Version 31 vs 32
Version 31 vs 32
Content Changes
Content Changes
TF-M has been under active development since it was launched in Q1'18. It is being designed to include
1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of
//** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services
providing services to the Non-Secure and Secure Applications. The secures services currently supported are
//**Secure Storage, Cryptography, Firmware Update, Audit Logs, Attestation and Platform Services**//
If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]]
Supported Features
- PSA Firmware Framework v1.0, 1.1 Extension and Library Mode.
- PSA Level1, 2 and 3 Isolation. Level3 Isolation enabled only for MuscaB1, AN521 and STM32L5
- Secure Boot (mcuboot upstream) including generic fault injection mitigations
- PSA Protected Storage and Internal Trusted Storage v1.0
- Audit Logs
- PSA Crypto (uses Mbed TLS v3.1)
- PSA Initial Attestation Service v1.0
- PSA Firmware Update
- Secure Partition Interrupt Handling, Pre-emption of SPE execution
- Platform Reset Service
- Dual CPU
- Open Continuous Integration (CI) System
- Boot and Runtime Crypto Hardware Integration
- Profile Small, Medium, Large
- Fault Injection Handling library to mitigate against physical attacks
- Threat Model
- Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD)
- FPU Support
- Different keys for different Protected Storage assets
- CC-312 PSA Cryptoprocessor Driver Interface
- Non-Secure Client ID improvements
- PSA ADAC Specification Implementation
- PSA SPs support SFN in Profile Small
- PSA Crypto API 1.0 Compliance (upgrade to Mbed TLS3.1)
CQ2'22
- TF-Mv1.6 Release
- Profile Small/SFN mode - Memory and Performance Optimizations
- Investigate PSA Crypto service and HAL memory optimization
- Design document restructure
- FPU and MVE support enable use in Non-Secure and Secure
Future
- Arm v8.1-M MVE - Further implementation
- Multiple Secure Context PoC
- PSA FWU Service Enhancements
- PSA ADAC Spec - Further Implementation
- Arm v8.1-M Unprevileged Debug
- Secure Partition HAL Update
- Scheduler - Multiple Secure Context Implementation
- Arm v8.1-M Architecture Enablement Phase2
- [Secure Storage] Extended PSA APIs, Key Diversification Enhancements
- [Platform] NV Count, Timer
- [Platform] Secure Time
- [Audit Logs] Secure Storage, Policy Manager
- PSA FF Lifecycle API
- MISRA testing
- Fuzz Testing
TF-M has been under active development since it was launched in Q1'18. It is being designed to include
1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of
//** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services
providing services to the Non-Secure and Secure Applications. The secures services currently supported are
//**Secure Storage, Cryptography, Firmware Update, Audit Logs, Attestation and Platform Services**//
If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]]
Supported Features
- PSA Firmware Framework v1.0, 1.1 Extension.
- PSA Level1, 2 and 3 Isolation.
- Secure Boot (mcuboot upstream) including generic fault injection mitigations
- PSA Protected Storage and Internal Trusted Storage v1.0
- PSA Cryptov1.0 (uses Mbed TLS v3.1)
- PSA Initial Attestation Service v1.0
- PSA Firmware Update
- Audit Logs
- Secure Partition Interrupt Handling, Pre-emption of SPE execution
- Platform Reset Service
- Dual CPU
- Open Continuous Integration (CI) System
- Boot and Runtime Crypto Hardware Integration
- Profile Small, Medium, Large
- Fault Injection Handling library to mitigate against physical attacks
- Threat Model
- Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD)
- FPU, MVE Support
- CC-312 PSA Cryptoprocessor Driver Interface
- PSA ADAC Specification Implementation
- PSA SPs support SFN in Profile Small
- Profile Small/SFN mode - Memory Optimizations
- PSA Crypto service and HAL Memory Optimization
CQ3'22
- Profile Small/SFN mode - Memory Optimizations Continued
- Profile Medium/IPC mode - Memory Optimizations
- Integrate Mbed TLS 3.2
- PSA Firmware Update v1.0 API Alignment
- Design document restructure
- Review ETSS, Encrypted ITS contributions
Future:
- TF-M Performance - Further Benchmarking and Optimization
- Remote Test Infrastructure
- Arm v8.1-M Architecture Enablement - PAC/BTI
- PSA FWU Service Enhancements
- PSA ADAC Spec - Enhancements and Testing
- Arm v8.1-M Unprevileged Debug
- Scheduler - Multiple Secure Context Implementation
- Multiple Secure Context PoC
- [Secure Storage] Extended PSA APIs, Key Diversification Enhancements
- [Audit Logs] Secure Storage, Policy Manager
- PSA FF Lifecycle API
- MISRA testing
- Fuzz Testing
TF-M has been under active development since it was launched in Q1'18. It is being designed to include
1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of
//** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services
providing services to the Non-Secure and Secure Applications. The secures services currently supported are
//**Secure Storage, Cryptography, Firmware Update, Audit Logs, Attestation and Platform Services**//
If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]]
Supported Features
- PSA Firmware Framework v1.0, 1.1 Extension and Library Mode.
- PSA Level1, 2 and 3 Isolation. Level3 Isolation enabled only for MuscaB1, AN521 and STM32L5
- Secure Boot (mcuboot upstream) including generic fault injection mitigations
- PSA Protected Storage and Internal Trusted Storage v1.0
- Audit Logs
-- PSA Cryptov1.0 (uses Mbed TLS v3.1)
- PSA Initial Attestation Service v1.0
- PSA Firmware Update
- Audit Logs
- Secure Partition Interrupt Handling, Pre-emption of SPE execution
- Platform Reset Service
- Dual CPU
- Open Continuous Integration (CI) System
- Boot and Runtime Crypto Hardware Integration
- Profile Small, Medium, Large
- Fault Injection Handling library to mitigate against physical attacks
- Threat Model
- Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD)
- FPU, MVE Support
- Different keys for different Protected Storage assets
- CC-312 PSA Cryptoprocessor Driver Interface
- Non-Secure Client ID improvements
- PSA ADAC Specification Implementation
- PSA SPs support SFN in Profile Small
- PSA Crypto API 1.0 Compliance (upgrade to Mbed TLS3.1)- Profile Small/SFN mode - Memory Optimizations
- PSA Crypto service and HAL Memory Optimization
CQ2'22CQ3'22
- TF-Mv1.6 Release - Profile Small/SFN mode - Memory Optimizations Continued
- Profile Small/SFNMedium/IPC mode - Memory and Performance Optimizations
- Investigate PSA Crypto service and HAL memory optimizationtegrate Mbed TLS 3.2
- PSA Firmware Update v1.0 API Alignment
- Design document restructure
- FPU and MVE support enable use in Non-Secure and Secure
Future
- Arm v8.1-M MVE - Further implementation- Review ETSS, Encrypted ITS contributions
Future:
- Multiple Secure Context PoCTF-M Performance - Further Benchmarking and Optimization
- Remote Test Infrastructure
- Arm v8.1-M Architecture Enablement - PAC/BTI
- PSA FWU Service Enhancements
- PSA ADAC Spec - Further ImplementationEnhancements and Testing
- Arm v8.1-M Unprevileged Debug
- Secure Partition HAL Update
- Scheduler - Multiple Secure Context Implementation
- Arm v8.1-M Architecture Enablement Phase2- Multiple Secure Context PoC
- [Secure Storage] Extended PSA APIs, Key Diversification Enhancements
- [Platform] NV Count, Timer
- [Platform] Secure Time
- [Audit Logs] Secure Storage, Policy Manager
- PSA FF Lifecycle API
- MISRA testing
- Fuzz Testing