docs/introduction/readme.rst - TF-M/trusted-firmware-m.git - Gitiles

 ##################
 Trusted Firmware M
 ##################

 Trusted Firmware-M (TF-M) implements the Secure Processing Environment (SPE)
 for Armv8-M, Armv8.1-M architectures (e.g. the `Cortex-M33`_, `Cortex-M23`_,
 `Cortex-M55`_, `Cortex-M85`_ processors) and dual-core platforms.
 It is the platform security architecture reference implementation aligning with
 PSA Certified guidelines, enabling chips, Real Time Operating Systems and
 devices to become PSA Certified.

 TF-M relies on an isolation boundary between the Non-secure Processing
 Environment (NSPE) and the Secure Processing Environment (SPE). It can but is
 not limited to using the `Arm TrustZone technology`_ on Armv8-M and Armv8.1-M
 architectures. In pre-Armv8-M architectures physical core isolation is required.

 **TF-M consists of:**

 - Secure Boot to authenticate NSPE and SPE images
 - TF-M Core for controlling the isolation, communication
   and execution within SPE and with NSPE
 - Crypto, Internal Trusted Storage (ITS), Protected Storage (PS),
   Firmware Update and Attestation secure services

 TF-M implements `PSA-FF-M`_ defined IPC and SFN mechanisms to allow communication
 between isolated firmware partitions. TF-M is highly configurable allowing users
 to only include the required secure services and features. Project provides
 :ref:`Base_configuration` build with just TF-M core and platform drivers and 4 predefined
 configurations known as :ref:`tf-m_profiles`. TF-M Profiles or TF-M base can
 be configured to include required services and features as described in the
 :ref:`tf-m_configuration` section.

 .. figure:: readme_tfm_v8.png
    :scale: 65 %
    :align: center

    FF-M compliant design with TF-M

 Applications and Libraries in the Non-secure Processing Environment can
 utilize these secure services with a standardized set of PSA Functional APIs.
 Applications running on Cortex-M devices can leverage TF-M services to ensure
 secure connection with edge gateways and IoT cloud services. It also protects
 the critical security assets such as sensitive data, keys and certificates on
 the platform. TF-M is supported on several Cortex-M based
 :doc:`Microcontrollers </platform/index>` and Real Time Operating
 Systems (RTOS).

 Terms ``TFM`` and ``TF-M`` are commonly used in documents and code and both
 refer to ``Trusted Firmware M.`` :doc:`Glossary </glossary>` has the list
 of terms and abbreviations.

 ************
 Repositories
 ************

 TF-M is comprised of multiple repositories that supplement each other in making the project both customisable and maintainable.

 .. list-table:: TF-M Repositories
     :widths: auto
     :header-rows: 1

     * - **Repository**
       - **Description**
     * - `trusted-firmware-m <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/>`_
       - Software implementation of TF-M with documentation and essential tools
     * - `tf-m-tests <https://git.trustedfirmware.org/TF-M/tf-m-tests.git/tree/>`_
       - Tests that focus on the functionalities of TF-M components
     * - `tf-m-tools <https://git.trustedfirmware.org/TF-M/tf-m-tools.git/tree/>`_
       - Non essential tools used for testing and verification of TF-M
     * - `tf-m-extras <https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/>`_
       - Extension of the main repository to host examples, demonstrations, third-party modules etc

 #######
 License
 #######
 The software is provided under a BSD-3-Clause :doc:`License </contributing/lic>`.
 Contributions to this project are accepted under the same license with developer
 sign-off as described in the :doc:`Contributing Guidelines </contributing/contributing_process>`.

 This project contains code from other projects as listed below. The code from
 external projects is limited to ``bl2``, ``lib`` and ``platform``
 folders. The original license text is included in those source files.

 - The ``bl2`` folder contains files imported from MCUBoot project and the files
   have Apache 2.0 license.
 - The ``lib/ext`` folder may contain 3rd party projects and files with
   diverse licenses. Here are some that are different from the BSD-3-Clause and
   may be a part of the runtime image. The source code for these projects is
   fetched from upstream at build time only.

    - ``CMSIS_5``    - Apache 2.0 license
    - ``mbedcrypto`` - `Apache 2.0 license MbedTLS
      <https://github.com/Mbed-TLS/mbedtls/blob/development/LICENSE>`_
    - ``mcuboot``    - `Apache 2.0 license MCUBoot
      <https://github.com/mcu-tools/mcuboot/blob/main/LICENSE>`_
    - ``qcbor``      - `Modified BSD-3-Clause license
      <https://github.com/laurencelundblade/QCBOR#copyright-and-license>`_
    - ``tf-m-extras`` - Set of additional components. Please check individually in
      `tf-m-extras repository <https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/>`_

 - The ``platform`` folder currently contains platforms support imported from
   the external project and the files may have different licenses.

 .. include:: /platform/platform_introduction.rst

 The document :doc:`Supported Platforms </platform/index>` lists the details.

 #########################
 Release Notes and Process
 #########################
 The :doc:`Release Cadence and Process </releases/release_process>` provides
 release cadence and process information.

 The :doc:`Releases </releases/index>` provides details of
 major features of the release and platforms supported.

 ####################
 Feedback and Support
 ####################
 For this release, feedback is requested via email to
 `tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>`__.

 A bi-weekly technical forum is available for discussion on any technical topics
 online. Welcome to join `TF-M Forum <https://www.trustedfirmware.org/meetings/tf-m-technical-forum>`__.

 .. _Cortex-M33: https://developer.arm.com/Processors/Cortex-M33
 .. _Cortex-M23: https://developer.arm.com/Processors/Cortex-M23
 .. _Cortex-M55: https://developer.arm.com/Processors/Cortex-M55
 .. _Cortex-M85: https://developer.arm.com/Processors/Cortex-M85
 .. _PSA Certified: https://www.psacertified.org/about/developing-psa-certified/
 .. _Arm TrustZone technology: https://developer.arm.com/ip-products/security-ip/trustzone/trustzone-for-cortex-m
 .. _PSA-FF-M: https://www.arm.com/architecture/security-features/platform-security

 --------------

 *Copyright (c) 2017-2022, Arm Limited. All rights reserved.*
	##################
	Trusted Firmware M
	##################

	Trusted Firmware-M (TF-M) implements the Secure Processing Environment (SPE)
	for Armv8-M, Armv8.1-M architectures (e.g. the `Cortex-M33`_, `Cortex-M23`_,
	`Cortex-M55`_, `Cortex-M85`_ processors) and dual-core platforms.
	It is the platform security architecture reference implementation aligning with
	PSA Certified guidelines, enabling chips, Real Time Operating Systems and
	devices to become PSA Certified.

	TF-M relies on an isolation boundary between the Non-secure Processing
	Environment (NSPE) and the Secure Processing Environment (SPE). It can but is
	not limited to using the `Arm TrustZone technology`_ on Armv8-M and Armv8.1-M
	architectures. In pre-Armv8-M architectures physical core isolation is required.

	TF-M consists of:

	- Secure Boot to authenticate NSPE and SPE images
	- TF-M Core for controlling the isolation, communication
	and execution within SPE and with NSPE
	- Crypto, Internal Trusted Storage (ITS), Protected Storage (PS),
	Firmware Update and Attestation secure services

	TF-M implements `PSA-FF-M`_ defined IPC and SFN mechanisms to allow communication
	between isolated firmware partitions. TF-M is highly configurable allowing users
	to only include the required secure services and features. Project provides
	:ref:`Base_configuration` build with just TF-M core and platform drivers and 4 predefined
	configurations known as :ref:`tf-m_profiles`. TF-M Profiles or TF-M base can
	be configured to include required services and features as described in the
	:ref:`tf-m_configuration` section.

	.. figure:: readme_tfm_v8.png
	:scale: 65 %
	:align: center

	FF-M compliant design with TF-M

	Applications and Libraries in the Non-secure Processing Environment can
	utilize these secure services with a standardized set of PSA Functional APIs.
	Applications running on Cortex-M devices can leverage TF-M services to ensure
	secure connection with edge gateways and IoT cloud services. It also protects
	the critical security assets such as sensitive data, keys and certificates on
	the platform. TF-M is supported on several Cortex-M based
	:doc:`Microcontrollers </platform/index>` and Real Time Operating
	Systems (RTOS).

	Terms ``TFM`` and ``TF-M`` are commonly used in documents and code and both
	refer to ``Trusted Firmware M.`` :doc:`Glossary </glossary>` has the list
	of terms and abbreviations.

	************
	Repositories
	************

	TF-M is comprised of multiple repositories that supplement each other in making the project both customisable and maintainable.

	.. list-table:: TF-M Repositories
	:widths: auto
	:header-rows: 1

	* - Repository
	- Description
	* - `trusted-firmware-m <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/>`_
	- Software implementation of TF-M with documentation and essential tools
	* - `tf-m-tests <https://git.trustedfirmware.org/TF-M/tf-m-tests.git/tree/>`_
	- Tests that focus on the functionalities of TF-M components
	* - `tf-m-tools <https://git.trustedfirmware.org/TF-M/tf-m-tools.git/tree/>`_
	- Non essential tools used for testing and verification of TF-M
	* - `tf-m-extras <https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/>`_
	- Extension of the main repository to host examples, demonstrations, third-party modules etc

	#######
	License
	#######
	The software is provided under a BSD-3-Clause :doc:`License </contributing/lic>`.
	Contributions to this project are accepted under the same license with developer
	sign-off as described in the :doc:`Contributing Guidelines </contributing/contributing_process>`.

	This project contains code from other projects as listed below. The code from
	external projects is limited to ``bl2``, ``lib`` and ``platform``
	folders. The original license text is included in those source files.

	- The ``bl2`` folder contains files imported from MCUBoot project and the files
	have Apache 2.0 license.
	- The ``lib/ext`` folder may contain 3rd party projects and files with
	diverse licenses. Here are some that are different from the BSD-3-Clause and
	may be a part of the runtime image. The source code for these projects is
	fetched from upstream at build time only.

	- ``CMSIS_5`` - Apache 2.0 license
	- ``mbedcrypto`` - `Apache 2.0 license MbedTLS
	<https://github.com/Mbed-TLS/mbedtls/blob/development/LICENSE>`_
	- ``mcuboot`` - `Apache 2.0 license MCUBoot
	<https://github.com/mcu-tools/mcuboot/blob/main/LICENSE>`_
	- ``qcbor`` - `Modified BSD-3-Clause license
	<https://github.com/laurencelundblade/QCBOR#copyright-and-license>`_
	- ``tf-m-extras`` - Set of additional components. Please check individually in
	`tf-m-extras repository <https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/>`_

	- The ``platform`` folder currently contains platforms support imported from
	the external project and the files may have different licenses.

	.. include:: /platform/platform_introduction.rst

	The document :doc:`Supported Platforms </platform/index>` lists the details.

	#########################
	Release Notes and Process
	#########################
	The :doc:`Release Cadence and Process </releases/release_process>` provides
	release cadence and process information.

	The :doc:`Releases </releases/index>` provides details of
	major features of the release and platforms supported.

	####################
	Feedback and Support
	####################
	For this release, feedback is requested via email to
	`tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>`__.

	A bi-weekly technical forum is available for discussion on any technical topics
	online. Welcome to join `TF-M Forum <https://www.trustedfirmware.org/meetings/tf-m-technical-forum>`__.

	.. _Cortex-M33: https://developer.arm.com/Processors/Cortex-M33
	.. _Cortex-M23: https://developer.arm.com/Processors/Cortex-M23
	.. _Cortex-M55: https://developer.arm.com/Processors/Cortex-M55
	.. _Cortex-M85: https://developer.arm.com/Processors/Cortex-M85
	.. _PSA Certified: https://www.psacertified.org/about/developing-psa-certified/
	.. _Arm TrustZone technology: https://developer.arm.com/ip-products/security-ip/trustzone/trustzone-for-cortex-m
	.. _PSA-FF-M: https://www.arm.com/architecture/security-features/platform-security

	--------------

	Copyright (c) 2017-2022, Arm Limited. All rights reserved.