Change Details

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]] Q3'18 (July-Sept'18) - [TF-M Core] Inter Process Communication (IPC) - [Secure Boot] Enhancements - [Secure Storage] Rollback Protection - [Crypto] PSK TLS - [Attestation] Initial Attestation Service Q4'18 (Oct-Dec'18) - [TF-M Core] Secure Partition Manager, IRQ Handling - [Secure Boot] Multiple Image Update - [Secure Storage] Key Diversification - [Crypto] TLS with Key exchange - [Audit Logs] Encryption - [Attestation] [[ https://tools.ietf.org/html/draft-mandyam-eat-00 | EAT ]] Support - [Platform] NV Count, Timer - Open CI Q1'19 (Jan-Mar'19) - [TF-M Core] Scheduler - [Secure Boot] Key Revocation, Rollback Protection - [Secure Storage] Lifecycle Management - [Crypto] RNG, KDF - [Audit Logs] Secure Storage - [Platform] GPIO, Debug, NONCE

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/log/?h=feature-ipc | TF-M Core - Inter Process Communication (IPC)]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/interface/include/psa_crypto.h | Crypto Secure Service APIs and PSK-TLS Support]] Q4'18 (Oct-Dec'18) - [TF-M Core] Secure Interrupt Handling - [TF-M Core] Scheduler Design - [Attestation] API and Initial Attestation Service with [[ https://tools.ietf.org/html/draft-mandyam-eat-00 | EAT ]] Support - [Crypto] Define APIs for Hardware Crypto Accelerator - [Platform] Reset Service - [Platform] Secure Time - Option for Secure Services to use IPC for communication - Open Continuous Integration (CI) System Q1'19 (Jan-Mar'19) - [TF-M Core] Secure Partition Manager- Full Isolation Support - [TF-M Core] Secure Interrupt Handling Enhancements - [TF-M Core] Scheduler - Initial Implementation - [Secure Boot] Multiple Image Update - [Secure Storage] Key Diversification - [Crypto] TLS with Key exchange - Secure Debug Investigation - [Platform] NV Count, Timer - [Provisioning] Initial Investigation/API Prototype Q2'19 (Apr-Jun'19) - [TF-M Core] Scheduler Enhancements - [Audit Logs] Encryption - [Secure Boot] Key Revocation - [Secure Storage] Lifecycle Management - [Crypto] RNG, KDF - Initial Investigation - [Audit Logs] Secure Storage, Crypto Binding - [Platform] GPIO, Debug, NONCE

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]] Q3'18 (July-Sept'18)- [[ http://git.trustedfirmware.org/trusted-firmware-m.git/log/?h=feature-ipc | TF-M Core - Inter Process Communication (IPC)]] - [TF-M Core] Inter Process Communication (IPC[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/interface/include/psa_crypto.h | Crypto Secure Service APIs and PSK-TLS Support]] Q4'18 (Oct-Dec'18) - [- [TF-M Core] Secure Boot] EnhancementsInterrupt Handling - [TF-M Core] Scheduler Design - [Secure Storage] Rollback ProtectionAttestation] API and Initial Attestation Service with [[ https://tools.ietf.org/html/draft-mandyam-eat-00 | EAT ]] Support - [Crypto] Define APIs for Hardware Crypto Accelerator - [Crypto] PSK TLS- [Platform] Reset Service - [Platform] Secure Time - [Attest- Option for Secure Services to use IPC for communication] Initial Attest - Open Continuous Integration Service Q4'18 (Oct-Dec'18(CI) System Q1'19 (Jan-Mar'19) - [TF-M Core] Secure Partition Manager, IRQ Handling- Full Isolation Support - [TF-M Core] Secure Interrupt Handling Enhancements - [TF-M Core] Scheduler - Initial Implementation - [Secure Boot] Multiple Image Update - [Secure Storage] Key Diversification - [Crypto] TLS with Key exchange - [Audit Logs] Encryption - [Attestation] [[ https://tools.ietf.org/html/draft-mandyam-eat-00 | EAT ]] Support - Secure Debug Investigation - [Platform] NV Count, Timer - Open CI- [Provisioning] Initial Investigation/API Prototype Q1Q2'19 (Jan-Mar'19Apr-Jun'19) - [TF-M Core] Scheduler Enhancements - [TF-M Core] Scheduler- [Audit Logs] Encryption - [Secure Boot] Key Revocation, Rollback Protection - [Secure Storage] Lifecycle Management - [Crypto] RNG, KDF - Initial Investigation - [Audit Logs] Secure Storage, Crypto Binding - [Platform] GPIO, Debug, NONCE