secure Debug Prototype
TF-M has been under active development since it was launched in Q1'18. It is being designed to include
1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of
//** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services
providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are
//**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**//
Roadmap below shows when the services are getting supported and then enhanced.
Currently Supported Features
- PSA Level1 and 2 Isolation
- PSA Firmware Framework v1.0 and Library Mode.
- Secure Boot
- PSA Protected Storage and Internal Trusted Storage v1.0
- Audit Logs
- Crypto
- PSA Initial Attestation Service v1.0
- Secure Partition Interrupt Handling, Pre-emption of SPE execution
- Platform Reset Service
- Dual CPU
- Open Continuous Integration (CI) System
- Boot and Runtime Crypto Hardware Integration
CQ2'20
- Profile Small
- HAL Re-design
- mcuboot upstream alignment
- PSA Level3 Isolation Design
Future
- Scheduler - Initial Support
- Profile Medium and Large
- Update to latest Mbedcrypto versions.
- [Secure Storage] Key Diversification Enhancements
- [Platform] NV Count, Timer
- [Platform] Secure Time
- Secure Debug Investigation
- [Audit Logs] Secure Storage, Policy Manager
TF-M has been under active development since it was launched in Q1'18. It is being designed to include
1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of
//** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services
providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are
//**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**//
Roadmap below shows when the services are getting supported and then enhanced.
Currently Supported Features
- [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]]- PSA Level1 and 2 Isolation
- [[ https://developer.trustedf- PSA Firmware.org/w/tf_m/design/ipc_design/ | TF-M Core - Inter Process Communication (IPC)]] Framework v1.0 and Library Mode.
- [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]]Secure Boot
- [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]]PSA Protected Storage and Internal Trusted Storage v1.0
- [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_crypto_integration_guide.md | Crypto Secure Service]]Audit Logs
- [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_attestation_integration_guide.md | Initial Attestation Service ]]
[[ https://developer.trustedfirmware.org/w/tf_m/design/secure_partition_interrupt_handling/ | Secure Partition Interrupt Handling ]]
- [Platform] Reset ServiceCrypto
- [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance
- [Crypto] PSA API Compliance
- [Secure Storage] PSA API ImplementationPSA Initial Attestation Service v1.0
- [TF-M Core] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_firmware-m_isolation_level_2/ | PSA Level2 Isolation ]]Secure Partition Interrupt Handling, Pre-emption of SPE execution
- [Secure Storage,Crypto,Attestation] Compatible with PSA Firmware Framework IPC
- [Secure Boot] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_boot/rollback_protection/ | Rollback Protection ]]
- [TF-M Core] Secure Interrupt HandlingPlatform Reset Service
- [TF-M Core] Pre-emption of SPE execution- Dual CPU
- Dual CPU Enablement
- Open Continuous Integration (CI) System
- [Crypto] Use mbedc- Boot and Runtime Crypto
- [Secure Boot] Multiple Image UpdateHardware Integration
- [Storage] Crypto Binding
- Boot and Runtime Crypto Hardware IntegrationCQ2'20
- Dual CPU Support- Profile Small
- [Secure Storage] Support Internal Trusted Storage PSA APIs
CQ1'20
- PSA FF, API v1.0- HAL Re-design
- TF-M Profile1 Prototype- mcuboot upstream alignment
- TF-M mcuboot upstream alignment - PSA Level3 Isolation Design
Future
- Scheduler - Initial Support
- Profile Medium and Large
- Update to latest Mbedcrypto versions.
- [Secure Storage] Key Diversification Enhancements
- [Platform] NV Count, Timer
- [Platform] Secure Time
- Secure Debug Investigation
- [Provisioning] Initial Investigation/API Prototype
- [Secure Boot] Key Revocation
- [Secure Storage] Lifecycle Management
- [Crypto] RNG, KDF
- [Audit Logs] Secure Storage, Policy Manager
- [Platform] GPIO, Debug, NONCE
- Secure Debug Prototype