Change Details

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]] - [[ https://developer.trustedfirmware.org/w/tf_m/design/ipc_design/ | TF-M Core - Inter Process Communication (IPC)]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]] - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_crypto_integration_guide.md | Crypto Secure Service]] - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_attestation_integration_guide.md | Initial Attestation Service ]] [[ https://developer.trustedfirmware.org/w/tf_m/design/secure_partition_interrupt_handling/ | Secure Partition Interrupt Handling ]] - [Platform] Reset Service - [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance - [Crypto] PSA API Compliance - [Secure Storage] PSA API Implementation - [TF-M Core] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_firmware-m_isolation_level_2/ | PSA Level2 Isolation ]] - [Secure Storage,Crypto,Attestation] Compatible with PSA Firmware Framework IPC - [Secure Boot] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_boot/rollback_protection/ | Rollback Protection ]] - [TF-M Core] Secure Interrupt Handling - [TF-M Core] Pre-emption of SPE execution - Dual CPU Enablement - Open Continuous Integration (CI) System - [Crypto] Use mbedcrypto - [Secure Boot] Multiple Image Update CQ4'19 - [Storage] Crypto Binding - Boot and Runtime Crypto Hardware Integration - Dual CPU Hardening - [Secure Storage] Support Internal Trusted Storage PSA APIs - PSA FF, API v1.0 Future - Scheduler - Initial Support - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - Secure Debug Investigation - [Provisioning] Initial Investigation/API Prototype - [Secure Boot] Key Revocation - [Secure Storage] Lifecycle Management - [Crypto] RNG, KDF - [Audit Logs] Secure Storage, Policy Manager - [Platform] GPIO, Debug, NONCE - Secure Debug Prototype

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]] - [[ https://developer.trustedfirmware.org/w/tf_m/design/ipc_design/ | TF-M Core - Inter Process Communication (IPC)]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]] - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_crypto_integration_guide.md | Crypto Secure Service]] - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_attestation_integration_guide.md | Initial Attestation Service ]] [[ https://developer.trustedfirmware.org/w/tf_m/design/secure_partition_interrupt_handling/ | Secure Partition Interrupt Handling ]] - [Platform] Reset Service - [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance - [Crypto] PSA API Compliance - [Secure Storage] PSA API Implementation - [TF-M Core] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_firmware-m_isolation_level_2/ | PSA Level2 Isolation ]] - [Secure Storage,Crypto,Attestation] Compatible with PSA Firmware Framework IPC - [Secure Boot] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_boot/rollback_protection/ | Rollback Protection ]] - [TF-M Core] Secure Interrupt Handling - [TF-M Core] Pre-emption of SPE execution - Dual CPU Enablement - Open Continuous Integration (CI) System - [Crypto] Use mbedcrypto - [Secure Boot] Multiple Image Update - [Storage] Crypto Binding - Boot and Runtime Crypto Hardware Integration - Dual CPU Support - [Secure Storage] Support Internal Trusted Storage PSA APIs CQ1'20 - PSA FF, API v1.0 - TF-M Profile1 Prototype - TF-M mcuboot upstream alignment Future - Scheduler - Initial Support - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - Secure Debug Investigation - [Provisioning] Initial Investigation/API Prototype - [Secure Boot] Key Revocation - [Secure Storage] Lifecycle Management - [Crypto] RNG, KDF - [Audit Logs] Secure Storage, Policy Manager - [Platform] GPIO, Debug, NONCE - Secure Debug Prototype

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]] - [[ https://developer.trustedfirmware.org/w/tf_m/design/ipc_design/ | TF-M Core - Inter Process Communication (IPC)]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]] - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_crypto_integration_guide.md | Crypto Secure Service]] - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_attestation_integration_guide.md | Initial Attestation Service ]] [[ https://developer.trustedfirmware.org/w/tf_m/design/secure_partition_interrupt_handling/ | Secure Partition Interrupt Handling ]] - [Platform] Reset Service - [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance - [Crypto] PSA API Compliance - [Secure Storage] PSA API Implementation - [TF-M Core] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_firmware-m_isolation_level_2/ | PSA Level2 Isolation ]] - [Secure Storage,Crypto,Attestation] Compatible with PSA Firmware Framework IPC - [Secure Boot] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_boot/rollback_protection/ | Rollback Protection ]] - [TF-M Core] Secure Interrupt Handling - [TF-M Core] Pre-emption of SPE execution - Dual CPU Enablement - Open Continuous Integration (CI) System - [Crypto] Use mbedcrypto - [Secure Boot] Multiple Image Update CQ4'19 - [Storage] Crypto Binding - Boot and Runtime Crypto Hardware Integration - Dual CPU HardeningSupport - [Secure Storage] Support Internal Trusted Storage PSA APIs CQ1'20 - PSA FF, API v1.0 - TF-M Profile1 Prototype - TF-M mcuboot upstream alignment Future - Scheduler - Initial Support - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - Secure Debug Investigation - [Provisioning] Initial Investigation/API Prototype - [Secure Boot] Key Revocation - [Secure Storage] Lifecycle Management - [Crypto] RNG, KDF - [Audit Logs] Secure Storage, Policy Manager - [Platform] GPIO, Debug, NONCE - Secure Debug Prototype