TF-M has been under active development since it was launched in Q1'18. It is being designed to include
1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of
//** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services
providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are
//**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**//
Roadmap below shows when the services are getting supported and then enhanced.
Currently Supported Features
- PSA Level1 and 2 Isolation
- PSA Firmware Framework v1.0 and Library Mode.
- Secure Boot
- PSA Protected Storage and Internal Trusted Storage v1.0
- Audit Logs
- PSA Crypto 1.0-Beta3
- PSA Initial Attestation Service v1.0
- Secure Partition Interrupt Handling, Pre-emption of SPE execution
- Platform Reset Service
- Dual CPU
- Open Continuous Integration (CI) System
- Boot and Runtime Crypto Hardware Integration
CQ2'20
- Profile Small
- HAL Re-design
- mcuboot upstream alignment
- PSA Level3 Isolation Design
Future
- Scheduler - Initial Support
- Profile Medium and Large
- Update to latest Mbedcrypto versions.
- [Secure Storage] Key Diversification Enhancements
- [Platform] NV Count, Timer
- [Platform] Secure Time
- Secure Debug Investigation
- [Audit Logs] Secure Storage, Policy Manager
- Fault Injection Mitigations