Version 25 vs 26
Version 25 vs 26
Content Changes
Content Changes
TF-M has been under active development since it was launched in Q1'18. It is being designed to include
1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of
//** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services
providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are
//**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**//
If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]]
Currently Supported Features
- PSA Firmware Framework v1.0 and Library Mode.
- PSA Level1, 2 and 3 Isolation. Level3 Isolation enabled only for MuscaB1 and AN521
- Secure Boot (mcuboot upstream) including generic fault injection mitigations
- PSA Protected Storage and Internal Trusted Storage v1.0
- Audit Logs
- PSA Crypto 1.0-Beta3 (uses Mbed TLS v2.24)
- PSA Initial Attestation Service v1.0
- Secure Partition Interrupt Handling, Pre-emption of SPE execution
- Platform Reset Service
- Dual CPU
- Open Continuous Integration (CI) System
- Boot and Runtime Crypto Hardware Integration
- Profile Small, Medium
- Build System Changes to use Modern CMake
- Threat Model
CQ1'21
- PSA Firmware Framework v1.1 - Phase1 (Interrupt Handling, Static Handle)
- Secure Partition Manager (SPM) API Performance Optimization
- PSA Firmware Update API - Prototype
- Update PSA Crypto Service to Mbed TLS v2.25
- Profile Large
- FPU Support
- Arm v8.1-M Architecture Enablement Phase1
- SW Counter Measures Against Physical Attacks – Secure Processing Environment Isolation settings
Future
- PSA Firmware Framework v1.1 - Phase2
- PSA Firmware Update
- Secure Partition HAL Update
- Arm v8.1-M Architecture Enablement Phase2
- Scheduler - Multiple Secure Context Support
- [Secure Storage] Key Diversification Enhancements
- [Platform] NV Count, Timer
- [Platform] Secure Time
- Authenticated Debug
- [Audit Logs] Secure Storage, Policy Manager
TF-M has been under active development since it was launched in Q1'18. It is being designed to include
1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of
//** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services
providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are
//**Secure Storage, Cryptography, Firmware Update, Audit Logs, Attestation, Provisioning and Platform Services**//
If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]]
Currently Supported Features
- PSA Firmware Framework v1.0 and Library Mode.
- PSA Level1, 2 and 3 Isolation. Level3 Isolation enabled only for MuscaB1, AN521 and STM32L5
- Secure Boot (mcuboot upstream) including generic fault injection mitigations
- PSA Protected Storage and Internal Trusted Storage v1.0
- Audit Logs
- PSA Crypto (uses Mbed TLS v2.25)
- PSA Initial Attestation Service v1.0
- PSA Firmware Update
- Secure Partition Interrupt Handling, Pre-emption of SPE execution
- Platform Reset Service
- Dual CPU
- Open Continuous Integration (CI) System
- Boot and Runtime Crypto Hardware Integration
- Profile Small, Medium, Large
- Build System Changes to use Modern CMake
- Fault Injection Handling library to mitigate against physical attacks
- Threat Model
- Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD)
- PSA Firmware Framework v1.1 - Stateless RoT Service and Second-Level Interrupt Handling (SLIH)
CQ2'21
- PSA Firmware Framework v1.1 - Phase2 (SFN, Interrupt Handling)
- Multiple Secure Context Design
- PSA FWU Service Enhancements
- Secure Partition Manager (SPM) API Performance Optimization
- SW Counter Measures Against Physical Attacks – Enhancements
- FPU Support
- Arm v8.1-M MVE - Initial Enablement
Future
- PSA Firmware Framework v1.1 - Phase3
- Secure Partitions using PSA Firmware Framework v1.1 Static Handle
- Authenticated Debug
- Arm v8.1-M Unprevileged Debug
- Secure Partition HAL Update
- Scheduler - Multiple Secure Context Implementation
- Arm v8.1-M Architecture Enablement Phase2
- [Secure Storage] Key Diversification Enhancements
- [Platform] NV Count, Timer
- [Platform] Secure Time
- [Audit Logs] Secure Storage, Policy Manager
TF-M has been under active development since it was launched in Q1'18. It is being designed to include
1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of
//** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services
providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are
//**Secure Storage, Cryptography, Firmware Update, Audit Logs, Attestation, Provisioning and Platform Services**//
If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]]
Currently Supported Features
- PSA Firmware Framework v1.0 and Library Mode.
- PSA Level1, 2 and 3 Isolation. Level3 Isolation enabled only for MuscaB1, AN521 and AN521STM32L5
- Secure Boot (mcuboot upstream) including generic fault injection mitigations
- PSA Protected Storage and Internal Trusted Storage v1.0
- Audit Logs
- PSA Crypto 1.0-Beta3 (uses Mbed TLS v2.245)
- PSA Initial Attestation Service v1.0
- PSA Firmware Update
- Secure Partition Interrupt Handling, Pre-emption of SPE execution
- Platform Reset Service
- Dual CPU
- Open Continuous Integration (CI) System
- Boot and Runtime Crypto Hardware Integration
- Profile Small, Medium, Large
- Build System Changes to use Modern CMake
- Fault Injection Handling library to mitigate against physical attacks
- Threat Model
CQ1'21
- PSA Firmware Framework v1.1 - Phase1 (Interrupt Handling, Static Handle- Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD)
- Secure Partition Manager (SPM) API Performance Optimization- PSA Firmware Framework v1.1 - Stateless RoT Service and Second-Level Interrupt Handling (SLIH)
CQ2'21
- PSA Firmware Update APIFramework v1.1 - Prototypehase2 (SFN, Interrupt Handling)
- Update PSA Crypto Service to Mbed TLS v2.25 - Multiple Secure Context Design
- Profile Large- PSA FWU Service Enhancements
- FPU Support- Secure Partition Manager (SPM) API Performance Optimization
- Arm v8.1-M Architecture Enabl- SW Counter Measures Against Physical Attacks – Enhancement Phase1s
- SW Counter Measures Against Physical Attacks – Secure Processing Environment Isolation settings
- FPU Support
- Arm v8.1-M MVE - Initial Enablement
Future
- PSA Firmware Framework v1.1 - Phase2
-3
- Secure Partitions using PSA Firmware Updatere Framework v1.1 Static Handle
- Authenticated Debug
- Arm v8.1-M Unprevileged Debug
- Secure Partition HAL Update
- Scheduler - Multiple Secure Context Implementation
- Arm v8.1-M Architecture Enablement Phase2
- Scheduler - Multiple Secure Context Support
- [Secure Storage] Key Diversification Enhancements
- [Platform] NV Count, Timer
- [Platform] Secure Time
- Authenticated Debug
- [Audit Logs] Secure Storage, Policy Manager