Roadmap

Updated 47 Days AgoPublic

Actions

TF-M has been under active development since it was launched in Q1'18. It is being designed to include

1. Secure boot ensuring integrity of runtime images and responsible for firmware upgrade.
2. Runtime firmware consisting of TF-M Core responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services

If you are interested in collaborating on any of the roadmap features or other features, please mail TF-M mailing list

Currently Supported Features

• PSA Level1 and 2 Isolation
• PSA Firmware Framework v1.0 and Library Mode.
• Secure Boot (mcuboot upstream)
• PSA Protected Storage and Internal Trusted Storage v1.0
• Audit Logs
• PSA Crypto 1.0-Beta3
• PSA Initial Attestation Service v1.0
• Secure Partition Interrupt Handling, Pre-emption of SPE execution
• Platform Reset Service
• Dual CPU
• Open Continuous Integration (CI) System
• Boot and Runtime Crypto Hardware Integration
• Profile Small
• Profile Medium
• Build System Changes
• Code Restructuring

CQ4'20

• TF-M v1.2
• HAL Refactoring
• PSA Level3 Isolation (MuscaB1, AN521 to start with)
• Secure Partition Manager HAL Phase2
• Update to latest Mbed TLS v2.4
• Crypto Code sharing – boot & runtime 
• SW Counter Measures Against Physical Attacks – Secure Processing Environment Isolation settings
• Publish Threat Model

Future

• FPU Support
• Scheduler - Multiple Secure Context Support
• Profile Large
• [Secure Storage] Key Diversification Enhancements
• [Platform] NV Count, Timer
• [Platform] Secure Time
• Secure Debug Investigation
• [Audit Logs] Secure Storage, Policy Manager