blob: 3513799b2253caa64b9a589fc26c1f00a3de4a27 [file] [log] [blame]
Anton Komlev341668b2023-12-13 21:36:10 +00001#######
2Roadmap
3#######
4
5TF-M has been under active development since it was launched in Q1'18. It is
6being designed to include
7
81. Secure boot ensuring integrity of runtime images and responsible for firmware upgrade.
92. Runtime firmware consisting of TF-M Core responsible for secure isolation,
10 execution and communication aspects. and a set of Secure Services providing
11 services to the Non-Secure and Secure Applications. The secures services
12 currently supported are Secure Storage, Cryptography, Firmware Update,
13 Attestation and Platform Services
14
15If you are interested in collaborating on any of the roadmap features or other
16features, please mail TF-M mailing list
17
18******************
19Supported Features
20******************
21- PSA Firmware Framework v1.0, 1.1 Extension including IPC and SFN modes.
22- PSA Level1, 2 and 3 Isolation.
23- Secure Boot (mcuboot upstream) including generic fault injection mitigations
24- PSA Protected Storage, Internal Trusted Storage v1.0 and Encrypted ITS
25- PSA Cryptov1.0 (uses Mbed TLS v3.4.0)
26- PSA Initial Attestation Service v1.0
27- PSA Firmware Update v1.0
28- PSA ADAC Specification Implementation
29- Base Config
30- kconfig based configuration
31- Profile Small, Medium, ARoT-less Medium, Large
32- Secure Partition Interrupt Handling, Pre-emption of SPE execution
33- Platform Reset Service
34- Dual CPU
35- Open Continuous Integration (CI) System
36- Boot and Runtime Crypto Hardware Integration
37- Fault Injection Handling library to mitigate against physical attacks
38- Threat Model
39- Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD)
40- FPU, MVE Support
41- CC-312 PSA Cryptoprocessor Driver Interface
Anton Komlevc594e262024-01-15 12:07:14 +000042- Secure Storage - Key Diversification Enhancements
43- Build System - Separate Secure and Non-Secure builds
Anton Komlev341668b2023-12-13 21:36:10 +000044
45******
Anton Komlevc594e262024-01-15 12:07:14 +000046CQ1'24
Anton Komlev341668b2023-12-13 21:36:10 +000047******
Anton Komlevc594e262024-01-15 12:07:14 +000048- Supporting multiple clients (Hybrid Platforms) i.e. TF-M supporting multiple on
Anton Komlev341668b2023-12-13 21:36:10 +000049 core and off core clients on heterogeneous (e.g. Cortex-A + Cortex-M platforms)
Anton Komlevc594e262024-01-15 12:07:14 +000050 Mailbox API etc.
51- PSA Crypto layer for mcuboot/BL2
52- Enable PSA Crypto Client from Non-Secure via. IPC
53- Long Term Stable (LTS) Release preparations
Anton Komlev341668b2023-12-13 21:36:10 +000054
55******
56Future
57******
Anton Komlevc594e262024-01-15 12:07:14 +000058- TF-M v2.1.0 Long Term Stable (LTS) Release
59- Demonstrating TLS in Non-Secure using PSA Crypto APIs in TF-M
60- Implement support for multiple clients (Hybrid Platforms)
61- Build System Enhancements - Separate Secure, Non-Secure Builds
Anton Komlev341668b2023-12-13 21:36:10 +000062- Remote Test Infrastructure
Anton Komlevc594e262024-01-15 12:07:14 +000063- MISRA testing/documentation
Anton Komlev341668b2023-12-13 21:36:10 +000064- TF-M Performance - Further Benchmarking and Optimization
65- Scheduler - Multiple Secure Context Implementation
66- Arm v8.1-M Architecture Enablement - PAC/BTI
67- PSA FWU Service Enhancements
68- PSA ADAC Spec - Enhancements and Testing
69- Arm v8.1-M Unprevileged Debug
Anton Komlevc594e262024-01-15 12:07:14 +000070- [Secure Storage] Extended PSA APIs
Anton Komlev341668b2023-12-13 21:36:10 +000071- [Audit Logs] Secure Storage, Policy Manager
72- PSA FF Lifecycle API
73- Fuzz Testing
74
75--------------
76
Anton Komlevc594e262024-01-15 12:07:14 +000077*Copyright (c) 2017-2024, Arm Limited. All rights reserved.*