diff options
Diffstat (limited to 'docs/releases/1.3.0.rst')
-rw-r--r-- | docs/releases/1.3.0.rst | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/docs/releases/1.3.0.rst b/docs/releases/1.3.0.rst new file mode 100644 index 0000000000..e246ad0439 --- /dev/null +++ b/docs/releases/1.3.0.rst @@ -0,0 +1,173 @@ +************* +Version 1.3.0 +************* + +New major features +================== + + - Support stateless RoT Service defined in FF-M 1.1 [1]_. + - Support Second-Level Interrupt Handling (SLIH) defined in FF-M 1.1 [1]_. + - Add Firmware Update (FWU) secure service, following Platform Security + Architecture Firmware Update API [2]_. + - Migrate to Mbed TLS v2.25.0. + - Update MCUboot version to v1.7.2. + - Add a TF-M generic threat model [3]_ . + - Implement Fault Injection Handling library to mitigate physical attacks [4]_. + - Add Profile Large [5]_. + - Enable code sharing between boot loader and TF-M [6]_. + - Support Armv8.1-M Privileged Execute Never (PXN) attribute and Thread + reentrancy disabled (TRD) feature. + - New platforms added. + See :ref:`docs/releases/1.3.0:New platforms supported` for + details. + - Add a TF-M security landing page [7]_. + - Enhance dual-cpu non-secure mailbox reference implementation. + +New security advisories +======================= + +Invoking secure functions from non-secure handler mode +------------------------------------------------------ + +Refer to :doc:`Advisory TFMV-2</docs/security/security_advisories/svc_caller_sp_fetching_vulnerability>` +for more details. +The mitigation is included in this release. + +New platforms supported +======================= + + - Cortex-M23 based system: + + - `Nuvoton M2354. + <https://www.nuvoton.com/board/numaker-m2354/>`_ + + - Cortex-M55 based system: + + - `FPGA image loaded on MPS3 board (AN547). + <https://developer.arm.com/products/system-design/development-boards/cortex-m-prototyping-systems/mps3>`_ + + - Secure Enclave system: + + - :doc:`Musca-B1 Secure Enclave. </platform/ext/target/musca_b1/secure_enclave/readme>` + +Deprecated platforms +==================== + +The following platforms have been removed from TF-M code base. + + - SSE-200_AWS + - AN539 + +See :doc:`Platform deprecation and removal </platform/ext/platform_deprecation>` +for other platforms under deprecation process. + +Tested platforms +================ + +The following platforms are successfully tested in this release. + +- AN519 +- AN521 +- AN524 +- AN547 +- LPCXpresso55S69 +- MPS2 SSE300 +- Musca-B1 +- Musca-B1 Secure Enclave +- Musca-S1 +- M2351 +- M2354 +- nrf5340dk +- nrf9160dk +- NUCLEO-L552ZE-Q +- PSoC 64 +- STM32L562E-DK + +Known issues +============ + +Some open issues exist and will not be fixed in this release. + +.. list-table:: + + * - **Descriptions** + - **Issue links** + + * - | PSA Arch Crypto test suite have several known failures. + - See this `link <https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.3_release/>`_ + for detailed analysis of the failures. + + * - | Protected Storage Regression test 4001 is stuck on SSE-300 in isolation + | level 2 when PXN is enabled. + - https://developer.trustedfirmware.org/T902 + + * - | IPC Regression test fail when non-secure regression test is enabled and + | secure regression test is disabled. + - https://developer.trustedfirmware.org/T903 + + * - | Panic test in PSA Arch IPC test suite generates inconsistent results + | between Armclang and GNUARM. + - https://developer.trustedfirmware.org/T909 + +Issues fixed since 1.2.0 +======================== + +Issues fixed by TF-M since v1.2.0 are listed below. + +.. list-table:: + + * - **Descriptions** + - **Issue links** + + * - | Dual-cpu NS mailbox initialization shall be executed after CMSIS-RTOS + | RTX kernel initialization + - https://developer.trustedfirmware.org/T904 + +Issues closed since 1.2.0 +========================= + +The following issues are closed since v1.2.0. These issues are related to +platform hardware limitations or 3rd-party tools and therefore won't be fixed by +TF-M. + +.. list-table:: + + * - **Descriptions** + - **Issue links** + + * - | ``psa_verify_rsa()`` fails when PSA Crypto processes RSASSA-PSS + | algorithm in CryptoCell-312. + | Mbed TLS implementation of ``psa_verify_rsa()`` always passes + | ``MBEDTLS_MD_NONE`` to ``mbedtls_rsa_rsassa_pss_verify()``. + | However, CryptoCell-312 doesn't support MD5 and uses other algorithms + | instead. Therefore, Mbed TLS implementation may fail when input + | algorithm doesn't match other parameters. + - https://github.com/ARMmbed/mbedtls/issues/3990 + + * - | Regression tests fail with GNU Arm Embedded toolchain version + | 10-2020-q4-major. + | The support for CMSE feature is broken in version 10-2020-q4-major. The + | fix will be available in future release version. + | A note is added in :ref:`docs/getting_started/tfm_sw_requirement:C compilers`. + - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99157 + +Reference +========= + + .. [1] `Arm Firmware Framework for M 1.1 Extensions <https://developer.arm.com/documentation/aes0039/latest>`_ + + .. [2] `PSA Firmware Update API <https://developer.arm.com/documentation/ihi0093/latest/>`_ + + .. [3] :doc:`TF-M generic threat model </docs/security/threat_models/generic_threat_model>` + + .. [4] :doc:`TF-M physical attack mitigation </docs/technical_references/tfm_physical_attack_mitigation>` + + .. [5] :doc:`TF-M Profile Large design </docs/technical_references/profiles/tfm_profile_large>` + + .. [6] :doc:`Code sharing between independently linked XIP binaries </docs/technical_references/code_sharing>` + + .. [7] :doc:`Security Handling </docs/security/security>` + +-------------- + +*Copyright (c) 2021, Arm Limited. All rights reserved.* |