aboutsummaryrefslogtreecommitdiff
path: root/docs/releases/1.3.0.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/releases/1.3.0.rst')
-rw-r--r--docs/releases/1.3.0.rst173
1 files changed, 173 insertions, 0 deletions
diff --git a/docs/releases/1.3.0.rst b/docs/releases/1.3.0.rst
new file mode 100644
index 0000000000..e246ad0439
--- /dev/null
+++ b/docs/releases/1.3.0.rst
@@ -0,0 +1,173 @@
+*************
+Version 1.3.0
+*************
+
+New major features
+==================
+
+ - Support stateless RoT Service defined in FF-M 1.1 [1]_.
+ - Support Second-Level Interrupt Handling (SLIH) defined in FF-M 1.1 [1]_.
+ - Add Firmware Update (FWU) secure service, following Platform Security
+ Architecture Firmware Update API [2]_.
+ - Migrate to Mbed TLS v2.25.0.
+ - Update MCUboot version to v1.7.2.
+ - Add a TF-M generic threat model [3]_ .
+ - Implement Fault Injection Handling library to mitigate physical attacks [4]_.
+ - Add Profile Large [5]_.
+ - Enable code sharing between boot loader and TF-M [6]_.
+ - Support Armv8.1-M Privileged Execute Never (PXN) attribute and Thread
+ reentrancy disabled (TRD) feature.
+ - New platforms added.
+ See :ref:`docs/releases/1.3.0:New platforms supported` for
+ details.
+ - Add a TF-M security landing page [7]_.
+ - Enhance dual-cpu non-secure mailbox reference implementation.
+
+New security advisories
+=======================
+
+Invoking secure functions from non-secure handler mode
+------------------------------------------------------
+
+Refer to :doc:`Advisory TFMV-2</docs/security/security_advisories/svc_caller_sp_fetching_vulnerability>`
+for more details.
+The mitigation is included in this release.
+
+New platforms supported
+=======================
+
+ - Cortex-M23 based system:
+
+ - `Nuvoton M2354.
+ <https://www.nuvoton.com/board/numaker-m2354/>`_
+
+ - Cortex-M55 based system:
+
+ - `FPGA image loaded on MPS3 board (AN547).
+ <https://developer.arm.com/products/system-design/development-boards/cortex-m-prototyping-systems/mps3>`_
+
+ - Secure Enclave system:
+
+ - :doc:`Musca-B1 Secure Enclave. </platform/ext/target/musca_b1/secure_enclave/readme>`
+
+Deprecated platforms
+====================
+
+The following platforms have been removed from TF-M code base.
+
+ - SSE-200_AWS
+ - AN539
+
+See :doc:`Platform deprecation and removal </platform/ext/platform_deprecation>`
+for other platforms under deprecation process.
+
+Tested platforms
+================
+
+The following platforms are successfully tested in this release.
+
+- AN519
+- AN521
+- AN524
+- AN547
+- LPCXpresso55S69
+- MPS2 SSE300
+- Musca-B1
+- Musca-B1 Secure Enclave
+- Musca-S1
+- M2351
+- M2354
+- nrf5340dk
+- nrf9160dk
+- NUCLEO-L552ZE-Q
+- PSoC 64
+- STM32L562E-DK
+
+Known issues
+============
+
+Some open issues exist and will not be fixed in this release.
+
+.. list-table::
+
+ * - **Descriptions**
+ - **Issue links**
+
+ * - | PSA Arch Crypto test suite have several known failures.
+ - See this `link <https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.3_release/>`_
+ for detailed analysis of the failures.
+
+ * - | Protected Storage Regression test 4001 is stuck on SSE-300 in isolation
+ | level 2 when PXN is enabled.
+ - https://developer.trustedfirmware.org/T902
+
+ * - | IPC Regression test fail when non-secure regression test is enabled and
+ | secure regression test is disabled.
+ - https://developer.trustedfirmware.org/T903
+
+ * - | Panic test in PSA Arch IPC test suite generates inconsistent results
+ | between Armclang and GNUARM.
+ - https://developer.trustedfirmware.org/T909
+
+Issues fixed since 1.2.0
+========================
+
+Issues fixed by TF-M since v1.2.0 are listed below.
+
+.. list-table::
+
+ * - **Descriptions**
+ - **Issue links**
+
+ * - | Dual-cpu NS mailbox initialization shall be executed after CMSIS-RTOS
+ | RTX kernel initialization
+ - https://developer.trustedfirmware.org/T904
+
+Issues closed since 1.2.0
+=========================
+
+The following issues are closed since v1.2.0. These issues are related to
+platform hardware limitations or 3rd-party tools and therefore won't be fixed by
+TF-M.
+
+.. list-table::
+
+ * - **Descriptions**
+ - **Issue links**
+
+ * - | ``psa_verify_rsa()`` fails when PSA Crypto processes RSASSA-PSS
+ | algorithm in CryptoCell-312.
+ | Mbed TLS implementation of ``psa_verify_rsa()`` always passes
+ | ``MBEDTLS_MD_NONE`` to ``mbedtls_rsa_rsassa_pss_verify()``.
+ | However, CryptoCell-312 doesn't support MD5 and uses other algorithms
+ | instead. Therefore, Mbed TLS implementation may fail when input
+ | algorithm doesn't match other parameters.
+ - https://github.com/ARMmbed/mbedtls/issues/3990
+
+ * - | Regression tests fail with GNU Arm Embedded toolchain version
+ | 10-2020-q4-major.
+ | The support for CMSE feature is broken in version 10-2020-q4-major. The
+ | fix will be available in future release version.
+ | A note is added in :ref:`docs/getting_started/tfm_sw_requirement:C compilers`.
+ - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99157
+
+Reference
+=========
+
+ .. [1] `Arm Firmware Framework for M 1.1 Extensions <https://developer.arm.com/documentation/aes0039/latest>`_
+
+ .. [2] `PSA Firmware Update API <https://developer.arm.com/documentation/ihi0093/latest/>`_
+
+ .. [3] :doc:`TF-M generic threat model </docs/security/threat_models/generic_threat_model>`
+
+ .. [4] :doc:`TF-M physical attack mitigation </docs/technical_references/tfm_physical_attack_mitigation>`
+
+ .. [5] :doc:`TF-M Profile Large design </docs/technical_references/profiles/tfm_profile_large>`
+
+ .. [6] :doc:`Code sharing between independently linked XIP binaries </docs/technical_references/code_sharing>`
+
+ .. [7] :doc:`Security Handling </docs/security/security>`
+
+--------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*