Change Details

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently supported are //**Secure Storage, Cryptography, Firmware Update, Audit Logs, Attestation and Platform Services**// If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]] Currently Supported Features - PSA Firmware Framework v1.0 and Library Mode. - PSA Level1, 2 and 3 Isolation. Level3 Isolation enabled only for MuscaB1, AN521 and STM32L5 - Secure Boot (mcuboot upstream) including generic fault injection mitigations - PSA Protected Storage and Internal Trusted Storage v1.0 - Audit Logs - PSA Crypto (uses Mbed TLS v2.25) - PSA Initial Attestation Service v1.0 - PSA Firmware Update - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration - Profile Small, Medium, Large - Build System Changes to use Modern CMake - Fault Injection Handling library to mitigate against physical attacks - Threat Model - Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) - PSA Firmware Framework v1.1 - Stateless RoT Service and Second-Level Interrupt Handling (SLIH) CQ3'21 - TF-Mv1.4 Release - PSA Firmware Framework v1.1 - Phase3 (SFN, MMIOVEC) - Profiling - Interrupt Latency, NSPE/SPE switching etc. - Secure Partition Manager (SPM) API Performance Optimization - Secure Partitions to use Static Handle - PSA ADAC Spec - Prototype - Different keys for different Protected Storage assets - FPU Support - Arm v8.1-M MVE - Initial Enablement Future - Arm v8.1-M MVE - Further implementation - Multiple Secure Context PoC - PSA FWU Service Enhancements - PSA ADAC Spec - Further Implementation - Arm v8.1-M Unprevileged Debug - Secure Partition HAL Update - Scheduler - Multiple Secure Context Implementation - Arm v8.1-M Architecture Enablement Phase2 - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - [Audit Logs] Secure Storage, Policy Manager

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently supported are //**Secure Storage, Cryptography, Firmware Update, Audit Logs, Attestation and Platform Services**// If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]] Currently Supported Features - PSA Firmware Framework v1.0 and Library Mode. - PSA Level1, 2 and 3 Isolation. Level3 Isolation enabled only for MuscaB1, AN521 and STM32L5 - Secure Boot (mcuboot upstream) including generic fault injection mitigations - PSA Protected Storage and Internal Trusted Storage v1.0 - Audit Logs - PSA Crypto (uses Mbed TLS v3.0) - PSA Initial Attestation Service v1.0 - PSA Firmware Update - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration - Profile Small, Medium, Large - Build System Changes to use Modern CMake - Fault Injection Handling library to mitigate against physical attacks - Threat Model - Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) - PSA Firmware Framework v1.1 - Stateless RoT Service and Second-Level Interrupt Handling (SLIH) - FPU Support - Different keys for different Protected Storage assets - CC-312 PSA Cryptoprocessor Driver Interface - Initial support - Non-Secure Client ID improvements - Secure Partitions using Static Handle (FF-Mv1.1) CQ4'21 - TF-Mv1.5 Release - Firmware Framework-M v1.1 - Phase3 (SFN, MMIOVEC) - Profiling - Interrupt Latency, NSPE/SPE switching etc. - Runtime Performance Optimization - PSA ADAC Specification Implementation - Arm v8.1-M MVE - Initial Enablement Future - Arm v8.1-M MVE - Further implementation - Multiple Secure Context PoC - PSA FWU Service Enhancements - PSA ADAC Spec - Further Implementation - Arm v8.1-M Unprevileged Debug - Secure Partition HAL Update - Scheduler - Multiple Secure Context Implementation - Arm v8.1-M Architecture Enablement Phase2 - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - [Audit Logs] Secure Storage, Policy Manager

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently supported are //**Secure Storage, Cryptography, Firmware Update, Audit Logs, Attestation and Platform Services**// If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]] Currently Supported Features - PSA Firmware Framework v1.0 and Library Mode. - PSA Level1, 2 and 3 Isolation. Level3 Isolation enabled only for MuscaB1, AN521 and STM32L5 - Secure Boot (mcuboot upstream) including generic fault injection mitigations - PSA Protected Storage and Internal Trusted Storage v1.0 - Audit Logs - PSA Crypto (uses Mbed TLS v2.25v3.0) - PSA Initial Attestation Service v1.0 - PSA Firmware Update - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration - Profile Small, Medium, Large - Build System Changes to use Modern CMake - Fault Injection Handling library to mitigate against physical attacks - Threat Model - Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) - PSA Firmware Framework v1.1 - Stateless RoT Service and Second-Level Interrupt Handling (SLIH) CQ3'21 - TF-Mv1.4 Release - FPU Support - PSA Firmware Framework v1.1 - Phase3 (SFN, MMIOVEC)- Different keys for different Protected Storage assets - Profiling - Interrupt Latency, NSPE/SPE switching etc.- CC-312 PSA Cryptoprocessor Driver Interface - Initial support - - Non-Secure Partition Manager (SPM) API Performance OptimizationClient ID improvements - Secure Partitions using Static Handle (FF-Mv1.1) CQ4'21 - Secure Partitions to use Static Handle- TF-Mv1.5 Release - Firmware Framework-M v1.1 - Phase3 (SFN, MMIOVEC) - PSA ADAC Spec - Prototype- Profiling - Interrupt Latency, NSPE/SPE switching etc. - Different keys for different Protected Storage assets- Runtime Performance Optimization - FPU Support - PSA ADAC Specification Implementation - Arm v8.1-M MVE - Initial Enablement Future - Arm v8.1-M MVE - Further implementation - Multiple Secure Context PoC - PSA FWU Service Enhancements - PSA ADAC Spec - Further Implementation - Arm v8.1-M Unprevileged Debug - Secure Partition HAL Update - Scheduler - Multiple Secure Context Implementation - Arm v8.1-M Architecture Enablement Phase2 - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - [Audit Logs] Secure Storage, Policy Manager