Change Details

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]] - [[ https://developer.trustedfirmware.org/w/tf_m/design/ipc_design/ | TF-M Core - Inter Process Communication (IPC)]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]] - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]] - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_crypto_integration_guide.md | Crypto Secure Service]] - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_attestation_integration_guide.md | Initial Attestation Service ]] [[ https://developer.trustedfirmware.org/w/tf_m/design/secure_partition_interrupt_handling/ | Secure Partition Interrupt Handling ]] - [Platform] Reset Service - [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance - [Crypto] PSA API Compliance - [Secure Storage] PSA API Implementation - [TF-M Core] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_firmware-m_isolation_level_2/ | PSA Level2 Isolation ]] - [Secure Storage,Crypto,Attestation] Compatible with PSA Firmware Framework IPC - [Secure Boot] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_boot/rollback_protection/ | Rollback Protection ]] - [TF-M Core] Secure Interrupt Handling - [TF-M Core] Pre-emption of SPE execution - Dual CPU Enablement - Open Continuous Integration (CI) System - [Crypto] Use mbedcrypto - [Secure Boot] Multiple Image Update - [Storage] Crypto Binding - Boot and Runtime Crypto Hardware Integration - Dual CPU Support - [Secure Storage] Support Internal Trusted Storage PSA APIs CQ1'20 - PSA FF, API v1.0 - TF-M Profile1 Prototype - TF-M mcuboot upstream alignment Future - Scheduler - Initial Support - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - Secure Debug Investigation - [Provisioning] Initial Investigation/API Prototype - [Secure Boot] Key Revocation - [Secure Storage] Lifecycle Management - [Crypto] RNG, KDF - [Audit Logs] Secure Storage, Policy Manager - [Platform] GPIO, Debug, NONCE - Secure Debug Prototype

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - PSA Level1 and 2 Isolation - PSA Firmware Framework v1.0 and Library Mode. - Secure Boot - PSA Protected Storage and Internal Trusted Storage v1.0 - Audit Logs - Crypto - PSA Initial Attestation Service v1.0 - Secure Partition Interrupt Handling, Pre-emption of SPE execution - Platform Reset Service - Dual CPU - Open Continuous Integration (CI) System - Boot and Runtime Crypto Hardware Integration CQ2'20 - Profile Small - HAL Re-design - mcuboot upstream alignment - PSA Level3 Isolation Design Future - Scheduler - Initial Support - Profile Medium and Large - Update to latest Mbedcrypto versions. - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - Secure Debug Investigation - [Audit Logs] Secure Storage, Policy Manager

TF-M has been under active development since it was launched in Q1'18. It is being designed to include 1. //**Secure boot**// ensuring integrity of runtime images and responsible for firmware upgrade. 2. Runtime firmware consisting of //** TF-M Core**// responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are //**Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services**// Roadmap below shows when the services are getting supported and then enhanced. Currently Supported Features - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/bl2/ext/mcuboot | Secure Boot]]- PSA Level1 and 2 Isolation - [[ https://developer.trustedf- PSA Firmware.org/w/tf_m/design/ipc_design/ | TF-M Core - Inter Process Communication (IPC)]] Framework v1.0 and Library Mode. - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_sst_integration_guide.md | Secure Storage]]Secure Boot - [[ http://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_audit_integration_guide.md | Audit Logs]]PSA Protected Storage and Internal Trusted Storage v1.0 - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_crypto_integration_guide.md | Crypto Secure Service]]Audit Logs - [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_attestation_integration_guide.md | Initial Attestation Service ]] [[ https://developer.trustedfirmware.org/w/tf_m/design/secure_partition_interrupt_handling/ | Secure Partition Interrupt Handling ]] - [Platform] Reset ServiceCrypto - [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance - [Crypto] PSA API Compliance - [Secure Storage] PSA API ImplementationPSA Initial Attestation Service v1.0 - [TF-M Core] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_firmware-m_isolation_level_2/ | PSA Level2 Isolation ]]Secure Partition Interrupt Handling, Pre-emption of SPE execution - [Secure Storage,Crypto,Attestation] Compatible with PSA Firmware Framework IPC - [Secure Boot] [[ https://developer.trustedfirmware.org/w/tf_m/design/trusted_boot/rollback_protection/ | Rollback Protection ]] - [TF-M Core] Secure Interrupt HandlingPlatform Reset Service - [TF-M Core] Pre-emption of SPE execution- Dual CPU - Dual CPU Enablement - Open Continuous Integration (CI) System - [Crypto] Use mbedc- Boot and Runtime Crypto - [Secure Boot] Multiple Image UpdateHardware Integration - [Storage] Crypto Binding - Boot and Runtime Crypto Hardware IntegrationCQ2'20 - Dual CPU Support- Profile Small - [Secure Storage] Support Internal Trusted Storage PSA APIs CQ1'20 - PSA FF, API v1.0- HAL Re-design - TF-M Profile1 Prototype- mcuboot upstream alignment - TF-M mcuboot upstream alignment - PSA Level3 Isolation Design Future - Scheduler - Initial Support - Profile Medium and Large - Update to latest Mbedcrypto versions. - [Secure Storage] Key Diversification Enhancements - [Platform] NV Count, Timer - [Platform] Secure Time - Secure Debug Investigation - [Provisioning] Initial Investigation/API Prototype - [Secure Boot] Key Revocation - [Secure Storage] Lifecycle Management - [Crypto] RNG, KDF - [Audit Logs] Secure Storage, Policy Manager - [Platform] GPIO, Debug, NONCE - Secure Debug Prototype