Change Details

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]] Currently Supported Features - PSA Level1 and 2 Isolation - PSA Firmware Framework v1.0 and Library Mode. - Secure Boot (mcuboot upstream) - PSA Protected Storage and Internal Trusted Storage v1.0 - Audit Logs - PSA Crypto 1.0-Beta3 - PSA Initial Attestation Service v1.0 - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration - Profile Small - Profile Medium - Build System Changes - Code Restructuring CQ4'20 - TF-M v1.2 - HAL Refactoring - PSA Level3 Isolation (MuscaB1, AN521 to start with) - Secure Partition Manager HAL Phase2 - Update to latest Mbed TLS v2.4 - Crypto Code sharing – boot & runtime  - SW Counter Measures Against Physical Attacks – Secure Processing Environment Isolation settings - Publish Threat Model Future - FPU Support - Scheduler - Multiple Secure Context Support - Profile Large - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - Secure Debug Investigation - [Audit Logs] Secure Storage, Policy Manager

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]] Currently Supported Features - PSA Firmware Framework v1.0 and Library Mode. - PSA Level1, 2 and 3 Isolation. Level3 Isolation enabled only for MuscaB1 and AN521 - Secure Boot (mcuboot upstream) including generic fault injection mitigations - PSA Protected Storage and Internal Trusted Storage v1.0 - Audit Logs - PSA Crypto 1.0-Beta3 (uses Mbed TLS v2.24) - PSA Initial Attestation Service v1.0 - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration - Profile Small, Medium - Build System Changes to use Modern CMake - Threat Model CQ1'21 - PSA Firmware Framework v1.0 - Phase1 - Secure Partition Manager (SPM) API Performance Optimization - PSA Firmware Update API - Prototype - Update PSA Crypto Service to Mbed TLS v2.25 - Profile Large - FPU Support - Arm v8.1-M Architecture Enablement Phase1 - Secure Partition HAL Update - Crypto Code sharing – boot & runtime  - SW Counter Measures Against Physical Attacks – Secure Processing Environment Isolation settings Future - Scheduler - Multiple Secure Context Support - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - Authenticated Debug - [Audit Logs] Secure Storage, Policy Manager

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M [[ https://lists.trustedfirmware.org/mailman/listinfo/tf-m | mailing list ]] Currently Supported Features - PSA Level1 and 2 Isolation - PSA Firmware Framework v1.0 and Library Mode. - Secure Boot (mcuboot upstream)- PSA Level1, 2 and 3 Isolation. Level3 Isolation enabled only for MuscaB1 and AN521 - Secure Boot (mcuboot upstream) including generic fault injection mitigations - PSA Protected Storage and Internal Trusted Storage v1.0 - Audit Logs - PSA Crypto 1.0-Beta3 (uses Mbed TLS v2.24) - PSA Initial Attestation Service v1.0 - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration - Profile Small, Medium - Profile Medium- Build System Changes to use Modern CMake - Build System Changes - Code Restructuring- Threat Model CQ4'20 CQ1'21 - TF-M- PSA Firmware Framework v1.20 - Phase1 - HAL Refactoring- Secure Partition Manager (SPM) API Performance Optimization - PSA Level3 Isolation (MuscaB1,Firmware Update API - Prototype AN521 to start with) - Secure Partition Manager HAL Phase2- Update PSA Crypto Service to Mbed TLS v2.25 - Profile Large - Update to latest Mbed TLS v2.4- FPU Support - Arm v8.1-M Architecture Enablement Phase1 - Secure Partition HAL Update - Crypto Code sharing – boot & runtime  - SW Counter Measures Against Physical Attacks – Secure Processing Environment Isolation settings - Publish Threat Model Future - FPU Support - Scheduler - Multiple Secure Context Support - Profile Large - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - Secure Debug Investigation- Authenticated Debug - [Audit Logs] Secure Storage, Policy Manager