TF-A, TF-RMM & Hafnium Roadmaps

Updated 275 Days AgoPublic

Actions

If you are interested in collaborating on any of the roadmap features or other features, please mail TF-A mailing list

WARNING:
All dates are provisional and subject to change without notice. Items in Ongoing/Future section will be planned in detail and confirmed in due course.

Ongoing

• CPU Errata Support
• Gearing up for TF-A next Release
• Firmware Handoff
• DSU PMU S/R support
• PSA Crypto API
• FF-A 1.2 enhanced Support
• Firmware Update live Activation BL31 II
• mbedTLS 2.x removal
• Firmware Update Improvements

Future

• GICv5 Investigation
• GIC v3 | NMI Support
• Firmware Handoff | Platform Support
• CCA Plane II/DI
• CCA DA II/DI
• Live FW Update
• CCA Granule Delegation
• 2023|2024 architecture Feature enablement
• FF-A 1.1 ACS Compliance
• Secure Timer Virtualization

---

2023 TF-A Releases

TF-Av2.10 release (Nov 2023)

Architecture extensions support :

• Arm v8.9 | 2022 Architecture extension support enabled for FEAT_HAFT,RPRFM, LRCPC3, and MTE_PERM
• Non Secure SME support in RMM
• PAC+ BTI support enabled in RMM and Realm
• CPU support added for Gelas, Nevis and Travis cores

TF-A | EL3 Root World :

• Firmware handoff Library Support : transfer list APIs and Firmware Handoff build option
• Improvements to BL31 runtime exception handling
• Context management refactoring for RME/4 Worlds

Boot Support :

• Trusted Boot support for ECDSA (Elliptic Curve Digital Signature Algorithm) P- 384 keys
• Migrated to PSA crypto API’s (Except for authenticated decryption feature. Also, mbedTLS legacy crypto APIs will still be supported for some time)
• Improved the GUID Partition Table (GPT) parser
• Various security Improvements and threat Model updates for ARM CCA
• Completed PSA Attestation Support

Hafnium | S-EL2 SPM :

• Continued support for FF-A v1.2 - FFA_YIELD with time-out; EL3 SPMDs LSPs communication; memory sharing updates
• Memory region relative base address field support in SP manifests
• Interrupt re-configuration hypervisor calls
• Memory management: S2 PT NS/S IPA split
• SMCCCv1.2+ compliance fixes
• Feature parity test improvements for EL3 SPMC and Hafnium

TF-RMM | R-EL2:

• TF-RMM aligned to RMM 1.0 EAC5 spec
• Initial CBMC Support
• Added TF-RMM Threat Model to the documentation support
• Added capability to privately map the per-CPU stack in RMM

TF-A Tests:

• Added support for errata management firmware interface tests
• Added support for firmware hand-off tests
• Test support for SMCCCv1.2 extended GP register set
• Added PAC and PMU support in Realm tests

Platform Support :

• Support for Aspeed AST2700, NXP IMX93, Intel Agilex5,Nuvoton and ST platforms

Errata ABI:

• Added 13 CPU Errata mitigations(1xCortex-X2, 1xCortex-A710, 4xNeoverse N2, 4xNeoverse V2, 2xCortex- X3 CPU, 1xCortex-A510)

Others :

• Qemu Platform Support
• SDEI support added
• Firmware handoff support implemented
• QEMU virt platform is now supported in TF-RMM
• mbedTLS Update to 3.4.1
• Crypto-cell support for 712/713 removal ( deprecation announced in TF-A 2.9)

---

TF-Av2.9 release (May 2023)

Architecture extensions support:

• Support for PSCI OS initiated mode
• Architecture support for FEAT_TCR2, Guarded Control Stack (FEAT_GCS), Config Register Support for FEAT_HCX
• Save/Restore Support for FEAT_PIE/POE, FEAT_SME | SME2, FEAT_MPAM: runtime check
• Added dynamic detection of architecture feature enablement
• System registers access trap handler
• Eighteen CPU Errata Mitigations for Cortex-A510, A-78, X2, Neoverse V1, N2 cores and GICv3 bug fixes
• Errata Management Firmware Interface implementation supported for version 1.0 of the public specification
• First release done solely relying on TrustedFirmware.org Open CI
• Ethos-N NPU Driver Added support for Protected Firmware Setup
• EL3 SPMC enhanced feature hardening (scan warning fixes, report execution stage in partition info etc)

Arm CCA support:

• Support for Trusted Boot rooted into RSS RoT
• Support for PSA attestation scheme with Measured Boot rooted into RSS.
• General improvements and hardening of the boot and attestation support.
• Hardening efforts in the X.509 certificate parser, including a security fix (TFV-10, CVE-2022-47630)

TF-RMM Enhancements [0.3.0] :

• Refactoring Stage 1 Translation Table to better fit RMM Usage
• PMU usage in Realms as per RMM v1.0 BET0 spec
• Realm support to leverage SVE hardware functionality, if enabled
• Improve dynamic config of RMM by adding support for DRAM info in RMM-EL3 interface
• RMM Unit test support for granule and slot-buffer components
• Mask MTE capability so that realms can see that MTE is not supported
• Build improvements in RMM comprising : build times, decouple dependencies during build cycle and support multi-config builds

Hafnium SPM & FF-A enablement:

• FF-A v1.2 Early Adoption
• FF-A v1.1 Enhanced Support
  • Interrupt handling (S-EL0 partition signaling, allow a physical interrupt to be routed to a specified PE)
  • Memory sharing (support for FF-A backward compatibility, share/lend/donate memory to multiple borrowers, normal/secure fragmented memory sharing)
  • Power management (events relayed to the SPMC and removed limitations)
  • Indirect messaging (buffer synchronization and ownership transfer rules)
  • Hardened SP manifest memory regions boot time validation
  • CI migration to LLVM/clang 15.0.6
  • Removal of non-VHE build and test configurations
  • Added EL3 SPMC test configurations using the Hafnium’s CI infrastructure

TF-A Tests

• support for 2021 Architecture Extensions
• new tests for FEAT_RME and RMM Testing
• support for FF-A v1.1 Feature testing
• New cores/platforms support:
• Arm TC3 CPU cores support
• Power Domain support for N1SDP and Morello hardware
• Allwinner T507 SoC support
• Legacy support for Nvidia Tegra 210
• MT8188 | MT8195 Platform support

Qemu : Enable Dynamic Feature Detection for Normal World

---

Previous TF-A Releases

TF-RMMv01.0/v0.2.0 first releases (November 2022)

• Reference implementation of the Arm Realm Management Monitor (RMM) specification
• Aligned against BETA revision of the specification
• Tested against TF-Av2.8
• All contributions accepted under DCO and BSD 3-Clause

TF-Av2.8 release (November 2022)

• Architecture extensions support:
  • Added Pointer Authentication Extension helper support for QARMA3 (FEAT_PACQARMA3)
  • Partial EL3 support for RNDR/RNDRRS (FEAT_RNG_TRAP)
  • Added SVE fall back if SME not available (FEAT_SME)
  • Support full SVE vector Length (FEAT_SVE)
  • Added FEAT_BRBE and FEAT_TRBE under feature detection mechanism
• Added support for DRTM (Dynamic Root of Trust Measurement) Phase 1 (Standard services, Complete DMA protection)
• Various Errata Mitigations (Cortex-A710, A510, X3, X2, A76, A77, A78C, Neoverse N1, N2, GIC-600)
• Improved SVE support (as per SMCCCv1.3)
• Ethos-N Driver support for SMMU
• EL3 SPMC feature hardening
• FEAT_RME:
  • Bootflow chain of trust support for AEM FVP
  • Further developments to support TF-RMM upstreaming
  • Tested interop against TF-RMM v0.2.0
• TF-A Tests support for 4 new platforms (N1SDP, RD-N2, RD-N2-Cfg1, RD-V1)
• TF-A Tests FEAT_RME Realm Payload Testing
• TF-A Tests FF-A v1.1 Secure interrupts Testing
• Hafnium SPM & FF-A enablement:
  • FF-A v1.1 additions (Interrupt handling, Memory sharing, Framework notifications and indirect messaging)
  • Added FF-A console log ABI, support for GICv3.1 extended INTID ranges
  • Enhanced SVE by supporting up to the maximum vector length 
  • FF-A v1.0 ACS test suite integration in Open CI.

TF-A-v2.7 Release features

• Architecture support:
  • Armv9.2 Branch Record Buffer Extension (FEAT_BRBE) for Non-secure World support
  • Armv8.7 Statistical Profiling Extension (FEAT_SPEV1P2) TF-A-Tests support
  • Armv8.7 WFE/WFI instructions with Timeout (FEAT_WFxT), Increased precision of Reciprocal Estimate and Reciprocal Square Root Estimate (FEAT_RPRES) & Alternate Floating-Point (FEAT_AFP) TF-A-Tests support
• *Armv8.3 Extended Cache Index (FEAT_CCIDX) support
• Spectre Branch History Buffer (BHB) Mitigations
• Various Software workarounds for Errata affecting Cortex-A710, A510, A78, X2 
• New Architectural Features Detection Mechanism (Experimental Feature)
• SMMU Granule Protection Checks (GPC) for Secure and Non-secure world transactions
• FF-A & SPM:
  • Secure Partition Manager (SPM) operating at EL3 (Experimental Feature)
  • Hafnium: Memory Tagging Extension (MTE) stack tagging support at S-EL2
  • Hafnium FF-A implementation:
  • FF-A v1.1 EAC0: Boot protocol, Setup and discovery, Notifications
  • FF-A v1.1 Beta0: Interrupt handling improvements
  • FF-A v1.0 compliance fixes

TF-A-v2.6 Release features

• Armv9 features support:
  • Realm Management Extension (FEAT_RME): first prototype implementation (ENABLE_RME)
  • Scalable Matrix Extension (FEAT_SME) enabled for Normal world use
  • Trace Buffer Extension (FEAT_TRBE): enable access to trace buffer control registers from Normal world
  • Embedded Trace Extension (FEAT_ETE, FEAT_ETEv1p1): enabled for Normal world use
• Armv8 features support:
  • Activity Monitors Extension (FEAT_AMU): enable per-core AMU auxiliary counters
  • Support for the HCRX_EL2 register (FEAT_HCX)
  • Scalable Vector Extension (FEAT_SVE): enabled for the Secure world
  • Self-hosted Trace Extensions (FEAT_TRF)
• Support for the Arm Firmware Update specification
• Hafnium SPM:
  • Arm FF-A v1.1 notifications support
  • Arm FF-A v1.1 interrupt handling (Hafnium para-virtualized interface)
  • S-EL0 partitions support through VHE architecture extension in the SW
  • Save/restore NW SVE live state on world switches
  • SPs to use FP/SIMD while NW uses SVE/SIMD/FP on the same core
  • Updated toolchain to LLVM/Clang 12
  • Published new SPMC threat model

TF-A-v2.5 Release features

• TF-A Public Threat Model published
• Armv8.7: FEAT_MTE3, FEAT_PAN3
• Armv8.6: FEAT_AMUv1p1, FEAT_MTPMU
• Armv8.5: Speculation Barrier (SB) for non-Armv8.5 platforms starting from Armv8.0 (FEAT_SB)
• Helper functions for Random number generator registers (FEAT_RNG)
• Support for TRNG firmware interface service
• SiP service to configure Ethos-N NPU
• GPT Image Support aligned to Firmware update specification
• S-EL2 Hafnium/FF-A:
  • PAuth & BTI support
  • SMMUv3.2 S-EL2 driver for stage 2 translation
  • FF-A Non-secure interrupt handling
  • FF-A Power management support at boot time
  • FF-A Direct message interfaces & Memory sharing interfaces
  • Added SPMC support to Hafnium CI
  • Save/restore of Normal world FP/NEON/SIMD state