Roadmap

Updated 87 Days AgoPublic

Actions

TF-M has been under active development since it was launched in Q1'18. It is being designed to include

1. Secure boot ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of TF-M Core responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently supported are Secure Storage, Cryptography, Firmware Update, Audit Logs, Attestation and Platform Services

If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M mailing list

Supported Features

• PSA Firmware Framework v1.0, 1.1 Extension.
• PSA Level1, 2 and 3 Isolation.
• Secure Boot (mcuboot upstream) including generic fault injection mitigations
• PSA Protected Storage and Internal Trusted Storage v1.0
• PSA Cryptov1.0 (uses Mbed TLS v3.1)
• PSA Initial Attestation Service v1.0
• PSA Firmware Update
• Audit Logs
• Secure Partition Interrupt Handling, Pre-emption of SPE execution
• Platform Reset Service
• Dual CPU
• Open Continuous Integration (CI) System
• Boot and Runtime Crypto Hardware Integration
• Profile Small, Medium, Large
• Fault Injection Handling library to mitigate against physical attacks
• Threat Model
• Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD)
• FPU, MVE Support
• CC-312 PSA Cryptoprocessor Driver Interface
• PSA ADAC Specification Implementation
• PSA SPs support SFN in ​Profile Small
• Profile Small/SFN mode - Memory Optimizations
• PSA Crypto service and HAL Memory Optimization

CQ3'22

• Profile Small/SFN mode - Memory Optimizations Continued
• Profile Medium/IPC mode - Memory Optimizations
• Integrate Mbed TLS 3.2
• PSA Firmware Update v1.0 API Alignment
• Design document restructure
• Review ETSS, Encrypted ITS contributions

Future:

• TF-M Performance - Further Benchmarking and Optimization
• Remote Test Infrastructure
• Arm v8.1-M Architecture Enablement - PAC/BTI
• PSA FWU Service Enhancements
• PSA ADAC Spec - Enhancements and Testing
• Arm v8.1-M Unprevileged Debug
• Scheduler - Multiple Secure Context Implementation
• Multiple Secure Context PoC
• [Secure Storage] Extended PSA APIs, Key Diversification Enhancements
• [Audit Logs] Secure Storage, Policy Manager
• PSA FF Lifecycle API
• MISRA testing
• Fuzz Testing