Updated 17 Days AgoPublic

TF-M has been under active development since it was launched in Q1'18. It is being designed to include

  1. Secure boot ensuring integrity of runtime images and responsible for firmware upgrade.
  2. Runtime firmware consisting of TF-M Core responsible for secure isolation, execution and communication aspects. and a set of Secure Services providing services to the Non-Secure and Secure Applications. The secures services currently planned to be supported are Secure Storage, Cryptography, Audit Logs, Attestation, Provisioning and Platform Services

    Roadmap below shows when the services are getting supported and then enhanced.

Currently Supported Features

Q1'19 (Jan-Mar'19)

  • [TF-M Core] Secure Partition Manager- Level 2 Isolation
  • [TF-M Core] Scheduler Design
  • [TF-M Core] Interrupt Handling Enhancements
  • [Secure Storage] PSA API Implementation
  • [Secure Storage] Making service compatible with PSA Firmware Framework IPC
  • [Crypto] PSA API Compliance
  • [Attestation] EAT (Entity Attestation Token) - CBOR, COSE Integration. PSA Compliance
  • Dual v7-M Prototype
  • Open Continuous Integration (CI) System

Q2'19 (Apr-Jun'19)

  • [TF-M Core] Secure Partition Manager- Full Isolation Support
  • [TF-M Core] Scheduler - Initial Implementation
  • [Secure Boot] Rollback Protection
  • [Secure Boot] Multiple Image Update
  • [Secure Storage] Extended PSA APIs
  • [Secure Storage] Key Diversification Enhancements
  • [Crypto] Making service compatible with PSA Firmware Framework IPC
  • [Crypto] Support Hardware Crypto Accelerator
  • [Audit Logs] Making service compatible with PSA Firmware Framework IPC, Crypto Binding
  • [Attestation] EAT Enhancements
  • [Platform] NV Count, Timer
  • [Platform] Secure Time
  • Secure Debug Investigation
  • [Provisioning] Initial Investigation/API Prototype
  • Dual v7-M Support

Q3'19 (Jul-Sep'19)

  • [TF-M Core] Scheduler Enhancements
  • [Secure Boot] Key Revocation
  • [Secure Storage] Support Internal Trusted Storage PSA APIs
  • [Secure Storage] Lifecycle Management
  • [Crypto] RNG, KDF - Initial Investigation
  • [Audit Logs] Secure Storage, Policy Manager
  • [Platform] GPIO, Debug, NONCE
  • Secure Debug Prototype
Last Author
ademars, DarshpreetSabharwal