aboutsummaryrefslogtreecommitdiff
path: root/docs/releases/1.5.0.rst
blob: 10aa01529a5a2d8beb561bd7e93a8dfad6264f1d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
*************
Version 1.5.0
*************

New major features
==================

  - MCUboot updated to v1.8.0.
  - :doc:`Floating-Point(FP) support in SPE only </docs/integration_guide/tfm_fpu_support>`.
  - Thread mode SPM.
  - Add Non-secure Client Extension (NSCE) for non-secure client ID management
    support.
  - Secure Function model support in framework.
  - Support Memory-mapped IOVECs.
  - Decouple documentation and binary builds.
  - Manifest tool skips disabled Secure Partitions.
  - Provisioning and OTP are supported.
  - PSA Protected Storage, Internal Trusted Storage, Initial Attestation
    services are converted to Stateless services.
  - Support out-of-tree build of Secure Partitions.
  - Support out-of-tree build of platform specific test suites.
  - Introduce platform binding HAL.
  - ITS enhancement for harden ITS module against invalid data in Flash.
  - Support to select/deselect single or multiple TF-M regression test cases.
  - Decouple regression test flag configuration from TF-M.
  - New platforms added.
    See :ref:`docs/releases/1.5.0:New platforms supported` for details.

New security advisories
=======================

Profile Small key ID encoding vulnerability
-------------------------------------------

NSPE may access secure keys stored in TF-M Crypto service in Profile Small with
Crypto key ID encoding disabled.
Refer to :doc:`Advisory TFMV-4 </docs/security/security_advisories/profile_small_key_id_encoding_vulnerability>`
for more details.
The mitigation is included in this release.

New platforms supported
=======================

  - :doc:`Corstone-1000 </platform/ext/target/arm/corstone1000/readme>`

  - :doc:`Corstone-Polaris </platform/ext/target/arm/mps3/corstone_polaris/README>`

  - :doc:`B-U585I-IOT02A </platform/ext/target/stm/b_u585i_iot02a/readme>`

Deprecated platforms
====================

The following platform has been removed from TF-M code base.

  - arm/mps2/fvp_sse300

See :doc:`Platform deprecation and removal </platform/ext/platform_deprecation>`
for other platforms under deprecation process.

Tested platforms
================

The following platforms are successfully tested in this release.

- AN519
- AN521
- AN547
- Musca-B1
- Musca-S1
- STM32L562E-DK
- PSoC 64
- B-U585I-IOT02A
- NUCLEO-L552ZE-Q
- nRF5340
- nRF9160

Known issues
============

Some open issues are not fixed in this release.

.. list-table::

  * - **Descriptions**
    - **Issue links**

  * - | PSA Arch Crypto test suite have several known failures.
    - See this `link <https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.5_release/>`_
      for detailed analysis of the failures.

  * - | Armclang 6.17 generates STRBT instead of STRB in privileged code.
      | MemManage fault occurs when the privileged code calls STRBT to access
      | a memory location only for privileged access.
      | The root cause is still under analysis by Armclang. Please use other
      | Armclang versions instead.
    - https://developer.trustedfirmware.org/T979

Issues closed since v1.4.0
==========================

The following issues in v1.4.0 known issues list are closed. These issues are
related to platform hardware limitations or deprecated platforms and therefore
won't be fixed by TF-M.

.. list-table::

  * - **Descriptions**
    - **Issue links**

  * - | Protected Storage Regression test 4001 is stuck on SSE-300 in isolation
      | level 2 when PXN is enabled.
    - https://developer.trustedfirmware.org/T902

  * - | Image size overflow on Musca-B1 PSA Arch test suite debug build.
    - https://developer.trustedfirmware.org/T952

  * - | Build errors in PSA api tests for initial attestation.
    - https://developer.trustedfirmware.org/T953

  * - | Non Secure Image size overflow on STM32L562E-DK PSA Arch Crypto.
    - https://developer.trustedfirmware.org/T954

--------------

*Copyright (c) 2021, Arm Limited. All rights reserved.*