aboutsummaryrefslogtreecommitdiff
path: root/docs/reference/releases/1.3.0.rst
blob: 80e3dd655b432712a7050d6359ad0059b13d164d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
*************
Version 1.3.0
*************

New major features
==================

  - Support stateless RoT Service defined in FF-M 1.1 [1]_.
  - Support Second-Level Interrupt Handling (SLIH) defined in FF-M 1.1 [1]_.
  - Add Firmware Update (FWU) secure service, following Platform Security
    Architecture Firmware Update API [2]_.
  - Migrate to Mbed TLS v2.25.0.
  - Update MCUboot version to v1.7.2.
  - Add a TF-M generic threat model [3]_ .
  - Implement Fault Injection Handling library to mitigate physical attacks [4]_.
  - Add Profile Large [5]_.
  - Enable code sharing between boot loader and TF-M [6]_.
  - Support Armv8.1-M Privileged Execute Never (PXN) attribute and Thread
    reentrancy disabled (TRD) feature.
  - New platforms added.
    See :ref:`docs/reference/releases/1.3.0:New platforms supported` for
    details.
  - Add a TF-M security landing page [7]_.
  - Enhance dual-cpu non-secure mailbox reference implementation.

New security advisories
=======================

Invoking secure functions from non-secure handler mode
------------------------------------------------------

Refer to :doc:`Advisory TFMV-2</docs/reference/security_advisories/svc_caller_sp_fetching_vulnerability>`
for more details.
The mitigation is included in this release.

New platforms supported
=======================

  - Cortex-M23 based system:

    - `Nuvoton M2354.
      <https://www.nuvoton.com/board/numaker-m2354/>`_

  - Cortex-M55 based system:

    - `FPGA image loaded on MPS3 board (AN547).
      <https://developer.arm.com/products/system-design/development-boards/cortex-m-prototyping-systems/mps3>`_

  - Secure Enclave system:

    - :doc:`Musca-B1 Secure Enclave. </platform/ext/target/musca_b1/secure_enclave/readme>`

Deprecated platforms
====================

The following platforms have been removed from TF-M code base.

  - SSE-200_AWS
  - AN539

See :doc:`Platform deprecation and removal </docs/contributing/platform_deprecation>`
for other platforms under deprecation process.

Tested platforms
================

The following platforms are successfully tested in this release.

- AN519
- AN521
- AN524
- AN547
- LPCXpresso55S69
- MPS2 SSE300
- Musca-B1
- Musca-B1 Secure Enclave
- Musca-S1
- M2351
- M2354
- nrf5340dk
- nrf9160dk
- NUCLEO-L552ZE-Q
- PSoC 64
- STM32L562E-DK

Known issues
============

Some open issues exist and will not be fixed in this release.

.. list-table::

  * - **Descriptions**
    - **Issue links**

  * - | PSA Arch Crypto test suite have several known failures.
    - See this `link <https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.3_release/>`_
      for detailed analysis of the failures.

  * - | Protected Storage Regression test 4001 is stuck on SSE-300 in isolation
      | level 2 when PXN is enabled.
    - https://developer.trustedfirmware.org/T902

  * - | IPC Regression test fail when non-secure regression test is enabled and
      | secure regression test is disabled.
    - https://developer.trustedfirmware.org/T903

  * - | Panic test in PSA Arch IPC test suite generates inconsistent results
      | between Armclang and GNUARM.
    - https://developer.trustedfirmware.org/T909

Issues fixed since 1.2.0
========================

Issues fixed by TF-M since v1.2.0 are listed below.

.. list-table::

  * - **Descriptions**
    - **Issue links**

  * - | Dual-cpu NS mailbox initialization shall be executed after CMSIS-RTOS
      | RTX kernel initialization
    - https://developer.trustedfirmware.org/T904

Issues closed since 1.2.0
=========================

The following issues are closed since v1.2.0. These issues are related to
platform hardware limitations or 3rd-party tools and therefore won't be fixed by
TF-M.

.. list-table::

  * - **Descriptions**
    - **Issue links**

  * - | ``psa_verify_rsa()`` fails when PSA Crypto processes RSASSA-PSS
      | algorithm in CryptoCell-312.
      | Mbed TLS implementation of ``psa_verify_rsa()`` always passes
      | ``MBEDTLS_MD_NONE`` to ``mbedtls_rsa_rsassa_pss_verify()``.
      | However, CryptoCell-312 doesn't support MD5 and uses other algorithms
      | instead. Therefore, Mbed TLS implementation may fail when input
      | algorithm doesn't match other parameters.
    - https://github.com/ARMmbed/mbedtls/issues/3990

  * - | Regression tests fail with GNU Arm Embedded toolchain version
      | 10-2020-q4-major.
      | The support for CMSE feature is broken in version 10-2020-q4-major. The
      | fix will be available in future release version.
      | A note is added in :ref:`docs/getting_started/tfm_sw_requirement:C compilers`.
    - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99157

Reference
=========

  .. [1] `Arm Firmware Framework for M 1.1 Extensions <https://developer.arm.com/documentation/aes0039/latest>`_

  .. [2] `PSA Firmware Update API <https://developer.arm.com/documentation/ihi0093/latest/>`_

  .. [3] :doc:`TF-M generic threat model </docs/threat_models/generic_threat_model>`

  .. [4] :doc:`TF-M physical attack mitigation </docs/design_documents/tfm_physical_attack_mitigation>`

  .. [5] :doc:`TF-M Profile Large design </docs/design_documents/profiles/tfm_profile_large>`

  .. [6] :doc:`Code sharing between independently linked XIP binaries </docs/design_documents/code_sharing>`

  .. [7] :doc:`Security Handling </docs/reference/security>`

--------------

*Copyright (c) 2021, Arm Limited. All rights reserved.*