TF-M has been under active development since it was launched in Q1'18. It is being designed to include
1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of
//** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services
providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are
//**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**//
Roadmap below shows when the services are getting supported and then enhanced.
Currently Supported Features
- [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]]
- [[ http://gits://developer.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storagew/tf_m/design/ipc_design/ | TF-M Core - Inter Process Communication (IPC)]]
- [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audisst_integration_guide.md | Audit LogsSecure Storage]]
- [[ https://developer://git.trustedfirmware.org/w/tf_m/design/ipc_design/ | TF-M Core - Inter Process Communication (IPC)trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]]
- [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_crypto_integration_guide.md | Crypto Secure Service]]
- [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_attestation_integration_guide.md | Initial Attestation Service ]]
[[ https://developer.trustedfirmware.org/w/tf_m/design/secure_partition_interrupt_handling/ | Secure Partition Interrupt Handling ]]
- [Platform] Reset Service
Q1'19 (Jan-Mar'19) - [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance
- [TF-M Core] Secure Partition Manager- Level 2 Isol- [Crypto] PSA API Compliance
- [Secure Storage] PSA API Implementation
CQ1'19-CQ2'19
- [TF-M Core] Scheduler Designecure Partition Manager- Level 2 Isolation
- [TF-M Core] Interrupt Handling Enhancements - [Secure Storage] Compatible with PSA Firmware Framework IPC
- [Secure Storage]- [Crypto] Compatible with PSA API ImplementationFirmware Framework IPC
- [Secure Storage] Making service c- [Attestation] Compatible with PSA Firmware Framework IPC
- [Crypto] PSA API Compliance - [Secure Boot] Rollback Protection
- [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance- [TF-M Core] Scheduler Design
- [TF-M Core] Interrupt Handling Enhancements
- Dual v7-M Prototype
- Open Continuous Integration (CI) System
Q2'19 (Apr-Jun'19)
- [TF-M Core] Secure Partition Manager- Full Isolation SupportCQ3'19
- [TF-M Core] Multiple Secure Context, - [TF-M Core] Scheduler - Initial Implementation
- [Secure Boot] Rollback ProtecInterrupt Handling
- [Storage] Crypto Binding
- Boot and Runtime Crypto Hardware Integration
- [Secure Boot] Multiple Image Update
- [Secure Storage] Extended PSA APIs
- [Secure Storage] Key Diversification Enhancements
- [Crypto] Making service compatible with PSA Firmware Framework IPC
- [Crypto] Support Hardware Crypto Accelerator
- [Audit Logs] Making service compatible with PSA Firmware Framework IPC, Crypto Binding
- [Attestation] EAT EnhancementsTo be Planned
- [Platform] NV Count, Timer
- [Platform] Secure Time
- Secure Debug Investigation
- [Provisioning] Initial Investigation/API Prototype
- Dual v7-M Support
Q3'19 (Jul-Sep'19)
- [TF-M Core] Scheduler Enhancements
- [Secure Boot] Key Revocation
- [Secure Storage] Support Internal Trusted Storage PSA APIs
- [Secure Storage] Lifecycle Management
- [Crypto] RNG, KDF - Initial Investigation
- [Audit Logs] Secure Storage, Policy Manager
- [Platform] GPIO, Debug, NONCE
- Secure Debug Prototype