aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Hu <david.hu@arm.com>2021-03-24 15:45:45 +0800
committerDavid Hu <david.hu@arm.com>2021-04-09 11:47:34 +0800
commitaa7d90a23b045e50c26ef66b11250842b665f54b (patch)
tree2a73e5f54a78a7b6069adb560fc300ede794c683
parent35588692a5a4de9ea612ec52cc98766b1c666a3a (diff)
downloadtrusted-firmware-m-TF-Mv1.3.0.tar.gz
Docs: Add v1.3.0 release noteTF-Mv1.3.0
Change-Id: Ie9c0782b0cd6d97e59ef458e96433498e6bb0367 Signed-off-by: David Hu <david.hu@arm.com>
-rw-r--r--docs/reference/changelog.rst3
-rw-r--r--docs/reference/releases/1.3.0.rst173
2 files changed, 175 insertions, 1 deletions
diff --git a/docs/reference/changelog.rst b/docs/reference/changelog.rst
index fb1ac1ca26..70a3e28166 100644
--- a/docs/reference/changelog.rst
+++ b/docs/reference/changelog.rst
@@ -5,10 +5,11 @@ Change Log & Release Notes
This document contains a summary of the new features, changes, fixes and known
issues in each release of Trusted Firmware-M.
+.. include:: ../reference/releases/1.3.0.rst
.. include:: ../reference/releases/1.2.0.rst
.. include:: ../reference/releases/1.1.rst
.. include:: ../reference/releases/1.0.rst
--------------
-*Copyright (c) 2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2021, Arm Limited. All rights reserved.*
diff --git a/docs/reference/releases/1.3.0.rst b/docs/reference/releases/1.3.0.rst
new file mode 100644
index 0000000000..80e3dd655b
--- /dev/null
+++ b/docs/reference/releases/1.3.0.rst
@@ -0,0 +1,173 @@
+*************
+Version 1.3.0
+*************
+
+New major features
+==================
+
+ - Support stateless RoT Service defined in FF-M 1.1 [1]_.
+ - Support Second-Level Interrupt Handling (SLIH) defined in FF-M 1.1 [1]_.
+ - Add Firmware Update (FWU) secure service, following Platform Security
+ Architecture Firmware Update API [2]_.
+ - Migrate to Mbed TLS v2.25.0.
+ - Update MCUboot version to v1.7.2.
+ - Add a TF-M generic threat model [3]_ .
+ - Implement Fault Injection Handling library to mitigate physical attacks [4]_.
+ - Add Profile Large [5]_.
+ - Enable code sharing between boot loader and TF-M [6]_.
+ - Support Armv8.1-M Privileged Execute Never (PXN) attribute and Thread
+ reentrancy disabled (TRD) feature.
+ - New platforms added.
+ See :ref:`docs/reference/releases/1.3.0:New platforms supported` for
+ details.
+ - Add a TF-M security landing page [7]_.
+ - Enhance dual-cpu non-secure mailbox reference implementation.
+
+New security advisories
+=======================
+
+Invoking secure functions from non-secure handler mode
+------------------------------------------------------
+
+Refer to :doc:`Advisory TFMV-2</docs/reference/security_advisories/svc_caller_sp_fetching_vulnerability>`
+for more details.
+The mitigation is included in this release.
+
+New platforms supported
+=======================
+
+ - Cortex-M23 based system:
+
+ - `Nuvoton M2354.
+ <https://www.nuvoton.com/board/numaker-m2354/>`_
+
+ - Cortex-M55 based system:
+
+ - `FPGA image loaded on MPS3 board (AN547).
+ <https://developer.arm.com/products/system-design/development-boards/cortex-m-prototyping-systems/mps3>`_
+
+ - Secure Enclave system:
+
+ - :doc:`Musca-B1 Secure Enclave. </platform/ext/target/musca_b1/secure_enclave/readme>`
+
+Deprecated platforms
+====================
+
+The following platforms have been removed from TF-M code base.
+
+ - SSE-200_AWS
+ - AN539
+
+See :doc:`Platform deprecation and removal </docs/contributing/platform_deprecation>`
+for other platforms under deprecation process.
+
+Tested platforms
+================
+
+The following platforms are successfully tested in this release.
+
+- AN519
+- AN521
+- AN524
+- AN547
+- LPCXpresso55S69
+- MPS2 SSE300
+- Musca-B1
+- Musca-B1 Secure Enclave
+- Musca-S1
+- M2351
+- M2354
+- nrf5340dk
+- nrf9160dk
+- NUCLEO-L552ZE-Q
+- PSoC 64
+- STM32L562E-DK
+
+Known issues
+============
+
+Some open issues exist and will not be fixed in this release.
+
+.. list-table::
+
+ * - **Descriptions**
+ - **Issue links**
+
+ * - | PSA Arch Crypto test suite have several known failures.
+ - See this `link <https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.3_release/>`_
+ for detailed analysis of the failures.
+
+ * - | Protected Storage Regression test 4001 is stuck on SSE-300 in isolation
+ | level 2 when PXN is enabled.
+ - https://developer.trustedfirmware.org/T902
+
+ * - | IPC Regression test fail when non-secure regression test is enabled and
+ | secure regression test is disabled.
+ - https://developer.trustedfirmware.org/T903
+
+ * - | Panic test in PSA Arch IPC test suite generates inconsistent results
+ | between Armclang and GNUARM.
+ - https://developer.trustedfirmware.org/T909
+
+Issues fixed since 1.2.0
+========================
+
+Issues fixed by TF-M since v1.2.0 are listed below.
+
+.. list-table::
+
+ * - **Descriptions**
+ - **Issue links**
+
+ * - | Dual-cpu NS mailbox initialization shall be executed after CMSIS-RTOS
+ | RTX kernel initialization
+ - https://developer.trustedfirmware.org/T904
+
+Issues closed since 1.2.0
+=========================
+
+The following issues are closed since v1.2.0. These issues are related to
+platform hardware limitations or 3rd-party tools and therefore won't be fixed by
+TF-M.
+
+.. list-table::
+
+ * - **Descriptions**
+ - **Issue links**
+
+ * - | ``psa_verify_rsa()`` fails when PSA Crypto processes RSASSA-PSS
+ | algorithm in CryptoCell-312.
+ | Mbed TLS implementation of ``psa_verify_rsa()`` always passes
+ | ``MBEDTLS_MD_NONE`` to ``mbedtls_rsa_rsassa_pss_verify()``.
+ | However, CryptoCell-312 doesn't support MD5 and uses other algorithms
+ | instead. Therefore, Mbed TLS implementation may fail when input
+ | algorithm doesn't match other parameters.
+ - https://github.com/ARMmbed/mbedtls/issues/3990
+
+ * - | Regression tests fail with GNU Arm Embedded toolchain version
+ | 10-2020-q4-major.
+ | The support for CMSE feature is broken in version 10-2020-q4-major. The
+ | fix will be available in future release version.
+ | A note is added in :ref:`docs/getting_started/tfm_sw_requirement:C compilers`.
+ - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99157
+
+Reference
+=========
+
+ .. [1] `Arm Firmware Framework for M 1.1 Extensions <https://developer.arm.com/documentation/aes0039/latest>`_
+
+ .. [2] `PSA Firmware Update API <https://developer.arm.com/documentation/ihi0093/latest/>`_
+
+ .. [3] :doc:`TF-M generic threat model </docs/threat_models/generic_threat_model>`
+
+ .. [4] :doc:`TF-M physical attack mitigation </docs/design_documents/tfm_physical_attack_mitigation>`
+
+ .. [5] :doc:`TF-M Profile Large design </docs/design_documents/profiles/tfm_profile_large>`
+
+ .. [6] :doc:`Code sharing between independently linked XIP binaries </docs/design_documents/code_sharing>`
+
+ .. [7] :doc:`Security Handling </docs/reference/security>`
+
+--------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*