TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - PSA Level1 and 2 Isolation - PSA Firmware Framework v1.0 and Library Mode. - Secure Boot - PSA Protected Storage and Internal Trusted Storage v1.0 - Audit Logs - PSA Crypto 1.0-Beta3 - PSA Initial Attestation Service v1.0 - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration CQ2'20 - Profile Small - HAL Re-design - mcuboot upstream alignment - PSA Level3 Isolation Design Future - Scheduler - Initial Support - Profile Medium and Large - Update to latest Mbedcrypto versions. - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - Secure Debug Investigation - [Audit Logs] Secure Storage, Policy Manager - Fault Injection Mitigations

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently supported are //**Secure Storage, Cryptography, Firmware Update, Attestation and Platform Services**// If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman3/lists/tf-m.lists.trustedfirmware.org/ | mailing list ]] Supported Features - PSA Firmware Framework v1.0, 1.1 Extension including IPC and SFN modes. - PSA Level1, 2 and 3 Isolation. - Secure Boot (mcuboot upstream) including generic fault injection mitigations - PSA Protected Storage, Internal Trusted Storage v1.0 and Encrypted ITS - PSA Cryptov1.0 (uses Mbed TLS v3.4.0) - PSA Initial Attestation Service v1.0 - PSA Firmware Update v1.0 - PSA ADAC Specification Implementation - Base Config - kconfig based configuration - Profile Small, Medium, ARoT-less Medium, Large - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration - Fault Injection Handling library to mitigate against physical attacks - Threat Model - Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) - FPU, MVE Support - CC-312 PSA Cryptoprocessor Driver Interface CQ4'23 - TF-M v1.9 release - Mbed TLS 3.5.0, mcuboot 2.0.0 Integration - Design, prototype: Supporting multiple clients i.e. TF-M supporting multiple on core and off core clients on Hetrogeneous (e.g. Cortex-A + Cortex-M platforms) - Demonstrating TLS in Non-Secure using PSA Crypto APIs in TF-M - Build System Enhancements - Separate Secure, Non-Secure Builds - Mailbox interrupt handling Future: - Long Term Stable (LTS) support - Implement support for multiple clients - Remote Test Infrastructure - MISRA testing - TF-M Performance - Further Benchmarking and Optimization - Scheduler - Multiple Secure Context Implementation - Arm v8.1-M Architecture Enablement - PAC/BTI - PSA FWU Service Enhancements - PSA ADAC Spec - Enhancements and Testing - Arm v8.1-M Unprevileged Debug - [Secure Storage] Extended PSA APIs, Key Diversification Enhancements - [Audit Logs] Secure Storage, Policy Manager - PSA FF Lifecycle API - Fuzz Testing

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, AttestationFirmware Update, ProvisioningAttestation and Platform Services**// If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman3/lists/tf-m.lists.trustedfirmware.org/ | mailing list ]] Supported Features - PSA Firmware Framework v1.0, 1.1 Extension including IPC and SFN modes. - PSA Level1, 2 and 3 Isolation. - Secure Boot (mcuboot upstream) including generic fault injection mitigations Roadmap below shows when the services are getting suppor- PSA Protected Storage, Internal Trusted and then enhanced. Currently SupporStorage v1.0 and Encrypted FeaturesITS - PSA Level1 and 2 IsolationCryptov1.0 (uses Mbed TLS v3.4.0) - PSA Firmware Framework v1.0 and Library Mode.Initial Attestation Service v1.0 - Secure Boot- PSA Firmware Update v1.0 - PSA Protected Storage and Internal Trusted Storage v1.0ADAC Specification Implementation - Audit Logs- Base Config - PSA Crypto 1.0-Beta3 - kconfig based configuration - PSA Initial Attestation Service v1.0- Profile Small, Medium, ARoT-less Medium, Large - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration CQ2'20 - Profile Small- Fault Injection Handling library to mitigate against physical attacks - HAL Re-design- Threat Model - Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) - mcuboot upstream alignment- FPU, MVE Support -- CC-312 PSA Level3 Isolation DesignCryptoprocessor Driver Interface FutureCQ4'23 - TF-M v1.9 release - Mbed TLS 3.5.0, mcuboot 2.0.0 Integration - Design, prototype: Supporting multiple clients i.e. TF-M supporting multiple on core and off core clients on Hetrogeneous (e.g. Cortex-A + Cortex-M platforms) - Demonstrating TLS in Non-Secure using PSA Crypto APIs in TF-M - Build System Enhancements - Separate Secure, - Scheduler - Initial SupportNon-Secure Builds - Profile Medium and Large- Mailbox interrupt handling Future: - Update to latest Mbedcrypto versions.- Long Term Stable (LTS) support - Implement support for multiple clients - [Secure Storage] Key Diversification Enhancements- Remote Test Infrastructure - MISRA testing - TF-M Performance - Further Benchmarking and Optimization - [Platform] NV Count, Timer- Scheduler - Multiple Secure Context Implementation - [Platform] Sec- Arm v8.1-M Architecture TimeEnablement - PAC/BTI - Secure Debug Investigation- PSA FWU Service Enhancements - PSA ADAC Spec - Enhancements and Testing - Arm v8.1-M Unprevileged Debug - [Secure Storage] Extended PSA APIs, Key Diversification Enhancements - [Audit Logs] Secure Storage, Policy Manager - Fault Injection Mitigations- PSA FF Lifecycle API - Fuzz Testing