Page MenuHomePhabricator

Roadmap
Updated 443 Days AgoPublic

TF-M has been under active development since it was launched in Q1'18. It is being designed to include

  1. Secure boot ensuring integrity of runtime images and responsible for firmware upgrade.
  2. Runtime firmware consisting of TF-M Core responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently supported are Secure Storage, Cryptography, Firmware Update, Attestation and Platform Services

If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M mailing list

Supported Features

  • PSA Firmware Framework v1.0, 1.1 Extension including IPC and SFN modes.
  • PSA Level1, 2 and 3 Isolation.
  • Secure Boot (mcuboot upstream) including generic fault injection mitigations
  • PSA Protected Storage, Internal Trusted Storage v1.0 and Encrypted ITS
  • PSA Cryptov1.0 (uses Mbed TLS v3.4.0)
  • PSA Initial Attestation Service v1.0
  • PSA Firmware Update v1.0
  • PSA ADAC Specification Implementation
  • Base Config
  • kconfig based configuration
  • Profile Small, Medium, ARoT-less Medium, Large
  • Secure Partition Interrupt Handling, Pre-emption of SPE execution
  • Platform Reset Service
  • Dual CPU
  • Open Continuous Integration (CI) System
  • Boot and Runtime Crypto Hardware Integration
  • Fault Injection Handling library to mitigate against physical attacks
  • Threat Model
  • Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD)
  • FPU, MVE Support
  • CC-312 PSA Cryptoprocessor Driver Interface

CQ4'23

  • TF-M v1.9 release
  • Mbed TLS 3.5.0, mcuboot 2.0.0 Integration
  • Design, prototype: Supporting multiple clients i.e. TF-M supporting multiple on core and off core clients on Hetrogeneous (e.g. Cortex-A + Cortex-M platforms)
  • Demonstrating TLS in Non-Secure using PSA Crypto APIs in TF-M
  • Build System Enhancements - Separate Secure, Non-Secure Builds
  • Mailbox interrupt handling

Future:

  • Long Term Stable (LTS) support
  • Implement support for multiple clients
  • Remote Test Infrastructure
  • MISRA testing
  • TF-M Performance - Further Benchmarking and Optimization
  • Scheduler - Multiple Secure Context Implementation
  • Arm v8.1-M Architecture Enablement - PAC/BTI
  • PSA FWU Service Enhancements
  • PSA ADAC Spec - Enhancements and Testing
  • Arm v8.1-M Unprevileged Debug
  • [Secure Storage] Extended PSA APIs, Key Diversification Enhancements
  • [Audit Logs] Secure Storage, Policy Manager
  • PSA FF Lifecycle API
  • Fuzz Testing
Last Author
shebuk
Last Edited
Oct 4 2023, 5:35 PM

Event Timeline

abhishek-pandit edited the content of this document. (Show Details)
shebuk changed the title from Planning to Roadmap.Jul 25 2018, 8:27 PM
shebuk edited the content of this document. (Show Details)
shebuk changed the visibility from "All Users" to "Public (No Login Required)".Aug 22 2018, 10:27 AM
shebuk edited the content of this document. (Show Details)Oct 2 2018, 11:25 AM
shebuk edited the content of this document. (Show Details)Oct 2 2018, 4:07 PM
shebuk edited the content of this document. (Show Details)
shebuk edited the content of this document. (Show Details)Oct 9 2018, 12:02 PM
shebuk edited the content of this document. (Show Details)Oct 10 2018, 11:14 PM
shebuk edited the content of this document. (Show Details)Feb 5 2019, 2:42 PM
ademars added a subscriber: ademars.Feb 5 2019, 8:45 PM
shebuk edited the content of this document. (Show Details)Mar 15 2019, 3:00 PM
shebuk edited the content of this document. (Show Details)Apr 16 2019, 1:36 PM
shebuk edited the content of this document. (Show Details)Jul 9 2019, 6:23 PM
shebuk edited the content of this document. (Show Details)Oct 4 2019, 12:17 PM
shebuk edited the content of this document. (Show Details)
shebuk edited the content of this document. (Show Details)
shebuk edited the content of this document. (Show Details)Jan 19 2020, 6:15 PM
shebuk edited the content of this document. (Show Details)Apr 1 2020, 7:15 PM
shebuk edited the content of this document. (Show Details)Apr 1 2020, 7:34 PM
shebuk edited the content of this document. (Show Details)Apr 1 2020, 7:37 PM
shebuk edited the content of this document. (Show Details)
shebuk edited the content of this document. (Show Details)Apr 1 2020, 8:02 PM
shebuk edited the content of this document. (Show Details)Aug 1 2020, 7:47 AM
iomint added a subscriber: iomint.Aug 24 2020, 11:33 AM
shebuk edited the content of this document. (Show Details)Oct 12 2020, 5:01 PM
shebuk edited the content of this document. (Show Details)Feb 3 2021, 9:31 AM
shebuk edited the content of this document. (Show Details)Feb 3 2021, 9:45 AM
shebuk edited the content of this document. (Show Details)
shebuk published a new version of this document.
shebuk edited the content of this document. (Show Details)Apr 13 2021, 2:44 PM
shebuk edited the content of this document. (Show Details)Jul 2 2021, 5:35 PM
shebuk edited the content of this document. (Show Details)Oct 4 2021, 1:52 PM
shebuk edited the content of this document. (Show Details)
shebuk edited the content of this document. (Show Details)Jan 12 2022, 6:01 PM
shebuk edited the content of this document. (Show Details)Mar 30 2022, 11:52 AM
shebuk edited the content of this document. (Show Details)Jul 5 2022, 10:09 AM
shebuk edited the content of this document. (Show Details)Oct 18 2022, 4:17 PM
shebuk edited the content of this document. (Show Details)Jan 9 2023, 4:32 PM
shebuk edited the content of this document. (Show Details)Apr 14 2023, 2:45 PM
shebuk edited the content of this document. (Show Details)Jul 6 2023, 10:24 AM
shebuk edited the content of this document. (Show Details)
shebuk edited the content of this document. (Show Details)Oct 4 2023, 5:35 PM

It plays a crucial role in verifying the among us unblocked authenticity and integrity of firmware components before they are executed.