Change Details

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/log/?h=feature-ipc | TF-M Core - Inter Process Communication (IPC)]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/interface/include/psa_crypto.h | Crypto Secure Service APIs and PSK-TLS Support]] Q4'18 (Oct-Dec'18) - [TF-M Core] Secure Interrupt Handling - [TF-M Core] Scheduler Design - [Attestation] API and Initial Attestation Service with [[ https://tools.ietf.org/html/draft-mandyam-eat-00 | EAT ]] Support - [Crypto] Define APIs for Hardware Crypto Accelerator - [Platform] Reset Service - [Platform] Secure Time - Option for Secure Services to use IPC for communication - Open Continuous Integration (CI) System Q1'19 (Jan-Mar'19) - [TF-M Core] Secure Partition Manager- Full Isolation Support - [TF-M Core] Secure Interrupt Handling Enhancements - [TF-M Core] Scheduler - Initial Implementation - [Secure Boot] Multiple Image Update, Rollback Protection - [Secure Storage] Key Diversification - [Crypto] TLS with Key exchange - Secure Debug Investigation - [Platform] NV Count, Timer - [Provisioning] Initial Investigation/API Prototype Q2'19 (Apr-Jun'19) - [TF-M Core] Scheduler Enhancements - [Secure Boot] Key Revocation - [Secure Storage] Lifecycle Management - [Crypto] RNG, KDF - Initial Investigation - [Audit Logs] Secure Storage, Crypto Binding - [Platform] GPIO, Debug, NONCE

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]] - [[ https://developer.trustedfirmware.org/w/tf_m/design/ipc_design/ | TF-M Core - Inter Process Communication (IPC)]] - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_crypto_integration_guide.md | Crypto Secure Service]] - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_attestation_integration_guide.md | Initial Attestation Service ]] [[ https://developer.trustedfirmware.org/w/tf_m/design/secure_partition_interrupt_handling/ | Secure Partition Interrupt Handling ]] - [Platform] Reset Service Q1'19 (Jan-Mar'19) - [TF-M Core] Secure Partition Manager- Level 2 Isolation - [TF-M Core] Scheduler Design - [TF-M Core] Interrupt Handling Enhancements - [Secure Storage] PSA API Implementation - [Secure Storage] Making service compatible with PSA Firmware Framework IPC - [Crypto] PSA API Compliance - [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance - Dual v7-M Prototype - Open Continuous Integration (CI) System Q2'19 (Apr-Jun'19) - [TF-M Core] Secure Partition Manager- Full Isolation Support - [TF-M Core] Scheduler - Initial Implementation - [Secure Boot] Rollback Protection - [Secure Boot] Multiple Image Update - [Secure Storage] Extended PSA APIs - [Secure Storage] Key Diversification Enhancements - [Crypto] Making service compatible with PSA Firmware Framework IPC - [Crypto] Support Hardware Crypto Accelerator - [Audit Logs] Making service compatible with PSA Firmware Framework IPC, Crypto Binding - [Attestation] EAT Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - Secure Debug Investigation - [Provisioning] Initial Investigation/API Prototype - Dual v7-M Support Q3'19 (Jul-Sep'19) - [TF-M Core] Scheduler Enhancements - [Secure Boot] Key Revocation - [Secure Storage] Support Internal Trusted Storage PSA APIs - [Secure Storage] Lifecycle Management - [Crypto] RNG, KDF - Initial Investigation - [Audit Logs] Secure Storage, Policy Manager - [Platform] GPIO, Debug, NONCE - Secure Debug Prototype

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]] - [[ http://gits://developer.trustedfirmware.org/trusted-firmware-m.git/log/?h=feature-ipcw/tf_m/design/ipc_design/ | TF-M Core - Inter Process Communication (IPC)]] - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/interface/include/psa_crypto.h | Cdocs/user_guides/services/tfm_crypto Secure Service APIs and PSK-TLS Support]] Q4'18 (Oct-Dec'18)_integration_guide.md | Crypto Secure Service]] - [TF-M Core] Secure Interrupt Handling [ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_attestation_integration_guide.md | Initial Attestation Service ]] [[ https://developer.trustedfirmware.org/w/tf_m/design/secure_partition_interrupt_handling/ | Secure Partition Interrupt Handling ]] - [TF-M Core] Scheduler Design- [Platform] Reset Service Q1'19 (Jan-Mar'19) - [Attestation] API and Initial Attestation Service with [[ https://tools.ietf.org/html/draft-mandyam-eat-00 | EAT ]] Support- [TF-M Core] Secure Partition Manager- Level 2 Isolation - [Crypto] Define APIs for Hardware Crypto Accelerator- [TF-M Core] Scheduler Design - [Platform] Reset Service- [TF-M Core] Interrupt Handling Enhancements - [Platform] - [Secure Storage] PSA API Implementation - [Secure Timere Storage] Making service compatible with PSA Firmware Framework IPC - Option for Secure Services to use IPC for communication- [Crypto] PSA API Compliance - Open Continuous Integration (CI) System Q1'19 (Jan-Mar'19)- [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance - [TF-M Core] Secure Partition Manager- Full Isolation Support - Dual v7-M Prototype -- Open Continuous Integration (CI) System Q2'19 (Apr-Jun'19) - [TF-M Core] Secure Interrupt Handling EnhancementsPartition Manager- Full Isolation Support - [TF-M Core] Scheduler - Initial Implementation - [Secure Boot] Multiple Image Update, - [Secure Boot] Rollback Protection - [Secure Storage] Key DiversificationBoot] Multiple Image Update - [Secure Storage] Extended PSA APIs - [Secure Storage] Key Diversification Enhancements - [Crypto] TLSMaking service compatible with Key exchangePSA Firmware Framework IPC - Secure Debug Investigation - [Crypto] Support Hardware Crypto Accelerator - [Audit Logs] Making service compatible with PSA Firmware Framework IPC, Crypto Binding - [Attestation] EAT Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - Secure Debug Investigation - [Provisioning] Initial Investigation/API Prototype Q2'19 (Apr-Jun'19) - [TF-M Core] Scheduler Enhancements - Dual v7-M Support Q3'19 (Jul-Sep'19) - [TF-M Core] Scheduler Enhancements - [Secure Boot] Key Revocation - [Secure Storage] Support Internal Trusted Storage PSA APIs - [Secure Storage] Lifecycle Management - [Crypto] RNG, KDF - Initial Investigation - [Audit Logs] Secure Storage, Crypto BindingPolicy Manager - [Platform] GPIO, Debug, NONCE - Secure Debug Prototype