Roadmap
Roadmap
TF-M has been under active development since it was launched in Q1'18. It is being designed to include
- Secure boot ensuring integrity of runtime images and responsible for firmware upgrade.
- Runtime firmware consisting of TF-M Core responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services
Roadmap below shows when the services are getting supported and then enhanced.
Currently Supported Features
- Secure Boot
- TF-M Core - Inter Process Communication (IPC)
- Secure Storage
- Audit Logs
- Crypto Secure Service
- Initial Attestation Service Secure Partition Interrupt Handling
- [Platform] Reset Service
- [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance
- [Crypto] PSA API Compliance
- [Secure Storage] PSA API Implementation
CQ2'19
- [TF-M Core] PSA Level2 Isolation
- [Secure Storage] Compatible with PSA Firmware Framework IPC
- [Crypto] Compatible with PSA Firmware Framework IPC
- [Attestation] Compatible with PSA Firmware Framework IPC
- [Secure Boot] Rollback Protection
- [TF-M Core] Secure Interrupt Handling
- [TF-M Core] Pre-emption of SPE execution
- Dual v7-M Enablement
- Open Continuous Integration (CI) System
- [Crypto] Migrate to mbedcrypto
CQ3'19
- [TF-M Core] Multiple Secure Context, Interrupt Handling
- [Storage] Crypto Binding
- Dual v7-M Hardening
- Boot and Runtime Crypto Hardware Integration
- [Secure Boot] Multiple Image Update
- [Secure Storage] Extended PSA APIs
- [Secure Storage] Key Diversification Enhancements
Future
- [Platform] NV Count, Timer
- [Platform] Secure Time
- Secure Debug Investigation
- [Provisioning] Initial Investigation/API Prototype
- [Secure Boot] Key Revocation
- [Secure Storage] Support Internal Trusted Storage PSA APIs
- [Secure Storage] Lifecycle Management
- [Crypto] RNG, KDF
- [Audit Logs] Secure Storage, Policy Manager
- [Platform] GPIO, Debug, NONCE
- Secure Debug Prototype
- Last Author
- shebuk
- Projects
- None
- Subscribers
- ademars, DarshpreetSabharwal