Change Details

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently supported are //**Secure Storage, Cryptography, Firmware Update, Audit Logs, Attestation and Platform Services**// If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]] Supported Features - PSA Firmware Framework v1.0, 1.1 Extension. - PSA Level1, 2 and 3 Isolation. - Secure Boot (mcuboot upstream) including generic fault injection mitigations - PSA Protected Storage and Internal Trusted Storage v1.0 - PSA Cryptov1.0 (uses Mbed TLS v3.1) - PSA Initial Attestation Service v1.0 - PSA Firmware Update - Audit Logs - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration - Profile Small, Medium, Large - Fault Injection Handling library to mitigate against physical attacks - Threat Model - Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) - FPU, MVE Support - CC-312 PSA Cryptoprocessor Driver Interface - PSA ADAC Specification Implementation - PSA SPs support SFN in ​Profile Small - Profile Small/SFN mode - Memory Optimizations - PSA Crypto service and HAL Memory Optimization CQ3'22 - Profile Small/SFN mode - Memory Optimizations Continued - Profile Medium/IPC mode - Memory Optimizations - Integrate Mbed TLS 3.2 - PSA Firmware Update v1.0 API Alignment - Design document restructure - Review ETSS, Encrypted ITS contributions Future: - TF-M Performance - Further Benchmarking and Optimization - Remote Test Infrastructure - Arm v8.1-M Architecture Enablement - PAC/BTI - PSA FWU Service Enhancements - PSA ADAC Spec - Enhancements and Testing - Arm v8.1-M Unprevileged Debug - Scheduler - Multiple Secure Context Implementation - Multiple Secure Context PoC - [Secure Storage] Extended PSA APIs, Key Diversification Enhancements - [Audit Logs] Secure Storage, Policy Manager - PSA FF Lifecycle API - MISRA testing - Fuzz Testing

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently supported are //**Secure Storage, Cryptography, Firmware Update, Audit Logs, Attestation and Platform Services**// If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman3/lists/tf-m.lists.trustedfirmware.org/ | mailing list ]] Supported Features - PSA Firmware Framework v1.0, 1.1 Extension including IPC and SFN modes. - PSA Level1, 2 and 3 Isolation. - Secure Boot (mcuboot upstream) including generic fault injection mitigations - PSA Protected Storage and Internal Trusted Storage v1.0 - PSA Cryptov1.0 (uses Mbed TLS v3.2.1) - PSA Initial Attestation Service v1.0 - PSA Firmware Update - Audit Logs - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration - Profile Small, Medium, Large - Fault Injection Handling library to mitigate against physical attacks - Threat Model - Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) - FPU, MVE Support - CC-312 PSA Cryptoprocessor Driver Interface - PSA ADAC Specification Implementation - Profile Small and Medium Memory Optimizations CQ4'22 - PSA Firmware Update v1.0 API Alignment - Deprecate Library Model - Review Encrypted ITS contributions - ARoT-less Protection Profile - Change default config to include SPM and platform drivers only - Simplify Configurability - PSA ADAC Enhancements - TF-M v1.7 Future: - TF-M Performance - Further Benchmarking and Optimization - Remote Test Infrastructure - Arm v8.1-M Architecture Enablement - PAC/BTI - PSA FWU Service Enhancements - PSA ADAC Spec - Enhancements and Testing - Arm v8.1-M Unprevileged Debug - Scheduler - Multiple Secure Context Implementation - Multiple Secure Context PoC - [Secure Storage] Extended PSA APIs, Key Diversification Enhancements - [Audit Logs] Secure Storage, Policy Manager - PSA FF Lifecycle API - MISRA testing - Fuzz Testing

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently supported are //**Secure Storage, Cryptography, Firmware Update, Audit Logs, Attestation and Platform Services**// If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m3/lists/tf-m.lists.trustedfirmware.org/ | mailing list ]] Supported Features - PSA Firmware Framework v1.0, 1.1 Extension including IPC and SFN modes. - PSA Level1, 2 and 3 Isolation. - Secure Boot (mcuboot upstream) including generic fault injection mitigations - PSA Protected Storage and Internal Trusted Storage v1.0 - PSA Cryptov1.0 (uses Mbed TLS v3.2.1) - PSA Initial Attestation Service v1.0 - PSA Firmware Update - Audit Logs - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration - Profile Small, Medium, Large - Fault Injection Handling library to mitigate against physical attacks - Threat Model - Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) - FPU, MVE Support - CC-312 PSA Cryptoprocessor Driver Interface - PSA ADAC Specification Implementation - PSA SPs support SFN in ​Profile Small - Profile Small/SFN mode - Memory Optimizations - PSA Crypto service and HAL Memory Optimizationrofile Small and Medium Memory Optimizations CQ4'22 CQ3'22 - Profile Small/SFN mode - Memory Optimizations Continued - Profile Medium/IPC mode - Memory Optimizations - Integrate Mbed TLS 3.2 - PSA Firmware Update v1.0 API Alignment - Deprecate Library Model - Design document restructure- Review Encrypted ITS contributions - ARoT-less Protection Profile - Change default config to include SPM and platform drivers only - Simplify Configurability - Review ETSS,- PSA ADAC Enhancements Encrypted ITS contributions- TF-M v1.7 Future: - TF-M Performance - Further Benchmarking and Optimization - Remote Test Infrastructure - Arm v8.1-M Architecture Enablement - PAC/BTI - PSA FWU Service Enhancements - PSA ADAC Spec - Enhancements and Testing - Arm v8.1-M Unprevileged Debug - Scheduler - Multiple Secure Context Implementation - Multiple Secure Context PoC - [Secure Storage] Extended PSA APIs, Key Diversification Enhancements - [Audit Logs] Secure Storage, Policy Manager - PSA FF Lifecycle API - MISRA testing - Fuzz Testing